Tracking down an attacker

Discussion in 'Computer Support' started by SJP, May 7, 2007.

  1. SJP

    SJP Guest

    http://www.schwarzl.com/ipcheck.html
     
    SJP, May 7, 2007
    #1
    1. Advertisements

  2. SJP

    why? Guest

    Try .20 as last value.

    WHOIS Record For
    68.189.162.20
    Record Type: IP Address

    Charter Communications CHARTER-NET-7BLK (NET-68-184-0-0-1)
    68.184.0.0 - 68.191.255.255
    Charter Communications SPA-SC-68-189-160 (NET-68-189-160-0-1)
    68.189.160.0 - 68.189.191.255

    So it's an ISP block.

    The address in the header for your post is

    WHOIS Record For
    68.194.217.105
    Record Type: IP Address
    Optimum Online (Cablevision Systems) NETBLK-OOL-5BLK (NET-68-192-0-0-1)
    68.192.0.0 - 68.199.255.255
    Optimum Online (Cablevision Systems) OOL-CPE-HCVLNY-68-194-208-0-20
    (NET-68-194-208-0-1)
    68.194.208.0 - 68.194.223.255
    Funny you should ask that, I seem to recall quite a few posts in 24HSHD
    http://groups.google.com/group/24hoursupport.helpdesk/topics about
    tracking down IP addresses.

    Instead of repeating the links you could look for them yourself. Look
    for

    'whois'
    'networksolutions'
    'internic.net'

    in the posts for starters.

    You will have to do this as none of the lookups I use will work with
    anything that has xx instead of a number.

    Me
     
    why?, May 7, 2007
    #2
    1. Advertisements

  3. SJP

    don Guest

    I got this warning from Norton Security that my PC was being attacked by
    68.189.162.xx but was blocked - without actually going to this site is there
    a way to look up what this site is - I'm afraid that if I go to the site
    that Norton would create a permit rule which I do not want -
     
    don, May 7, 2007
    #3
  4. SJP

    Mike Easter Guest

    Why did you put a .xx on the end of the IP? The more specific you ask
    your questions, then the better/ more complete/ the answer you are going
    to get.

    The problem with those with inexperience looking at their personal
    software 'firewall' logs is that the log owner doesn't know what they
    are looking at and so they either over-interpret them or under-interpret
    them or don't interpret them at all.

    One solution is to just stop looking at your logs and feed them to
    something else, like DShield, which will accept logs derived from Norton
    Personal Firewall.

    http://www.dshield.org/howto.html?dshield=2d2638987573f8e6702231ba120b57d6
    How to submit your firewall logs to DShield

    Your responsibilities are not to identify/investigate every IP that
    knocks on your door, but to defend yourself by configuring yourself
    securely. If you want to contribute your logs to intrusion databases,
    so much the better. If you want to check on an IP at such a db as
    DShield or MyNetWatchman, you can do that too.

    http://www.mynetwatchman.com/faq.asp myNetWatchman collects, analyzes
    and reports malicious access attempts to ISPs, who can then take action
    against the offending machines
     
    Mike Easter, May 7, 2007
    #4
  5. SJP

    Zombie Guest

    Hi Don
    It was probably just a random scan of ports by a back door bot.
    It dosen't mean *you* specifically were targeted.
    And though some versions of Symantec's software are clumsy and
    specifically V2006 being a resource hogger, it is an established
    name in the field of online security and it provided you with the
    required protection. It won't create a permit rule unless you so
    configure, but even so it will always warn you of any threats.
    Don't fret about it and just forget it, your security suite proved
    it functions.
    As you may see, a number of posters replied to your query so it
    would be nice if you'd acknowledge their efforts.
     
    Zombie, May 7, 2007
    #5
  6. SJP

    Zombie Guest

    Hi Don
    It was probably just a random scan of ports by a back door bot.
    It dosen't mean *you* specifically were targeted.
    And though some versions of Symantec's software are clumsy and
    specifically V2006 being a resource hogger, it is an established
    name in the field of online security and it provided you with the
    required protection. It won't create a permit rule unless you so
    configure, but even so it will always warn you of any threats.
    Don't fret about it and just forget it, your security suite proved
    it functions.
    As you may see, a number of posters replied to your query so it
    would be nice if you'd acknowledge their efforts.
     
    Zombie, May 7, 2007
    #6
  7. SJP

    Aardvark Guest

    Yes. And some even posting the same reply twice :)
     
    Aardvark, May 8, 2007
    #7
  8. SJP

    Vanguard Guest


    www.dnsstuff.com
    Scroll past his ads trying to get you to subscribe to his "service". He
    used to bitch about some registrars putting ads on their whois lookup
    pages. Now he spams on his lookup pages.
     
    Vanguard, May 8, 2007
    #8
  9. SJP

    don Guest

    Thanks - I put an xx at the end just to keep this ISP address private
    because I had no idea what it was....
    I will follow your instructions - in the past my Norton 2004 use to pin
    point the location of any IP threat I wanted to know about, but that service
    is now unavailable in the software?
     
    don, May 8, 2007
    #9
  10. SJP

    don Guest

    Thanks

     
    don, May 8, 2007
    #10
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.