Getting Nub Hacked.
<div class="IPBDescription">What to do?</div> So I aggravate this person, right...
And well they were out for my blood for a minute there. Found I couldn't connect to the internet for a bit until I went into HijackThis and checked all the registry changes that were made. Found them, deleted them, got back online. Also had to do a bunch of viral scans to be safe.
But he wasn't tired yet, so we went a few more rounds. I had his IP for a minute there because it seems he opened a spot in Windows Firewall for himself. I don't seem to have it anymore I may have deleted the damn things before copying down the IP (stupid mistake).
He may not be tired yet I don't know. But here is the gist of what I am asking;
How can I go into either my router's Hardware firewall or my software firewall (cause I have both) and set his IP to some sort of a ban list? Is there any way to automatically not accept any downloads from him? Or is this just wishful thinking. I'm gonna go do some more google searches, but I'm probably using the wrong search strings or something...
And well they were out for my blood for a minute there. Found I couldn't connect to the internet for a bit until I went into HijackThis and checked all the registry changes that were made. Found them, deleted them, got back online. Also had to do a bunch of viral scans to be safe.
But he wasn't tired yet, so we went a few more rounds. I had his IP for a minute there because it seems he opened a spot in Windows Firewall for himself. I don't seem to have it anymore I may have deleted the damn things before copying down the IP (stupid mistake).
He may not be tired yet I don't know. But here is the gist of what I am asking;
How can I go into either my router's Hardware firewall or my software firewall (cause I have both) and set his IP to some sort of a ban list? Is there any way to automatically not accept any downloads from him? Or is this just wishful thinking. I'm gonna go do some more google searches, but I'm probably using the wrong search strings or something...
Comments
Get a better firewall?
Get Linux
H4x0r him?
lol... That was a joke right? (j/k I am seriously gonna have to in a sec anyway. Gotta go pick up some folks from the airport.
<!--QuoteBegin-Venmoch+Mar 14 2005, 03:42 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Venmoch @ Mar 14 2005, 03:42 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->Get a better firewall?<!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
Does my nub **** need AVG? <_<
<!--QuoteBegin-Venmoch+Mar 14 2005, 03:42 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Venmoch @ Mar 14 2005, 03:42 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->Get Linux<!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
Yeah, because I can handle that satanic beast of an OS when I can barely handle making registry changes in windows.
<!--QuoteBegin-Venmoch+Mar 14 2005, 03:42 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Venmoch @ Mar 14 2005, 03:42 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->H4x0r him?<!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
I wish man. I really really wish.
<!--QuoteBegin-Maus+Mar 14 2005, 03:43 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Maus @ Mar 14 2005, 03:43 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->There's probably some way of reporting him to his ISP, since he's being naughty.<!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
The land of Maus, where logic is king. Thanks, I like the idea. But the problem is how do I find out what his ISP is. Or hell, how do I get his IP because I lost it the first time.
I'm sure your router has an option to block addresses/ports in there somewhere.
If his ip reveals his actual ISP you can email abuse@isp's address and report him since he would be breaching his ISP's TOSC.
Windows Firewall = Free.
Norton = Not so free... unless... no no no we'll stick with Not so free.
AVG = Semi-free?
Besides, my brother has norton and it has a billion some odd conflicts with my P-O-S $10 router. So I don't know if I can survive the same ordeal.
**EDIT**
Aaahh **** time to go to the airport.
See you folks later.
In any case, I've got my ultimate firewall. My cable modem's off button. Which I use obsessively because I'm an idiot.
use a diffrent proxy and he will end up doing whatever he was doing to you to the other ip you will be temporaly using. at best he will be owned by which ever company owns that proxy(ip) if he does anything drastic.
also suggest you try to do what Maus said.
tracert ip.of.smacktard.here
it defaults to 15 hops, this traces the connection from server to server, starting with your computer, and possible your isp... the last hop is the origination. Chances are hes not uber leet, and isnt effectively masking his real IP. You should around the last 3 hops or so see and ISP(ie Cox, Comcast, SBC, Sprint, ect...). You can then contact them with a complaint from the IP address you aquired, and the logs. They should investigate, and even press charges if they feel like it.
netstat -a
and
nbtstat -n
both in command prompt are a good way to view connections being made to your computer, but require some knowledge about ports and netbios connections.
goodluck.
<!--QuoteBegin-Cold Nite+--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Cold Nite)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->But he wasn't tired yet, so we went a few more rounds. I had his IP for a minute there because it seems he opened a spot in Windows Firewall for himself. I don't seem to have it anymore I may have deleted the damn things before copying down the IP (stupid mistake).<!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
logs ftw! but your not supposed to delete them!
What sucks about it?
I am gonna go get a better firewall. Sygate sounds good, I guess, if ZoneAlarm sucks.
I am gonna run that trace that Nikon suggested, thanks a mil man.
I got the IP because while checking my firewall settings I noticed that for some reason a port had been opened for "Remote Assistance" to a specific IP. Then upon checking the logs I saw the same IP. I deleted the setting to allow remote assistance and I can't find it in the logs now. I owned myself.
As for using a proxy, heh I was actually thinking about that or doing a DHCP release on my router and buying mah self ah new IP address.
--------------------
Anyway he seems to have calmed down now. It's a good that his timing is so great, since my brother just came over and we were actually planning on wiping my comp and doing a reinstall.
I really wish I could give this dumbshit a run for his money by tracing him then presenting proof to his ISP of his actions and perhaps having him suspended for a bit. Everyone needs a vacation.
What sucks about it? <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd-->
The interface sucks for one
It would say No Internet For You, restart comp every time I had to shutdown without doing normal shutdown proceedure.
What sucks about it? <!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
The interface sucks for one
It would say No Internet For You, restart comp every time I had to shutdown without doing normal shutdown proceedure. <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd-->
Strange... What version was that?
The interface is really a subjective thing. I think it's nice. It's simple, clean and has everything where it should be.
As I use Azureus rather heavily, I will take this into consideration.
<a href='https://www.grc.com/x/ne.dll?bh0bkyd2' target='_blank'>Shields Up!!!</a>
This will test how secure your connection is, as well as you will find a link in there where you can enter pretty much any port from 0 - 1024(I belive this is the full range), and there will be detailed info on that port, how it was/is used, and at times, how to stealth it properly (essentially port 113).
Do you have a hardware firewall/router? If you do, just look for the section in your router where you can create general firewall rules. If you have a D-Link, it should have a general firewall rule section, some other brands dont. There you can deny that ip from accessing your LAN.
I looked through Windows xp sp2 ICF, and I couldn't find any options for denying ips.... if you dont have a hardware firewall, I guess you should try that sygate software firewall, i'm sure you'll have the options in there to deny specific ips from accessing your computer. I know Tiny's Personal Firewall could. Only problem is, if your attacker decides to release/renew himself an ip, then you could be encountering some more troubles.
Just tracert his ip if you see it again (use netstat like nikon showed you, and you might be able to find his ip there if he is still messing about with your system), and check out the domains you hit just before the route completes, and get in touch with his/her isp, and lay a complaint.
Heh, I was browsing through my router's web interface, and I decided to check my log file. On March. 6th, apparently 3 different people attempted to POD me, a total of at least 20 times, and each and every attack, my router dropped the packets. I'm glad I got an SPI firewall <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html/emoticons/smile-fix.gif' border='0' style='vertical-align:middle' alt='smile-fix.gif' /><!--endemo-->
<a href='https://www.grc.com/x/ne.dll?bh0bkyd2' target='_blank'>Shields Up!!!</a>
This will test how secure your connection is, as well as you will find a link in there where you can enter pretty much any port from 0 - 1024(I belive this is the full range), and there will be detailed info on that port, how it was/is used, and at times, how to stealth it properly (essentially port 113).
Do you have a hardware firewall/router? If you do, just look for the section in your router where you can create general firewall rules. If you have a D-Link, it should have a general firewall rule section, some other brands dont. There you can deny that ip from accessing your LAN.
I looked through Windows xp sp2 ICF, and I couldn't find any options for denying ips.... if you dont have a hardware firewall, I guess you should try that sygate software firewall, i'm sure you'll have the options in there to deny specific ips from accessing your computer. I know Tiny's Personal Firewall could. Only problem is, if your attacker decides to release/renew himself an ip, then you could be encountering some more troubles.
Just tracert his ip if you see it again (use netstat like nikon showed you, and you might be able to find his ip there if he is still messing about with your system), and check out the domains you hit just before the route completes, and get in touch with his/her isp, and lay a complaint.
Heh, I was browsing through my router's web interface, and I decided to check my log file. On March. 6th, apparently 3 different people attempted to POD me, a total of at least 20 times, and each and every attack, my router dropped the packets. I'm glad I got an SPI firewall <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html/emoticons/smile-fix.gif' border='0' style='vertical-align:middle' alt='smile-fix.gif' /><!--endemo--> <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd-->
<3
But dude, thats the sux00r. Too bad you couldn't catch him or get his IP. Nothing like a mass, organized IP pinging. <!--emo&:p--><img src='http://www.unknownworlds.com/forums/html/emoticons/tounge.gif' border='0' style='vertical-align:middle' alt='tounge.gif' /><!--endemo-->