January 15th, 2004, 02:38 AM
Denial Of Service Attack
Hello Our firewall was recently hit witha hacker . I back traced it with my software , got all the bounce points, 12 of them the last bounce point was mercury.wlcom.mx then it has for the last trace a done and blanks. I have someone investigating it apparently what their ip security experts are saying is that the done is the actual hackers ip address blocked by a firewall., I do know how he may have gotten my ip . because when we go into chat rooms on MSN it records you're ip , one of the ways ,so anyway to get this guys ip i have tried looking for this mercury thing , but as he said a good hacker will change the host name but not the ip address. he said its like a signature? anyideas , how i can stop this I run xp my firewall is great , and so far nothing has gotten through, however my dad used to say a lock only keeps honest men honest , if someone wants it they will find a way to get it . so if i have an ip and its legit , but the host name isnt how do i find t?
January 15th, 2004, 03:03 AM
I don't know exactly what you want. The host name is irrelevant if the IP wasn't spoofed. Essentially, you need to report this to someone. From what I can gather, you were DoSed. It apparently didn't do anything. I would report it to your ISP and send them all of the logs and traces you have of the event. The Federal government also has a site you can report this to. One of the other members may know the site, it has slipped my mind. I think it's the FBI, I'm just not sure.
Make sure you do not retaliate in any illegal way. You'll only create trouble for yourself.
Edit: Just for the hell of it, try a reverse lookup on the DNS. Just lookup the IP, and see what hostname is resolved.
Real security doesn't come with an installer.
January 15th, 2004, 03:22 AM
The website for reporting incidents is http://www.infragard.net and it is a partnership between the FBI, private businesses, and academic institutions. There is a link on the side of the main page for incident reporting.
\"Any sufficiently advanced technology is indistinguishable from magic.\" - Arthur C. Clarke
January 15th, 2004, 03:34 AM
Real security doesn't come with an installer.
January 15th, 2004, 03:45 AM
Denial of service attack
HEY GUYS, I have tracked it down the last bounce was pacnet in singapore I have sent an email to them asking them to track this guy down. You guys are great thanks for all the help , I really appreciate it.
January 15th, 2004, 04:26 AM
hey the infra website requires security clearance even to post or a background check?
January 15th, 2004, 09:57 AM
Have you at least contacted your ISP and complained to them? They should have detected the attack and re-routed it (a common response by many ISPs). Since quite often the AUP and QOS indicate 99% uptime and someone external was damaging your access, it would make sense to notify them and get them involved. They may be able to help you take it to the authorities.
In addition, do not rely on the IP address. DHCP is an effective tool used by administrators to manage large networks. Seriously, you should be talking with your ISP. Infragard is meant for businesses, academics and other organizations, not individuals.
January 15th, 2004, 10:08 AM
I spoke with my isp , which is verizion, which sux, by the way, and the y told me it is not their problem, they told me their job is to simply connect me to the internet. They told me if I wanted to email it to security , that it would get placed in a log file , with all the rest and would be handeled when they got "around" to it. I asked , well is verizion gonna buy me a new computer , when a hacker , gets into mine and destroys it because you guys took so long? they then told me the above statement. I hung up . They told me there is nothing they can do.I have the xp firewall running as well as the one that saved my butt. so hopefully that gives me a little added security.I do know that when both firewalls , are active . when I do a port scan test , no ports show up as open, compared with when one firewall is open a few "service "ports appear open. Guys thanks for all your support on this. I was telling my wife , if we would have had black ice, supposedly we could flood the hacker, but we really couldn't because we have no idea who it is
January 15th, 2004, 06:04 PM
sigh, sometimes I wish their were more broadband providers since if you get one that won't repond to concerns you are SCREWED. It is odd though that an ISP wouldn't respond to a DoS attack? Perhaps you could call back and talk to another person or ask for their internet abuse department and get past level one or two of their call support structure. Or change ISPs, if you have DSL chances are there are many others who can handle the ISP or Networking part of it.