Tracking "Hackers"

[atholon]

Hey, anyone know how I can search with somone's IP find their ISP and tell the ISP they were hacking. It is sad really, today I just clean installed XP and had all my backup files over on another partition then just installed mostly off of that. But I was smart and set up my firewall first thing and guess what? Right when I got on MSN I had 5 hacking attempts! And I have all of their IP's.

[Hellfighter]

you are on the staff of programers here j/k
you lookup "whois" go to the site enter their IP Number in a open space hit enter it will tell you who is their ISP host there you lookup Abuse@ sample.com host isp service they have. e-mail them.

here a search on whois link:
http://google.icq.com/search/results...utf-8&oe=utf-8

this is one i use all the time:
"ARIN WHOIS Database Search"

[atholon]

Quote:

Originally posted by Chief ADFP
you are on the staff of programers here j/k

Programmer don't mean hacker I know C++ but I don't hack.

[Scott]

dnsreport.com and dnsstuff.com

[atholon]

Cool. So you can be your own DNS man if you have a DNS software program you can make your own domains? Or is that only for people on networks.

[Systemkaos]

what they try and do?

[Bravo-DW-]

i use Neotrace Pro it works pretty good it can track and find the ISP that an IP is using and a bunch more stuff i forget where to get it just search for NeoTrace Pro

[Nev]

a) not every "hacking attempt" means a hacker is trying to get into your pc. most of the time (>99%) it's just one of all those worms that are around today, trying to copy itself from an infected machine to you. the poor guy owning it probably doesn't even know he is "hacking" someone....

b) do you really think the ISPs care?

[Systemkaos]

Quote:

Originally posted by Nev
a) not every "hacking attempt" means a hacker is trying to get into your pc. most of the time (>99%) it's just one of all those worms that are around today, trying to copy itself from an infected machine to you. the poor guy owning it probably doesn't even know he is "hacking" someone....

b) do you really think the ISPs care?

a) either way something was happening against his comp, wether it be a simple ping, to a connection, i wasnt asking probability of an attack

b) Yes most ISPs do

[Hellfighter]

Quote:

Originally posted by atholon
Programmer don't mean hacker I know C++ but I don't hack.

i meant making a report on them guy, not if you had the know how to hack guy.

[Hellfighter]

Quote:

Ref:Neotrace Pro

OmniSpyder 16-Apr-2004 10:15:57 AM
"Its a good program but not support"
I like the program but all the help and support pagest take you to the mcafee catalog page to sell you stuff... Mcafee you suck for trying to sell me stuff insted of supporting your pruduct


--------------------------------------------------------------------------------
Yaakov 09-Mar-2004 12:55:55 PM
"Not Reliable"
I tried everything I knew to get this sucker to work correctly, but to no avail. If you want to buy an antique, here you go!


--------------------------------------------------------------------------------
kazz 27-Feb-2004 07:55:55 PM
"Don't bother with this one"
Neotrace was a great program before it was taken over by McAfee, now the map does not work correctly and even when I have others in the country with known IPs, say in New York Sate the map and legends say they are in Kansas, well we are not in Kansas anymore, is NeoTrace related to Toto from Wizard of Oz? If you are looking for a good GUI trace program this is not the one to use
--------------------------------------------------------------------------------
junxies 25-Nov-2003 07:12:22 AM
"Doesn't run on my machine"
Installed, but errors out on when I try to run. (Win2K)
--------------------------------------------------------------------------------
Pesudo 28-Oct-2003 12:57:29 AM
"Did not work"
I installed it, run it (Windows 2000 seerver) and immediately got a general protection fault dialog. It then exited.
--------------------------------------------------------------------------------
bugfinder 20-Aug-2003 08:03:00 PM
"Crashes after install"
After the installation on Win98SE, it crashes when launched. Big time bug or not mentioning what is missing... too baad... Note: No Proxy server is runnging at port:8080 still crashing...
--------------------------------------------------------------------------------
06-Jun-2003 07:20:11 AM
"Doesn't run on my machine"
Installed, but errors out on when I try to run. (Win2K)
--------------------------------------------------------------------------------
Al the total farker (www.fark.com) 31-Aug-2002 06:11:31 PM
Features Ease of Use Stability
"Someone please trace my cash spent on this..."
one word sums this program up: refund. features, ease of use, stability are important parts of a program but they entirely useless if it doesnt do what it is supposed to do!!!! this program is useless, as well as many others, in performing accurate traces. it never gets close to a real trace from "hacker attacks" or even popular software; the traces simply stop at a network registerant like aol, on the other hand traces get lost or never track the true ip. why in the hell would i want to spend 30 bucks on something completely useless?
--------------------------------------------------------------------------------
NetDude 28-May-2002 04:04:37 PM
Features Ease of Use Stability
"I was dissapointed with this program."
I thought I was supposed to see a map. All I saw was a black screen.
--------------------------------------------------------------------------------
Anonymous 12-Feb-2002 09:02:00 PM
"cheese"

I'll pass on it. on that one don't need a headack

[Bravo-DW-]

oops srry well it runs fine on my system i run XP and i have no problems at all

[atholon]

Quote:

a) not every "hacking attempt" means a hacker is trying to get into your pc. most of the time (>99%) it's just one of all those worms that are around today, trying to copy itself from an infected machine to you. the poor guy owning it probably doesn't even know he is "hacking" someone....

b) do you really think the ISPs care?

a) Well seeing as it happened about 3 times in 5 minutes from the same IP, I can safely say it was. How the heck do you get MSBlast.exe without a "hacking" attempt, which happens everytime I have my firewall of!
b) Kaos is right, you don't know what your talking about, not getting after known hackers is a major liability for ISP's because if they just sit around and do nothing and some major computer network goes down because of the hacker, they are going to be in some deep SH*T

[Systemkaos]

thank you person with sense

[Hellfighter]

Quote:

Originally posted by atholon
a) Well seeing as it happened about 3 times in 5 minutes from the same IP, I can safely say it was. How the heck do you get MSBlast.exe without a "hacking" attempt, which happens everytime I have my firewall of!
b) Kaos is right, you don't know what your talking about, not getting after known hackers is a major liability for ISP's because if they just sit around and do nothing and some major computer network goes down because of the hacker, they are going to be in some deep SH*T

Information:
msblast - msblast.exe - Process Information
Process File: msblast or msblast.exe
Process Name: MSBlast Worm
Description: Internet worm that uses a vulnerability in DCOM/RPC (port 135) to infect 2000/XP systems. The worm allows TFTP that is used to transfer the worm.
Company: N/A
System Process: No
Security Risk ( Virus/Trojan/Worm/Adware/Spyware ): Yes
Common Errors: N/A
Distribution

Ports: TCP 135, TCP 4444, UDP 69
Target of infection: Machines with vulnerable DCOM RPC Services running

One word update your Window Xp Now guy. there is a patch to block it totally. everyone has gotting it.
Update patch link below (get it ok) your late dog
Additional information and an alternate site from which to download the Microsoft patch is available in the Microsoft article, "What You Should Know About the Blaster Worm and Its Variants."

[atholon]

Heheh Cheif I just installed windows, and I will be updating soon enough, I also got another virus that can only be sent via a successful hack, hehehe that is what I get for turning my firewall off.

[atholon]

Ohhhhh bty I have that site book marked from when I got it the first time. It is actually really easy to get rid of. I can get rid of it after a quick restart go to msconfig before it shut the computer down, disable it on startup search msblast.exe when computer restarts then erase

[Hellfighter]

????????
did you update your windows Xp at all? the update blocks it totally. and that blaster worm there some many types out there its not funny guy.

gee you did disable windows restore right? if not you still got it. now you got to redo it again this time disable restore then delete it.? windows restore keep copy of all file and it even copys virus to.

any time one get a virus disable windows restore before removing the virus it the base rule of thumbs. you can try to disable the restore and reboot up scan again see if it come up. see what happen in restore it has the file if it not were it should be it will put it back or the file restill back in.

i really hope you got them update now, if not you asking for it.

[SFR-LiquidFX]

1. are you sure it wasn't just a port scan? how do you know.

2. here's what's going to happen if you report it to the ISP.

a. if it's a large ISP they are going to send a canned email that says something like thank your for this concern we will look into the matter immediately etc etc etc. in other words it's just something to get you off of their backs. the only way i've found to get them to do something is to threaten to sue or worse if they don't do something immediately about the situation. tell them you expect an immediate response to the actions they have or plan to take about this situation. usually you will get a personal email regarding the situation. whether they do something about it or not depends on how determined you are to find out.

b. if it's a small "local" ISP chances are they are going to respond more personably and quickly to the matter. this will usually result with the person either getting their account suspended or closed completely therefore pissing mommy and daddy off. again use the same tactic of a threat of lawsuit or worse to let them know you mean business.

while i am on the subject,
3. understand that port scanning is not against the law, and that because of this most ISP's will not care if you get scanned. Sure most EULA's for the ISP's do prohibit it but most don't care and it's just in their to cover their asses. When you do get scanned and you notice that say it's on a known port that is used for the various backdoor programs out there such as BackOrifice and whatnot that's when the ISP will care the most cause they are most liable at that point.

Whatever you do make sure that you send a copy of you log in when you contact the ISP about the abuse. nothing will happen without that log. I can garauntee it. I"ve gotten many an account cancelled in my time running various servers from my home and it is a gratifying feeling. just be sure that you send all the info that they may need or want.

[atholon]

I know what port scanning is. But I don't do it, listen I am not a noob to computers It very well could be a port scan but usually like I said those usually don't occur 5 times in 10 mins. Somone was trying to get something through or something. I havn't updated yet! All the stuff I need is over 200 mb! I am on 56k so it will take forever, plus I work.