I found this IP seeming to be sending me Nimda viruses, what can i do?

[Byte]

I found an IP after installing Zone alarm and think it might be sending me nimdas. Whenever i turn on DMZ for my router, i would get viruses. What can i do to verify this?

 

[Santa]

Contact your administrator/ISP/whoever is in charge.. give them the IP address and tell them that you belieave they are infected with the Nimda virus.

Cross your fingers and hope they take it serious enough to act.

 

[n0cmonkey]

And if they do act let us know. Id love to know of a security conscous isp...

Thats really about all you can do legally.

 

[Abzstrak]

I'd trace the IP down and ...well... make them look at there machine, maybe they'll see the virus then.

depends on what kinda connection your on, but you might be able to get the persons name/phone number if your lucky.

<<deleted some stuff>>

 

[n0cmonkey]

 

[Abzstrak]

<< This is what I meant about contacting the authorities is the only legal thing you can do >>



yea I know, I'm not telling too much though... but U know as well as I do that its the fastest way to get a resolution...sometimes the only way.

EVERYONE, THIS DOES NOT MEAN I CONDONE IT



hey n0c, I deleted some stuff out of my post, please take it out of your quote..... on second thought I decided its probably not appropriate... thanx man

 

[Mday]

Byte, the same thing happened to me a few months ago.

 

[Byte]

what did you do mday?

 

[n0cmonkey]

<<

<< This is what I meant about contacting the authorities is the only legal thing you can do >>

yea I know, I'm not telling too much though... but U know as well as I do that its the fastest way to get a resolution...sometimes the only way.EVERYONE, THIS DOES NOT MEAN I CONDONE IT >>



I understand, and if I trusted everyone that visited these forums (dont necessarily mean you) I would have posted some more information on how to deal with it personally. The best course of action is to contact the isp first, and if nothing comes of that dealing with it on your own. But you need to know the consequences of dealing with it yourself. It may not be pretty.

Byte, it sounds like you need to work on the security of your own system and worry less about the security of others. If you are getting viruses you are doing something wrong. Make sure all of your patches are up to date and you have file and printer sharing turned off.

 

[FUBAR]

Also be prepared for all possible actions when you do go to their ISP... due to the nature of nimda it may also be your ISP. I got probed with something liek 2000 hits from 2 boxes in a day over x-mas, maybe divide that by about 10, since nimda attacks multiple (16) times and my syslog gave me a lot of "message repeated"'s

ANYWAY... since they are on my cable provider, I'd rather not alert them to my web server since the TOS and AUP says not to do it... although I haven't heard of them doing anything bout people, but best to let sleeping dogs lie... eventually those 2 people died or rebooted or rebuilt or something.

 

[Jonathan93]

I agree that you have a problem if you are getting viruses when using the DMZ. Make sure File and Print Sharing are turned off (Or at least you have a password on all your shares) and patch your PC. If you don't want them to be able to talk to your computer period, try blackholing their IP address... It is VERY simple to do. Just create a static route for them on either your computer or on the Cable DSL router, to an IP address that no computer occupies on a local subnet (For instance, put a route for his IP address to 192.168.10.254, when no computer is on 254 so the connection times out). If they are using TCP to establish a connection, you won't have any more problems with them :-D, and UDP will only work one way. (You will get stuff from him, but it won't go back to him)