Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Recomendations for dealing with a presistant attacker

  • 28-05-2003 2:46am
    #1
    Closed Accounts Posts: 836 ✭✭✭


    I wanna hear what people think.

    I have this guy that keeps trying to attack me (I asume that it just one guy). Over the last couple of days I have had over 200 hack attempts.
    I use Norton Personal Firewall 2003, all set to max security.
    I have XP pro.
    The attacks just keep comming. Its starting to do my head in. I know the normal situation to take when u want to report it to the athorites, track IP, look up IP info. Inform company/ISP etc. But its not helping.
    I have dissocnnected and rejoined but still happens, I have no trojans/virusus that would allow an attacker to track my IP so I am lost.

    The question is that is there any... "proactive" actions that one can take that are legal once the person had attacked you. A kinda self defence thing. If not is there any recomendations?

    Also is there a possibility that it is come kinda server??? All attacks originate from Dublin.


    **Figured that posting IP's is prob not the right thing to do.
    ========================
    Details: Attempted Intrusion "HTTP_IIS_ISAPI_Extension" against your machine was detected and blocked
    Intruder: ***.***.***.***(38847)
    Risk Level: High
    Protocol: TCP
    Attacked IP: ***.***.***.***.
    Attacked Port: http(80)

    Click on the address to trace the attacker
    You can get detailed information about this attack at Symantec Security Response
    ========================


Comments

  • Closed Accounts Posts: 3,859 ✭✭✭logic1


    Just looks like a server infected with CodeRed.

    .logic.


  • Closed Accounts Posts: 836 ✭✭✭Snowball


    :confused: huh???? :confused:

    Emmm..... logic, can u elaborate? CodeRed?


  • Moderators, Social & Fun Moderators Posts: 10,501 Mod ✭✭✭✭ecksor


    CodeRed is a worm that was rampant during the summer of 2001. It spreads itself by looking for and infecting vulnerable IIS servers.

    There's a massive amount of crap that your machine is exposed to due to this sort of automation when you connect to the Internet. Netbios, the various IIS worms, SQL Slammer, there was an apache ssl one I seem to remember, I've well lost track of them all by now.


  • Closed Accounts Posts: 836 ✭✭✭Snowball


    is there any way to find out who an IP is assigned to. I know when u look up RIPE and all but is there any other way to get more info on the person not the ISP???


  • Moderators, Social & Fun Moderators Posts: 10,501 Mod ✭✭✭✭ecksor


    It depends. In the case of a dialup IP in this country the ISP will release the information if you obtain the relevant court order.


  • Advertisement
  • Closed Accounts Posts: 836 ✭✭✭Snowball


    yeah, I kinda fingure on that :(

    I was hoping for some kinda system like RIPE or something simular


  • Registered Users, Registered Users 2 Posts: 491 ✭✭flav0rflav


    Waste of time.
    All internet addresses are constantly being scanned by hackers. This one may stop, if it is just one, and another, or ten, will appear.
    Just have a secure system.


  • Closed Accounts Posts: 836 ✭✭✭Snowball


    flav0rflav, its kinda what I though but the thing is that when I was down in carlow I never got attacked, not 1 attack in 9 months. Why would I get over 200 attacks in 2 days ion Dublin and not 1 in 9 omnths in carlow? Mind you when I was in Carlow I was not on as long, but still.

    Symantec, who own Norton (my Firewall), have a web page that attacks ur system and checks to see how secure it is. It gives you a report. Does anyone know of a better one??


  • Moderators, Sports Moderators Posts: 8,679 Mod ✭✭✭✭Rew


    CodeRed has a search algo that attempts to find other hosts o infect, they tend to go after machines in their own IP range first.

    I saw hundreds and ssome times thouusands of these in my logs every day when it was at its worst. I wouldn't worry about it


  • Registered Users, Registered Users 2 Posts: 648 ✭✭✭Tenshot


    If you're being attacked by CodeRed, chances are it's from a machine that has a web server of its own. Connect back to the source IP address on port 80 and see what you find.

    As mentioned elsewhere, it's highly likely the owner of the machine has no idea they are infected.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 5,741 ✭✭✭jd


    Originally posted by Rew
    CodeRed has a search algo that attempts to find other hosts o infect, they tend to go after machines in their own IP range first.

    I saw hundreds and ssome times thouusands of these in my logs every day when it was at its worst. I wouldn't worry about it
    I concur-its probably someone with an affected machine dialling into the same pop as yourself. If you really want to, keep a log of the ip addresses with *accurate* timestamps. Forward any that are coming from your own pop to your isp, maybe support or the abuse desk. TBH I don't bother.
    Jd


Advertisement