Tracking "Hackers"
 

Hey, anyone know how I can search with somone's IP find their ISP and tell the ISP they were hacking. It is sad really, today I just clean installed XP and had all my backup files over on another partition then just installed mostly off of that. But I was smart and set up my firewall first thing and guess what? Right when I got on MSN I had 5 hacking attempts! And I have all of their IP's.

you are on the staff of programers here j/k
you lookup "whois" go to the site enter their IP Number in a open space hit enter it will tell you who is their ISP host there you lookup Abuse@ sample.com host isp service they have. e-mail them.

here a search on whois link:
http://google.icq.com/search/results...utf-8&oe=utf-8

this is one i use all the time:
"ARIN WHOIS Database Search"

Programmer don't mean hacker :D I know C++ but I don't hack.

dnsreport.com and dnsstuff.com

Cool. So you can be your own DNS man if you have a DNS software program you can make your own domains? Or is that only for people on networks.

:D what they try and do?

i use Neotrace Pro it works pretty good it can track and find the ISP that an IP is using and a bunch more stuff i forget where to get it just search for NeoTrace Pro

a) not every "hacking attempt" means a hacker is trying to get into your pc. most of the time (>99%) it's just one of all those worms that are around today, trying to copy itself from an infected machine to you. the poor guy owning it probably doesn't even know he is "hacking" someone....

b) do you really think the ISPs care?

a) either way something was happening against his comp, wether it be a simple ping, to a connection, i wasnt asking probability of an attack

b) Yes most ISPs do

i meant making a report on them guy, not if you had the know how to hack guy.

I'll pass on it. on that one don't need a headack

oops srry well it runs fine on my system i run XP and i have no problems at all

a) Well seeing as it happened about 3 times in 5 minutes from the same IP, I can safely say it was. How the heck do you get MSBlast.exe without a "hacking" attempt, which happens everytime I have my firewall of!
b) Kaos is right, you don't know what your talking about, not getting after known hackers is a major liability for ISP's because if they just sit around and do nothing and some major computer network goes down because of the hacker, they are going to be in some deep SH*T

thank you person with sense

Information:
msblast - msblast.exe - Process Information
Process File: msblast or msblast.exe
Process Name: MSBlast Worm
Description: Internet worm that uses a vulnerability in DCOM/RPC (port 135) to infect 2000/XP systems. The worm allows TFTP that is used to transfer the worm.
Company: N/A
System Process: No
Security Risk ( Virus/Trojan/Worm/Adware/Spyware ): Yes
Common Errors: N/A
Distribution

Ports: TCP 135, TCP 4444, UDP 69
Target of infection: Machines with vulnerable DCOM RPC Services running

One word update your Window Xp Now guy. there is a patch to block it totally. everyone has gotting it.
Update patch link below (get it ok) your late dog
Additional information and an alternate site from which to download the Microsoft patch is available in the Microsoft article, "What You Should Know About the Blaster Worm and Its Variants."

Heheh Cheif I just installed windows, and I will be updating soon enough, I also got another virus that can only be sent via a successful hack, hehehe that is what I get for turning my firewall off.

Ohhhhh bty I have that site book marked from when I got it the first time. It is actually really easy to get rid of. I can get rid of it after a quick restart :D go to msconfig before it shut the computer down, disable it on startup search msblast.exe when computer restarts then erase :D

????????
did you update your windows Xp at all? the update blocks it totally. and that blaster worm there some many types out there its not funny guy.

gee you did disable windows restore right? if not you still got it. now you got to redo it again this time disable restore then delete it.? windows restore keep copy of all file and it even copys virus to.

any time one get a virus disable windows restore before removing the virus it the base rule of thumbs. you can try to disable the restore and reboot up scan again see if it come up. see what happen in restore it has the file if it not were it should be it will put it back or the file restill back in.

i really hope you got them update now, if not you asking for it.

1. are you sure it wasn't just a port scan? how do you know.

2. here's what's going to happen if you report it to the ISP.

a. if it's a large ISP they are going to send a canned email that says something like thank your for this concern we will look into the matter immediately etc etc etc. in other words it's just something to get you off of their backs. the only way i've found to get them to do something is to threaten to sue or worse if they don't do something immediately about the situation. tell them you expect an immediate response to the actions they have or plan to take about this situation. usually you will get a personal email regarding the situation. whether they do something about it or not depends on how determined you are to find out.

b. if it's a small "local" ISP chances are they are going to respond more personably and quickly to the matter. this will usually result with the person either getting their account suspended or closed completely therefore pissing mommy and daddy off. again use the same tactic of a threat of lawsuit or worse to let them know you mean business.

while i am on the subject,
3. understand that port scanning is not against the law, and that because of this most ISP's will not care if you get scanned. Sure most EULA's for the ISP's do prohibit it but most don't care and it's just in their to cover their asses. When you do get scanned and you notice that say it's on a known port that is used for the various backdoor programs out there such as BackOrifice and whatnot that's when the ISP will care the most cause they are most liable at that point.

Whatever you do make sure that you send a copy of you log in when you contact the ISP about the abuse. nothing will happen without that log. I can garauntee it. I"ve gotten many an account cancelled in my time running various servers from my home and it is a gratifying feeling. just be sure that you send all the info that they may need or want.

I know what port scanning is. But I don't do it, listen I am not a noob to computers :D It very well could be a port scan but usually like I said those usually don't occur 5 times in 10 mins. Somone was trying to get something through or something. I havn't updated yet! All the stuff I need is over 200 mb! I am on 56k so it will take forever, plus I work.