Results 1 to 9 of 9
  1. #1
    5 Star Lounger
    Join Date
    Jan 2001
    Location
    Warrington, Cheshire, England
    Posts
    712
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Tracking back PC attackers

    I run Norton Internet Security and, every so often, it flags that my PC is under attack by some Trojan. It gives the TCP/IP address of the originating site. I have a few questions; sorry if these are very basic but I always get such a shock when the PC goes 'BONG' and Norton says my PC is under attack. I'm grateful that I have it installed and that it's stopped the threat, but I don't really know what to do then, apart from prevent it from going any further.
    Q1. Is there an easy way to find out who 'owns' that address?
    Q2. If there is, what should I do with the information once I've got it?
    Q3. Norton help says that not all attempts to access my PC are malicious. If they aren't malicious, what are they trying to do/could I be preventing something which is actually beneficial?
    TIA
    <img src=/S/question.gif border=0 alt=question width=15 height=15> <img src=/S/headthrob.gif border=0 alt=headthrob width=15 height=15>
    Silverback

  2. #2
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Tracking back PC attackers

    Many "attacks" are like neighborhood teenagers checking all your doors and windows to see if any are unlocked. Since you are locking them with the firewall, it's unlikely that you have anything to worry about. And these teenagers could be thousands of miles away. I think that unless you see a pattern of some kind, it probably isn't worth chasing after. On the other hand, if you were to track them back and report them to their ISP, their accounts might get terminated and others could get fewer "bongs."

  3. #3
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Tracking back PC attackers

    Sorry, I somehow managed not to answer ANY of your questions.

    [list=1]<LI>You can determine who owns that block of IP addresses, but seldom can you find an actual individual. Try the IP address whois searches at these regional sites:

    <UL><LI>ARIN (American Registry for Internet Numbers) at http://www.arin.net/
    <LI>RIPE (R

  4. #4
    Super Moderator
    Join Date
    Dec 2000
    Location
    Renton, Washington, USA
    Posts
    12,560
    Thanks
    0
    Thanked 4 Times in 4 Posts

    Re: Tracking back PC attackers

    You will also find that many of these hits are your ISP checking your connection to see if it is still alive.

    Now running HP Pavilion a6528p, with Win7 64 Bit OS.

  5. #5
    Plutonium Lounger
    Join Date
    Oct 2001
    Location
    Lexington, Kentucky, USA
    Posts
    12,107
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Tracking back PC attackers

    <hr>...Beneficial? Very unlikely...<hr>
    Quoting from Jefferson's post.

    Several years ago, when I first got my DSL connection and before I added the Linksys router to my setup, I installed BlackIce Defender in spite of the many negative reviews of the product at that time. I used NeoTrace Pro to try to locate some info about the "offending" IP addresses. As Jefferson pointed out, I also frequently had to rely on one of the three "majors" to get enough info to work with. I had a canned email that I would send to "abuse@xxxxxx.com" or whatever email address I could find in the registration. Upon giving them everything BlackIce reported I think I only got responses about 10% of the time (or less) indicating a willingness to investigate. A large portion of the intrusion attempts turned out to be from equipment at educational institutions, even down to the elementary school level, indicating that whoever was doing the playing, might be just that - someone playing around. I even had one from a rabbinical college in New York City!

    I finally got tired of wasting my time, installed the Linksys router and ZoneAlarm and let them do the best they can do to stop all the door-knocking.....

  6. #6
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts

    Re: Tracking back PC attackers

    I'm with Al on this one. I did the very same thing he was doing using BlackIce and a "form" e-mail to alert the offenders ISP. Most never replied and those that did were school systems or universities whose systems had been hacked by students or whose networks had been compromised in some way from the outside and were being used as drones in DOS attacks. Those that did respond were almost invariably networks being administered by the students themselves. I came to the same conclusion Al did. Put up your firewall, keep your virus definitions up to date, exercise caution with e-mail and web surfing and just ignore all the knocking at your door (set your firewall so it doesn't notify you of these intrusion attempts). They can't hurt you if they can't get in !!!
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  7. #7
    5 Star Lounger
    Join Date
    Dec 2002
    Location
    Perth, Western Australia, Australia
    Posts
    730
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Tracking back PC attackers

    I'm pretty much with Big Al and Doc Watson on this. Had similar early experienes, albeit with ZoneAlarm. It alerted me to every "attack" and I chased down the persistent ones to see where they came from, and sent "abuse" complaints. The few replies I had were mostly canned ones to say my mail would be attended to <img src=/S/blackhole.gif border=0 alt=blackhole width=15 height=15>. SamSpade.org was one of the mainstays for the hunt, with many useful tools in one spot.

    As the novelty was wearing off I chanced upon <font color=red>D</font color=red>Shield.org and started submitting my ZA logs to them. That became pass
    <font face="Comic Sans MS" color="blue">TimOz</font>
    <img src=/S/flags/Finland.gif border=0 alt=Finland width=30 height=18> <img src=/S/flags/Australia.gif border=0 alt=Australia width=30 height=18>

  8. #8
    5 Star Lounger
    Join Date
    Jan 2001
    Location
    Warrington, Cheshire, England
    Posts
    712
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Tracking back PC attackers

    Hello everyone
    There's a small deficiency in the Lounge! I can't find a mechanism to thank all recipients to my posting at once
    Please accept this one as thanks for your interest and help.
    I tried some of the whois routes and, as predicted, nothing was apparent. A college in Brazil, somewhere in Holland etc.
    Dave has answered one question I had, though. I had noticed a number of probes from TCP/IP addresses which were obviously in the same block as my PC had been assigned on connection; so it looks like my ISP is polling the PC.
    In general, though, I agree with the respondants who assert that sending to abuse@**** disappears into a black hole. I have tried this a couple of times (Nigeriam bank scam, a little spam etc) and never had a reply.
    So I'll do as recommended - keep everything up to date and let it do its work.
    Still gets on my nerves, though. It seems as though these days you get something worthwhile (=the net) and before you have time to blink, someone has found a way to make it irritating or, even worse, dangerous.
    Thanks to everyone for their help.
    <img src=/S/cheers.gif border=0 alt=cheers width=30 height=16>
    Silverback

  9. #9
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts

    Re: Tracking back PC attackers

    <hr> It seems as though these days you get something worthwhile (=the net) and before you have time to blink, someone has found a way to make it irritating or, even worse, dangerous<hr>

    I remember a time, not so very long ago, that we left our front door unlocked and the keys in the ignition of our car out front.
    The world is a different place today than it was back then. And the internet, for better or worse, is a part of that world.
    Wasn't it just a few short years ago that a virus was a disease that affected living creatures and SPAM was something (but we don't know what <img src=/S/grin.gif border=0 alt=grin width=15 height=15>) people ate ???
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •