|
-
February 29th, 2004, 04:44 PM
#11
There are two types of ip addresses. Static and Dynamic. It seems from the snippets of your firewall log that the person attacking your computer is using aol (AC84AE6E.ipt.aol.com) . AOL uses dynamic ip addresses, meaning everytime someone comes on, they get a new ip address. Static is the total opposite. You get the same IP addresess everytime. this is more for broadband. also, upon closer inspection of the ip addresses from your board and from your firewall logs, theyre not the same. the only thing about them that is the same is that they are from AOL. you can't say that so and so is attack your computer without more concrete proof than similar ip addresses. remember one thing about aol...it is a breeding ground for script kiddies....
slick
[edit] MsM beat me to the punch again.  [/edit]
\"Look, Doc, I spent last Tuesday watching fibers on my carpet. And the whole time I was watching my carpet, I was worrying that I, I might vomit. And the whole time, I was thinking, \"I\'m a grown man. I should know what goes on my head.\" And the more I thought about it... the more I realized that I should just blow my brains out and end it all. But then I thought, well, if I thought more about blowing my brains out... I start worrying about what that was going to do to my goddamn carpet. Okay, so, ah-he, that was a GOOD day, Doc. And, and I just want you to give me some pills and let me get on with my life. \" -Roy Waller
-
February 29th, 2004, 04:45 PM
#12
Nihil i believe that the special agents now are equiped with USP pistols and MP5s  ...
-
February 29th, 2004, 04:52 PM
#13
Junior Member
Originally posted here by Coder365
do a whois (in windows) get to you command prompt then type in: tracert x.x.x.x (ip numbers)
I did this on three of IP's and the trace timed out 30 times each... What am I trying to find?
Thanks!
BTW- A HUGE thank you goes out to all that have replied to my problem!!!
-
February 29th, 2004, 04:55 PM
#14
I did this on three of IP's and the trace timed out 30 times each... What am I trying to find?
Usually to find out if the machines are up and alive. This won't always work given that AOL has dynamic addressing (machines go up and down) and/or firewalls prevent ping response (something you can set on your firewall if you want). By preventing ping/ICMP response, you are "hiding" somewhat whether you are online.
-
February 29th, 2004, 04:58 PM
#15
Junior Member
Originally posted here by MsMittens
You know, this sounds childish. If you are serious about dealing with this, then honestly, act serious about it. Whatever issues happened in the past should remain there. Otherwise, it may look like a vendetta (attempting to prove someone did something wrong based on assumption and anger when they didn't do anything).
The only thing I meant by them having issues and back-stabbing is I think they are capable of doing this and would do this to her friends/family. The web hosting guy is sending the proof to the friend and she is going to report her to the police.
-
February 29th, 2004, 05:03 PM
#16
The only thing I meant by them having issues and back-stabbing is I think they are capable of doing this.
Anyone is capable of doing an attack and having the desire to attack. AOL is (was?) a haven for "scriptkiddies". Your machine may look like an inviting target because of the OS you run. Your forum board may be an inviting target if it has known flaws in it. Be careful that you don't immediately assume that any attacks are in fact from this person and not from a third party. All that an IP can tell you is the IP address of the machine at the time of an attack. It doesn't tell you who was at the keyboard when the attack happened.
-
February 29th, 2004, 05:10 PM
#17
Junior Member
Originally posted here by MsMittens
Anyone is capable of doing an attack and having the desire to attack. AOL is (was?) a haven for "scriptkiddies". Your machine may look like an inviting target because of the OS you run. Your forum board may be an inviting target if it has known flaws in it. Be careful that you don't immediately assume that any attacks are in fact from this person and not from a third party. All that an IP can tell you is the IP address of the machine at the time of an attack. It doesn't tell you who was at the keyboard when the attack happened.
That is why I came here, to find out if I can even tell if it was her or not.
I would never accuse anyone of anything with out rock solid proof.
I have Windows ME. McAfee Virus Scan and McAfee Personal Firewall
Thanks for the replies, they have been very helpful!
-
February 29th, 2004, 05:17 PM
#18
The only thing I meant by them having issues and back-stabbing is I think they are capable of doing this and would do this to her friends/family. The web hosting guy is sending the proof to the friend and she is going to report her to the police.
Uhhh.. Why isn't he reporting it to the police if his machine/server was the one broken into? or did I misunderstand something?
I have Windows ME. McAfee Virus Scan and McAfee Personal Firewall
Hrmmm.. I'm not overly familar with ME but McAfee Virus I am. And I suspect the firewal ties in with the virus package. Right now, based on what you've presented there is little that you can do to "prove" who might be attacking you. I'd even go as far as to question whether this is even an attack at this point.
But you can do some things to prevent any potential attack from happening.
- Check the logs of your firewall regularly. Anything unusual happen?
- Check for unusual processes running in memory. TaskManager should be able to help (someone help me here: is there a "task manager" in ME that's brought up with the CTL+ALT+DEL?)
- Ensure that your anti-virus signatures are up to date
- be extremely careful about any attachments received in emails (viruses and trojans are often sent this way)
- download and install some spyware detection software (CWShredder is a good one as is HiJackThis!; Ad-Aware is another as is SpyBot -- Google can help you find these and many are free/shareware)
- ensure that your OS has all necessary patches/fixes. Microsoft, IIRC, has a WindowsUpdate feature that can help you with this.
- Be aware and alert; educate yourself on some of the risks.
-
February 29th, 2004, 05:32 PM
#19
Junior Member
Originally posted here by MsMittens
Uhhh.. Why isn't he reporting it to the police if his machine/server was the one broken into? or did I misunderstand something?
The machine was not his. It belongs to a friend. He helped this friend get proof and is sending it to her.
I'd even go as far as to question whether this is even an attack at this point.
That's what I want to know, how can I find out if there has been an attack?
-
February 29th, 2004, 05:40 PM
#20
That's what I want to know, how can I find out if there has been an attack?
Based on the information provided, I don't think there has been one. What makes you think there has been an attack beyond the pings? Do you have more information beyond that? Does you firewall have more attack information (check the logs of the firewall)? Is there anything else that makes you think your machine has been broken into?
You need to check your system to see if data has been altered, if there are extra processes running, if things don't seem to be reacting the way they are supposed to (mail is marked read as you've downloaded it or before you read it), passwords get changed, you're logged into forum(s) twice -- eventhough you've only logged in once.
I don't think (although I could be mistaken) that ME has the capability to log activity done on the machine (accounts changed/added, etc.) as it was designed for simple home use rather than active logging/auditing (security in mind as it were).
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
