Under attack.

Terry

last night some dick tried to hack my pc or send a virus or something.
the firewall stopped it, but it also gave me the IP address of the attacker.
they tried to get in through upnp port 5000.
is it possible to trace the attacker through their IP address (it was an Irish one)?
is there someone i can report this to?
is it permissable to post the IP address here?

Ruu_Old

You could attempt to contact your ISP provider about it and if it was an attack chances are the user was bouncing off someone elses connection. In the meantime, run UnPlug n' Pray to disable this capability from anything further happening. How do you know it was a virus? If you are on Windows XP, make sure its updated using Windows Update, security patches and all. Not sure if you are allowed post the IP here or not, I would guess not.

Bob the Builder

Hey, know the feeling...wondering wtf happned there well

start by recording everything
IP, Time, Date, Program that stopped it, etc...

http://www.dnsstuff.com/
Do a whois of the IP there, ring Eircom, report it, Ring that person's ISP, report it, etc...bit like dealing with insurance companies in a car crash.

Our advice ends there(unless you give some Boardsie member that IP so they can hack it for revenge).
The ISP's will do the rest, hopefully...

irlrobins

TBH, unless the ip could be linked to a certain user and only if they were actively causing problems to the ISP's network, I doubt the ISP will take much action.

Best thing you can do is just make sure you're secure from attacks like this. (Firewall, NAT router, AV, etc).

CiaranC

Most likely a worm. Dozens of them use vunerabilities on port 5000. No need for the rampant paranoia, you can be 99.99% certain the source has no clue what is going on.

Terry

i'd just like to find out who it is, so that i could go around to there house and kick their ass.
ok, i wouldn't really do that, but i would like to find out who it is and report them.
people like that shouldn't be allowed near a computer.

oh yeah. everything is up to date re windows security updates.

if it happens again, i'll take a screen shot and post it here (with the IP address blacked out of course, unless the mods allow it to be shown).

irlrobins

All you'll be able to do is to know what ISP they are with. You're not going to be able to locate them by street address, name or anything. Whoever it is prob just has an infected computer, without knowing about as Ciaran said.

people like that shouldn't be allowed near a computer

By that reasoning, if your PC got infected by a virus you too shouldn't be allowed to use one. :rolleyes:

Asok

Ahm as CiaranC said it was probably just someone infected with a worm that was trying to spread itself. Generally this stuff has no bad intentions behind it from the owner of the IP.

[Edit]Obligatory OMGZ[/Edit]

jor el

Use websites such as http://www.dslreports.com/scan or https://www.grc.com/x/ne.dll?bh0bkyd2 to see how well protected your PC is. Can be used to fine-tune your firewall settings to prevent future attacks. Google for Port Scan to find similar checkers if needs be.