Getting Nub Hacked.

Cold_NiTeCold_NiTe Join Date: 2003-09-15 Member: 20875Members
<div class="IPBDescription">What to do?</div> So I aggravate this person, right...

And well they were out for my blood for a minute there. Found I couldn't connect to the internet for a bit until I went into HijackThis and checked all the registry changes that were made. Found them, deleted them, got back online. Also had to do a bunch of viral scans to be safe.

But he wasn't tired yet, so we went a few more rounds. I had his IP for a minute there because it seems he opened a spot in Windows Firewall for himself. I don't seem to have it anymore I may have deleted the damn things before copying down the IP (stupid mistake).

He may not be tired yet I don't know. But here is the gist of what I am asking;

How can I go into either my router's Hardware firewall or my software firewall (cause I have both) and set his IP to some sort of a ban list? Is there any way to automatically not accept any downloads from him? Or is this just wishful thinking. I'm gonna go do some more google searches, but I'm probably using the wrong search strings or something...
«1

Comments

  • VenmochVenmoch Join Date: 2002-08-07 Member: 1093Members
    Stop using the internet for a bit?

    Get a better firewall?

    Get Linux

    H4x0r him?
  • MausMaus Join Date: 2002-11-03 Member: 5599Members
    There's probably some way of reporting him to his ISP, since he's being naughty.
  • Cold_NiTeCold_NiTe Join Date: 2003-09-15 Member: 20875Members
    <!--QuoteBegin-Venmoch+Mar 14 2005, 03:42 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Venmoch @ Mar 14 2005, 03:42 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->Stop using the internet for a bit?<!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
    lol... That was a joke right? (j/k I am seriously gonna have to in a sec anyway. Gotta go pick up some folks from the airport.
    <!--QuoteBegin-Venmoch+Mar 14 2005, 03:42 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Venmoch @ Mar 14 2005, 03:42 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->Get a better firewall?<!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
    Does my nub **** need AVG? <_<
    <!--QuoteBegin-Venmoch+Mar 14 2005, 03:42 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Venmoch @ Mar 14 2005, 03:42 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->Get Linux<!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
    Yeah, because I can handle that satanic beast of an OS when I can barely handle making registry changes in windows.
    <!--QuoteBegin-Venmoch+Mar 14 2005, 03:42 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Venmoch @ Mar 14 2005, 03:42 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->H4x0r him?<!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
    I wish man. I really really wish.

    <!--QuoteBegin-Maus+Mar 14 2005, 03:43 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Maus @ Mar 14 2005, 03:43 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->There's probably some way of reporting him to his ISP, since he's being naughty.<!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
    The land of Maus, where logic is king. Thanks, I like the idea. But the problem is how do I find out what his ISP is. Or hell, how do I get his IP because I lost it the first time.
  • AlcapwnAlcapwn &quot;War is the science of destruction&quot; - John Abbot Join Date: 2003-06-21 Member: 17590Members
    How about getting rid of crappy windows firewall and pick up Norton I&S?
  • MrRadicalEdMrRadicalEd Turrent Master Join Date: 2004-08-13 Member: 30601Members
    windows firewall isn't so crappy as one might think

    I'm sure your router has an option to block addresses/ports in there somewhere.

    If his ip reveals his actual ISP you can email abuse@isp's address and report him since he would be breaching his ISP's TOSC.
  • Cold_NiTeCold_NiTe Join Date: 2003-09-15 Member: 20875Members
    edited March 2005
    <!--QuoteBegin-WaterBoy+Mar 14 2005, 03:54 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (WaterBoy @ Mar 14 2005, 03:54 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> How about getting rid of crappy windows firewall and pick up Norton I&S? <!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
    Windows Firewall = Free.

    Norton = Not so free... unless... no no no we'll stick with Not so free.

    AVG = Semi-free?

    Besides, my brother has norton and it has a billion some odd conflicts with my P-O-S $10 router. So I don't know if I can survive the same ordeal.

    **EDIT**

    Aaahh **** time to go to the airport.
    See you folks later.

    In any case, I've got my ultimate firewall. My cable modem's off button. Which I use obsessively because I'm an idiot.
  • JimmehJimmeh Join Date: 2003-08-24 Member: 20173Members, Constellation
    AVG is not a firewall. It is anti-virus software.
  • theclamtheclam Join Date: 2004-08-01 Member: 30290Members
    If you have a dynamic IP, then you can get a new one. For my Linksys router, I go to the Status tab and click on DHCP Release and then DHCP Renew and it gives me a new IP, most of the time.
  • itsmemoitsmemo Join Date: 2003-07-17 Member: 18232Members, Constellation
    I dont know much about this but if its just your internet..

    use a diffrent proxy and he will end up doing whatever he was doing to you to the other ip you will be temporaly using. at best he will be owned by which ever company owns that proxy(ip) if he does anything drastic.

    also suggest you try to do what Maus said.
  • NikonNikon Join Date: 2003-09-29 Member: 21313Members, Constellation
    when you get his ping again, go to your DOS console, or command prompt(depends on windows version) and type this


    tracert ip.of.smacktard.here



    it defaults to 15 hops, this traces the connection from server to server, starting with your computer, and possible your isp... the last hop is the origination. Chances are hes not uber leet, and isnt effectively masking his real IP. You should around the last 3 hops or so see and ISP(ie Cox, Comcast, SBC, Sprint, ect...). You can then contact them with a complaint from the IP address you aquired, and the logs. They should investigate, and even press charges if they feel like it.


    netstat -a

    and

    nbtstat -n

    both in command prompt are a good way to view connections being made to your computer, but require some knowledge about ports and netbios connections.

    goodluck.
  • Nil_IQNil_IQ Join Date: 2003-04-15 Member: 15520Members
    How did you get his IP in the first place, just curious.
  • SuddenFearSuddenFear Join Date: 2003-06-21 Member: 17571Members
    Google up an old version of Kerio Personal Firewall, specifically 2.1.5. Free and very friendly with system resources. Though it might be riddled with security holes for all I know.
  • Seph_KimaraSeph_Kimara Join Date: 2003-08-10 Member: 19359Members
    Sygate personal firewall.
  • NikonNikon Join Date: 2003-09-29 Member: 21313Members, Constellation
    <!--QuoteBegin-Nil IQ+Mar 14 2005, 01:59 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Nil IQ @ Mar 14 2005, 01:59 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->How did you get his IP in the first place, just curious.<!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
    <!--QuoteBegin-Cold Nite+--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Cold Nite)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->But he wasn't tired yet, so we went a few more rounds. I had his IP for a minute there because it seems he opened a spot in Windows Firewall for himself. I don't seem to have it anymore I may have deleted the damn things before copying down the IP (stupid mistake).<!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->


    logs ftw! but your not supposed to delete them!
  • CForresterCForrester P0rk(h0p Join Date: 2002-10-05 Member: 1439Members, Constellation
    Find and download ZoneAlarm 4.5. Best free firewall ever. Using Windows ICF is like trying to block a train with a cow.
  • triggahappytriggahappy Join Date: 2005-01-24 Member: 37985Members
    If you have a router, just go type in 192.168.0.1 in your browser address and see if you can block that ip address
  • IsamilIsamil Join Date: 2003-11-25 Member: 23552Members, Constellation
    I hate Zonealarm, it really sucks. <a href='http://smb.sygate.com/products/spf_standard.htm' target='_blank'>Sygate</a> ftw
  • CForresterCForrester P0rk(h0p Join Date: 2002-10-05 Member: 1439Members, Constellation
    <!--QuoteBegin-Isamil+Mar 14 2005, 06:03 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Isamil @ Mar 14 2005, 06:03 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> I hate Zonealarm, it really sucks. <a href='http://smb.sygate.com/products/spf_standard.htm' target='_blank'>Sygate</a> ftw <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd-->
    What sucks about it?
  • Cold_NiTeCold_NiTe Join Date: 2003-09-15 Member: 20875Members
    edited March 2005
    I had a long post. It got deleted. I'll reply as best I can.

    I am gonna go get a better firewall. Sygate sounds good, I guess, if ZoneAlarm sucks.

    I am gonna run that trace that Nikon suggested, thanks a mil man.

    I got the IP because while checking my firewall settings I noticed that for some reason a port had been opened for "Remote Assistance" to a specific IP. Then upon checking the logs I saw the same IP. I deleted the setting to allow remote assistance and I can't find it in the logs now. I owned myself.

    As for using a proxy, heh I was actually thinking about that or doing a DHCP release on my router and buying mah self ah new IP address.
    --------------------

    Anyway he seems to have calmed down now. It's a good that his timing is so great, since my brother just came over and we were actually planning on wiping my comp and doing a reinstall.

    I really wish I could give this dumbshit a run for his money by tracing him then presenting proof to his ISP of his actions and perhaps having him suspended for a bit. Everyone needs a vacation.
  • IsamilIsamil Join Date: 2003-11-25 Member: 23552Members, Constellation
    <!--QuoteBegin-CForrester+Mar 14 2005, 06:17 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (CForrester @ Mar 14 2005, 06:17 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> <!--QuoteBegin-Isamil+Mar 14 2005, 06:03 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Isamil @ Mar 14 2005, 06:03 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> I hate Zonealarm, it really sucks.  <a href='http://smb.sygate.com/products/spf_standard.htm' target='_blank'>Sygate</a> ftw <!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
    What sucks about it? <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd-->
    The interface sucks for one
    It would say No Internet For You, restart comp every time I had to shutdown without doing normal shutdown proceedure.
  • CForresterCForrester P0rk(h0p Join Date: 2002-10-05 Member: 1439Members, Constellation
    <!--QuoteBegin-Isamil+Mar 14 2005, 07:18 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Isamil @ Mar 14 2005, 07:18 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> <!--QuoteBegin-CForrester+Mar 14 2005, 06:17 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (CForrester @ Mar 14 2005, 06:17 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> <!--QuoteBegin-Isamil+Mar 14 2005, 06:03 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Isamil @ Mar 14 2005, 06:03 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> I hate Zonealarm, it really sucks.  <a href='http://smb.sygate.com/products/spf_standard.htm' target='_blank'>Sygate</a> ftw <!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
    What sucks about it? <!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
    The interface sucks for one
    It would say No Internet For You, restart comp every time I had to shutdown without doing normal shutdown proceedure. <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd-->
    Strange... What version was that?

    The interface is really a subjective thing. I think it's nice. It's simple, clean and has everything where it should be.
  • IsamilIsamil Join Date: 2003-11-25 Member: 23552Members, Constellation
    I don't know, I stopped using it and starting using the much better and cleaner Sygate/
  • Cold_NiTeCold_NiTe Join Date: 2003-09-15 Member: 20875Members
    I think I need a third opinion before I get a new firewall. Is there anyone who has tried both and knows the pros and cons? That may serve to be more informative then a random error report.
  • DragonMechDragonMech Join Date: 2003-09-19 Member: 21023Members, Constellation, Reinforced - Shadow
    ZoneAlarm doesn't work too well with some bittorrent clients (such as my favorite, Azureus). At the reccomendation of the Azureus website I switched to SPF and haven't had any problems.
  • Cold_NiTeCold_NiTe Join Date: 2003-09-15 Member: 20875Members
    <!--QuoteBegin-DragonMech+Mar 14 2005, 09:21 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (DragonMech @ Mar 14 2005, 09:21 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> ZoneAlarm doesn't work too well with some bittorrent clients (such as my favorite, Azureus). At the reccomendation of the Azureus website I switched to SPF and haven't had any problems. <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd-->
    As I use Azureus rather heavily, I will take this into consideration.
  • FaustFaust Join Date: 2004-11-18 Member: 32852Members, Constellation, Reinforced - Shadow
    Nikon gave you some great help there. I would also recommend using grc's shield's up test.

    <a href='https://www.grc.com/x/ne.dll?bh0bkyd2' target='_blank'>Shields Up!!!</a>

    This will test how secure your connection is, as well as you will find a link in there where you can enter pretty much any port from 0 - 1024(I belive this is the full range), and there will be detailed info on that port, how it was/is used, and at times, how to stealth it properly (essentially port 113).

    Do you have a hardware firewall/router? If you do, just look for the section in your router where you can create general firewall rules. If you have a D-Link, it should have a general firewall rule section, some other brands dont. There you can deny that ip from accessing your LAN.

    I looked through Windows xp sp2 ICF, and I couldn't find any options for denying ips.... if you dont have a hardware firewall, I guess you should try that sygate software firewall, i'm sure you'll have the options in there to deny specific ips from accessing your computer. I know Tiny's Personal Firewall could. Only problem is, if your attacker decides to release/renew himself an ip, then you could be encountering some more troubles.

    Just tracert his ip if you see it again (use netstat like nikon showed you, and you might be able to find his ip there if he is still messing about with your system), and check out the domains you hit just before the route completes, and get in touch with his/her isp, and lay a complaint.


    Heh, I was browsing through my router's web interface, and I decided to check my log file. On March. 6th, apparently 3 different people attempted to POD me, a total of at least 20 times, and each and every attack, my router dropped the packets. I'm glad I got an SPI firewall <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html/emoticons/smile-fix.gif' border='0' style='vertical-align:middle' alt='smile-fix.gif' /><!--endemo-->
  • Cold_NiTeCold_NiTe Join Date: 2003-09-15 Member: 20875Members
    <!--QuoteBegin-Faust+Mar 14 2005, 09:49 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Faust @ Mar 14 2005, 09:49 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> Nikon gave you some great help there. I would also recommend using grc's shield's up test.

    <a href='https://www.grc.com/x/ne.dll?bh0bkyd2' target='_blank'>Shields Up!!!</a>

    This will test how secure your connection is, as well as you will find a link in there where you can enter pretty much any port from 0 - 1024(I belive this is the full range), and there will be detailed info on that port, how it was/is used, and at times, how to stealth it properly (essentially port 113).

    Do you have a hardware firewall/router? If you do, just look for the section in your router where you can create general firewall rules. If you have a D-Link, it should have a general firewall rule section, some other brands dont. There you can deny that ip from accessing your LAN.

    I looked through Windows xp sp2 ICF, and I couldn't find any options for denying ips.... if you dont have a hardware firewall, I guess you should try that sygate software firewall, i'm sure you'll have the options in there to deny specific ips from accessing your computer. I know Tiny's Personal Firewall could. Only problem is, if your attacker decides to release/renew himself an ip, then you could be encountering some more troubles.

    Just tracert his ip if you see it again (use netstat like nikon showed you, and you might be able to find his ip there if he is still messing about with your system), and check out the domains you hit just before the route completes, and get in touch with his/her isp, and lay a complaint.


    Heh, I was browsing through my router's web interface, and I decided to check my log file. On March. 6th, apparently 3 different people attempted to POD me, a total of at least 20 times, and each and every attack, my router dropped the packets. I'm glad I got an SPI firewall <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html/emoticons/smile-fix.gif' border='0' style='vertical-align:middle' alt='smile-fix.gif' /><!--endemo--> <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd-->
    <3
  • DrfuzzyDrfuzzy FEW... MORE.... INCHES... Join Date: 2003-09-21 Member: 21094Members
    I say return fire with ping flooding and try to find his email and sign it up for tons of porn spam mail <!--emo&:D--><img src='http://www.unknownworlds.com/forums/html/emoticons/biggrin-fix.gif' border='0' style='vertical-align:middle' alt='biggrin-fix.gif' /><!--endemo-->
  • SoulSkorpionSoulSkorpion Join Date: 2002-04-12 Member: 423Members
    Set up an actual firewall box. You can get a dirt-cheap PC quite easily - it doesn't have to be fast at all, and there are plenty sub 1Ghz machines floating around cheap. The idea is to connect the modem to the firewall\gateway box with it running a proper firewall OS (we use <a href='http://www.smoothwall.org/' target='_blank'>Smoothwall</a>. Highly recommended), and connect that machine in turn to the rest of your network. Installing Smoothwall is incredibly easy (just put the CD in and follow the prompts. Make sure you set the admin\setup\root passwords, though, or you won't be able to change the settings!). Configuring the network can be a little fiddly depending on your modem, how many machines you're setting up, what networking harware you have, etc. It's good clean geeky fun, though <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html/emoticons/smile-fix.gif' border='0' style='vertical-align:middle' alt='smile-fix.gif' /><!--endemo--> (I very recently re-set up our home network after our ADSL modem got broked by a power surge).
  • TheDestroyerTheDestroyer Tooobah Join Date: 2003-07-12 Member: 18123Members, Constellation
    Yea, I do what SoulScorp said. I have one that I use. Of course, it is also a linux machine, and I actually dont care about anything on my computer.

    But dude, thats the sux00r. Too bad you couldn't catch him or get his IP. Nothing like a mass, organized IP pinging. <!--emo&:p--><img src='http://www.unknownworlds.com/forums/html/emoticons/tounge.gif' border='0' style='vertical-align:middle' alt='tounge.gif' /><!--endemo-->
Sign In or Register to comment.