LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices

Reply
 
Search this Thread
Old 02-25-2002, 10:01 PM   #1
neo77777
LQ Addict
 
Registered: Dec 2001
Location: Brooklyn, NY
Distribution: *NIX
Posts: 3,704

Rep: Reputation: 55
not linux related, I've been tried to be hacked


Hi, guys, I know it is not related to the linux at all, but here it is I've never done any cracking before, but this dude is bombarding my system with packets and he tries to connect to netbios-ns port on my system (ha-ha), I know of this nice utility netcat, and I know with combination with Nmap, I can teach him a lesson, according to Nmap scan of his ports he has port 5000 open, can anyone tell me what I can do to get the bustard of my system, I've configured firewall pretty tight, and I know it's none of you moderators who're trying to hack into my system (you have that IP logged thingy), you all have become a sort of family for me, everyday I am browsing the forums and trying to help others. Can anyone help me now?
 
Old 02-25-2002, 10:18 PM   #2
crabboy
Moderator
 
Registered: Feb 2001
Location: Atlanta, GA
Distribution: Slackware
Posts: 1,823

Rep: Reputation: 120Reputation: 120
Run a whois on his ip address and report him to his internet provider. Trying to crack his box is not the right way to go if you want the attacks to end.
 
Old 02-25-2002, 10:27 PM   #3
neo77777
LQ Addict
 
Registered: Dec 2001
Location: Brooklyn, NY
Distribution: *NIX
Posts: 3,704

Original Poster
Rep: Reputation: 55
I am aware of it, thank you mate, I am not going to crack it just wanted him off my system because it's gotten so annoying and disturbing.
 
Old 02-28-2002, 01:36 PM   #4
Stephanie
LQ Addict
 
Registered: May 2001
Location: Arizona
Distribution: 9.2 Mandy 1.4 Gentoo 5.1 FreeBSD WinXP
Posts: 1,166

Rep: Reputation: 45
If you give me his IP adress, I will pass it to a friend who can teach him a lesson.

I couldnt care less whether it is right or not... snots like that dont deserve jail time.. they deserve re-format and installation time

 
Old 02-28-2002, 07:40 PM   #5
neo77777
LQ Addict
 
Registered: Dec 2001
Location: Brooklyn, NY
Distribution: *NIX
Posts: 3,704

Original Poster
Rep: Reputation: 55
For sure, unfortunatelly it is a dynamic, but it doesn't seem he uses dial-up, he tries for a week now, I notified AOL (his provider) of this annoyance, never got the e-mail back, ignorance is a bliss, I guess. So what the f...? He wants to get a hold on netbios-ns port on linux system ( I am laughing my ass off), and I am just sending an e-mail after an e-mail to AOL with a snapshot from my logs, I believe it is the same user who keeps breaking in as a legitimate guest, no way. I believe AOL will have dignity to recognize the situation, I live in the United States where laws are the laws. We'll see what happens next.
P.S. Is it possible to track down a person even if he's changed IP? I mean I have a dynamic IP assigned to me everytime I log in. How he finds me? Or he has a pool of victims and tries them all?

Last edited by neo77777; 02-28-2002 at 07:43 PM.
 
Old 02-28-2002, 09:28 PM   #6
crabboy
Moderator
 
Registered: Feb 2001
Location: Atlanta, GA
Distribution: Slackware
Posts: 1,823

Rep: Reputation: 120Reputation: 120
Quote:
snots like that dont deserve jail time.. they deserve re-format and installation time
Hehe... I like that.

I'd have to say that he not attacking you personally, since you have a dynamic IP. He is probably looking for any netbios weekness over a IP range.

What I have found helpful is to load all my firewall logs into a mysql database, so I can query unique IPs attacking a specific port. This will give you an accurate IP range; time of day; and durations of attacks. Is it always the same IP range? Same time of day/night? Netbios the only port he attacks? The database tells all in a quick and easy way.
 
Old 03-09-2002, 11:07 AM   #7
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,535

Rep: Reputation: 148Reputation: 148
Ehhh...
You've got one person.
I've got 10-15 different IPs everyday in logs along with DENY :-)))
 
Old 03-10-2002, 11:22 AM   #8
neo77777
LQ Addict
 
Registered: Dec 2001
Location: Brooklyn, NY
Distribution: *NIX
Posts: 3,704

Original Poster
Rep: Reputation: 55
No it is not the only person of course, there are different packets send requests occurring on my IP. Some benign like http, ftp ports try, they are closed, some to my LimeWire port and gtk-gnutella, but they are all ruled away, only this asshole was trying to figure out netbios-ns port entry along with asp port, none are open though, recently I had a bombardement of ssh port, of course I use ssh2 protocol to communicate with my box over ssh, so I guess it was useless for script-kiddies to get hold on this one.
 
Old 03-10-2002, 11:35 AM   #9
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,535

Rep: Reputation: 148Reputation: 148
Well, when writing about 10-15 IPs I do not mean those I see first time :-))
I've got everything filtred, so when I read my logs everyday it's much of it.
I'm beggining to think there are ONLY script-kiddies.
My favourite one was trying to get to ssh for about an hour (ssh is allowed only from one machine and only for one user). I had nice time watching it. But then it becomes boring...
 
Old 03-12-2002, 10:41 PM   #10
neo77777
LQ Addict
 
Registered: Dec 2001
Location: Brooklyn, NY
Distribution: *NIX
Posts: 3,704

Original Poster
Rep: Reputation: 55
Sure it does, I can see it, but man netbios-ns on linux system??? Com'on, he is probably got some script off hackers site without knowing what it does, but if he's gotten a pool of IP's he's scanning, then of course more than a half of them will be running windows. And about ssh, I had an attack on my ssh port, and my logs grew to almost 1 Meg, this is a disturbance, I wish I knew how to teach him/her a lesson (I never assume that script-kiddies are only men ) to drive his/her system to full reformat and re-install.

Last edited by neo77777; 03-12-2002 at 10:43 PM.
 
Old 03-13-2002, 12:22 PM   #11
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,535

Rep: Reputation: 148Reputation: 148
There is one nice method I know. I think it's perfectly legal, too.
The idea is simple: get his/her get into, but to specially prepared system with some nice files. One of them (named "important" may be a letter to the hacker when you can write all you think about this person).
How to do this? For sure you need some time. But there is software that can emulate badly-configured server. I can't now write any name, but it is available for sure.
 
Old 03-14-2002, 10:07 AM   #12
Mik
Senior Member
 
Registered: Dec 2001
Location: The Netherlands
Distribution: Ubuntu
Posts: 1,316

Rep: Reputation: 46
It's called a honeypot which should attract plenty of crackers.
 
Old 03-14-2002, 11:47 AM   #13
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,535

Rep: Reputation: 148Reputation: 148
Yes, I know it's honetpot, but I was thinking about program names and websites. But I don't remember...
 
Old 03-22-2002, 04:57 PM   #14
neo77777
LQ Addict
 
Registered: Dec 2001
Location: Brooklyn, NY
Distribution: *NIX
Posts: 3,704

Original Poster
Rep: Reputation: 55
Sorry for replying so late.
Thank you guys, I've heard of the honeypot, and I think I know how to protect myself, especially from windows crackers/loosers.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Going To Attempt Linux sotch Linux - Software 6 04-02-2005 04:46 AM
Apache logs - Hack attempt or not? lawadm1 Linux - Software 6 11-05-2004 11:53 PM
newbie question: do these logs show a hack attempt lucastic Linux - Security 4 08-13-2003 08:07 AM
Linux Router attempt Jase Linux - Networking 3 01-23-2002 08:07 AM
access.log:Possible Hack attempt? plisken Linux - Security 5 01-04-2002 02:40 PM


All times are GMT -5. The time now is 02:14 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration