[Date Prev][Date
Next][Thread Prev][Thread Next][Date
Index][Thread Index]
RE: OT: IP Address & Frewall
- To: <ukha_d@xxxxxxx>
- Subject: RE: OT: IP Address & Frewall
- From: "Mark Hetherington" <mark.egroups@xxxxxxx>
- Date: Sat, 8 Dec 2001 00:52:14 -0000
- Delivered-to: mailing list ukha_d@xxxxxxx
- Mailing-list: list ukha_d@xxxxxxx; contact
ukha_d-owner@xxxxxxx
- Reply-to: ukha_d@xxxxxxx
> I would like to find out who it is but I don’t know how
> I would do this and I would like to learn how to resolve
> this and find this stuff out, plus this clown has now
> tried this two nights on the trot.
Whois is your friend. Although not generally implemented on the Windows OS,
a tool you might find very useful is Sam Spade. It is touted for anti spam
stuff but is very useful for looking up IP addresses.
http://www.samspade.org/ssw/download.html
> Really I just want to learn more about the way the net
> works with IP addresses and suchlike, like I said, I’m curious.
To be honest there is not much to it. Every machine on the net has an IP
address which identifies that single machine. All traffic on the internet
goes from IP A to IP B. Hostnames are just easy to remember names for
humans
and while on the internet are actually all using an IP address.
The form of IP address you are familiar with is called IPv4 and is a dotted
quad, i.e. xxx.xxx.xxx.xxx This is not how they are actually used by
computers but unless you want to create your own network packets, I am
probably taking you into territory that you are not interested in.
Dynamic IP addresses make it difficult to track a particular machine since
some machines might have a different address each time they log on. ISPs
generally log IP assignments in the event of complaints.
If you want to indicate what sort of level you are interested in, I can
probably dig up some appropriate URLs for reading.
> The log I got is this:
> Date: 07/12/2001 Time: 21:21:13
> Rule "Default Block Hack 'A' Tack Trojan horse"
> blocked (213.121.70.35,31789). Details:
> Inbound UDP packet
> Local address,service is (213.121.70.35,31789)
This is you and is a BTInternet address.
> Remote address,service is (213.1.166.88,31790)
This is them and also a BTInternet address which means 2 things.
1) it might not be the same person despite the same IP.
2) it is probably a dynamic address so harder to track to a particular
person.
> Process name is "N/A"
Although both addresses appear to BT, they are registered slightly
differently so may be assigned to particular services. Abuse reports for
both go to abuse@xxxxxxx but they tend to ignore them.
Depending on your settings, it might not have been a trojan attack but a
port scan. These are quite "safe" since it is merely looking for
open ports.
In lower security modes, NIS only seems to spot a port scan when it hits a
high risk portsuch as one commonly used by a trojan.
IME while on BT I am port scanned almost constantly and often by BTInternet
users. On Demon, I am portscanned rarely. It seems BT are targetted by
wannabe hackers.
NIS is great at "stopping" attacks, but you have to learn what is
important.
Something stopped is generally not since you can download a program to port
scan from thousands of websites. It is when you get more targetted attempts
that you need to consider them a serious threat. If NIS knows the ports
usual exploit, the chances are it is a script kiddie with a new toy.
> Any pointers any of you can give would be great.
Hope that helped some. Play around with Sam Spade or take a look on
download.com at the net tools. They have all kinds of shareware utils for
windows for network tasks like DNS and IP lookup.
Mark.
For more information: http://www.automatedhome.co.uk
Post message: ukha_d@xxxxxxx
Subscribe: ukha_d-subscribe@xxxxxxx
Unsubscribe: ukha_d-unsubscribe@xxxxxxx
List owner: ukha_d-owner@xxxxxxx
Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
Home |
Main Index |
Thread Index
|