August 8th, 2002 10:09 AM
Attempted Hacking/Cracking with Trojans
Seeking some advice here.....
I have a firewall installed & receive at least one notification a day that an attempt has been made to send a trojan to me. Whilst I don't take this too personally (being on cable I assume this same program has been sent to thousands of others) should I continue to inform the ISP of the person responsible or is this really just a waste of time??
Should I get a life & be happy that my firewall is doing it's job correctly??
August 8th, 2002 10:15 AM
If the same person repeatedly is sending you this trojan, you might want to inform his ISP. Let his ISP contact him, and tell him he's sending out trojans or virusses. Half the time, your 'attacker' doesn't even know he's attacking you. I wouldn't bother for individual cases though. Oh, and always include your logs, if you contact an ISP. Based on those, they can determine what course of action to take.
I wish to express my gratitude to the people of Italy. Thank you for inventing pizza.
August 16th, 2002 02:47 PM
Personally, i use neotrace firewall and neotrace. You can find it at http://www.mcafee.com/myapps/neoworx/default.asp.
You can trace any possible intruders back to the last node and then report them to Hackerwatch. Thats what I do. I wouldn't say its the best way to do things. Usually the isp should already see the the guy scanning port 27234.
Sorry about the web address. Here is a valid one
here is a valid web adress sorry
August 16th, 2002 03:18 PM
You should report it to their ISP; however, not all ISPs take it very seriously if their users are doing nefarious stuff. Might also consider reporting it to a few orginizations that get things together and report them to the ISP and for example notify the authorities. One such place that I am aware of :
Dont know if they are affiliated by SANS, but off of their site http://www.incidents.org, dshield is referenced.
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
August 23rd, 2002 07:24 AM
Yup, lots of ISPs don't really care what their users do unless they get called by law enforcement. Port scanning isn't illegal so chances are this ISP doesn't really care about what you are experiencing. If this is the same person who is repeatedly scanning you, then scan back and see if you recieve any open ports or just a long wait, because if the person has a firewall, they'll realize that somebody is there, I did that to somebody who constantly scanned me and after I did it for a few days they stopped. Try complaining to your ISP as well as his/her ISP, as your ISP might stick up for you, who knows, its worth a shot. And keep logs because you never know when they might become very useful. And I am assuming you have a firewall, does your firewall respond to these portscans? If not, then be happy knowing you are slowing these people down a whole lot.
August 23rd, 2002 07:33 AM
Khakisrule, you have a point about portscanning, but in this case, scanning could very well lead to immediate action. Lemme put it this way... Person Y scans Person X for sub7. He find's that he has it and enter's his computer with sub7. Scanning, in some case's, once a target is found, lead's DIRECTLY into their computer. So as portscanning is illegial, "trojan scanning" by most ISP's will lead them to take an extreme course of action.
August 25th, 2002 02:29 AM
Thanks for all the replies they have all been of great use.
It\'s all very funny until someone loses an eye!!