I am constsntly getting scanned by this one ip address and I wish to trace it to find out who it is.
How can i do this? thay are resenably strong attacks.
Printable View
I am constsntly getting scanned by this one ip address and I wish to trace it to find out who it is.
How can i do this? thay are resenably strong attacks.
What type of scan are they doing?
Go to the following website and do a whois search on their IP Address:
http://www.alertsite.com
It will tell you who owns the IP range, and will possibly give you a contact number for a techo who you can make a complaint to.
Good Luck..
You can find out who by getting the IP address from your firewall (You do have a firewall right?!) and plopping the address into Sam Spade. That'll tell you where and who to contact.
I wouldn't recommend going after them as it puts you in a position of potentially breaking the law. Contact their ISP (usually it's [email protected] -- whatever their isp.com is) and file a complaint. Don't be surprised if you are actually being annoyed by a code red, code red II or the latest MS worm/scanner, Deloder. It's not a direct attack but rather the work of left over worms and slow admins. ;)
why dont you scan his
he wi'll probably stop sacnning
lol
I tried that idea once, it just ended up in more people joining him to scan me more.... :mad:
Read my tutorial here http://www.antionline.com/showthread...hreadid=236583Quote:
I am constsntly getting scanned by this one ip address and I wish to trace it to find out who it is.
Are you completely sure it's a scan? I assume you are using Windows. I also assume you are using something like Zonealarm.
I thirdly assume you're running P2P software, Antivirus updates, Adware and a variety of other horrible promiscuous things.
As I said before in my tutorial, turn it *all* off, close *all* applications that could possibly want to use the network connection. If you're still getting "scanned", then your fears might even be real.
All these P2P evil things are a nightmare for IDS, they create loads of connections on every conceivable port number.
On no account should you "scan back" at the thing which is scanning you. Firstly, there probably isn't a human there to notice, secondly, if there is, they could take worse action against you (If it's your ISP they might decide to close your account)
could also be that u are on a lan, because many times when people play online games, the games scan for ports, and so fourth, for connections and ping time ****. those are mostly harmless though. i do suggest that u read some tutorials if u are not familliar with this subject. That guys tutorial is good.
I have found that I've never been scanned by the same IP twice once I've opened two times ten to the seventyth embryonic tcp connections with their host.
Just kidding.......
Kind of :D
Thanks guys, yes slarty we are curently running windows XP and do have a fire wall and running Zonealarm. (thay keep on hitting us and id like to find out where it is comming from)
I wouldnt wast my time scanning his. not worth the hassl. :)
I am no expert but I too was being scanned all the time and decided to take action like you. I was running ZA as well. What ports are being scanned? www.grc.com is a very helpful site. I was getting hit on 137 (15,000 some times) and it shows you how to disable NetBios and the like, since then I haven't been scanned once!
Hope that helps :p