How to get back at a hacker????

[ibex333]

There is a certain hacker that's constantly trying to break into my system. If it was once or twice, I wouldnt mind. I'm being hacked every day by hundreds. Little do they know that I'm very well protected behind a physical and numerous software firewalls. But this particular guy is getting really annoying he just doesnt quit. Now.. I dontwant to hack him back mind you, since that's illegal activity. But I want to report him to his ISP so he gets his account closed.
Provided i know his IP, how do I find out what ISP he's using, and how to I properly report him??? This crap has got to stop. I did nothing to this guy, and he's just being hostile.
Please be thorough in yor reply, since I'm clueless on how ppl hack other ppl.

 

[HalfCrazy]

Use the link below and type in her/his IP address. It will tell you which ISP it goes to, then just contact the ISP and talk to them. All though you will need to supply the IP and all logs you got about the hacker in question.

If there is enough proof, the her/his ISP will take the action they feel is right.

http://www.arin.net/whois/

 

[ibex333]

hmmm.. this is not helping... it doesnt even show his provider.. says it's in australia... any other ways?? Mabe there's some legal legit way to do somthing to him so that he stops hacking besides reporting?

 

[spidey07]

All you can do is report it to the ISP.

Its quite normal on the internet actually to be hit with hundreds of attacks from a single IP.

 

[ibex333]

I guess I'll have to just ignore him then... Since it seems that he's not able to penetrate my firewall.

 

[JackMDS]

May be you should describe specifically the phenomenon, and why you think it is Hacking rather than regular Internet Noise.

:sun:

 

[ibex333]

well.. my kaspersky antihacker keeps screaming and giving me his ip address. My Black Ice is telling me that a "serious" attack has been made against my computer. gives same ip.

 

[tweekah]

He's good if he's getting past your physical firewall.

 

[Garion]

A few comments:

There are so many compromised machines out there that it's very possible that someone has built a botnet of thousands of them and has targeted that particular compromised machine at your subnet. Happens all the time, nothing to worry about too much.

The ARIN is just for this part of the world. What you want is the APNIC to lookup IP addresses in Asia/Pacific.

If you're seeing those alerts getting to your local PC you've got much bigger problems. Any network nowadays, especially one on broadband REALLY should be protected by a router. Either you don't have one or yours is so wide open that it's not protecting you at all. This would be the most important thing to fix.

- G

 

[tweekah]

Originally posted by: ibex333
Little do they know that I'm very well protected behind a physical and numerous software firewalls.

And Garion hit's the Nail on the head.

If you're seeing those alerts getting to your local PC you've got much bigger problems. Any network nowadays, especially one on broadband REALLY should be protected by a router. Either you don't have one or yours is so wide open that it's not protecting you at all. This would be the most important thing to fix.

 

[MicroChrome]

It's also possible that you have spyware installed and it's trying to communicate back to its host and may have gotten out a few time the host is trying to communicate back to it...

Get peer guardian. That will usually show you what is going on ...

G' luck!

 

[Atheus]

It's probably not a hacker, it's probably a worm trying to spread to your machine from some other PC.

Little do they know that I'm very well protected behind a physical and numerous software firewalls.

If you have a hardware firewall you shouldn't be getting alerts for ingress traffic on the PC. And there is no point in having numerous software firewalls.

 

[JackMDS]

Download MS-AntiSpyware install and run.

If it is local it probably will find the culprit.

http://www.microsoft.com/athome/security/spyware/software/default.mspx

:sun:

 

[ibex333]

I dont have any spyware... I used the guide here on anandtech to scan my PC for spyware. I do have a physical firewall I think.. Because I have a DFI Lanparty mobo, and I read on the interned that it has some kind of build in firewall. I never said the hacker was sucessful at his attempt. The firewall stated that the attack was successfully repelled. Kaspersky says that my computer has been attacked by a "Helkern" or something like that. and gives the guy's IP. I'm sorry if anything that I say sounds simply "stupid", but I dont know much about these things, so please keep that in mind.

 

[JackMDS]

By Hardware Firewall, people mean a NAT Firewall of a Cable/DSL Router.

The NVIDIA Firewall is Not a real "Hardware Firewall" and it is a Bad Firewall to begin with.

I recommend to all users of Broadband connection to use a Cable/DSL Router even if they have only one computer. Taking into consideration those Routers can be found on sales for less then $15 there is No reason Not to.

Link to: Basic Protection for Broadband Internet Installation.

:sun:

 

[spidey07]

Well if you've followed that guide and scanned for everything else...

AND you have a hardware router.

Something fishy is going on.

1st question - what exactly are the log messages and what ports are they trying?
2nd question - describe exactly what you have in place on your home network.

 

[ibex333]

Originally posted by: spidey07
Well if you've followed that guide and scanned for everything else...

AND you have a hardware router.

Something fishy is going on.

1st question - what exactly are the log messages and what ports are they trying?
2nd question - describe exactly what you have in place on your home network.

No I dont have a router. I will get one soon. I thought that my Nvidia firewall built into my mobo is good, but apparently it's not according to some people here.
I have only 1 PC. I'm using an old Westell Wirespeed DSL modem from Verizon. (by choice)

Kaspersky Anti-Virus says this: "Attention! Yor computer has been attacked from the internet. Network attack "Helkern" from adress 218.248.255.131 has been successfully repelled."
BlackIce, seems to block about 80% of all attacks, but those that seem to be successful were targeting my Net BIOS. I dont know what that is. Also does anyone know what is "Helkern" ????
Oh and one more thing. In the antispyware sticky, here on Anandtech, there is a link to sites that scan your PC for vulnerability. The results from these sites basically said that my PC is short of an Impenetrable Fortress... Off course that can all be just a bunch of BS.

Oh, and thanx for the link" JackMDS." I'll be sure to visit it.

 

[nweaver]

Originally posted by: JackMDS
By Hardware Firewall, people mean a NAT Firewall of a Cable/DSL Router.

The NVIDIA Firewall is Not a real "Hardware Firewall" and it is a Bad Firewall to begin with.

I recommend to all users of Broadband connection to use a Cable/DSL Router even if they have only one computer. Taking into consideration those Routers can be found on sales for less then $15 there is No reason Not to.

Link to: Basic Protection for Broadband Internet Installation.

:sun:

I would like to point out that most SOHO routers are only doing NAT firewall. While that is nice, it's not what I would consider to be a TRUE hardware firewall. I don't use my router, except as an AP and switch. I use a SW firewall on a dedicated machine (iptables, fairly complex script, inbound and outbound filtered). Please don't think that a $20 SOHO router is a complex, "hardware" firewall, this is a "nat" firewall, which is much better then sitting wide open, but not as good as some would think. (fyi, this is not directed to you Jack, I know you know better )

 

[blemoine]

Little do they know that I'm very well protected behind a physical and numerous software firewalls

Really??? Some companies spend millions a year and still get "hacked." If they haven't gotten to you yet then its NOT a hacker. Relax you probably have spyware or a virus. Either way this is starting to smell like "Blizzardwolf's OEM Ram Thread" Good Luck

 

[ibex333]

Jeez why are so many people getting their panties in a twist over this quote below??

"Little do they know that I'm very well protected behind a physical and numerous software firewalls"

I already appologized for that, and I asked to excuse my ignorance and I admitted to asking "stupid questions" because I barely know anything about hacking and firewalls. It is for this reason that I made this thread in the 1st place. I was CURIOUS about the nuts and bolts of this whole hacking event, and I was wondering if I could find the trickster and get back at him.
I do understand now that what I said was simply DUMB and I take my words back. What I need is straightforward help. Not sarcasm, or comparisons to other people's trhreads that annoyed you in one way or another.

PS: And for the 10th time. I dont have a virus or spyware, because I DLed all the free software listed in the Antispyware thread on this forum, and according to that software, and my Kaspersky Antivirus, which I heared is reliable, I have NO SPYWARE and NO VIRUSES.

PPS:I am very greatful to those of you who actually tried to help, I will follow your advice, and I will buy the router.
If there is anything that I learned from all this, it's that there is no reason for me to pay any attention to those who try to hack me, unless they actually CLEARLY succeeded, and there is something CLEARLY wrong with my PC.

 

[nweaver]

just as an fyi, I drop between 600-1500 packets a day on my firewall, so a few events isn't a big deal.

 

[blemoine]

IBex333: sorry for being rude. i wasn't trying to be mean. sorry to compare this to "blizzardwolf's OEM Ram thread" if you want to laugh please go read it. you will be laughing for days i promise. anyway hope you fix your problem.

 

[ibex333]

No problem man. I'm not making a big deal out of this. I'll go ahead and read the post. Thanx.


My appologies to mod if I'm ressurecting a dead thread. You can close it if you wish.

 

[Garion]

FYI, "Helkern" is another name for the SQL Slammer worm which is still very common on the Internet. I assume it's hitting port 1934.

Slammer is an extremely aggressive and VERY fast to try to replicate itself. A single machine can slam out millions of network connections to try to replicate itself each hour. It's absolutely nothing to worry about, assuming your computer is well patched and up-to-date.

Nweaver, you have a good point that a NAT firewall doesn't protect as well as a classic stateful firewall but it's a lot better than nothing and provides an extremely useful first line of defense. It filters out most of the inbound attacks which can be the most dangerous as they can infect a PC without any action from the user.

- G

 

[spidey07]

Originally posted by: Garion
FYI, "Helkern" is another name for the SQL Slammer worm which is still very common on the Internet. I assume it's hitting port 1934.

Slammer is an extremely aggressive and VERY fast to try to replicate itself. A single machine can slam out millions of network connections to try to replicate itself each hour. It's absolutely nothing to worry about, assuming your computer is well patched and up-to-date.

Nweaver, you have a good point that a NAT firewall doesn't protect as well as a classic stateful firewall but it's a lot better than nothing and provides an extremely useful first line of defense. It filters out most of the inbound attacks which can be the most dangerous as they can infect a PC without any action from the user.

- G

Good point, and one I've been preaching as well. It prevents ANY inbound conversations which is a good thing given how much random worm and scanning activity that occurs on any internet IP or net-block (a collection of IP networks owned by a single entity)