So How Come Persons at gov agencies trace the Hacker,they do get arrested right and also how do you trace someone who has tried to access your pc from outside the lan network but the default IP adress is showing one of your own LAN PC
Printable View
So How Come Persons at gov agencies trace the Hacker,they do get arrested right and also how do you trace someone who has tried to access your pc from outside the lan network but the default IP adress is showing one of your own LAN PC
Because they (government people) have things like "deep pockets" or "lots of resources" and "warrants". "Warrants" are things that make ISPs go "Ewwwwwwwwwww" and hand over their user lists and the associated IPs.Quote:
So How Come Persons at gov agencies trace the Hacker,they do get arrested right and also how do you trace someone who has tried to access your pc from outside the lan network but the default IP adress is showing one of your own LAN PC
If someone has tried to access your machine from outside the lan and it's showing the machine's IP (if I'm understanding you correctly) it's usually one of two things: not actually someone outside but the machine itself accessing itself or it's a spoof (which means you're router/firewall isn't configured to prevent this). You might want to fire up a sniffer to truly see traffic that is coming to your machine. You then should see the real IP. I'd also double check your firewall/router to ensure it denies packets or connections attempting from outside the lan to into the lan like localhost (127.0.0.1) and private/reserved addressing from outside (10.x.x.x, 172.16.x.x, 192.168.x.x). These addresses should never be sourced from the Internet.
I had to shut down NetBIOS/RPC traffic logging as well as broadcasts. Seems like people on cable around here are VERY friendly. ;)Quote:
Originally posted here by Tiger Shark
It's quite possible that they are coming from within my ISP's block and their routers are letting it run internally to their network because of some monitoring software or whatever that they use for management but I do see them from somewhere.... It's just sorta impossible to tell where from... If I think about it I'll take a look at the TTL and see if they are inside the netblock or not. I know I block my broadcasts because I had to stop logging the "deny"s about an hour after I turned it on.... :rolleyes:
Uhh yeah, it would be. Might even violate the AUP.Quote:
If it is inside the ISP's netblock I'll have them track down and talk to the owner because they are spamming Messenger stuff and, as far as I know my ISP doesn't have private customers, (I think they are all corporate/small business), and I'm pretty sure Norm would agree with me that it is a tad out of order.....
OK, I still had some captures save so I took a quick look.
Assuming someone isn't playing with the TTL's just to be an azz the TTL's imply around 10-20 hops. Funnily enough the messanger popups come on groups of 2-4 all at once. The IP addresses they purport to be from are all different but the TTL's are all the same in each group.... Funny huh? ;)
So the upshot is that my ISP allows anything through and it seems like the spammers aren't inside the ISP's netblock.