PDA

View Full Version : Port probes cont'd



23-01-2002, 07:42 PM
As a further note to the discussion below entitled 'Hackers', I'd like to make a point of re-iterating how risky it is to trace back the source of the port probes reported by firewall software such as Zone Alarm.

I have seen the situation where the web page loading has itself been infected with a virus and the very act of opening the page is inviting that virus onto your system.

(Robo, if you'd like to email me, I'll reply with a couple of screen captures I have made, showing the action and effect of trace back.

It's probably not a major to someone who really knows what he/she is doing, but I personally don't fit that category. So again, I recommend you DO NOT trace the probe back. It's akin to putting your head in the proverbial lion's mouth.

Surf safe,

Andy.

23-01-2002, 08:32 PM
there are a few tools which can do basic trace if you can be bothered wasting time ;-) but be aware that if it is a hacker you will just have let him know you are actually there. i would suggest just let the 'bumps' cruise on past.

never use your browser to try to trace someone. thats just begging for trouble.

23-01-2002, 08:37 PM
Andy,

Why would you want to place the ip address that your firewall stays the probde is coming from ??. This makes no sence.

There are dedicated programs out there that do the job such as 'McAfee NeoTrace Professional'. check it out at 'http://mcafeestore.beyond.com/Product/0,1057,3-18-SN107878,00.html'.

Jess

23-01-2002, 08:46 PM
Jess,

In my case, curiosity. The old 'Who's probing my computer?', indignant nosiness.

I never said it made sense, but it's possible to do it if you're stupid or just plain ignorant enough to try.

The reason for this post was to point up that while it's possible, it isn't wise.

The point made regarding using tools that let you trace the probe is a good one. If you really *need* to find out what's going on then using a piece of software to act as a barrier while you do so sounds like a good idea.

:-)

24-01-2002, 01:08 AM
Personally, I find the most useful tool for investigating IP addresses is Sam Spade - http://www.samspade.org

You can trace it, perform DNS lookups (and rDNS) as well as digging and a whole lot of other useful things.

Having said that Id advise using it on a computer known to be safe, and one you wont get into trouble for examining before you start using it on possible hackers.