Printable View
After having problems, i installed Zone Alarm last week. I've had several attempted attacks from someone using my ISP. Is there a way to learn the name of the person who is doing this? There have been other attempts, but i'm especially interested in finding the person on my ISP.
How many attempts should i allow before turning them in to our ISP?
Why doesn't this person realize that i now have a firewall and now quit trying before they're caught????
Thanks!
I use a program called NeoTrace Pro...it traces the ip and shows you all the hops. Then it checks if it is a registered ip. If it is it gives you all the information, including contact phone numbers.
This is unlikely for someons on your isp, but it is worth a try.
I hope you're not just assuming every hit on your firewall is attempted hack. If you look more carefully, I think you will find that attempted hacking incidents are actually few and far between.
Well easy got victim IP traceout address i mean u can either goto whois.net or use ant traceout program and u can trace the IP from where the person is attacking.Quote:
Originally posted by jinkies!
After having problems, i installed Zone Alarm last week. I've had several attempted attacks from someone using my ISP. Is there a way to learn the name of the person who is doing this? There have been other attempts, but i'm especially interested in finding the person on my ISP.
How many attempts should i allow before turning them in to our ISP?
Why doesn't this person realize that i now have a firewall and now quit trying before they're caught????
Thanks!
U can use NeoTrace for this quite a good program and u can also check if the victim is preinfected by any trojan if it is infected u can hack that.
One of the best thing u can do to the person is DOS ATTACk which can do any three of the following things to ur victim.
Crush Windows
Hang Computer
Restart
Kakokool, that wasn't very mature.
Jinkies, if they are on your ISP, it should be a simple matter. Just call your ISP, and tell them your problem. I would call them when you're pretty sure it 'just won't go away', and that 'it isn't an accident.'... Use your best judgement on that.
You ISP keeps (or damn well ought to) logs with who was on what IP at what time, so just give them all the information you have to that effect, explain your concerns, and see if they can help you. Even if they aren't about to boot the user off the network or do something on their own (ISP), they *might* give you the name of the guilty party, although that's sort of unlikely given privacy concerns.
Just a word of warning, some firewalls call anything they don't know about specifically 'an attack', so don't be *too* certain that it is something malicious. It could be a case of mistaken identity, or something automatic and benign.
I realize that not every attempt is malicious. But somebody had been messing with my computer before i installed the firewall. And after about 10 attempts from this person(s) on my ISP in less than a week, doesn't that sound suspicious?
What do others consider criteria for concern about attempts?
I get 'attacks' about every 5-6 minutes at the moment and a bit over a week ago were getting them every minute or two. These were mostly due to the infamous nimda worm. Most of these have stopped but one certain ip on my isp sometimes starts scanning me and does at random intervals between 5 - 15 minutes(im trying to work out the pattern).
Anywayyyyyyyyyy...the point is that it can be something harmless....what port is it on? Or ports...
LoL AT LEAST once every 5 min or so... It does not mean that a person is sitting at a PC trying to hack your PC specificially..
If it is the same IP address every time, you can use various methods to resolve that IP to a hostname. For example, you can open up a MS-DOS window (assuming you're using Windows) and type without quotes "tracert xx.xxx.xxx.xxx" where the x's are the numbers of the IP address. If it resolves to a domain you can recognize, then you can use whois as others have described above.
If it isn't the same IP every time, then you've probably got somebody that is using a dialup account....if you're lucky, you can resolve the IP using tracert and then use whois and you can give the ISP a phonecall.
This method works as well as any program you would download, but without the download.
Keep in mind, it could very well be Nimda or another worm like it -- if the host is something like "mail.school.edu" then that's probably what you're dealing with.
Best of luck!
There was one attempt to connect to port 137. Thats a DoS attack, right????? That was one of the problems i was having before i installed zone alarm.
All the rest were attempts to port 520. What could that be?
Thanks for all the help, everybody.
There was one attempt to connect to port 137. Thats a DoS attack, right????? That was one of the problems i was having before i installed zone alarm.
All the rest were attempts to port 520. What could that be?
Thanks for all the help, everybody.
Looks like Port 520
(http://www.networkice.com/advice/Exp...20/default.htm) has to do with routing, which could either be benign or malicious, depending on what they are trying to do... I'm not sure, but I don't think they have a good reason to be trying to get to that port unless they are a router.