Re: trace ip

From: msnews (ef_hutton@hotmail.com)
Date: 07/23/02 

From: "msnews" <ef_hutton@hotmail.com>
Date: Mon, 22 Jul 2002 17:14:52 -0500

If they are very skilled you probably can't fully track them because they
will hack your through a network they hacked into from another network...
Good luck though.

"suse" <suse38@hotmail.com> wrote in message
news:1a4ef01c2317c$16a45790$b1e62ecf@tkmsftngxa04...
try www.eamnesia.com or www.ripe.net. eamnesia do a
reverse IP seach. I found eamnesia gave me more info to
track down my hacker!! Good luck.

>-----Original Message-----
> How can I trace someone trying to hack my ascend
digital vpn modem?
>posted 07-12-2002 10:04 PM
> (post #1)
>
>
>I have a small ISP business. Someone has been trying to
hack my Lucent
>Ascend digital modem box, his last attack I logged he
tried 15 or so
>different passwords and user names in 1 minute. If he
were dialing into it
>that number of attempts would be impossible, he has to be
already online
>with a user account, or accessing it through our router
(which is improbable
>but not impossible) this unit has RADIUS functions built
into it for user
>authentication and is being logged into our RAD logs. If
he is already
>online I assume he could be traced, at least far enough
to tell me if he is
>one of my users. Am I correct? If so how do I trak him
and what procedure
>should I use to do this?
>
>
>
>
>answers:
>
>you can use arin.net . enter his ip there and it gives
his ISP. call his ISP
>and then they will turn him off
>
>
>
>
>If he is a smart hacker he will go through one or more
different networks to
>hide his true IP address.
>
>I may be his ISP...I need to get his IP address to do
this, unfortunatly
>this is not one of the things being logged. Thanks for
your reply though.
>P.S. He may also be trying to get in through the telnet
port.
>
>Well? I guess you can try setting up some old crappy
computer you do not use
>any more and use it as bait?? Put it somewhere on your
network that will be
>easy to see from the out side or make the security really
LAX on that comp.
>That way I guess you can log him or her from another
computer so he can't
>mess around with the computer log files. A bait computer
is a little easy to
>spot so install some stuff on that pc that makes it look
important heh and
>make sure they, he or her cant use this comp to kill
other comps on your
>network... ??? Hope I helped??
>
>You Should Get Snort And Portsentry. They Log Attacks and
The Attackers Ip.
>This Is Just An Idea.
>http://www.sourcefire.com/
>http://www.psionic.com/products/
>
>
>I would again suggest snort. www.snort.org
>There is a windows precompiled binary version to
download . It comes with an
>extensive help menu so you will be able to figure it out.
It is all command
>line so basicly you would go to cmd and then cd\snort
(presuming installed
>to c:\) So it will look like this in command
>
>C:\Snort>
>Then you would just type out the command you want to run
in this case u want
>Intrusion Detection System so the command would be
>
>C:\Snort>Snort -dev -l log -h 192.168.1.0/24 -c snort.conf
>OR
>C:\Snort>Snort -d -h 192.168.1.0/24 -l log -c snort.conf
>
>The snort.conf is the basic configuration files and then
there are all sorts
>of other files ranging from DDOS , ICMP , Backdoor ,
Netbios and a bunch of
>other stuff. The help file is written for *nix operating
systems but with a
>little bit of patients you will figure out the windows
commands, Its pretty
>much just leave out all the ./ out off the command.
>
>If you manage to get his IP, NeoTrace for Windoze is a
wonderful thing. It
>shows pretty much anything you'll need to know about the
offending party to
>shut him down or just have fun with (provided you're that
kind of sick puppy
>p-) ! )
>
>
>get his/her ip addy and do the whois to the ip. you can
try
>http://www.dwizard.net
>
>
>
> quote:
> (and, from the way you state it, it sounds like
you're not already
>logging each and every connection in to that modem box? I
get that feeling
>simply from the "last attack I logged" - which implies
there are some that
>you didn't... and t{w|ZT hat, I'm
afraid, is a Very Bad Thing (tm))
>
>
>
>All of the login attempts, (user calls, modem checks
user/pass with radius
>database, if ok, then, check Authentication server with
its radius database,
>if ok, route user through router to internet ) the router
should have all
>the proper Cisco filters and blocks in place, we have a
certified Cisco
>networking dood...hehe...CCNA? Anyway I am not too
worried about security as
>my partner in this is certified M$ and assures me that
our system is
>safe....Although we are working an building a Snort Box
for monitoring and
>tracking. People have tried to crack our safeguards more
than once and our
>system logs show us what they will, only M$ does not have
tracing and
>tracking services like it should, go figure. We also are
going to switch
>over to a Sun Ultra Sparc 60 we took out of mothballs for
use as
>authentication in the near future. As for our modem box
it has never been
>comprimised yet, we change passwords and login names on a
scheduled basis,
>same for our servers.
>
>Thanks for all your help and if you guys/girls can think
of anything else
>let me know. I have been a seat-of-the-pants admin since
the early '80s and
>I am self taught in all I know, so if I don't speak the
proper jargon please
>correct me, I am here because I want to learn more, I am
a sponge.
>
>
>
> quote:
> Originally posted here by aeallison
> draziw
>
> All of the login attempts, (user calls, modem
checks user/pass with
>radius database, if ok, then, check Authentication server
with its radius
>database, if ok, route user through router to internet )
the router should
>have all the proper Cisco filters and blocks in place, we
have a certified
>Cisco networking dood...hehe...CCNA? Anyway I am not too
worried about
>security as my partner in this is certified M$ and
assures me that our
>system is safe....Although we are working an building a
Snort Box for
>monitoring and tracking. People have tried to crack our
safeguards more than
>once and our system logs show us what they will, only M$
does not have
>tracing and tracking services like it should, go figure.
We also are going
>to switch over to a Sun Ultra Sparc 60 we took out of
mothballs for use as
>authentication in the near future. As for our modem box
it has never been
>comprimised yet, we change passwords and login names on a
scheduled basis,
>same for our servers.
>
>
>
>
>Well, I must say that pieces of paper do not "make" an
engineer, in my
>experiences this is especially true when dealing with
security (yes I
>realize that you're not "an Engineer" without those vital
pieces of paper,
>but having them doesn't really mean much anything in the
overall picture...
><edit>eg. doesn't say you know how to troubleshoot worth
a darn or do
>anything specific other than pass some instructor's test
to someone's
>satisfaction</edit> ). The CCNA is, well... it's Cisco's
first test and just
>requires "time" - and I've previously stated my general
opinion of the MCSE
>(particularly of people that have a need to say "oh I'm a
MCSE, it's ok" -
>seems to go hand-in-hand with all these "leet h4ck3r
d00ds" if you catch my
>drift).
>
>In my experience, "blindy trus

Relevant Pages

  • Re: trace ip
    ... > How can I trace someone trying to hack my ascend digital vpn modem? ... > authentication and is being logged into our RAD logs. ... > to c:\) So it will look like this in command ... Anyway I am not too worried about security ...
    (microsoft.public.security)
  • trace ip
    ... >Ascend digital modem box, his last attack I logged he ... >authentication and is being logged into our RAD logs. ... It is all command ...
    (microsoft.public.security)
  • Re: network question
    ... > network for a new ISP we get booted offline every time one of us turns ... > on our computer and logs into Messenger. ... Also - could this be an ISP problem ... We had issues with our comcast modem and the ...
    (sci.med.transcription)
  • Re: client computers not same time as server
    ... I have a small script on my server with the command in it: ... > I'll check the logs next time I am near the network. ...
    (microsoft.public.windows.server.sbs)
  • Re: Printed to shared printer on Windows 98 machine
    ... The computer with the printer is a Windows 98 ... the command has to be entered each time a user logs on at the Windows ... If you don't want to have to key the command after each ... Did you add the printer on the Windows 2000 computer as a Network Printer ...
    (microsoft.public.win2000.printing)