Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: How can I find information on IP addresses??

  1. #1
    Junior Member
    Join Date
    Oct 2001
    Posts
    11

    Cool How can I find information on IP addresses??

    After having problems, i installed Zone Alarm last week. I've had several attempted attacks from someone using my ISP. Is there a way to learn the name of the person who is doing this? There have been other attempts, but i'm especially interested in finding the person on my ISP.

    How many attempts should i allow before turning them in to our ISP?

    Why doesn't this person realize that i now have a firewall and now quit trying before they're caught????

    Thanks!

  2. #2
    Junior Member
    Join Date
    Oct 2001
    Posts
    13

    Post Trace...

    I use a program called NeoTrace Pro...it traces the ip and shows you all the hops. Then it checks if it is a registered ip. If it is it gives you all the information, including contact phone numbers.

    This is unlikely for someons on your isp, but it is worth a try.

  3. #3
    Senior Member
    Join Date
    Oct 2001
    Posts
    752

    Post

    I hope you're not just assuming every hit on your firewall is attempted hack. If you look more carefully, I think you will find that attempted hacking incidents are actually few and far between.

  4. #4

    Re: How can I find information on IP addresses??

    Originally posted by jinkies!
    After having problems, i installed Zone Alarm last week. I've had several attempted attacks from someone using my ISP. Is there a way to learn the name of the person who is doing this? There have been other attempts, but i'm especially interested in finding the person on my ISP.

    How many attempts should i allow before turning them in to our ISP?

    Why doesn't this person realize that i now have a firewall and now quit trying before they're caught????

    Thanks!
    Well easy got victim IP traceout address i mean u can either goto whois.net or use ant traceout program and u can trace the IP from where the person is attacking.

    U can use NeoTrace for this quite a good program and u can also check if the victim is preinfected by any trojan if it is infected u can hack that.

    One of the best thing u can do to the person is DOS ATTACk which can do any three of the following things to ur victim.

    Crush Windows
    Hang Computer
    Restart

  5. #5
    Old-Fogey:Addicts founder Terr's Avatar
    Join Date
    Aug 2001
    Location
    Seattle, WA
    Posts
    2,007
    Kakokool, that wasn't very mature.

    Jinkies, if they are on your ISP, it should be a simple matter. Just call your ISP, and tell them your problem. I would call them when you're pretty sure it 'just won't go away', and that 'it isn't an accident.'... Use your best judgement on that.

    You ISP keeps (or damn well ought to) logs with who was on what IP at what time, so just give them all the information you have to that effect, explain your concerns, and see if they can help you. Even if they aren't about to boot the user off the network or do something on their own (ISP), they *might* give you the name of the guilty party, although that's sort of unlikely given privacy concerns.

    Just a word of warning, some firewalls call anything they don't know about specifically 'an attack', so don't be *too* certain that it is something malicious. It could be a case of mistaken identity, or something automatic and benign.
    [HvC]Terr: L33T Technical Proficiency

  6. #6
    Junior Member
    Join Date
    Oct 2001
    Posts
    11

    About attempts...

    I realize that not every attempt is malicious. But somebody had been messing with my computer before i installed the firewall. And after about 10 attempts from this person(s) on my ISP in less than a week, doesn't that sound suspicious?

    What do others consider criteria for concern about attempts?

  7. #7
    Junior Member
    Join Date
    Oct 2001
    Posts
    13

    Malicious Attacks

    I get 'attacks' about every 5-6 minutes at the moment and a bit over a week ago were getting them every minute or two. These were mostly due to the infamous nimda worm. Most of these have stopped but one certain ip on my isp sometimes starts scanning me and does at random intervals between 5 - 15 minutes(im trying to work out the pattern).

    Anywayyyyyyyyyy...the point is that it can be something harmless....what port is it on? Or ports...

  8. #8
    AntiOnline Senior Member
    Join Date
    Oct 2001
    Posts
    514
    LoL AT LEAST once every 5 min or so... It does not mean that a person is sitting at a PC trying to hack your PC specificially..

  9. #9
    Junior Member
    Join Date
    Sep 2001
    Posts
    13

    IP

    If it is the same IP address every time, you can use various methods to resolve that IP to a hostname. For example, you can open up a MS-DOS window (assuming you're using Windows) and type without quotes "tracert xx.xxx.xxx.xxx" where the x's are the numbers of the IP address. If it resolves to a domain you can recognize, then you can use whois as others have described above.
    If it isn't the same IP every time, then you've probably got somebody that is using a dialup account....if you're lucky, you can resolve the IP using tracert and then use whois and you can give the ISP a phonecall.

    This method works as well as any program you would download, but without the download.

    Keep in mind, it could very well be Nimda or another worm like it -- if the host is something like "mail.school.edu" then that's probably what you're dealing with.

    Best of luck!

  10. #10
    Junior Member
    Join Date
    Oct 2001
    Posts
    11

    Okay, here are the port numbers...

    There was one attempt to connect to port 137. Thats a DoS attack, right????? That was one of the problems i was having before i installed zone alarm.

    All the rest were attempts to port 520. What could that be?

    Thanks for all the help, everybody.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •