Aces High Bulletin Board

General Forums => Hardware and Software => Topic started by: Maverick on November 04, 2000, 08:00:00 PM

Title: Internet question
Post by: Maverick on November 04, 2000, 08:00:00 PM

I have noted that someone hacked into my system last week. No damage was done as far as I can tell. I installed zone alarm this week as a precaution. Today I found an attempt to get into my system had occurred. I have the isp address for this attempt as it was logged and I copied it down.

Here is my question. How can I find out who made the attempt using this ISP address. I can ping it and it isn't very close by. I can't enter the "web page" if there is one. Can anyone advise me on this?

Thanks.
Mav

Title: Internet question
Post by: 214thCavalier on November 04, 2000, 08:24:00 PM

This should be able to explain a lot of what goes on,
 http://www.robertgraham.com/pubs/firewall-seen.html#10 (http://www.robertgraham.com/pubs/firewall-seen.html#10)

Title: Internet question
Post by: Spatula on November 05, 2000, 07:17:00 PM

Yes, you can, first do a nslookup (or traceroure) on the IP address, this should reveal the ISP domain name (you may see something like "dialup087.badassisp.com". then go to the ISPs web site (www.badassisp.com) and get some contact information for that company. Then ring them and explain what has happened stating the exact time the intrusion occured and the IP address of the offender. The ISP will have logs of who was using that ISP and at what time. From here its up to the ISP to do something (not sure about the laws in your country but you may be able to involve them as well). The ISP may suspend, remove, or take legal action against the person who used the IP address at that time.

Title: Internet question
Post by: Sparks on November 06, 2000, 05:42:00 AM

214th

Thank you very much indeed for that link. I have often wondered what all the blocked activity was that I saw logged by ZoneAlarm. I have just done a quick analysis of my logs using the information at that site and seen at least 30 scans attempted looking for active Trojans !  (http://bbs.hitechcreations.com/smf/Smileys/default/eek.gif)

I'm going to sit down and go through the addresses and see what I can find out.

Thanks again

Title: Internet question
Post by: prz on November 07, 2000, 07:34:00 PM

I wrote already on some other forum but whaqt I have is a linksys router (given you run DSL or cable) that does perfect firewalling and has great throughput. That allowed me to take down the PPPoE windows client and all the firewalling stuff. Much easier to maintain and much more reliable.

Title: Internet question
Post by: Maverick on November 08, 2000, 12:16:00 PM

Hi all,

I did do a tracert on the logged attempt to enter my system. It came from an ISP in Grand Rapids Michigan. Unfortunately I didn't log the time of the attempt so telling the ISP about it was not an option. So far so good. there have been no further attempts.

Mav