Tracking down an attacker

Discussion in 'Computer Support' started by SJP, May 7, 2007.

  1. SJP

    SJP Guest

    "don" <> wrote in message
    news:f1o10o$ap3$...
    >I got this warning from Norton Security that my PC was being attacked by
    > 68.189.162.xx but was blocked - without actually going to this site is
    > there
    > a way to look up what this site is - I'm afraid that if I go to the site
    > that Norton would create a permit rule which I do not want -
    >
    >

    http://www.schwarzl.com/ipcheck.html
     
    SJP, May 7, 2007
    #1
    1. Advertising

  2. SJP

    why? Guest

    On Mon, 7 May 2007 16:09:34 -0500, don wrote:

    >I got this warning from Norton Security that my PC was being attacked by
    >68.189.162.xx but was blocked - without actually going to this site is there


    Try .20 as last value.

    WHOIS Record For
    68.189.162.20
    Record Type: IP Address

    Charter Communications CHARTER-NET-7BLK (NET-68-184-0-0-1)
    68.184.0.0 - 68.191.255.255
    Charter Communications SPA-SC-68-189-160 (NET-68-189-160-0-1)
    68.189.160.0 - 68.189.191.255

    So it's an ISP block.

    The address in the header for your post is

    WHOIS Record For
    68.194.217.105
    Record Type: IP Address
    Optimum Online (Cablevision Systems) NETBLK-OOL-5BLK (NET-68-192-0-0-1)
    68.192.0.0 - 68.199.255.255
    Optimum Online (Cablevision Systems) OOL-CPE-HCVLNY-68-194-208-0-20
    (NET-68-194-208-0-1)
    68.194.208.0 - 68.194.223.255

    >a way to look up what this site is - I'm afraid that if I go to the site
    >that Norton would create a permit rule which I do not want -


    Funny you should ask that, I seem to recall quite a few posts in 24HSHD
    http://groups.google.com/group/24hoursupport.helpdesk/topics about
    tracking down IP addresses.

    Instead of repeating the links you could look for them yourself. Look
    for

    'whois'
    'networksolutions'
    'internic.net'

    in the posts for starters.

    You will have to do this as none of the lookups I use will work with
    anything that has xx instead of a number.

    Me
     
    why?, May 7, 2007
    #2
    1. Advertising

  3. SJP

    don Guest

    I got this warning from Norton Security that my PC was being attacked by
    68.189.162.xx but was blocked - without actually going to this site is there
    a way to look up what this site is - I'm afraid that if I go to the site
    that Norton would create a permit rule which I do not want -
     
    don, May 7, 2007
    #3
  4. SJP

    Mike Easter Guest

    don wrote:
    > I got this warning from Norton Security that my PC was being attacked
    > by 68.189.162.xx but was blocked - without actually going to this site
    > is there a way to look up what this site is - I'm afraid that if I go
    > to the site that Norton would create a permit rule which I do not
    > want -


    Why did you put a .xx on the end of the IP? The more specific you ask
    your questions, then the better/ more complete/ the answer you are going
    to get.

    The problem with those with inexperience looking at their personal
    software 'firewall' logs is that the log owner doesn't know what they
    are looking at and so they either over-interpret them or under-interpret
    them or don't interpret them at all.

    One solution is to just stop looking at your logs and feed them to
    something else, like DShield, which will accept logs derived from Norton
    Personal Firewall.

    http://www.dshield.org/howto.html?dshield=2d2638987573f8e6702231ba120b57d6
    How to submit your firewall logs to DShield

    Your responsibilities are not to identify/investigate every IP that
    knocks on your door, but to defend yourself by configuring yourself
    securely. If you want to contribute your logs to intrusion databases,
    so much the better. If you want to check on an IP at such a db as
    DShield or MyNetWatchman, you can do that too.

    http://www.mynetwatchman.com/faq.asp myNetWatchman collects, analyzes
    and reports malicious access attempts to ISPs, who can then take action
    against the offending machines


    --
    Mike Easter
     
    Mike Easter, May 7, 2007
    #4
  5. SJP

    Zombie Guest

    don wrote:
    > I got this warning from Norton Security that my PC was being attacked by
    > 68.189.162.xx but was blocked - without actually going to this site is there
    > a way to look up what this site is - I'm afraid that if I go to the site
    > that Norton would create a permit rule which I do not want -
    >
    >

    Hi Don
    It was probably just a random scan of ports by a back door bot.
    It dosen't mean *you* specifically were targeted.
    And though some versions of Symantec's software are clumsy and
    specifically V2006 being a resource hogger, it is an established
    name in the field of online security and it provided you with the
    required protection. It won't create a permit rule unless you so
    configure, but even so it will always warn you of any threats.
    Don't fret about it and just forget it, your security suite proved
    it functions.
    As you may see, a number of posters replied to your query so it
    would be nice if you'd acknowledge their efforts.
     
    Zombie, May 7, 2007
    #5
  6. SJP

    Zombie Guest

    don wrote:
    > I got this warning from Norton Security that my PC was being attacked by
    > 68.189.162.xx but was blocked - without actually going to this site is there
    > a way to look up what this site is - I'm afraid that if I go to the site
    > that Norton would create a permit rule which I do not want -
    >
    >


    Hi Don
    It was probably just a random scan of ports by a back door bot.
    It dosen't mean *you* specifically were targeted.
    And though some versions of Symantec's software are clumsy and
    specifically V2006 being a resource hogger, it is an established
    name in the field of online security and it provided you with the
    required protection. It won't create a permit rule unless you so
    configure, but even so it will always warn you of any threats.
    Don't fret about it and just forget it, your security suite proved
    it functions.
    As you may see, a number of posters replied to your query so it
    would be nice if you'd acknowledge their efforts.
     
    Zombie, May 7, 2007
    #6
  7. SJP

    Aardvark Guest

    On Mon, 07 May 2007 22:52:45 +0100, Zombie wrote:

    > don wrote:
    >> I got this warning from Norton Security that my PC was being attacked
    >> by 68.189.162.xx but was blocked - without actually going to this site
    >> is there a way to look up what this site is - I'm afraid that if I go
    >> to the site that Norton would create a permit rule which I do not want
    >> -
    >>
    >>
    >>

    > Hi Don
    > It was probably just a random scan of ports by a back door bot. It
    > dosen't mean *you* specifically were targeted. And though some versions
    > of Symantec's software are clumsy and specifically V2006 being a
    > resource hogger, it is an established name in the field of online
    > security and it provided you with the required protection. It won't
    > create a permit rule unless you so configure, but even so it will always
    > warn you of any threats. Don't fret about it and just forget it, your
    > security suite proved it functions.
    > As you may see, a number of posters replied to your query so it would be
    > nice if you'd acknowledge their efforts.


    Yes. And some even posting the same reply twice :)

    --
    Registered Linux User 413057.
    Both Mandriva 2007 and Ubuntu 6.06
    You can have it all. My empire of hurt.
     
    Aardvark, May 8, 2007
    #7
  8. SJP

    Vanguard Guest

    "don" <> wrote in message
    news:f1o10o$ap3$...
    >I got this warning from Norton Security that my PC was being attacked
    >by
    > 68.189.162.xx but was blocked - without actually going to this site is
    > there
    > a way to look up what this site is - I'm afraid that if I go to the
    > site
    > that Norton would create a permit rule which I do not want -



    www.dnsstuff.com
    Scroll past his ads trying to get you to subscribe to his "service". He
    used to bitch about some registrars putting ads on their whois lookup
    pages. Now he spams on his lookup pages.
     
    Vanguard, May 8, 2007
    #8
  9. SJP

    don Guest

    Thanks - I put an xx at the end just to keep this ISP address private
    because I had no idea what it was....
    I will follow your instructions - in the past my Norton 2004 use to pin
    point the location of any IP threat I wanted to know about, but that service
    is now unavailable in the software?

    "why?" <fgrirp*sgc@VAINY!Qznq.fpvragvfg.pbz> wrote in message
    news:...
    >
    > On Mon, 7 May 2007 16:09:34 -0500, don wrote:
    >
    > >I got this warning from Norton Security that my PC was being attacked by
    > >68.189.162.xx but was blocked - without actually going to this site is

    there
    >
    > Try .20 as last value.
    >
    > WHOIS Record For
    > 68.189.162.20
    > Record Type: IP Address
    >
    > Charter Communications CHARTER-NET-7BLK (NET-68-184-0-0-1)
    > 68.184.0.0 - 68.191.255.255
    > Charter Communications SPA-SC-68-189-160 (NET-68-189-160-0-1)
    > 68.189.160.0 - 68.189.191.255
    >
    > So it's an ISP block.
    >
    > The address in the header for your post is
    >
    > WHOIS Record For
    > 68.194.217.105
    > Record Type: IP Address
    > Optimum Online (Cablevision Systems) NETBLK-OOL-5BLK (NET-68-192-0-0-1)
    > 68.192.0.0 - 68.199.255.255
    > Optimum Online (Cablevision Systems) OOL-CPE-HCVLNY-68-194-208-0-20
    > (NET-68-194-208-0-1)
    > 68.194.208.0 - 68.194.223.255
    >
    > >a way to look up what this site is - I'm afraid that if I go to the site
    > >that Norton would create a permit rule which I do not want -

    >
    > Funny you should ask that, I seem to recall quite a few posts in 24HSHD
    > http://groups.google.com/group/24hoursupport.helpdesk/topics about
    > tracking down IP addresses.
    >
    > Instead of repeating the links you could look for them yourself. Look
    > for
    >
    > 'whois'
    > 'networksolutions'
    > 'internic.net'
    >
    > in the posts for starters.
    >
    > You will have to do this as none of the lookups I use will work with
    > anything that has xx instead of a number.
    >
    > Me
     
    don, May 8, 2007
    #9
  10. SJP

    don Guest

    Thanks

    "Zombie" <> wrote in message news:f1o73f$q8f$...
    > don wrote:
    > > I got this warning from Norton Security that my PC was being attacked by
    > > 68.189.162.xx but was blocked - without actually going to this site is

    there
    > > a way to look up what this site is - I'm afraid that if I go to the site
    > > that Norton would create a permit rule which I do not want -
    > >
    > >

    >
    > Hi Don
    > It was probably just a random scan of ports by a back door bot.
    > It dosen't mean *you* specifically were targeted.
    > And though some versions of Symantec's software are clumsy and
    > specifically V2006 being a resource hogger, it is an established
    > name in the field of online security and it provided you with the
    > required protection. It won't create a permit rule unless you so
    > configure, but even so it will always warn you of any threats.
    > Don't fret about it and just forget it, your security suite proved
    > it functions.
    > As you may see, a number of posters replied to your query so it
    > would be nice if you'd acknowledge their efforts.
     
    don, May 8, 2007
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Matt White

    Tracking down a client's port

    Matt White, Aug 19, 2005, in forum: Cisco
    Replies:
    4
    Views:
    5,402
    Walter Roberson
    Aug 25, 2005
  2. Bobby

    Need help tracking down email spoofer

    Bobby, Dec 28, 2003, in forum: Computer Support
    Replies:
    6
    Views:
    949
    Norman Miller
    Dec 29, 2003
  3. Miss Perspicacia Tick

    Slightly OT: Tracking down 64-bit drivers

    Miss Perspicacia Tick, Jan 29, 2005, in forum: Computer Support
    Replies:
    7
    Views:
    850
  4. Edw. Peach

    Tracking Someone Tracking Me

    Edw. Peach, Jun 15, 2005, in forum: Computer Security
    Replies:
    4
    Views:
    717
    Olden Doode
    Jul 7, 2005
  5. Au79
    Replies:
    3
    Views:
    476
    Fuzzy Logic
    Mar 2, 2007
Loading...

Share This Page