Newbie hacker at TechIMO?

[Xtreeme]

This is like the 3rd time. I dialed up and ONLY logged onto this site. One page open at time. No popups. Adware clean. Run regclean also once a day. Now before past 2 times I had Zone Alarm. Now I have Sygate (works with games better for me). Well I backtraced this hacker here and got info. (mods if info not O.K. please delete). How do I find out more about who this is?

AT&T WorldNet Services ATT (NET-12-0-0-0-1)
12.0.0.0 - 12.255.255.255
DIGITAL PATH NETWORKS DIGITAL-85-180 (NET-12-172-180-0-1)
12.172.180.0 - 12.172.181.255

# ARIN WHOIS database, last updated 2004-03-26 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.


Dont like ahving my ports scanned. And worse yet the threat level reported was critical.

"Somebody is scanning your computer.
Your computer's TCP ports:
1025, 445, 3127, 6129 and 139 have been scanned from 12.172.180.92."

[Bill in SD, CA]

Did you call the 800 # and ask them what the ( blank ) is going on?

Bill

[Epyon9283]

I'd be willing to bet that the person scanning you is infected with a virus. I get tons of hits on those ports all the time. In 7 days I've had 148 hits on 1025, 225 hits on 3127, and 102 hits on 6129. My ISP blocks 139 and 445 so I haven't seen any on those.

[doddsy]

I know that NIS detects some legitimate traffic as attacks.

I would get numerous alerts about a backdoorsubseven trojan with my current isp..........another isp i got lots of alerts about archangel or something like that....but chances are its not real attacks but legit traffic using the same port at which the specific attack is expected. A friend on a different isp gets attack warnings of a different sort.

The thing is ALL the "attacks" are of the same kind...so they are probably NOT REAL attacks. so in NIS i turned off the attack warning for my particular trojan.......without turning off any security.........and now i surf safe and warning free.....well almost.

The good thin is if u get the warnings then the attack has been stopped..........

i don't know if ZA or SYG would have thess same characteristics as NIS. but i thought this might be of some assistance.

doddsy

[elmers]

Why not just ping the guy a bunch of times for good measure?

Also why do you assume its someone from techimo? He probably scanned everyone on you isp no matter what page they were viewing.

[Xtreeme]

Just happen again!

"AT&T WorldNet Services ATT (NET-12-0-0-0-1)
12.0.0.0 - 12.255.255.255
Mediacom Communications Corp MEDIACOMCC-12-217-176-0-CEDAR-RAPIDS-IA (NET-12-217-176-0-1)
12.217.176.0 - 12.217.191.255

# ARIN WHOIS database, last updated 2004-03-28 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database."

Hmmm. Someone on att obviously. Keeps up I'll backtrace'em alright. With more then they wanted!

"I'd be willing to bet that the person scanning you is infected with a virus."

That is very likly I think. Good point. Cause its when Im here like everytime!

doddsy
I know what you are saying form my past Firewall experiences. But thing is its not like that. Im not even moving I.E. going to get a drink come back and "attack!"/ No reason for a page to be sending or requesting anything when I havent clicked anything or moved and page has been loaded like 2 min. And why only here? Not when on wc3 or my other fav sites? Less like said above someone here has a malicious virus on their pc and is surfing at same time here.


"Also why do you assume its someone from techimo? He probably scanned everyone on you isp no matter what page they were viewing."

Cause its only when Im here its been happening. And since all my buddies around here have same ISP and they arent getting warnings it leads me to assume its not the ISP being scanned. Plus they are a local co. not a easy target like AOL. The owner has been a IT guy for over 20 years. Im sure if someone was yanking his chain he'd pull right back, (take care of it). Its a local ISP, not a poor one. Scans email, blocks some ports and all that jazz just like AOL and -eek "earthfink". Plus all the attacks are from---- you got it a at&T server. Keeps up Im gonna call at&T log this stuff (attacks) and have them deal with it. Guy might get banned if he's done it before or its major enuff of a incident.

[Emc2]

Don't get stupid. Just disable the warnings. So what if a hacker couldn't get in. Eventually the hacker will get caught. You have no reason to hunt him down like a hound except to incite rioting drama into your own life.

[SpookyEddy]

The internet is a noisy place with all sorts of traffic flying about all over the place, get over it. Unless someone is making a sustained attempt to break into a machine you own/are responsible for then don't bother contacting anyone, a few port scans hardly counts as a major crisis (especially if you are firewalled anyway). You could spend the time much more productively by updating virus defs, applying patches and shutting down any superfluous services.

Regards

ed

[ArcticFox]

I'd just see who the guy is, maybe ping his comp so many times that smoke appears from his NIC (that'd be great). But while it is weird that the guy seems to be just targeting you, he isn't doing much harm.

Xtreeme - YGPM

Edit - hee hee. I just wrote a batch file that pings the little bugger. Now all I have to do is loop it...

[elmers]

You could do it in a dos. Just write something like this.

ping (bad bad ip) -t



Lol this should give you a warning from your firewall.

Anyway spookyeddy is right. The internet is quite a noisy place.