Results 1 to 8 of 8

Thread: getting an idea where an attack is comming from

  1. #1

    getting an idea where an attack is comming from

    hey,

    my firewall has logged a lot of attempts to comprimise my FTP server, more than just basic port scans...

    I have an ip, and i want to trace it phsyicaly, i know about trace route, but he's gateway is masked so i want to get an idea phsyiscaly..

    Basicly, i would like to mimik "visual tracking" from norton...

    Thanks

  2. #2
    Try Visual Route which will show you the path geographically. http://www.visualware.com/personal/p...ute/index.html
    Good luck.

  3. #3
    Senior Member
    Join Date
    Oct 2002
    Posts
    1,130
    Ok, so you find out that his ISP is in Fort Lauderdale...

    Then what?
    Government is like fire - a handy servant, but a dangerous master - George Washington
    Government is not reason, it is not eloquence - it is force. - George Washington.

    Join the UnError community!

  4. #4
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Originally posted here by Striek
    Ok, so you find out that his ISP is in Fort Lauderdale...

    Then what?
    Thats ONLY if he is really doing that from his PC... and his ISP may not be located in his hometown. Much less if they are using zombie machines or proxies...

    For example: I'm about in a different state than what the visual trace shows for my IP.

    I understand what you are trying to point out though... the physical location won't give you much to work with. You are best trying to contact the ISP of the offending IP and see about getting somewhere with the ISP rather than trying to track them down yourself.

    It'd be much easier to just block them at the firewall... stop them dead in their tracks.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  5. #5
    Junior Member
    Join Date
    Dec 2003
    Posts
    3
    Set up a honey pot to get more evidence. Its really funny what stupid people try to do to machines that cannot be harmed(atleast when they are virtual).
    101010 = The answer to liff the universe and everything.

  6. #6
    Senior Member
    Join Date
    Nov 2001
    Posts
    681
    there are a few decent programs that you can use to trace a person's location. all you have to do is go to download.com and search for one... there were a ton of them out there, most them even work.

    but everyone here does have a point. what is it you are trying to accomplish here. even if you could find hte specific location, like street address, what would the point be. odds of actually finding this person will not be easy. besides one point that most people haven't even mentioned is if this kid is on dial up, you will not be able to trace them accurately to the end
    Learn like you are going to live forever, live like you are going to die tomorrow.

    Propoganda

  7. #7
    Junior Member
    Join Date
    Jun 2003
    Posts
    14
    If you really want to scare the guy write a script to scan the IRC net's for that adress, whois the guy, and do some recon on him by joining the chan if you do find it....

  8. #8
    Senior Member n01100110's Avatar
    Join Date
    Jan 2002
    Posts
    352
    If you really want to scare the guy write a script to scan the IRC net's for that adress, whois the guy, and do some recon on him by joining the chan if you do find it....
    Well, I don't know about scare him, but you could bind nc to a port and have it go to net send or something...
    Just in case you don't know about it, here is more info for netcat..
    http://netcat.sourceforge.net/
    Like everyone sais, make your firewall stop him dead in his tracks...
    And also you have to ask yourself, do I *really * *reaally* need an FTP server....
    If yes, then make sure you stay aware of the potential bugs and exploits that are being developed for it...Im guessing your running XP or something, cause if *NIX you would most likely know about tcp wrappers and iptables and so on.....Just keep monitoring the firewalls, and disable server if necessary...Later
    "Serenity is not the absence of conflict, but the ability to cope with it."

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •