Help! I'm Being Probed Repeatedly by a Hacker / Cracker

Myself ^ | 4/9/2002 | Vanity

[ex-Texan]

Help ! ! I'm Being Probed Repeatedly by a Hacker / Cracker !

Need help from an Freepers out there who have the ability to trace ISP numeric addresses. I've been on line for about 30 minutes and in that time I've had over 100 probes coming in on different ports. I have installed the free version of Zone Alarm and it signals me whenever there is a new probe with the ISP address being used by the attacker.

All of the attacks have orinated from the following ISP address: 206.157.247.131

I have attempted to trace the ISP and it appears they are coming from a company located in Virginia. If a Freeper out there has the ability to identify the origin of these hacking attacks, please advise.

[afraidfortherepublic]

Filing at tech_index

[Tennessee_Bob]

Hope you're not getting probed by a saltine cracker - those salt crystals could hurt....

[ex-Texan]

LOL LOL ! Pretty funny there Tennessee Bob!

Thought it might be somebody who knows 'Old Crusty' ...

[Clara Lou]

If Zone Alarm is blocking it then you have no worry, do you?

[TomServo]

Who's your ISP? VBNET out of Florida?

[CyberCowboy777]

Someone using VBNET.NET in Central Florida.

You could go deeper?

[CyberCowboy777]

He is in Oregon

[VA Advogado]

Hope you're not getting probed by a saltine cracker - those salt crystals could hurt....

Wait till the goldfish come for him.

[ex-Texan]

Depends on whether my Firewall is working 100% of the time. On the other hand, the probes might be originating from a government group based in Virginia. Inquiring minds ought to know, huh?

[Tennessee_Bob]

Sounds like a script kiddie. As long as you've got Zone Alarm on there, you should be ok. You could always take the ZA log and send it to abuse@whatever ISP.

[TomServo]

Registrant:
VBNet (VBNET2-DOM)
598-E Herndon Avenue
Orlando, FL 32803
Domain Name: VBNET.NET
Administrative Contact, Technical Contact, Billing Contact:
Network Administrator (NA271-ORG) network@VBNET.NET
VBNet
598-E Herndon Ave
Orlando, FL 32803
US
407-685-8000

Record last updated on 11-Jul-2001.
Record expires on 25-Apr-2005.
Record created on 24-Apr-1996.
Database last updated on 10-Apr-2002 09:48:00 EDT.

Domain servers in listed order:

NS1.VBNET.NET 205.140.156.13
NS2.VBNET.NET 205.140.156.12

[Harp]

You know someone who hates you in Orlando, Florida? That's where the IP looks like it might be from.

That's Disney territory, right? I'd have to put my money on Goofy. He seems far too idle.

[sigSEGV]

What ports are they hitting you on? Unless they're using a significant amount of bandwidth, just ignore it. FYI, I manage an Internet connection that sees upwards of 100,000 to 1 million probes/scans every day.

[TomServo]

He is in Oregon

DOH! Next time I'll try and pay attention.

[Dinsdale]

If they are scanning ports in sequence then you are being portscanned. Not a huge deal.

But just for fun go to insecure.org and download a copy of nmap for your OS. Then run it against the IP address. It will light up the script kiddies own port detection utility and might cause an interesting reaction.

Using the data you get from nmap to find expoitable flaws in the attackers OS would still be a legal thing to do. Actually using them would not.

[ShayAllen]

Looks like they are behind a firewall...even if you did figure out the IP of origin, it would probably be spoofed, meaning the real cracker hacked someone else's box and is using them as a sort of proxy.

[Slam]

Target: 206.157.247.131
Date: 4/10/2002 (Wednesday), 6:11:04 PM
Nodes: 14

VBNet (VBNET2-DOM)
598-E Herndon Avenue
Orlando, FL 32803

407 685-8000

[Mr. K]

what if you did not have zone alarm on? what exactly can a hacker do to a computer this way? I am not running any 'server' software (IIS or anything) so... what exactly can some one do to a plain vanilla computer running win2000? Thanks in advance