|
-
May 20th, 2002, 10:44 AM
#1
Junior Member
cracker troubles
 We are part of an online community that is under attack (going on 3 months now) by someone who is sending e-mail bombs and cracking our systems. Avoiding the e-mail bombs isn't a problem. But, we keep getting hit by intrusion attempts. They've broken through (3 firewalls and Norton Internet Security) twice now through bombardment attacks. Now, when we start getting hit, we get offline and disconnect our cable modem for a bit. It's gotten to the point where my husband doesn't even want to use the computer any more.
My question is this... What GOOD programs are out there that can help us trace this person and nail him? The Norton pops up the immediate IP. But, it's already been traced through chains of as many as 6 IPs. Most of our traces point to a single person...who has been put on notice. But, we don't want to take further legal action until we're sure it's him and not someone trying to frame him (a very real possibility).
Any information/advice would be greatly appreciated!
heyoka
-
May 20th, 2002, 11:30 AM
#2
Well you could use a intrusion dection program but you should only have one firewall up at a time becouse I think if you have more then one it will couse conflicts between the otheres. Anyway you can goto www.iss.net and get blackIce this will act as a firewall and let you know what someone is trying to do, who is doing it, and give you advice on how to deal w/ it and report it. All firewall's have there good and bad and everyone has there favorites, I just recomned BlackIce becouse its easy and gets the job done.
aislinn, Aria, BTBAM, chevelle, codeseven, Cky, dredg, evergreen terrace, from autumn to ashes,hopesfall, hxc, luti-kriss, nirvana, norma jean, shai hulud, this hero dies, tool, underoath, zao,
-
May 20th, 2002, 12:57 PM
#3
Hey
I would reccomend going to http://grc.com and scaning yourself. See if your box is easily open to attack. If it is then follow their instructions and patch up!
script language=\"M$cript\";
function beginError(bsod) {
return true; }
onLoad.windows = beginError;
-
May 20th, 2002, 01:29 PM
#4
Since you have been able to trace the IP back, contact the ISP of the offending IP address. Get them to investigate and look into the situation further. You are only allowed to protect yourself, not go after or try to get back at the attacker.
As far as protection, what is your setup now? I'm assuming that you are running three software firewalls? If you are serious about security, I'd recommend purchasing a hardware based firewall - at a minimum, a device such as a Cable/DSL router from Linksys will provide some protection.
-
May 20th, 2002, 01:36 PM
#5
Maverick811 hmm... that will probably be expensive... another thing you (heyoka) can do is purchase a cheap box (Pentium I) even without hdd or monitor, install 2 nic's in it and get yourself a free linux based router program. It will turn that box into a firewall/router for FREE.
www.freesco.org
www.bbiagent.com
www.linux.org -> apps
-
May 20th, 2002, 01:46 PM
#6
You are right, VictorKaum, some options would be expensive - but buying a Linksys router for around $100 (US) isn't too bad, and I know that there are some firewall appliances out there that are specially designed for small offices and homes such as the Firebox SOHO from WatchGuard. I guess my view is that protection is usually worth the price. But your idea with the older box is a good one.
-
May 20th, 2002, 02:04 PM
#7
Re: cracker troubles
Originally posted here by heyoka
We are part of an online community that is under attack (going on 3 months now) by someone who is sending e-mail bombs and cracking our systems. Avoiding the e-mail bombs isn't a problem. But, we keep getting hit by intrusion attempts. They've broken through (3 firewalls and Norton Internet Security) twice now through bombardment attacks. Now, when we start getting hit, we get offline and disconnect our cable modem for a bit. It's gotten to the point where my husband doesn't even want to use the computer any more.
My question is this... What GOOD programs are out there that can help us trace this person and nail him? The Norton pops up the immediate IP. But, it's already been traced through chains of as many as 6 IPs. Most of our traces point to a single person...who has been put on notice. But, we don't want to take further legal action until we're sure it's him and not someone trying to frame him (a very real possibility).
Any information/advice would be greatly appreciated!
heyoka
What the heck got the attacks strarted??? Some backround would help 
-
May 22nd, 2002, 03:54 PM
#8
check the IDS list http://www.cert.org/tech_tips/intrud...checklist.html
on the site should also be information on incident response (get the fbi on they @ss)
good luck
noODle
http://doscerveza.ontheweb.nl
-
May 22nd, 2002, 04:38 PM
#9
if you think you know his ip why dont you just block it? you say you have 3 firewalls....if you configure them correctly then it shouldnt be a problem.
-
May 22nd, 2002, 05:36 PM
#10
hmmm i'd stick to the Complain To Their ISP bit.. coz if there's anyone who knows who they are, it would be the ISP.. coz the ISP has a log of which user has which ip address at that certain time.. and if the person still wont comply to the ISP's complain.. u can always tell this to the feds.. they would gladly help..
use www.cybercrime.gov as a reference on what u can do if ur under attack.. and what ur rights are as a cybercrime victim.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
