Sub7

[4MidgetHitmen]

Hello all...
Lately I have been getting alot of intrusion attempts by Sub7... My friewall has blocked them all so far and loged the IP of the computer trying to get in to my system... My system shows to be clean of any trace of Sub7... My question is this I have used NEO Trace to find out where the computer that tried the attack is located... Where I am having trouble is figuring out is how do I go about deciphering all of the information I get from NEO Trace so I can contact the ISP and complain... There are two IP addresses that keep trying to get into my machine and I have traced them both...

Sorry this is so long winded

[prodikal]

ok when you got the information from neotrace its like a whois if you have all of that logged and you should have the date and time yeah ? ok if you have all of that you should get a ripe address from the ISP you traced it back to send them a POLITE email saying that you have had scans from some one on there network are running port scans from the trojan sub7 are you sure about this now ? and send them the date and times of when the port scan was happening that should clear it up hopefully if it is a responsible ISP they shouldnt hesitate on taking approprate action agains the person(s) involved hope this helps

[freeOn5]

Just to let you know don't get your hopes up thinking that it's going to stop when you notify the ISP of the kiddies. Most larger ISP's don't or won't do anything about it. Especially if it's just scans.

There is a sub7 killer, it's a program that will mess up the people using sub7. It's worth a shot.
http://www.blackcode.com/archive/sho...area=Firewalls

[chefer]

To report to the ISP :
1. Get the ip address from your firewall log.
2. Go to http://www.samspade.org
3. Use the IP whois locator. It will give you ISP information for the attacker's IP address.
4. Send a polite email to abuse@theisp.com - fully detail what you blieve has happened and what has been attempted. Include a copy of the logs as well.

Regards.

[prodikal]

on a side note you may want to read this tutorial by JCHostingAdmin on reporting and stopping internet crime against you read it here if you allready havent http://www.antionline.com/showthread...hreadid=234243 it should give you a better insight on whats happening

[t2k2]

4Midge: I must say that I have been getting a lot of them myself. The other day, I counted roughly 13 attempts. I just made sure that the traffic was dropped by the firewall. I asked the same type of question here on AO. I haven't been able to contact the ISP who owns the IP addresses as of yet, but I plan to. Good suggestion on the Sam Spade site. I downloaded the program and I like it.

[4MidgetHitmen]

Thank you all for the help...

4MidgetHitmen

[Redbone]

Are you sure that it is intrusion attempts? Or is it just port scans by script kiddies looking to find a new zombie? I don't think that it will do you any good to try to find out who is doing the scanning. Most ISP's don't care whether or not their subscribers and doing port scans as long as the bill is paid.

freeOn5> I wouldn't download any software that fights back when someone tries to intrude into your system. To the law that is the same thing as hacking and you can be procescuted if you do damage to someone's system, even though they may be hacking you.

[cwk9]

Another reason not to fight back is that the person doing the scanning might no even be aware of it. Often hackers will hijack a system and then use it as a base to scan and attack other computers.

One thing that’s worth trying is using the net send command to send them a small text message. Of course they have to have NetBIOS open and be running windows. Problem is that its connection less so there’s no real way to see if they got your message, unless they send one back. Also you might just end up making your self target.

[JCHostingAdmin]

Omg, Look at the Similiar threads in this thread, lmfao. Anyways, I think that fighting back would be a HUGE mistake. First, it is against the law, even if he is hacking/scanning/etc you. You will get in trouble for fighting back because then they will say that you too are hacking. Second, like cwk9 said, You might be fighting back against a victim of hacking themselves. Lot's of hackers nowadays will hack into a system and use it against another. In that sense, they wouldn't get caught because if traced, it would be traced back to the IP of Victim #1. That is why you shouldn't fight back, but instead, report it. --Jason Copeland