1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Hackers

Discussion in 'Virus & Other Malware Removal' started by lee_1133, Sep 29, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. lee_1133

    lee_1133 Thread Starter

    Joined:
    Aug 24, 2002
    Messages:
    280
    I use blackICE & constantly get port probes, is it possible to report these people/companies who try and gain access to my PC?
    if they tried to get in my house i would beat the living s**t out of them! to me thats exactly what they are doing when they try and probe my PC!
    also are there any programs that probe them if they probe you and if so would that stop them or am i on a wild goose chase
     
  2. Topkat

    Topkat

    Joined:
    Aug 10, 2003
    Messages:
    401
    If your firewall has their IP address in it's log then you can try the following sites to find their ISP:
    http://swhois.net./
    http://www.geektools.com/

    There will most likely be an [email protected] type of address to send a complaint to.
    If you're going to send a mail they will need info such as:
    type of intrusion
    date & time of attack
    your time zone
    a clip of your firewalls log containing the attack

    Most ISP's are as helpful as they can be, but in light of the huge daily volume of complaints they recieve, don't be surprised if all you recieve after this is an automated response thanking you for your interest.

    Hope this helps,

    :D
     
  3. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,196
    First Name:
    Derek
    Over 90% of reported probes are either from your ISP to make sure you are still connected or are delayed replies from websites that you have just left.
    Blackice, along with many other firewalls that are incorrectly set has got a reputation for a lot of false alarms, when the probes are genuine
     
  4. lee_1133

    lee_1133 Thread Starter

    Joined:
    Aug 24, 2002
    Messages:
    280
    here is my log from blackICE i doubt that 90% of these are genuine but if anyone can tell which are BAD then plz post a reply and also can someone link me to a good site that explains the different types of port probes describing which are most damaging potentially.

    Time, Event, Intruder, Count
    30/09/2003 01:49:05, TCP port probe, c68.190.160.143.eau.wi.charter.com, 1
    30/09/2003 01:46:41, TCP port probe, 62-61-157-235.generic.web-sale.dk, 1
    30/09/2003 00:51:34, HTTP port probe, 217.233.232.183, 1
    30/09/2003 00:12:34, HTTP port probe, IKBDNS, 2
    30/09/2003 00:00:42, HTTP port probe, cpe-68-115-213-150.spa.sc.charter.com, 1
    29/09/2003 23:13:24, TCP port probe, cpe-66-74-102-196.dc.rr.com, 1
    29/09/2003 22:49:46, TCP port probe, ACC2BFE0.ipt.aol.com, 1
    28/09/2003 20:19:35, TCP port probe, host213-122-164-238.in-addr.btopenworld.com, 2
    28/09/2003 20:18:41, TCP port probe, 210.183.159.249, 2
    28/09/2003 16:27:10, HTTP port probe, AMontsouris-109-1-7-220.w81-53.abo.wanadoo.fr, 3
    28/09/2003 16:23:40, TCP port probe, HERA, 1
    28/09/2003 16:19:25, TCP port probe, ip102-1-24.dialup.edisontel.com, 1
    28/09/2003 14:36:54, HTTP port probe, AVelizy-107-1-3-225.w80-15.abo.wanadoo.fr, 3
    28/09/2003 13:47:07, TCP port probe, REGISTER-TGB57P, 1
    28/09/2003 13:31:46, SQL port probe, 62.8.110.113, 1
    28/09/2003 13:14:12, TCP port probe, pool-68-236-34-63.phil.east.verizon.net, 1
    27/09/2003 22:39:31, TCP port probe, 148.166.136.188, 1
    26/09/2003 23:05:36, TCP port probe, 207.72.136.41, 1
    26/09/2003 20:23:43, TCP port probe, 81.50.217.28, 1
    26/09/2003 19:38:01, HTTP port probe, TORNADO, 3
    26/09/2003 07:43:57, SOCKS port probe, 211.106.247.195, 1
     
  5. NiteHawk

    NiteHawk

    Joined:
    Mar 9, 2003
    Messages:
    4,699
    One of the other problems with BlackICE (hopefully it's been changed in the last year) is that when it is probed, it PROBES BACK!! This is NOT a good idea because a properly configured firewall should maintain a stealth appearance on the net. You are not there. Your PC/connection is a Black hole.

    IF your firewall probes back it is affectively saying, "Yes I'm here, but you can't get into this port!" That has given you away and may make some that are trying to probe you try even harder to find an opening.
     
  6. Topkat

    Topkat

    Joined:
    Aug 10, 2003
    Messages:
    401
    I would read these opinions about BlackIce also since it seems to be problematic:
    http://forums.techguy.org/t167121/s.html
    Maybe go for Zonelarm or Sygate (my personal fav) and they are both free!

    Hope this helps.

    :D
     
  7. lee_1133

    lee_1133 Thread Starter

    Joined:
    Aug 24, 2002
    Messages:
    280
    thx for your comments everyone

    i think i will stick with blackICE for now although i have downloaded zonealarm just in case i change my mind. i like the fact that blackICE checks everything i do like any .exe files that want to launch also it never disturbs me because i have it set to warn only of serious or AMBER attacks on my system like sub seven port probes which brings me to a spin-off question to my original post(which everyone can consider closed), what exactly is a sub seven port probe, how serious is it, and is it worth reporting the IP address of hackers to ISP's or would i be wasting my time?
    personally i think we all should turn the tables on the hackers by forcing, through sheer numbers ISP's to take action against them i would love to see a program created that automatically sends the information of an attacker to the relevant ISP so apropriate action is taken
    anyone know of software like that? or whether we may see in the future
     
  8. Topkat

    Topkat

    Joined:
    Aug 10, 2003
    Messages:
    401
    Fair enough if you're determined to keep BlackIce but, about you downloading ZoneAlarm, make sure that you leave it disabled while you are still running BlackIce. 2 firewalls running at once will cause conflicts possibly causing both to miss an attack.
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/168370

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice