Help Me Please. Unsure if hoax!!
Page 1 of 4 123 ... LastLast
Results 1 to 10 of 35

Thread: Help Me Please. Unsure if hoax!!

  1. #1

    Help Me Please. Unsure if hoax!!

    Tonight i had a conversation with an unknown person. He/she was saying stuff that i dont know whether to believe. She tracked me down on ICQ, which i have not told anyone my UIN, she also found that i used arbornet which i only joined about a week ago and she had my ip address.

    so she knew it was me on icq. one thing that made me doubt is the fact that she said
    i am... network engineer for your isp.
    she said i was with a different isp than i am and why did she not say
    i am... network engineer for Telstra bigpond or what ever my isp may be.
    also the isp that she mentioned, commindico, i was having trouble with one of their users constantly probing my computer, over 1500 attacks in 1 week! i did nothing in return to that and it eventually stopped.

    please read it for me and give me your views. im not sure what to think about it.

    she is 172232783/maria
    i am Aeseroth Galanodel
    172232783: hey [Offline Message (3/19/2003 [2:44])]
    172232783: here? [Offline Message (3/19/2003 [2:44])]
    172232783: hello? [Offline Message (3/19/2003 [2:49])]
    172232783: hi [Offline Message (3/20/2003 [9:08])]
    Aeseroth Galanodel: yes who are you??
    172232783: hi
    Aeseroth Galanodel: hey
    Aeseroth Galanodel: who r u exactly?? and o i know you??
    172232783: no, but i know you
    Aeseroth Galanodel: yes who are you??
    172232783: just a messenger.
    Aeseroth Galanodel: messenger form whom?
    Aeseroth Galanodel: from*
    Aeseroth Galanodel: nah really, WHO ARE YOU??
    Aeseroth Galanodel: hello?
    Aeseroth Galanodel: yes maria who are u?
    maria: 203.220.225.70
    maria: why did you attack unixcon
    maria:
    Aeseroth Galanodel: unixcon??
    Aeseroth Galanodel: what the...? im not into the blackhat stuff
    maria: heh
    maria: strange, seems arbornet and your ISP have been monitoring you for some time now.
    Aeseroth Galanodel: what the??
    maria: you heard.
    Aeseroth Galanodel: nope?
    Aeseroth Galanodel: what are you talking about
    Aeseroth Galanodel: what the hell is unixcon??
    Aeseroth Galanodel: whats the name of my isp
    maria: comindico
    maria: i have your location
    maria: the FBI where interested also.
    maria: along with the NHTCU
    Aeseroth Galanodel: comindico is not my isp, i had problemsd with a user on comindixco a few months ago flooding me
    maria: i suggest you stop attacking businesses.
    Aeseroth Galanodel: but i did notthing in return
    maria: listen
    Aeseroth Galanodel: what
    maria: do not lie to me because im a cisco cert CCNP network engineer for your ISP
    maria: and packets from the library on the router are logged
    Aeseroth Galanodel: my isp is nmot commindico!!!
    maria: and i clearly see you talking on here
    maria: 203.220.225.70
    maria: inetnum: 203.220.0.0 - 203.220.255.255
    netname: COMINDICO
    descr: COMindico Australia
    country: AU
    Aeseroth Galanodel: what the hell im with dodo
    maria: heh
    Aeseroth Galanodel: seriously i have no clue what u are talking about
    Aeseroth Galanodel: and as for arvornet i only recently joined about a week ago
    Aeseroth Galanodel: arbor*
    Aeseroth Galanodel: DoDo is my isp
    maria: well this is your first and last warning, if we receieve anymore attacks, im going straight to authorities to have you arrested. i don't care what you say or do because i know you are behind it.
    maria: if i so much as see one little packet more than i should im going to be on your ass as fast as you can say no
    maria: goodbye.
    *** maria signed off at Fri Mar 21 21:21:47 2003.
    Aeseroth Galanodel: no really i dont have a clkue what u r talking abouit
    i realise in hindsight that i shouldnt have told her my real isp and that that was pretty dumb but i assure you that everything i said in that conversation is true!

    i straight away told one of my friends and this is the convo we had

    he is Grand Master of the Knights Militant
    i am aeseroth galanodel

    Grand Master of the Knights Militant: Interesting...a hoax perhaps?
    Aeseroth Galanodel: i dont know what to think!!
    Aeseroth Galanodel: i was registered with arbornet
    Grand Master of the Knights Militant: Don't worry about the FBI has no juristiction in Australia
    Aeseroth Galanodel: and about 3months ago i was having constant attacks from a machine at commindico
    Aeseroth Galanodel: maybe something was going on trhere
    Grand Master of the Knights Militant: Some hacker it sounds like has hijakced and used your isp to cover his own tracks
    Aeseroth Galanodel: mmm... maybe
    Aeseroth Galanodel: soiunds plausiblke
    Aeseroth Galanodel: sounds plausible*
    Grand Master of the Knights Militant: Just in case it turns out serious make a copy of this conversation, print it off, show your parentals and keep it say somewhere
    Aeseroth Galanodel: mmm... i should
    Grand Master of the Knights Militant: *say = safe. It may be worth freaking you parents out in the short term to say your ass in the long term
    Aeseroth Galanodel: yes i know
    Aeseroth Galanodel: thanks a bunch nathan
    Grand Master of the Knights Militant: You're welcome. Keep a record of all further conversation with this maria in the future too and try not to keep any personal stuff on where you live on your computer
    Aeseroth Galanodel: yeza
    Grand Master of the Knights Militant: Can't make the FBI's job too easy now can we?
    Grand Master of the Knights Militant: :P
    Aeseroth Galanodel: mmm...
    Grand Master of the Knights Militant: My money is on some ameteur hacker who has too much time on his hands and traced your address.
    Aeseroth Galanodel: ok... brb please doint leave yet... okay
    Grand Master of the Knights Militant: As you wish
    Aeseroth Galanodel: im bac k
    Grand Master of the Knights Militant: All hunky-dorey?
    Aeseroth Galanodel: nope i was just setting up the printer
    Grand Master of the Knights Militant: Ah, say...it would be levi would it?
    Grand Master of the Knights Militant: *wouldn't
    Aeseroth Galanodel: i dont think so they used icq to contact me and levi has never used thgat
    Aeseroth Galanodel: im goiung to shgow my parents now brb
    Aeseroth Galanodel: may be a while
    Grand Master of the Knights Militant: Very well. If I am not here when you get back I wish you good luck.
    Aeseroth Galanodel: ok mums reading it now
    Aeseroth Galanodel: i also asked mundy to take a look
    he seemed to think it was a hoax too. i showed my parents the convo anyway they said i should ring my isp and just let them know incase something is happeneing.

    so please please please tell me your thoughts on what to do and if possible please email me at medmonds@birdwdhs.sa.edu.au.

    thankyou and sorry about the length
    THEprophetMOSES

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Do you run any proxy software on your machine? Are you sure your machine is clean (ie no backdoors)?

    If everything is clean and you don't run an open proxy, you're probably not the one 'they' are looking for.

    If you do find some backdoor or an open proxy, the attack might have been done through this. That's how your IP may have showed up.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    i am running a proxy server.
    and i run nod32 av but its outdated and i hav no $$ for updates i was also running black ice IDS on the proxy but when i reformatted i forgot to put it back on. i should do that eh. im pretty sure its back door free but since i have outdated av software i cant be sure. anyone got ways to tes?
    THEprophetMOSES

  4. #4
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    I'd do some scans on your proxy (nmap/nessus). See what ports are open. Also check services that might be running as well. You might want to download The Cleaner to see if any trojans on are in (I'm assuming it's Win?)

    It could be a hoax (I'd find it really odd for someone to use ICQ if they have issues with you.. usually it's email) but at the same time doesn't hurt to be a bit paranoid about the proxy.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  5. #5
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Oh. And on the topic of him/her finding your ISP. That's the easy part. If they know your IP (which they do if you use ICQ) they can use whois to find out what ISP that IP address belongs to.

    I have to agree with MsMittens about dealing with these kinds of issues. If someone complained to your ISP about abuse, your ISP usually tries to contact you by email. In rare cases your ISP might use the phone. They rarely (if ever) use ICQ to contact you about this. If your ISP cannot reach you for some reason and they have strong evidence of abuse, they will just disconnect you and wait for you to call them.

    I do urge you to check your proxy configuration to make sure you don't run an open proxy.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  6. #6
    i am currently scanning the open ports on my proxy and will post the ones i find with a list of the legitamate ones and their uses. but i tried to view her details on icq and it showed her ip as "0.0.0.0" well thats great i thought! what would that mean and why would they do that. and why also would they say i was using commindico when im not.

    Oh and another thing, how were they able to trace me to arbornet when i used only fake info about myself. the only real information was my handle"THEprophetMOSES" and what hardware i have.

    and she said she traced me to commindico which is an australian isp and i live in autralia but i dont and have never used commindico as my isp!
    THEprophetMOSES

  7. #7
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    I'd say it's a hoax. If it is a rep of the company they certainly wouldn't hide their true IP address. (which is what the 0 addy is). I think it was a social engineering exercise.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  8. #8
    mmm... i guess so. but i think ill let my isp know anyway just incase something happens.

    thanks alot and keep sending new suggestions.
    THEprophetMOSES

  9. #9
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Originally posted here by THEprophetMOSES
    i am currently scanning the open ports on my proxy and will post the ones i find with a list of the legitamate ones and their uses. but i tried to view her details on icq and it showed her ip as "0.0.0.0" well thats great i thought! what would that mean and why would they do that. and why also would they say i was using commindico when im not.
    Your ISP may use some range owned by commindico. It's not uncommon for an ISP to rent IP ranges from bigger ISP's.

    Maybe you should check this out:
    http://postmaster.info.aol.com/ops.html

  10. #10
    Antionline Herpetologist
    Join Date
    Aug 2001
    Posts
    1,165
    I did a quick nslookup on 203.220.225.70, and the results were:
    Name: dialup-70.225.220.203.acc01-walk-gaw.comindico.com.au
    Address: 203.220.225.70
    Your IP is owned by comindico. That's why the person thought you were using Comindico. Also, are you going through a proxy at that address or is (was) that your real IP? If it wasn't your real IP, I don't think you have anything to worry about as they don't even know your real IP. Otherwise, I don't knw why it resolves to comindico.
    Cheers,
    cgkanchi
    Buy the Snakes of India book, support research and education (sorry the website has been discontinued)
    My blog: http://biology000.blogspot.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •