Jump to content

Stopping an attacker?


Spanky

Recommended Posts

I've got this guy trying a port scan on my network. My router is catching it, so it's not like he's getting in, but it sure is annoying to get security violation e-mails every few minutes. I've back-traced him to an ISP in Algeria, and sent e-mail to his ISP and to him personally asking him to stop, but the attack continues. I forced my router to renegotiate a different IP address, and tried to block his IP address, but I'm still getting 'SYN with Data' security notices.

His ISP said they would look into it, but it would take a few days, which seems like plenty of time for him to finish a complete scan.

Can you suggest any other steps I could/should take to thwart this jerk?

Link to comment
Share on other sites

I forced my router to renegotiate a different IP address

If your home IP has changed and you still see traffic from the same foreign IP address trying to get in, makes me think they are already on the inside of your network somehow, and calling home while trying to scan the rest of your network. Make sure your router itself hasn't been hacked.

Link to comment
Share on other sites

  • 4 weeks later...

Maybe he has some pox on his pc that is allowing someone else to run a portscans....

I'd let the ISP look into it further, first.

Just keep logs of everything that occurs for now...and of course take whatever precautions u need to, backing up data, adding a firewall etc etc.

OR...

Maybe route the traffic from this guy to a nice honeypot?

Link to comment
Share on other sites

well you can make your own TCP/IP stack and just open up up listening connections that are reporting that they have room for a connection but not the memory. this will force the connection to stay open and not be dropped by the attacker. this way you can DOS a connection with 1 laptop.

my explanation is a bit fuzzy. they went into great detail on it on security now under the sockstress podcast.

im at work so i cant go into much detail. but look into that

Link to comment
Share on other sites

I've got this guy trying a port scan on my network. My router is catching it, so it's not like he's getting in, but it sure is annoying to get security violation e-mails every few minutes. I've back-traced him to an ISP in Algeria, and sent e-mail to his ISP and to him personally asking him to stop, but the attack continues. I forced my router to renegotiate a different IP address, and tried to block his IP address, but I'm still getting 'SYN with Data' security notices.

His ISP said they would look into it, but it would take a few days, which seems like plenty of time for him to finish a complete scan.

Can you suggest any other steps I could/should take to thwart this jerk?

If your on a more advanced level, try iptables on Linux. You will need knowledge of Linux and configuring the rules for IPtables. You will have more flexibly to block attacker IP address's, and the sky's the limit with what you can do.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...