I've been hit!
Page 1 of 3 123 LastLast
Results 1 to 10 of 24

Thread: I've been hit!

  1. #1
    Junior Member
    Join Date
    Oct 2003
    Posts
    26

    I've been hit!

    This is my first post, hooray. I've always been very familiar with computers, programming, diagnostics blahblablah but I am now intrested in security and forensics for this reason:
    Someone is messin with me. I have Norton Firewall installed on my machine, and it's picking up attacks from someone who is on the same campus as I am. I have their IP address, but I dont know what to do with it other than look it up on antionline ip lookup. Whatever advice anyone can give me would be great, I'm sure whoever is doin this will be suprised to have a 250 pound jocknerd knockin on their door. Thanks.
    By the way, I'm not intrested in hearing about what of kind a newb I am or whatever

  2. #2
    Ninja Code Monkey
    Join Date
    Nov 2001
    Location
    Washington State
    Posts
    1,027
    The more appropriate question is just what do you plan on doing? If indeed someone is attacking you, striking back is not much of an option since you are just going to open yourself up to liability and whatever trouble that may come after. Your best option would probably be to collect your logs and take them to the campus computer geek office and report to them what is going on. They'll be able to work with you to get this matter resolved.
    "When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
    "There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
    "Mischief my ass, you are an unethical moron." - chsh
    Blog of X

  3. #3
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407
    What types of things was your firewall picking up?

  4. #4
    Junior Member
    Join Date
    Oct 2003
    Posts
    26
    Yeah. I was being sarcastic about actually knocking on their door, but what if I wasn't on a campus or network with a helpdesk or techsupport? What if I needed a name or a buisness name to file a lawsuit? Not that I plan to do any of this, its just that I dont like the idea of someone trying to get into my computer without me being able to know whos on the other end. Much like a peeping tom looking at you through a one way window, you know what I'm saying?

    orgname, orgID, address, city, state and all that. but the IP lookup tells me its coming from kansas city, which is different from all the other stuff there is. So could it be someone is kinda bouncin around trying to get into my pc?

  5. #5
    Ninja Code Monkey
    Join Date
    Nov 2001
    Location
    Washington State
    Posts
    1,027
    It could be any number of things. The most likely situation would be that the ip is part of a block assigned to an isp based in one region, but assigned all throughout a larger part of the country to the isp's subscribers.

    The end of this situation would be quite similar to the campus problem. If you suffered a real break in you would need to pull the power plug on your box and contact the authorities so they may do a forensic examination and collect the appropriate information. If it's not enough for all that the most you can hope for is figuring out what isp owns the ip that the traffic is coming from and contacting one of their network admins via the information found in a whois of that domain (www.arin.net) and having them further investigate the users activities and taking the appropriate action.
    "When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
    "There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
    "Mischief my ass, you are an unethical moron." - chsh
    Blog of X

  6. #6
    Member
    Join Date
    Jul 2003
    Posts
    38
    Just a side note, Juridian if you did suffer a real break in and you needed to collect forensic evidence you would not pull the plug on your box. The power down could have undesired effects. You would disconnect from the network, note any running processes, and what may have been going on. Then when your local network guru or whomever you call for help arrives they can take the appropriate measures, i.e. complete disk to disk dump etc.

    Just my spare change
    AZE

  7. #7
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    I have Norton Firewall installed on my machine, and it's picking up attacks from someone who is on the same campus as I am. I have their IP address, but I dont know what to do with it other than look it up on antionline ip lookup
    How do you know this person is on your campus?
    if you have their IP and you know that it belong on your campus.. Why do you need to do a IP search?
    Surly the Campus Sys Admin would be interested in hearing your problem.. knock on his door with your firewall logs.. and let him/her worry about it..

    EOS
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  8. #8
    Junior Member
    Join Date
    Oct 2003
    Posts
    26
    the firewall tells me that its from the campus, because it says the university name in it, and the IP the same as mine except the last few digits. but the firewall locator tells me that its in kansas city, which is 1000s of miles away....

  9. #9
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    the IP locater usually relies on "Whois" database info.. the registered office for the campus domain is probably in Kansas..

    Take the prob to the Campus Sys Admin..

    EOS
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  10. #10
    Junior Member
    Join Date
    Oct 2003
    Posts
    6
    you can trace the ip with visual route or simply running of the command propmt tracert IP address. which will give you the exact information about the attacker. Next time when your firewall shows that an attack is being launched on ur system ping the IP address or trace it as mentioned above, probably the person is doing Spoofing and pretending to be someone inside ur network.
    Life is like an ice cream enjoy before it melts.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •