Re: [SLUG] IP spoofing and tracking

From: steve (steve@itcom.net)
Date: Sat Feb 23 2002 - 09:31:03 EST


-----BEGIN PGP SIGNED MESSAGE-----

It's a federal crime.

Call RR customer support. Be professional and courteous. You want him/her as
an ally. Ask for the name of the person you talk to and make it kinda obvious
that you are writing down the name. "Sorry, but how do you spell that?"

Say "Bill (or who ever) I have evidence on what is apparently another RR
client hacking into my system. I'm preparing a report for the FBI. Do you
think I should talk to a supervisor, or can you help me? (One of the problems
RR has is that they don't want to get caught in the middle giving out private
customer information etc. That they could then later be sued on.)

"I thought you might want a head start gathering the data from your logs
before the feds show and start doing it for you. This way you can be ready
and just turn it over. Who should I write down as the contact person?

Then just take it from there. "I would prefer to have something from you on
the matter when I turn this in but I'm not familiar with your internal
policies on these matters?"

Chances are they will not give you anything too useful, but you will have a
contact person within RR who the feds can contact. Take what you have to the
FBI.

A friend had a case with a guy hacking from his parents house in UK. The ISP
was not helping. But he knew a guy in London who helped him find their phone
number (forgot how he got the kids last name). But he reported it to the
feds, got a case number and then started to fax his parents fax machine with
the statement he made, which had the FBI logo, saying that the FBI is looking
into their son, with the case number and all. The hacking stopped the same
day. They called him and apologized for their son.

So my approach is always to be matter of fact, friendly, and set it up so
that the one you need help from has the chance to be the good guy. Much more
effective than trying to be their "enemy". But you want to show resolve.
(Decide before talking to anyone that you ARE going trough with this.)

Steve

On Saturday 23 February 2002 01:23, you wrote:
> Well here is a few things one Road Runner Users get this a lot.
> Next he should run Zone Alarm if he is using Winders it is free and works
> very well.
> Next It will give you a ip that is trying to hit his system.
>
> Now with that McAfee has a Utility that will indeed sniff out the location
> of this person whom
> is ping bombing him. Now then I can tell you if it is from another Road
> Runner user, Road Runner
> Will do absoultley nothing about this. They do not feel it is worth
> bothering. They will then say that you
> should be running a firewall and what do you want them to do about it?!
>
> If it turns out to be from another domain and isp though then he should
> contact that isp and report the person and send them
> a copy of the log file from the Firewall.
>
> That is about all you can do.
>
> Unless you get him to switch to LINUX 8-)
> Then you can tell him to update all the security patches and updates. Set
> up a BSD firewall!
> You know the rest of the story so preach the Open Source Gosple to him!
>
>
>
> -----Original Message-----
> From: Norbert Cartagena <niccademous@yahoo.com>
> To: slug@nks.net <slug@nks.net>
> Date: Saturday, February 23, 2002 12:43 AM
> Subject: [SLUG] IP spoofing and tracking
>
> >Ok, security question here for both Linux and Windows:
> >
> >I have a friend (Using Win2k a his main box, that poor lost soul) who
> >has as of late been getting ping-bombed. He lives in an appartment
> >complex that has their own internal LAN for the entire complex. He was
> >able to find out the IP from where the pings were apparently comming
> >from. However, when he tracked it down, he found out that it wasn't the
> >person with that IP doing that - someone was spoofing their IP to this
> >other person's. He was able to determine that the pings were comming
> >from within their network, but hasn't been able toget any more info than
> >that. I was wondering if there was a tool - under either Windows or
> >Linux - that would be able to track the IP to the true source, a way of
> >somehow un-spoofing the address?
> >
> >I know this must seem vague, but I didn't get too many details when I
> >was talking to this guy - I was kinda in the middle of something that
> >took a bit more of my attention at that particular moment - so my
> >appologies if it seems almost like random babble.
> >
> >Gnorb

- --

Steve

__________________________________________________________
When you'd had enough - there are several good options that are Stable,
Fast, Low Cost and Maintenanace, without invasion of your privacy etc.
IBM alone invested $1 Billion into Linux in 2001. They had enough!
Check out f. ex. SuSE, RedHat and Mandrake.
May your computer never be the same...

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3in
Charset: noconv

iQEVAwUBPHenpyrrkbAS+lUpAQGS5Qf/bY9/nxxGAPPDIV+Kre/3tGO6FKOJKp2m
S0RGzoN4yxlnVFJ0JYVQxU9YSaUyVxOB4VERiAfyMttennadXVgUIk+7pF4PAUX7
R/A51CWyHbBTQ4A79DsQL4k31Qiwlzh/HFWxsYcYi3rRFu6hbAgd/mAByzlAIytf
dSWZqAaCABdGhar8SSSm+y12yh1O881k71x7CjrXodTY2jBSxRqTeDwQCGjEvfSq
wisnRm2YhCwi2xv+oSSnXfz7OC6HXcxrZ5nwQwyjszXud0vnWIiZYrVXsQF9Vory
UyMIvjN1d37iBMo5Doi1KwTryU7dfgIImGlSQD0t5G7b3d3z6l2N1g==
=H6iw
-----END PGP SIGNATURE-----



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 16:32:28 EDT