Hackers

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

lee_1133

Thread Starter
Joined
Aug 24, 2002
Messages
280
I use blackICE & constantly get port probes, is it possible to report these people/companies who try and gain access to my PC?
if they tried to get in my house i would beat the living s**t out of them! to me thats exactly what they are doing when they try and probe my PC!
also are there any programs that probe them if they probe you and if so would that stop them or am i on a wild goose chase
 
Joined
Aug 10, 2003
Messages
401
If your firewall has their IP address in it's log then you can try the following sites to find their ISP:
http://swhois.net./
http://www.geektools.com/

There will most likely be an [email protected] type of address to send a complaint to.
If you're going to send a mail they will need info such as:
type of intrusion
date & time of attack
your time zone
a clip of your firewalls log containing the attack

Most ISP's are as helpful as they can be, but in light of the huge daily volume of complaints they recieve, don't be surprised if all you recieve after this is an automated response thanking you for your interest.

Hope this helps,

:D
 

dvk01

Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
First Name
Derek
Over 90% of reported probes are either from your ISP to make sure you are still connected or are delayed replies from websites that you have just left.
Blackice, along with many other firewalls that are incorrectly set has got a reputation for a lot of false alarms, when the probes are genuine
 

lee_1133

Thread Starter
Joined
Aug 24, 2002
Messages
280
here is my log from blackICE i doubt that 90% of these are genuine but if anyone can tell which are BAD then plz post a reply and also can someone link me to a good site that explains the different types of port probes describing which are most damaging potentially.

Time, Event, Intruder, Count
30/09/2003 01:49:05, TCP port probe, c68.190.160.143.eau.wi.charter.com, 1
30/09/2003 01:46:41, TCP port probe, 62-61-157-235.generic.web-sale.dk, 1
30/09/2003 00:51:34, HTTP port probe, 217.233.232.183, 1
30/09/2003 00:12:34, HTTP port probe, IKBDNS, 2
30/09/2003 00:00:42, HTTP port probe, cpe-68-115-213-150.spa.sc.charter.com, 1
29/09/2003 23:13:24, TCP port probe, cpe-66-74-102-196.dc.rr.com, 1
29/09/2003 22:49:46, TCP port probe, ACC2BFE0.ipt.aol.com, 1
28/09/2003 20:19:35, TCP port probe, host213-122-164-238.in-addr.btopenworld.com, 2
28/09/2003 20:18:41, TCP port probe, 210.183.159.249, 2
28/09/2003 16:27:10, HTTP port probe, AMontsouris-109-1-7-220.w81-53.abo.wanadoo.fr, 3
28/09/2003 16:23:40, TCP port probe, HERA, 1
28/09/2003 16:19:25, TCP port probe, ip102-1-24.dialup.edisontel.com, 1
28/09/2003 14:36:54, HTTP port probe, AVelizy-107-1-3-225.w80-15.abo.wanadoo.fr, 3
28/09/2003 13:47:07, TCP port probe, REGISTER-TGB57P, 1
28/09/2003 13:31:46, SQL port probe, 62.8.110.113, 1
28/09/2003 13:14:12, TCP port probe, pool-68-236-34-63.phil.east.verizon.net, 1
27/09/2003 22:39:31, TCP port probe, 148.166.136.188, 1
26/09/2003 23:05:36, TCP port probe, 207.72.136.41, 1
26/09/2003 20:23:43, TCP port probe, 81.50.217.28, 1
26/09/2003 19:38:01, HTTP port probe, TORNADO, 3
26/09/2003 07:43:57, SOCKS port probe, 211.106.247.195, 1
 
Joined
Mar 9, 2003
Messages
4,699
One of the other problems with BlackICE (hopefully it's been changed in the last year) is that when it is probed, it PROBES BACK!! This is NOT a good idea because a properly configured firewall should maintain a stealth appearance on the net. You are not there. Your PC/connection is a Black hole.

IF your firewall probes back it is affectively saying, "Yes I'm here, but you can't get into this port!" That has given you away and may make some that are trying to probe you try even harder to find an opening.
 

lee_1133

Thread Starter
Joined
Aug 24, 2002
Messages
280
thx for your comments everyone

i think i will stick with blackICE for now although i have downloaded zonealarm just in case i change my mind. i like the fact that blackICE checks everything i do like any .exe files that want to launch also it never disturbs me because i have it set to warn only of serious or AMBER attacks on my system like sub seven port probes which brings me to a spin-off question to my original post(which everyone can consider closed), what exactly is a sub seven port probe, how serious is it, and is it worth reporting the IP address of hackers to ISP's or would i be wasting my time?
personally i think we all should turn the tables on the hackers by forcing, through sheer numbers ISP's to take action against them i would love to see a program created that automatically sends the information of an attacker to the relevant ISP so apropriate action is taken
anyone know of software like that? or whether we may see in the future
 
Joined
Aug 10, 2003
Messages
401
Fair enough if you're determined to keep BlackIce but, about you downloading ZoneAlarm, make sure that you leave it disabled while you are still running BlackIce. 2 firewalls running at once will cause conflicts possibly causing both to miss an attack.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top