• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Have Attacker's IP address.

S

SpanishFry

Platinum Member
OK. I found that every PC on our network was infected with the SDBot worm last week. I got around to seeking out the offender a few days ago and tracked him down. He is out of Korea. The firewall now eliminates the threat of the worm, but I'm wondering what to do now that I have his IP and the open port he was using for the info from our machines. Any suggestions? Thanks.
 
Tell the FBI that he spamed your netowrk with kiddie porn or something like that.....


or say he is a "korean alquadaistists".....
 
Block the entire subnet that he came from. Dont DDoS him, that's not a very intelligent thing to do and can bring down the wrath of YOUR ISP and law enforcement upon you.

98% of the time, looking up and contacting an abuse@ contact for asian networks is futile. They simply dont care, if they check that email account at all. Sure, you could report him to the FBI, but it probably wont accomplish anything.

I just outright block a lot of networks in the asian region, mostly from China and Korea, at my border routers before it even gets close to my firewalls. I'd say at least 50% of the worm traffic hitting my network comes from networks in that area. Fortunately we dont do business in Asia, so I have the luxury of doing that.
 
Originally posted by: Boscoh
Block the entire subnet that he came from. Dont DDoS him, that's not a very intelligent thing to do and can bring down the wrath of YOUR ISP and law enforcement upon you.

98% of the time, looking up and contacting an abuse@ contact for asian networks is futile. They simply dont care, if they check that email account at all. Sure, you could report him to the FBI, but it probably wont accomplish anything.

I just outright block a lot of networks in the asian region, mostly from China and Korea, at my border routers before it even gets close to my firewalls. I'd say at least 50% of the worm traffic hitting my network comes from networks in that area. Fortunately we dont do business in Asia, so I have the luxury of doing that.
Click to expand...

interesting....
 
abuse@the offending domain is the normal course.

but as said...its futile.

the internet is a threat, treat it as such.
 
easy enough, command prompt, netstat -an
do that with all the programs and browsers closed, and you will get the IP of any other program connecting out pretty easily.
 
For all you know the guy's computer has been zombied. I would prolly nmap him.If he is open on anything vunerable bring him down.If you dont won't to venture into quasi-legal land ,then do as suggested and block the subnet.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top