Firewall Advice Needed !
Results 1 to 9 of 9

Thread: Firewall Advice Needed !

  1. #1
    Member
    Join Date
    Jul 2003
    Posts
    36

    Firewall Advice Needed !

    Good evening to everyone reading this !

    Right, down to business. I'm running McAfee Firewall and while it's operating it will log the IP address of any computer that tries to scan my ports. If I wanted to find out where such PCs were based, is there a tool I could use to track their IP address ? I'm interested in finding out if I'm regularly being scanned by the same person (highly unlikely I know, and I'm aware that the IP address can be faked also, but I'm a newb so I'm curious).

    Thanx all,

    Dom


  2. #2
    Senior Member
    Join Date
    Aug 2002
    Posts
    547

  3. #3

  4. #4
    Junior Member
    Join Date
    Jul 2003
    Posts
    4
    you could use neotrace if you can find a copy as neoworx where taken over by mcaffe, however it features a graphical route tracer which shows the attackers location on a world map, and also some information on the attacker.

  5. #5
    Member
    Join Date
    Jul 2003
    Posts
    36
    Cheers for that fella - I went on and stuck in the IP and apparently that computer is located somewhere in Leeds. Pretty nifty stuff !!!! In fact when I checked on Firewall I found this dude had tried scanning me 3 times so far in the last half an hour. Scary stuff.

    Another question - when your Firewall blocks a data packet that has been sent to you, does that mean someone has tried to "ping" your PC ???

  6. #6
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    "Sunny" Bolton???.......you might try Sam Spade v1.14 or better. it is a pretty comprehensive internet analysis tool.

    Please read the guidelines first, as it warns you about the etiquette of using some of its components.......I would not want you to get into any trouble!!!

    BTW, just because you get scanned, does not mean that the owner of the PC is doing it...there are plenty of Bots and RATs around, so their machine may just be infected.


    Cheers

  7. #7
    Senior Member
    Join Date
    Feb 2003
    Posts
    282
    I went on and stuck in the IP and apparently that computer is located somewhere in Leeds. Pretty nifty stuff !!!!
    The internet provider who owns the ip address is the location that will show up, not nesisary where the person lives. Friend of mine had Rogers Cable, same as me, his IP says located in somewhere in US, can't remember the state, but He lives in Canada Ontario.

    The own of the ip address is whos location is found, a customer assigned the ip, may live in another country or state.

  8. #8
    Member
    Join Date
    Jul 2003
    Posts
    36
    Righto Journy. And there are a number of different ways of getting around giving away your legitimate IP, such as "spoofing" (is that what you call it ?) or using a service like Anonymiser, right ?

    Nihil...yep, u guessed it - "sunny Bolton", typed with a heavy hint of sarcasm. You mentioned BOTs and RATs - I've heard of BOTs before but not RATs, would you mind telling me what they are ? I presume some sort of automated programs but other than that I'm clueless.

    Another question - how do you "spoof" and IP address (if that is what it's called). I don't mean give me step by step instructions, but just an explanation of how it works would help.

    Cheers again to all for your helpful posts - I'm learning quickly !!!



    Okay, now time to be really unpopular - have just realised that I've posted negative antipoints by mistake. Can I mail to the administrator to change their status ? Sorry but late and should just go to bed but was interested.

    Doh !

  9. #9
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hi Dom,

    Yes we get your unused rain over here on the East Coast. In answer to your question, a RAT is a "Remote Access Trojan"......basically it opens a backdoor, and the victim PC can be hijacked in flight, when it is connected. Tends to be a problem for ADSL/ISDN, always on type connections. It basically means that the victim's PC can be used for whatever the RAT owner wants.

    I still recommend Sam Spade (free for private use) as it is pretty comprehensive.

    You mentioned 15 minutes? it is just (only just) possible, that your man was on an internet gaming session and got cut off. If his opponent then logged out, you might have picked up his ID (only if you use the same ISP) and the man's machine was trying to contact that ID. This would have to be in the first 15 minutes that you were logged onto the internet.

    Leeds? might I suggest a squadron of Tornado GR4's in a dawn raid....can't be too careful

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •