scanning the scanner

[TidaLphasE23]

hello all as mentioned in previous posts (too many) i recently discovered a
trojan on my computer and was at a loss as to fixing the problem until i visited
this site and received helpfull info to solve this...thanks again.. since then i have
re-installed norton a/v and sygate pfw......... i am running these two programs
together and it seems seems to be working o.k...... is this recomended or will
it create a conflict and hinder my security?????..... i have also installed neotrace
and have tried to use this without much success(i dont know how to use it) due
to my lack of knowledge in this entire field.... i am very interested in learning how
to operate this item and excited that it is possible to scan the scanner....... are
there any more tools that will help me to achive a basic understanding of securing
my p/c.. any help at all greatly appreciated......

p.s. should i refrain from posting these sorts of questions and just do a search
for related material???????? any points into the right direction to get me on my
way to learning more will be kindly accepted..........thanks again..........

[Jnet]

The two programs use two different methods to prevent attackers, so in theory the two should be able too co-exist.
A virus checker is designed to prevent virus by scanning files for malicious programs, this could be trojens virus' or back doors. A firewall (in this case sygate) is designed to prevent certain connections to your computer which are unwanted or could lead to malicious intent.

Having the two installed is usually recomended.

Scanning the scanner, Hmmm! Most 'scans' on the internet are done automatically by virus on other insecure machines or by script kiddies (people who think its uber to do so with no knoledge of how or why) , if you scanned a scanner the probability is that you would find an insecure machine or a script kiddie.

Scanning a scanner (or anyone else) is usually banned by most isps and people who host web servers have the power to trace you and have you banned permanantly from your isp!

[TidaLphasE23]

BANNED??????????
TRACED??????????
BANNED PERMANANTLY??????????

now i am really confused???????????????? i thought that downloading and using
neotrace was totally legal. cant you use this to report the ilegal scan in the first place
help needed.thanks.......

[Jnet]

I think it was either me not reading / comprehending your question or just bad phrasing!

I think you meant to say was that you were intrested in tracing attacks. In this case it's perfectly legal to report the attacker as long as you don't use any other form of retaliation.

Is this the answer you wanted, or does someone better at explaining need to explain it?

[HTRegz]

Wow.. I wasn't sure who to quote on this one.. so let's see what I can do...

Scanning a scanner (or anyone else) is usually banned by most isps and people who host web servers have the power to trace you and have you banned permanantly from your isp!

Are you sitting here making things up Jnet or what? Anyone who knows what their doing will trace a scan back. Your IP pops up and boom, I know who you are and can contact your ISP. It has nothing to do with people who host web servers. I know hosting companies who's admin's know less than most of the noobs that come here.. I also don't know of very many ISPs who will ban you for running scans. They may say they will, but I use nmap on a daily basis and have yet to be banned.

i thought that downloading and using neotrace was totally legal.

Neotrace isn't scanning software (scanning usually refering to port scanning). It is simply a graphical trace route program, that maps the users location based on the route it follows. It is perfectly legal to use this software, it is just a 3rd-party gui version of something that is shipped with your OS.

i have also installed neotrace and have tried to use this without much success(i dont know how to use it) due to my lack of knowledge in this entire field.... i am very interested in learning how to operate this item

There's really nothing to learning how to operate this software. Simply type in the hostname or IP address you wish to trace and hit go. If you aren't getting results check to see if your firewall is blocking ICMP Type 30, or just straight away set-up a rule to allow ICMP Type 30. If you want more information on TraceRoute and how it works. Check out RFC 1393. RFCs define, to put it simple, the internet and how it operates. http://www.rfc-editor.org/ will give you more information on RFCs. You can also read RFC 1393 there.

[TidaLphasE23]

thanks Jnet for the stress releif....... my question was regarding the correct use
of the neotrace program. thanks again........

thanks HTRegz 4 the info... a second opinion always provides a different outlook..
will try the links you provided..... thanks again...

[CraZy_AhmaD]

also with neotrace you can find the isp that the attacker use and the e-mail of the abuse account and send them the logs and hope they are doing something against abusing...

[st1mpy]

hehe thats you can HOPE ... i had few problems like that some kidd from school got my ip on irc an ye ye ... killing me with some crap nuker an ya sended logs to isp nothing happent they said they gona look into logs an fix it but nothing happent so i had to take it onto my own hands i cought him in school an you know what happent later

[Tedob1]

although neotrace is a very easy program to use and gives the isp, from past experiance (maybe its changed) its gives the origin of a transmission as the owner of the isp so say you tracert someone on aol they automatically are located in Dulles, VA.

i like using the tracert in sam spade. it dosn't have a graphical map but its easy to save to log or get the abuse address for different isps

i have to fully agree with HT. scanning anybody is not against the law and i too scan on a regular basis without a peep from anybody.