Spanky Posted October 21, 2009 Share Posted October 21, 2009 I've got this guy trying a port scan on my network. My router is catching it, so it's not like he's getting in, but it sure is annoying to get security violation e-mails every few minutes. I've back-traced him to an ISP in Algeria, and sent e-mail to his ISP and to him personally asking him to stop, but the attack continues. I forced my router to renegotiate a different IP address, and tried to block his IP address, but I'm still getting 'SYN with Data' security notices. His ISP said they would look into it, but it would take a few days, which seems like plenty of time for him to finish a complete scan. Can you suggest any other steps I could/should take to thwart this jerk? Quote Link to comment Share on other sites More sharing options...
wh1t3 and n3rdy Posted October 21, 2009 Share Posted October 21, 2009 I just yesterday got a guy in japan nailed for trying to Ddos me. (emailed his ISP with logs and screencaps. They shitcanned his access). Personally i would keep amassing logs to use as evidence against him. You could always post his IP address on a hacking forum. Quote Link to comment Share on other sites More sharing options...
digip Posted October 21, 2009 Share Posted October 21, 2009 I forced my router to renegotiate a different IP address If your home IP has changed and you still see traffic from the same foreign IP address trying to get in, makes me think they are already on the inside of your network somehow, and calling home while trying to scan the rest of your network. Make sure your router itself hasn't been hacked. Quote Link to comment Share on other sites More sharing options...
barry99705 Posted October 21, 2009 Share Posted October 21, 2009 I get crap like that all the time. I just have my firewall drop everything from those ip addresses after 3 bad snort hits. Quote Link to comment Share on other sites More sharing options...
Netshroud Posted October 22, 2009 Share Posted October 22, 2009 What firewall is that? Quote Link to comment Share on other sites More sharing options...
barry99705 Posted October 22, 2009 Share Posted October 22, 2009 What firewall is that? Smoothwall with a few addons. Here's the firewall graph for the last week. Quote Link to comment Share on other sites More sharing options...
ameshockey Posted November 20, 2009 Share Posted November 20, 2009 Smoothwall with a few addons. Here's the firewall graph for the last week. can you please tell me what addons, i am about to start using smoothwall. Quote Link to comment Share on other sites More sharing options...
psydT0ne Posted November 20, 2009 Share Posted November 20, 2009 Maybe he has some pox on his pc that is allowing someone else to run a portscans.... I'd let the ISP look into it further, first. Just keep logs of everything that occurs for now...and of course take whatever precautions u need to, backing up data, adding a firewall etc etc. OR... Maybe route the traffic from this guy to a nice honeypot? Quote Link to comment Share on other sites More sharing options...
dr0p Posted November 20, 2009 Share Posted November 20, 2009 More than likely just part of an automated scan, nothing to worry about. Quote Link to comment Share on other sites More sharing options...
Darkmist! Posted November 22, 2009 Share Posted November 22, 2009 well you can make your own TCP/IP stack and just open up up listening connections that are reporting that they have room for a connection but not the memory. this will force the connection to stay open and not be dropped by the attacker. this way you can DOS a connection with 1 laptop. my explanation is a bit fuzzy. they went into great detail on it on security now under the sockstress podcast. im at work so i cant go into much detail. but look into that Quote Link to comment Share on other sites More sharing options...
vanquish.security Posted November 29, 2009 Share Posted November 29, 2009 I've got this guy trying a port scan on my network. My router is catching it, so it's not like he's getting in, but it sure is annoying to get security violation e-mails every few minutes. I've back-traced him to an ISP in Algeria, and sent e-mail to his ISP and to him personally asking him to stop, but the attack continues. I forced my router to renegotiate a different IP address, and tried to block his IP address, but I'm still getting 'SYN with Data' security notices. His ISP said they would look into it, but it would take a few days, which seems like plenty of time for him to finish a complete scan. Can you suggest any other steps I could/should take to thwart this jerk? If your on a more advanced level, try iptables on Linux. You will need knowledge of Linux and configuring the rules for IPtables. You will have more flexibly to block attacker IP address's, and the sky's the limit with what you can do. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.