I am constsntly getting scanned by this one ip address and I wish to trace it to find out who it is.
How can i do this? thay are resenably strong attacks.
Printable View
I am constsntly getting scanned by this one ip address and I wish to trace it to find out who it is.
How can i do this? thay are resenably strong attacks.
What type of scan are they doing?
Go to the following website and do a whois search on their IP Address:
http://www.alertsite.com
It will tell you who owns the IP range, and will possibly give you a contact number for a techo who you can make a complaint to.
Good Luck..
You can find out who by getting the IP address from your firewall (You do have a firewall right?!) and plopping the address into Sam Spade. That'll tell you where and who to contact.
I wouldn't recommend going after them as it puts you in a position of potentially breaking the law. Contact their ISP (usually it's [email protected] -- whatever their isp.com is) and file a complaint. Don't be surprised if you are actually being annoyed by a code red, code red II or the latest MS worm/scanner, Deloder. It's not a direct attack but rather the work of left over worms and slow admins. ;)
why dont you scan his
he wi'll probably stop sacnning
lol
I tried that idea once, it just ended up in more people joining him to scan me more.... :mad:
Read my tutorial here http://www.antionline.com/showthread...hreadid=236583Quote:
I am constsntly getting scanned by this one ip address and I wish to trace it to find out who it is.
Are you completely sure it's a scan? I assume you are using Windows. I also assume you are using something like Zonealarm.
I thirdly assume you're running P2P software, Antivirus updates, Adware and a variety of other horrible promiscuous things.
As I said before in my tutorial, turn it *all* off, close *all* applications that could possibly want to use the network connection. If you're still getting "scanned", then your fears might even be real.
All these P2P evil things are a nightmare for IDS, they create loads of connections on every conceivable port number.
On no account should you "scan back" at the thing which is scanning you. Firstly, there probably isn't a human there to notice, secondly, if there is, they could take worse action against you (If it's your ISP they might decide to close your account)
could also be that u are on a lan, because many times when people play online games, the games scan for ports, and so fourth, for connections and ping time ****. those are mostly harmless though. i do suggest that u read some tutorials if u are not familliar with this subject. That guys tutorial is good.
I have found that I've never been scanned by the same IP twice once I've opened two times ten to the seventyth embryonic tcp connections with their host.
Just kidding.......
Kind of :D
Thanks guys, yes slarty we are curently running windows XP and do have a fire wall and running Zonealarm. (thay keep on hitting us and id like to find out where it is comming from)
I wouldnt wast my time scanning his. not worth the hassl. :)
I am no expert but I too was being scanned all the time and decided to take action like you. I was running ZA as well. What ports are being scanned? www.grc.com is a very helpful site. I was getting hit on 137 (15,000 some times) and it shows you how to disable NetBios and the like, since then I haven't been scanned once!
Hope that helps :p
Quote:
Originally posted here by Blitz
I am no expert but I too was being scanned all the time and decided to take action like you. I was running ZA as well. What ports are being scanned? www.grc.com is a very helpful site. I was getting hit on 137 (15,000 some times) and it shows you how to disable NetBios and the like, since then I haven't been scanned once!
Hope that helps :p
Those hits on port 137 don't always mean that you are being actively scanned by some other person. When some of these worms come out, there are often increases in traffic on port 137 - Bugbear was one, there have been others. It was just one way that the worm was trying to use to propogate across networks.. I experience these hits often, but they are being stopped at my firewall.
tammy_hope, have you checked and seen the address that these scans are coming from as MsMittens suggested?
I was seeing them as scans in Zonelogger but that is good to know! My FW was blocking them as well( so I hoped!). Thanks for the input :p
And they could have been - but you were smart in taking some steps to help your situation.. Steve Gibson's site has some pretty good stuff on it, and his scan that is available from the site is a starting point as far as protecting your PC...
Well , Sometimes when you connect to irc they scan your computer to find out if you are running a wingate or going through a proxy or something like that.But other than that , Report the ip to the isp.
dont get me wrong
why would anyone scan your system if hese innocent
he must have a good or bad reason.
look i give you an example
yesterday we were coming from syd to canberra
some fag behind us had his headlight turned on the full beam. So my dad cauldnot see coz his mirrors were reflecting the light into his eyes.
this went on for about 15 mins
he stopped when my dad lit this headlight on full beam . when my dad was going slow and he (fag)was in front of my dad. Now he understood and turned his beam off.
see
thatz what i meant
not to keep him in trouble but show how you feel
Port scanning is part of the Net. Just get use to it....it will never stop....never...
Honestly, port scanning is not "illegal". They aren't breaking into your system. Just looking at the info. from your system, so they can break into it nice and illegal like later on..............
d0ppleg@nger said:That depends on the state and country. Some states in the US have determined it illegal. I remember discussion that resulted because some states determined it was illegal while others said it wasn't.Quote:
Honestly, port scanning is not "illegal".
Can I scan your ports with one of my "utilities" baby. I promise I won't wont go in through the backdoor, unless I have your permission.
What you really want to do is disable all of you unnecessary services, check to ensure that only user accounts that need to be in place are actually there. Enable the default firewall the comes with your operating system (Zone Alarm for windows users recommended). Make sure that if you are offering any services that your system is fully up to date as per your OS vendor. Also, making sure that your system is logging security, system, and management features wouldn't hurt. This should keep you resonably safe from some scans. You may also want to scan yourself, as there may be hidden services running that you are not aware of. Probably want to disable remote logon's for a while, until things cool down. Goodluck!
PuRe
Quote:
d0ppleg@nger said:
Honestly, port scanning is not "illegal".
Quote:
MsMittens said:
That depends on the state and country. Some states in the US have determined it illegal. I remember discussion that resulted because some states determined it was illegal while others said it wasn't.
I believe that some ISP's prohibit portscanning as well..
True ISP's frown upon portscanning. I myself have had one of the Admin's of the ISP at work call me and ask what I was doing. Nothing I say, just a lil port scanning. They get emails from Admin's that say that they are getting scanned from a certain IP. I personally get scanned hundreds of times within a week on my firewalls. It's part of life on the net. The best practice is to keep your packages/images/firmware/etc... up to date and log everything.......
Do you have a static or dynamic ip? if its dynamic they are finding you via either by a chat program eg icq or a a
program on your computer if static i would say a "virus program"like code red etc type netstat -a to find out whats running
also get a free port scanner eg nmap and scan 127.0.0.1 to see what ports are open:)
Hay,
Quad how about NO,
Im sorry but i think not and as you have been so kind to say you will only do it with the concent of the owner I guess Our system is safe from you!!!
tho thank you for the thought
The best info on IP who's and how many records against it (VisualAlarm Report).Quote:
I am constsntly getting scanned by this one ip address and I wish to trace it to find out who it is.
How can i do this? thay are resenably strong attacks..
http://www.dshield.org/ipinfo.php
you can easily block some ports using your firewall, I have blocked 135, 137 and 139 both tcp/udp.
These ports are used for Netbios etc, and that my friend, you dont need.
The log of my firewall has become a lot shorter after i blocked these ports :)
Blocking ports is a good thing :)
Quote:
Originally posted here by tammy_hope
Hay,
Quad how about NO,
Im sorry but i think not and as you have been so kind to say you will only do it with the concent of the owner I guess Our system is safe from you!!!
tho thank you for the thought
Hmmm tammy, I think you misunderstood the inuendo in my post. Ciao. :lildevil: