GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi, guys, I know it is not related to the linux at all, but here it is I've never done any cracking before, but this dude is bombarding my system with packets and he tries to connect to netbios-ns port on my system (ha-ha), I know of this nice utility netcat, and I know with combination with Nmap, I can teach him a lesson, according to Nmap scan of his ports he has port 5000 open, can anyone tell me what I can do to get the bustard of my system, I've configured firewall pretty tight, and I know it's none of you moderators who're trying to hack into my system (you have that IP logged thingy), you all have become a sort of family for me, everyday I am browsing the forums and trying to help others. Can anyone help me now?
Run a whois on his ip address and report him to his internet provider. Trying to crack his box is not the right way to go if you want the attacks to end.
For sure, unfortunatelly it is a dynamic, but it doesn't seem he uses dial-up, he tries for a week now, I notified AOL (his provider) of this annoyance, never got the e-mail back, ignorance is a bliss, I guess. So what the f...? He wants to get a hold on netbios-ns port on linux system ( I am laughing my ass off), and I am just sending an e-mail after an e-mail to AOL with a snapshot from my logs, I believe it is the same user who keeps breaking in as a legitimate guest, no way. I believe AOL will have dignity to recognize the situation, I live in the United States where laws are the laws. We'll see what happens next.
P.S. Is it possible to track down a person even if he's changed IP? I mean I have a dynamic IP assigned to me everytime I log in. How he finds me? Or he has a pool of victims and tries them all?
snots like that dont deserve jail time.. they deserve re-format and installation time
Hehe... I like that.
I'd have to say that he not attacking you personally, since you have a dynamic IP. He is probably looking for any netbios weekness over a IP range.
What I have found helpful is to load all my firewall logs into a mysql database, so I can query unique IPs attacking a specific port. This will give you an accurate IP range; time of day; and durations of attacks. Is it always the same IP range? Same time of day/night? Netbios the only port he attacks? The database tells all in a quick and easy way.
No it is not the only person of course, there are different packets send requests occurring on my IP. Some benign like http, ftp ports try, they are closed, some to my LimeWire port and gtk-gnutella, but they are all ruled away, only this asshole was trying to figure out netbios-ns port entry along with asp port, none are open though, recently I had a bombardement of ssh port, of course I use ssh2 protocol to communicate with my box over ssh, so I guess it was useless for script-kiddies to get hold on this one.
Well, when writing about 10-15 IPs I do not mean those I see first time :-))
I've got everything filtred, so when I read my logs everyday it's much of it.
I'm beggining to think there are ONLY script-kiddies.
My favourite one was trying to get to ssh for about an hour (ssh is allowed only from one machine and only for one user). I had nice time watching it. But then it becomes boring...
Sure it does, I can see it, but man netbios-ns on linux system??? Com'on, he is probably got some script off hackers site without knowing what it does, but if he's gotten a pool of IP's he's scanning, then of course more than a half of them will be running windows. And about ssh, I had an attack on my ssh port, and my logs grew to almost 1 Meg, this is a disturbance, I wish I knew how to teach him/her a lesson (I never assume that script-kiddies are only men ) to drive his/her system to full reformat and re-install.
There is one nice method I know. I think it's perfectly legal, too.
The idea is simple: get his/her get into, but to specially prepared system with some nice files. One of them (named "important" may be a letter to the hacker when you can write all you think about this person).
How to do this? For sure you need some time. But there is software that can emulate badly-configured server. I can't now write any name, but it is available for sure.
Sorry for replying so late.
Thank you guys, I've heard of the honeypot, and I think I know how to protect myself, especially from windows crackers/loosers.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.