Have Attacker's IP address.

Toggle sidebar Toggle sidebar
S

SpanishFry

Platinum Member
Nov 3, 2001
2,965
0
0
OK. I found that every PC on our network was infected with the SDBot worm last week. I got around to seeking out the offender a few days ago and tracked him down. He is out of Korea. The firewall now eliminates the threat of the worm, but I'm wondering what to do now that I have his IP and the open port he was using for the info from our machines. Any suggestions? Thanks.
 
G

Goosemaster

Lifer
Apr 10, 2001
48,775
3
81
Tell the FBI that he spamed your netowrk with kiddie porn or something like that.....


or say he is a "korean alquadaistists".....
 
B

Boscoh

Senior member
Jan 23, 2002
501
0
0
Block the entire subnet that he came from. Dont DDoS him, that's not a very intelligent thing to do and can bring down the wrath of YOUR ISP and law enforcement upon you.

98% of the time, looking up and contacting an abuse@ contact for asian networks is futile. They simply dont care, if they check that email account at all. Sure, you could report him to the FBI, but it probably wont accomplish anything.

I just outright block a lot of networks in the asian region, mostly from China and Korea, at my border routers before it even gets close to my firewalls. I'd say at least 50% of the worm traffic hitting my network comes from networks in that area. Fortunately we dont do business in Asia, so I have the luxury of doing that.
 
G

Goosemaster

Lifer
Apr 10, 2001
48,775
3
81
Originally posted by: Boscoh
Block the entire subnet that he came from. Dont DDoS him, that's not a very intelligent thing to do and can bring down the wrath of YOUR ISP and law enforcement upon you.

98% of the time, looking up and contacting an abuse@ contact for asian networks is futile. They simply dont care, if they check that email account at all. Sure, you could report him to the FBI, but it probably wont accomplish anything.

I just outright block a lot of networks in the asian region, mostly from China and Korea, at my border routers before it even gets close to my firewalls. I'd say at least 50% of the worm traffic hitting my network comes from networks in that area. Fortunately we dont do business in Asia, so I have the luxury of doing that.
Click to expand...

interesting....
 
S

spidey07

No Lifer
Aug 4, 2000
65,469
5
76
abuse@the offending domain is the normal course.

but as said...its futile.

the internet is a threat, treat it as such.
 
skyking

skyking

Lifer
Nov 21, 2001
22,775
5,937
146
easy enough, command prompt, netstat -an
do that with all the programs and browsers closed, and you will get the IP of any other program connecting out pretty easily.
 
E

eigen

Diamond Member
Nov 19, 2003
4,000
1
0
For all you know the guy's computer has been zombied. I would prolly nmap him.If he is open on anything vunerable bring him down.If you dont won't to venture into quasi-legal land ,then do as suggested and block the subnet.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom