RE: [Wlug] Who is port scanning me?
try and hack them back???????? or just move on because it doesnt matter that much. in the real world that shit happens all the time -mike
On Sunday 23 June 2002 08:42 am, David Goss wrote:
and if it is a hacker???... what's the best way to send them back a
Hi again, Over the weekend, I received some "creative" feedback and all of it is appreciated. Why question was intended to find an easy way to track down the owner of an IP address within our corporate network (unregistered with DNS/WINS). Not to hack, crack, spam, or DOS them, but to gain information on that particular node. I have to bring this IP address to the attention of our Security Team, but wanted more information to give them. Given all the feedback, it seems easier just to contact the Security Team and let them figure this out. Thanks again for your time. Matthew -----Original Message----- From: Phillip G Deneault [mailto:deneault@WPI.EDU] Sent: Sunday, June 23, 2002 9:27 PM To: wlug@mail.wlug.org Subject: Re: [Wlug] Who is port scanning me? Chances are the machine that is performing the portscan is hacked himself. It does no good to "hack them back" because your not hacking the hackers...your hacking the hack. :-) On top of that, you'll only cloud the issue and, if the matter is taken to the authorities, you could also get in trouble. Not to mention the entire concept of hacking without authorization is unethical and illegal. I'm going to go say its not worth it. This does happen constantly if your connected to the Internet. Your best offense is a good defense. Phil On Sun, 23 Jun 2002, Michael Frysinger wrote: little
something to let them know you care???
dave goss
----- Original Message ----- From: "George Metz" <wolfstar@shadownet.wox.org> To: <wlug@mail.wlug.org> Sent: Sunday, June 23, 2002 12:49 AM Subject: Re: [Wlug] Who is port scanning me?
On Fri, 21 Jun 2002, Simoncini, Matthew wrote:
Hi everyone,
I'm constantly getting port scanned from a certain IP address on our internal corporate network. I'd really like to find out where and who
this
person is, but don't know much outside of ping, traceroute, nslookup,
etc
.... I was wondering if anyone knows of any tools that can get me more information on this person? This happens to be on our private network,
so
most internet tools I don't think will help much.
If it's on your internal net, then talking to the network admins for your site should give you a good idea of where they're at and why they're doing it.
If there's no network admin on site, then you'll have to do some footwork yourself. The suggestion to use IPTables to ignore data from that address is a good one if possible; you might even be able to track down the culprit when they suddenly can't access your system anymore and ask why. (Possible if it's a somehow compromised system on the internal network.)
Another possibility is using host or nslookup if you've got internal nameservers behind whatever's running your NAT setup (I'm making the assumption that you're running NAT if you're on a private net.)
If you happen to be the guy who's had Network admin position shoved upon you, then you can try getting a null route added to the router for your net connection at work and use that to see who complains about a sudden lack of net access too, but I'd definitely be careful of that method. =)
-- George Metz Commercial Routing Engineer wolfstar@shadownet.wox.org
"We know what deterrence was with 'mutually assured destruction' during the Cold War. But what is deterrence in information warfare?" -- Brigadier General Douglas Richardson, USAF, Commander - Space Warfare Center
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Phil Deneault "We work in the dark, We do what we can, deneault@wpi.edu We give what we have. Our doubt is our passion, WPI NetOps and our passion is our task. The rest is the OpenVMS Guy maddness of art." - Henry James -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- _______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
You could download and use a program called Sam Spade. It will tell you alot about an IP/Hostname. Who registered it, and their contact information. I dont have a link but I bet a quick search on google should work. -Joe
Joe Riopel <joe@crankhouse.com> writes:
You could download and use a program called Sam Spade. It will tell you alot about an IP/Hostname. Who registered it, and their contact information. I dont have a link but I bet a quick search on google should work.
This won't be too useful, since the original request/comment was about an IP address on an _internal_ company network. It won't be registered by anyone! Heh, I like the NS entries listed for reserved IP blocks: BLACKHOLE-1.IANA.ORG 192.0.32.18 BLACKHOLE-2.IANA.ORG 192.0.32.19 ttyl, -- Josh Huber
participants (3)
-
Joe Riopel
-
Josh Huber
-
Simoncini, Matthew