Who is this guy?

[Bozo Galora]

Recently installed Black Ice. Highly recommeded, much better info than Zone Alarm. Set security at highest: "Paranoid". Recently got three very serious port probes from d83b5f53.dsl.flashcom.net
I don't understand this callout.
Went to www.gogettem.com, cant seem to find a way to trace this guy.
Please tell me what to type in and WHERE to go to trace this thing - so I may do it for myself in future. The associated DNS given by BI is Flashcom in Hermosa Beach.(216.59.95.83)

In other words, I know the server the probe came from, can I find out which flashcom customer did it?

 

[Russ]

<< can I find out which flashcom customer did it? >>



Unless he does something illegal, no, you can't. Port probing is not illegal; I do it all the time for my clients, and this sometimes involves sweeping ranges of IP addresses.

Russ, NCNE

 

[BCYL]

The best you can do is just which specific Flashcom server it came from. Because Flashcom have to protect their clients, they won't easily give out their clients' information, unless he/she did something which broke the law.

Here's some sites for you:
http://www.arin.net/
http://spamcop.net/hosttracker.shtml

 

[Bozo Galora]

Thanx for replies

 

[warcleric]

Besides Black Ice will erroneously report many normal activities as a &quot;port probe&quot; or &quot;port scan&quot;. So I wouldnt worry about it oo much until you see your RX light go solid red and the modem start bellowing smoke out of it. 🙂

 

[SufferinSuccotash]

I agree. When I first started logging traffic on my Linux box, it looked like everyone and their brother was trying to connect to my machine to A) use it as a DNS server, B) use it as an FTP server, or C) send out NetBEUI packets. It turns out that it is just &quot;normal&quot; traffic. Notethat I use the term normal loosely: I found out one time that my log file grew to be about 200MB because some knucklehead got the bright idea to plug his cable modem right into his hub. I was picking up all of his broadcast traffic.

 

[Bozo Galora]

Actually the icon in the tray did go bananas: said an attempt to put trojan worm virus.
This was three times over three days, same guy.

 

[Staver]

Well, Port scanning may not be illegal yet. ISPs will yank your account if they catch you. I've helped send many a hacker back to dial-up since they like to do SubSeven trojan TCP port 27374 probes on my pc from their new cable modem.

 

[Bozo Galora]

Staver:

<<I've helped to send many a hacker back to dial up&quot;>>

How did you go about finding out which hacker?
Does the ISP have a record of who went where like the phone co?
Can you ask who tried to access my DNS?
Guy hit me six times today (Sub Seven). WTF
Sure seems to be directed my way.

 

[Poontos]

Contact Flashcom.net.

Probably, abuse@flashcom.net

Tell them:

-The times of the attacks, and the amount
-What IP number are the attacks coming from

 

[Staver]

It's easy. You'll need a nice report indicating what happened backed up by log entries for BlackIce it should look like this:

#File format help at: http://www.networkice.com/Advice/Support/KB/q000018/
#Severity, timestamp (GMT), issueId, issueName, intruderIp, intruderName, victimIp, victimName, parameters, count
59, 2000-07-24 12:34:26, 2003103, NetBus port probe, 216.59.62.4, , 24.3.230.25, , port=12345&amp;name=NetBus, 1, B

you can get the person to report it to by entering the ip number here:
http://spamcop.net/hosttracker.shtml

It just so happened I had to report a dsl member at abuse@flashnet.com myself earlier, and yes everthing that flows through an isp networks can be logged and reviewed. I'd try to report it as promply as possible, within 3 days at most.

 

[Bozo Galora]

Thanx again.