How To Get Ips Of Hackers?

UnknownUnknown Join Date: 2002-06-12 Member: 759Members
<div class="IPBDescription">I dunno, you tell me.</div> Long story short: One of my female friends might have a hacker.

I would like to help her, but I don't know how to. I have heard that there is a way to find out the IP address of who is hacking.

So in other words, Do you know how to get the IP of a hacker that is accessing your computer?

Comments

  • FireStormFireStorm Join Date: 2002-11-06 Member: 7390Members
    <a href='http://www.zonelabs.com/' target='_blank'>http://www.zonelabs.com/</a>
  • FlatlineUTDFlatlineUTD Join Date: 2002-11-08 Member: 7695Members
    Yup, put up ZoneAlarm or BlackICE, check your logs.

    Then find out HOW they got in, fix your gaping security holes, and update your virus definitions. <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html/emoticons/smile.gif' border='0' style='vertical-align:middle' alt='smile.gif'><!--endemo-->
  • Marik_SteeleMarik_Steele To rule in hell... Join Date: 2002-11-20 Member: 9466Members
    /me waits for MonsieurEvil to give us his professional words of advice

    I'm interested in hearing what he'd recommend. I've heard mixed opinions about any software-based firewalls like ZoneAlarm, McAfee firewall, and BlackICE.
  • Siberian_DingoSiberian_Dingo Join Date: 2003-01-15 Member: 12326Members
    i have herd of this public software that can trace the hacker to his home computer. i think its called "hacker tracker". i have not used it for 2 years but you can submit IP's that have logged on your comp and they will go after that hacker (if they feel like it or have nothing else better to do).
  • TalesinTalesin Our own little well of hate Join Date: 2002-11-08 Member: 7710NS1 Playtester, Forum Moderators
    edited April 2003
    ZoneAlarm is decent, and I recommend it over McAfee.. because it's free, easier to configure, and is less prone to screwing up programs you may try to use (it can block ports on a by-program basis).

    'BlackICE Defender' is a joke. It's a highest-possible-profile... hiding the exploits available on your machine by faking that EVERY OTHER EXPLOIT ON THE FACE OF THE PLANET IS AVAILABLE.
    Sounds like a good idea, hiding the incriminating letter with the mail. Problem is... it lights you up like a beacon. You'll have every scriptkiddie whose war-pinger runs across your IP address *flocking* to your machine, seeing it as hugely open with security holes. Sure, the majority of them will beat their heads against the fake exploits. Problem is, with so many drawn to your machine, chances are greatly improved that one of them will find the REAL security hole, and take over your machine. Which is ten times worse, as you *think* it's 'defended'. As noted, BID is a sad joke in security terms.
    Not to mention with all those script kiddiots beating on the fake exploits, your bandwidth will be taking the brunt of the hits.. those packets STILL come to you, whether or not the associated commands get through.

    Best way to deal with things (without setting up an outright Linux NAT/Firewall) is to put in ZoneAlarm, and then drop Ethereal on top of it. If you think the 'hacker' is on the machine at a given time, bring it up. Log the packets. Turn off EVERYTHING ELSE that uses the network connection, so only the intruder's link will show activity. Then log the stream to find out what they're doing.

    Thing is, why does she think she has a <i>cracker</i> attacking her machine? Files changed? Things just screwing up? Make sure that none of her family has access to the machine. It's MUCH easier (and more likely) for a familial member to accidentally botch something while sitting in front of the machine, than it is that someone would be remote-attacking her system.

    Er.. unless she does stupid things, like using Internet Explorer to browse (there's code that silently forces software to install and run locally, just from viewing a website) and/or Outlook/Outlook Express for e-mail access (there's code out there that downloads and executes hostile software, without even opening the e-mail itself... just checking her e-mail with those pieces of cr*p could have infected her machine with a virus or trojan).
  • ConfuzorConfuzor Join Date: 2002-11-01 Member: 2412Awaiting Authorization
    Using Sygate; seems pretty detailed, and I saw it get voted best out a whole lot of other stuff.

    BTW, is there any form of "retaliation" that can be done if you do get a hold of someone trying to touch your... precious? Something as simple as flipping them the bird through ASCI art maybe? <!--emo&:p--><img src='http://www.unknownworlds.com/forums/html/emoticons/tounge.gif' border='0' style='vertical-align:middle' alt='tounge.gif'><!--endemo-->
  • Marik_SteeleMarik_Steele To rule in hell... Join Date: 2002-11-20 Member: 9466Members
    <!--QuoteBegin--Confuzor+Apr 10 2003, 09:50 PM--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Confuzor @ Apr 10 2003, 09:50 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> [...]

    BTW, is there any form of "retaliation" that can be done if you do get a hold of someone trying to touch your... precious? Something as simple as flipping them the bird through ASCI art maybe? <!--emo&:p--><img src='http://www.unknownworlds.com/forums/html/emoticons/tounge.gif' border='0' style='vertical-align:middle' alt='tounge.gif'><!--endemo--> <!--QuoteEnd--> </td></tr></table><span class='postcolor'> <!--QuoteEEnd-->
    <a href='http://www.securitysoftware.cc/apps.html' target='_blank'>http://www.securitysoftware.cc/apps.html</a>
    Slap.

    I haven't tested it one bit, but it's the closest and simplest tool I can remember hearing about that fits your wish list. ASCII may be difficult with it, though.
  • SycophantSycophant Join Date: 2002-11-05 Member: 7092Members
    <!--QuoteBegin--Unknown+Apr 10 2003, 06:30 PM--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Unknown @ Apr 10 2003, 06:30 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->Long story short: One of my female friends might have a hacker.

    I would like to help her, but I don't know how to.  I have heard that there is a way to find out the IP address of who is hacking.

    So in other words, Do you know how to get the IP of a hacker that is accessing your computer?<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
    You say that she <i>might</i> have a hacker? I'm not doubting your statement, just trying to pinpoint the cause, but why do you/her think it's a hacker?

    I'd suggest running an anti-spy/adware program first before going through the hassle of setting up personal firewalls, IP loggers, and so on. The scanning/cleaning programs are fairly common, and work quite well.

    After that, a full virus scan with the latest update may uncover something you weren't aware of. Not all viruses are designed to be damaging to a system - some just do annoying things, like making a system seem like it's being hacked, for example.

    Those suggestions are given assuming that you're not entirely sure if it's actually a hacker. If you're <i>sure</i> it is, then just ignore this post. <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html/emoticons/smile.gif' border='0' style='vertical-align:middle' alt='smile.gif'><!--endemo-->
  • CrouchingHamsterCrouchingHamster Join Date: 2002-08-17 Member: 1181Members
    edited April 2003
    <a href='http://www.ripe.net' target='_blank'>http://www.ripe.net</a>

    The whois? database might be handy if you get an IP addy..really though, the chances of anyone "hacking" a home PC are minimal, nothing to gain really, more likely virus, trojans, spyware or the aforementioned script kiddies..

    Get Zonealarm, not great, but free and functional.

    Get AVG antivirus, free for home use, I've been running it for months with no problems, but for gods sake, keep the definitions up to date.

    <a href='http://www.grisoft.com' target='_blank'>http://www.grisoft.com</a>

    Scan the thing for trojans, there's a free trial of this that you can use for 14 days..

    <a href='http://www.anti-trojan.net/en/' target='_blank'>http://www.anti-trojan.net/en/</a>

    Check for spyware..regularly

    <a href='http://www.lavasoftusa.com/' target='_blank'>http://www.lavasoftusa.com/</a>

    Generally, never go near any .exe or .scr files, unless you know EXACTLY what they are , and trust whoever sent it to you..if you use internet explorer ( and lets face it, most people do..), have a good look at your security settings..

    And finally, DO NOT "always trust content from Gator.com"!!111
  • MaTTMaTT Join Date: 2002-11-01 Member: 3033Members
    Zonealarm is probably the best software firewall available that blocks unwanted incoming traffic. However its pretty much useless against outbound traffic so if your friend has a trojan installed on her PC then zonealarm on it sown is not much use. If it is the case that she has a trojan installed then because of the way trojans work she might have several people snooping around her PC. Zonealarm combined with a good virus scanner will protect her from the majority of script kidddies...
  • CowswinCowswin Join Date: 2003-03-17 Member: 14623Banned, Constellation
    Zonealarm would be the cheapest and easiest to set up.

    Scan with antivirus software first for trojans and such and adware for spyware.

    If someone still gets through all that you have somehow **** off an uber hacker, you may's well unplug from the net right now.
  • VenmochVenmoch Join Date: 2002-08-07 Member: 1093Members
    I use Norton Internet Security

    Firewall and Antivirus in one.

    (Oh and the XP firewall runs over that as well!)
  • ThansalThansal The New Scum Join Date: 2002-08-22 Member: 1215Members, Constellation
    /me starts grumbling

    @Talesin

    Both of those problems that you brought up are OLD AND DEAD
    Neither of them exist any more, they were both fixed, please do not spread false information <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html/emoticons/smile.gif' border='0' style='vertical-align:middle' alt='smile.gif'><!--endemo-->



    /me is sick and tired of every one ragging on stuff that aint real.


    BAH
  • Spyder_MonkeySpyder_Monkey Vampire-Ninja-Monkey Join Date: 2002-01-24 Member: 8Members, NS1 Playtester, Contributor
    edited April 2003
    I do Information Protection for our base at work. There, we have the money to spend on storage space for logs, hardware firewalls and constant monitoring... at home, I take a more relaxed approach...

    I use McAfee Desktop Firewall (free for military) <!--emo&;)--><img src='http://www.unknownworlds.com/forums/html/emoticons/wink.gif' border='0' style='vertical-align:middle' alt='wink.gif'><!--endemo--> It's pretty simple to set up, comes with a nice dynamic learning mode, (annoying at times when you're trying to play new games), and has a few nice logging features.

    To answer your question-at-hand, though...

    netstat in command prompt shows all active connections. Look for anything funny. Also, and I've experienced this one, do a couple of tracerts to different IP's/Domains. Sometimes, the hacker will attempt to re-route all traffic through his own IP address. If you see an IP address returning tracert/nslookup queries that doesn't belong to your ISP, you might want to be a little suspicious.
  • DingyDingy Join Date: 2003-02-14 Member: 13545Members
    <!--QuoteBegin--Marik_Steele+Apr 10 2003, 08:59 PM--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Marik_Steele @ Apr 10 2003, 08:59 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> <a href='http://www.securitysoftware.cc/apps.html' target='_blank'>http://www.securitysoftware.cc/apps.html</a>
    Slap.
    <!--QuoteEnd--> </td></tr></table><span class='postcolor'> <!--QuoteEEnd-->
    Has anyone actually used this app?

    Just curious, sounds fun.
  • TalesinTalesin Our own little well of hate Join Date: 2002-11-08 Member: 7710NS1 Playtester, Forum Moderators
    Thansal, if you're talking about the IE/O/OE auto-run exploits, yes.. the FIRST one that was found in IE6/OE were closed by a patch. Thing is, they didn't fully patch it. They just made it harder to get to... and people figured out how to get into it again. So it's STILL out there. And more dangerous, because people <b>think</b> that it's been fixed.

    What... you think MS would trash one of their own possible channels of control, just because some kids found it? No, they put on the equivalent of a 'push-and-turn' top.


    ZoneAlarm can be configured to respond to both incoming *and* outgoing network traffic. So it has the ability to block remote attacks. Thing is.. with <i>most</i> trojans, the remote attacker needs to connect in to control it. ZA trips, you lock his *ss off and then perma-block the port in question until you can disinfect the trojan.


    On a side note, I distrust anything Norton makes, after a previous version of SystemWorks managed to physically break a HDD during a defrag.
  • ConfuzorConfuzor Join Date: 2002-11-01 Member: 2412Awaiting Authorization
    <!--QuoteBegin--Dingy+Apr 11 2003, 04:07 PM--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Dingy @ Apr 11 2003, 04:07 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> <!--QuoteBegin--Marik_Steele+Apr 10 2003, 08:59 PM--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Marik_Steele @ Apr 10 2003, 08:59 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> <a href='http://www.securitysoftware.cc/apps.html' target='_blank'>http://www.securitysoftware.cc/apps.html</a>
    Slap.
    <!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
    Has anyone actually used this app?

    Just curious, sounds fun. <!--QuoteEnd--> </td></tr></table><span class='postcolor'> <!--QuoteEEnd-->
    Already downloaded Slap!; I've been waiting for an attack and thus far, no necessary retaliation needed. If my friends come up, I'm going to try and ask them to make a test slap on me.

    Kind of makes me want to download good ol' ICQ98 too; with the ICQ on my old computer, I use to be able to add anyone I wanted and read anyone's IP.
  • TalesinTalesin Our own little well of hate Join Date: 2002-11-08 Member: 7710NS1 Playtester, Forum Moderators
    Or you could just load up Trillian, and do the same thing now, with a more advanced client and the ability to be on five chat mediums at the same time.
    <a href='http://www.ceruleanstudios.com/' target='_blank'>www.ceruleanstudios.com</a>

    (though reading IPs does require a plugin)
  • HellbillyHellbilly A whole title out of pity... Join Date: 2002-11-02 Member: 3931Members, NS1 Playtester, Constellation
    For free Firewalls, i personally recommend Sygate Personal Firewall.
  • Just_AyaneJust_Ayane Join Date: 2002-11-06 Member: 7317Members
    Just an ip? ............... netstat -a <!--emo&:D--><img src='http://www.unknownworlds.com/forums/html/emoticons/biggrin.gif' border='0' style='vertical-align:middle' alt='biggrin.gif'><!--endemo--> <!--emo&:D--><img src='http://www.unknownworlds.com/forums/html/emoticons/biggrin.gif' border='0' style='vertical-align:middle' alt='biggrin.gif'><!--endemo--> <!--emo&:D--><img src='http://www.unknownworlds.com/forums/html/emoticons/biggrin.gif' border='0' style='vertical-align:middle' alt='biggrin.gif'><!--endemo--> what's with the long answers? ;-)
  • MonsieurEvilMonsieurEvil Join Date: 2002-01-22 Member: 4Members, Retired Developer, NS1 Playtester, Contributor
    edited April 2003
    Everyone here keeps recommending buying software firewalls. If you're on a dial-up connection, that's an OK way to go. But if you are on broadband (and most attacks are going to occur against you if you are cable/dsl, as opposed to dial-up), I recommend a 2-pronged defense of securing your OS properly through config changes, and investing in a hardware-based firewall. I have used a variety for home, such as Linksys, Sonicwall, or the new MS MN series. It also depends on whether or not you are using 'Wi-Fi' as as well (802.11a/b/g), as you come into the concept of 'war-driving'.

    If you want to tell us more about your friend's PC config (specifically, the OS and the internet-connection method), I can throw out my more specific $.02. The config changes you make for Windows2000/XP versus Windows98 are pretty different, for example.

    I really ought to just write an article about this to go in tandem with the Readyroom.org tuning guide... someday...

    Of course, you can always just buy a Cisco PIX Firewall. Those can be had for as little as $5,000 (without the WIC's), and can handle up to 280,000 simultaneous connections at 370Mbps. <!--emo&:p--><img src='http://www.unknownworlds.com/forums/html/emoticons/tounge.gif' border='0' style='vertical-align:middle' alt='tounge.gif'><!--endemo-->
  • That_Annoying_KidThat_Annoying_Kid Sire of Titles Join Date: 2003-03-01 Member: 14175Members, Constellation
    damn, MonsE beat me to the punch

    in the CISCO room @ my school they have a PIX that is worth oh say $20,000 and our district is to damn inane to use it, becuase a software firewall from Dell is far superior to the networking industry leaders firewall
Sign In or Register to comment.