March 31st, 2003, 09:27 AM
contact or message a hacker and ask him /her to kindly leave my machine alone?
got one hacker who is fairly persistant and the firewall keeps picking them out.
experience shows the firewall dont always block what it says it blocks so want to send the guy a net message and say go away i aint got anything of interest..
March 31st, 2003, 10:05 AM
Maybe you could reverse scan his machine, start finding out some information on this guy; See if he has any DNS entries, and if so a contact email somewhere.
What you should do is just straight up complain to his ISP and get him cut off.. chances are he's a script kiddy running a windoze scanner. Scan him back... If he fingerprints a windoze 9x box, call the po - po (actually, his ISP I mean.. hehe)
If he's at least.. probably using nmap and linux, and you want to be 'nice' then do a dnslookup on him, find some contact info somehow, preferably an email, and start there.. hopefully he still uses the e-addy from his entries. If he doesn't reply, or even replies with "I dunno what your talking about" crap, well... I bet you he'll stop scanning your machine.
March 31st, 2003, 10:08 AM
First of all, are you sure that its a hacker who has gained access to your computer, or are your firewall logs just saying that someone has attempted to do something malicous? If you are certain and you have proof that someone has violated your system, and your firewall has some evidence from the attackers ip, then you could try to send an email to your ISP asking him if maybe thay can help. I dont think there is a way of sending the attacker a "net-message" since you have no idea what OS he might be using, if the ip is his real ip, basicly you know nothing about him or even if you have been hacked. Theres nothing you can do "legally" if your firewall has blocked any connection attempts. My firewall gets hit all the time by all kinds of different things, some are worms, some are kiddies scanning my box and looking at ports 1234, 12345 etc, and even some netbios attempts. All that does not mean that i have been hacked. One way would be (if your sure that you have been hacked) would be to leave a "Dear_hacker_please_readme.txt" inside your c:/ drive. Make sure that your patched, get a trojan cleaner at www.moosoft.com and scan yourself, and make sure you have an upto date antivirus running. Thats the best you could do for now. How ever if you wish to go deeper into securing your computer by using IDS, advanced firewalling, etc... then have a look at previous posts that have been made here on AO so far. Also the tutorials section has alot of excellent information on how to secure your computer. Good luck to you. Ahh, one more thing, maybe you could post your firewall logs here so we can take a little look.
ch4insaw, i think thats a bad idea. Its wise to stay legal about all this, and scanning him back and "stuff" like that is not a very good idea. Especially if its not an attack, if its just normal internet traffic that likes to fill in firewall logs with garbage, then you would be scanning an innocent computer that might not like that. Its better to just try to secure you computer and ask the ISP for help.
Ubuntu-: Means in African : "Im too dumb to use Slackware"
March 31st, 2003, 10:48 AM
However, in the case of his own ISPs machines, and standard internet traffic, both are fairly recognizable. Stupid software firewalls like Zonealarm tend to make the average user frightened until they realize what is normal...
I think this guy is... a competent computer user, but, maybe inexperienced. I still think it wouldn't hurt to look up his DNS entries to see if it's a ISP owned machine, or some other corporate machine doing standard whatever on the internet, or whether or not it's a personal computer in a pool assigned by a major ISP. You can usually make a pretty good educated guess just by looking at his hostname.
But I do think he should dig on this guy a little. Yes, nothing illegal... but information is free. And, to scan the guy, sniff out his OS.. isn't illegal - As long as he's not like leaving the country to do it, and using illegal encryption etc - He's not breaking in, and he only has to do it once...
But that was an awesome idea though, and quite simple and effective... the one about leaving the text file.... My addition would be to simply add the research info on this guy to the text file (his DNS entry, service provider, etc.) so he knows that you are serious about going to the ISP/Authorities about it.
March 31st, 2003, 11:27 AM
yep yep yep
dont want to go doing anything that make me the illegal one.
am running blackice , Norton 2003 and couple of anti trojan toys as well so should be fairly secure. I do have my settigns on high alert so expect quite a few . however most seem to be for up to like 15 attacks and then tyhey go away.
This one guy has been on and had over 300 goes which is why I feel like its a bit more that normal probing. tried releasing my ip address to get a new one but dont want to be off line as liong as it takes my isp to do that.
just getting the cleaner downloaded. is it Good? is it the best?
thanks for the above posts will get myself a dear hacker file.....
March 31st, 2003, 11:33 AM
The cleaner is great software peelja...
I also noticed you didn't mention any spyware removal software in there. In case it's something similar to the IPinsight thread, maybe your computer is sending information and receiving other information from a peice of spyware....
http://security.kolla.de/ You can download Spybot S&D from here, it's definately worth having
Also if I were you.. I'd listen to instronics... what ch4insaw is suggesting is a bad idea... You don't want to wind up doing something that could get yourself in trouble... It's very possible the attacker, if it is an attacker, is hiding behind another persons machine or spoofing their address... then you wind up scanning someone else and they get suspicious and see your IP and report it... best to stay away from any type of retalitory tactics.. Vigilanty justice is never a good thing.