counter attack an attack in progress?

Discussion in 'Windows Desktop Systems' started by Maveric169, Oct 9, 2004.

  1. Maveric169

    Maveric169 The Voices Talk to Me

    Messages:
    1,148
    Location:
    Elkhart, IN
    Well I hope this doesn't violate the rules but I have to try. I have been under a constant attack on my system for 3 days from 147.32.114.70. This computer is throwing everything but the kitchen sink at me. Every kind of attack you can think of. I have notified my ISP, they say nothing they can or will do about it. I have notified the orgination host they literally (after getting someone that speaks english) told me to F*** off and hung up.

    I am sick and tired of this. Is there any means at my disposal to counter-attack? Anyway I can redirect all the packets they send to me and redirect them back to the source?

    Any ideas or other means of pinting me in the right direction would be helpful. Thanks.
     
  2. LeeJend

    LeeJend Moderator

    Messages:
    5,291
    Location:
    Fort Worth, TX
    Wow you have a new web pal in Eastern Europe and he has a pretty good connection. He pings at 42 milliseconds.

    Define attack. Are they just pinging you to acheive denial of service or are they trying to crack your passwords?

    Assuming its a ping attack - You don't have the bandwidth to do anything back at them. So your best option would be to get on IRC, haunt the hacker sites until you found somebody who would give you a BOT program. Then you crack into other peoples systems and seed the BOTs. Hundreds or thousands would be required and could take months. Once you have your BOT army you launch a denial of service attack against your attacker and hope he doesn't have a bunch of friends who then retaliate against you. Not a good plan.

    If the attacker is trying to crack your passwords then you have the option of calling the FBI and reporting it as attempted identity theft. They might eventually do something.

    Or, you could put up a firewall. Zonealarm is free and will make you disappear off the web. Nothing to attack. A router with DMZ turned off will do the same.

    Another option is tell your POS ISP to change your IP address. If they are reluctant a few threats to litigate will spur them on. And then put up a firewall to hide your new IP so it doesn't happen again.
    __________________
     
  3. VenomXt

    VenomXt Blame me for the RAZR's Folding Team

    Messages:
    3,453
    Location:
    Houston, Texas
    how do you know about my bot army!!!!!!!!!!!! (gets under covers)
     
  4. Maveric169

    Maveric169 The Voices Talk to Me

    Messages:
    1,148
    Location:
    Elkhart, IN
    Well currently they are scanning, and attemping to crack passwords in my system. I have since put my system under full lockdown after they were able to knock McAfee and a temp zonealarm AV systems offline. Luckly I was sitting here when that happened. Just not sure what to do, everyone, ISP wise just tells me to un-plug my PC for a while they will go away. Not an option, I will win this fight! They do have a number of UDP ports open, anything I can do with that info?
     
  5. VenomXt

    VenomXt Blame me for the RAZR's Folding Team

    Messages:
    3,453
    Location:
    Houston, Texas
    when you have to ask questions about how to attack back buddy your best off not doing anything to them. how are you connected? cant you download all the latest updates to zonealarm or anther free firewall and get off line install get on update. or id do what lee said if you had a router turn off DMZ.
     
  6. LeeJend

    LeeJend Moderator

    Messages:
    5,291
    Location:
    Fort Worth, TX
    If they are cracking passswords call the FBI.
     
  7. VenomXt

    VenomXt Blame me for the RAZR's Folding Team

    Messages:
    3,453
    Location:
    Houston, Texas
    shiver.
     
  8. LordOfLA

    LordOfLA Godlike!

    Messages:
    7,027
    Location:
    Maidenhead, Berkshire, UK
    Stop whining and kill the pc for 15-20 minutes you'll force an IP change, problem solved.

    As for McAfee and Zonealarm they never stood a chance neither are deisged for stopping this kind of thing.

    If you are going to be stubborn get a direct line to the techs at your isp and ask them to filter the attack.

    If they wont all you can do is kill the pc for the aforementioned period of time.
     
  9. Maveric169

    Maveric169 The Voices Talk to Me

    Messages:
    1,148
    Location:
    Elkhart, IN
    Well, call to FBI they took a report, disconnect and forced change of IP hacker was back in 40min (3rd time I have forced my IP change BTW). I have things locked down now to where they shouldn't be able to access anything that they can crack. They are still hammering the hell out of me though. ISP says they will not block/filter an IP address as they cannot verify that the user of the IP is doing anything illegal.

    So I guess I am just screwed.

    ohhh yes, I have a cable connection, the very most up-to-date update to both firewalls and AV.
     
  10. VenomXt

    VenomXt Blame me for the RAZR's Folding Team

    Messages:
    3,453
    Location:
    Houston, Texas
    maybe he has something on your comp that sending out your location. lol back in the sub seven days that used to be a fun thing to do to friends on dial up. lol but i supoise if you truly have scanned for everything then probaly not.. btw check for exclusions in your antivirus. i dont know out of my leauge. might want to change your passwords (offline) to some extremly more encrypted ones. hehe
     
  11. Maveric169

    Maveric169 The Voices Talk to Me

    Messages:
    1,148
    Location:
    Elkhart, IN
    Well that is what kinda freaked me out, is that after forcing my IP change was the fact that he was back in less than an hour not once but 3 times. The only thing I can think of is that there is something exposed like a port, or some other identifing characteristic that this person is able to single me out through a scan of the netrange. I already have some pretty heffty passwords on everything on my system so it will take them a while if they do make a connection.

    I guess I just really feel like a 1 legged man in an ass kicking contest with no way to fight back against this attack. I mean I am a computer savy person but I hate the fact that all I can do is try to block the attack and not fight back.
     
  12. Tuffgong4

    Tuffgong4 The Donger Need Food!!!! Political User

    Messages:
    2,465
    Location:
    Chicago
    never ever ever ever ever fight back...you will get it 45 times worse than what you think you can do...the best thing to do is hide behind a hardware firewall(if you have it) a software firewall and a big rock
     
  13. VenomXt

    VenomXt Blame me for the RAZR's Folding Team

    Messages:
    3,453
    Location:
    Houston, Texas
    beh just go to bed leave your comp off.. dont fret with it.. if they are back by the morning then you can worry more.. as for me.. dawn of war time..
     
  14. hey you can ask computer geniuses around you, a guy at my school had hacker spying on his computer he had someone retaliate and they did something that just crashed their whole system as in just killed his graphics card and just made other hardware over-work till they melt somthing like that.... see if someone can do that for you...
     
  15. ming

    ming OSNN Advanced

    Messages:
    4,252
    Location:
    UK
    One thing you could do...Ask your ISP to change your IP... :)
     
  16. Maveric169

    Maveric169 The Voices Talk to Me

    Messages:
    1,148
    Location:
    Elkhart, IN
    errr apaently you didn't read the whole thread, I have changed my IP 3X, SOAB comes back within 1 hr!

    But I did finally get to talk to a security person at the ISP and they contacted the FBI agent reguarding the report I filed, so I hope between them they will do something. Bastard is still hammering the hell out of my IP. I got the IP in the banned list on my firewall so as long as this hacker punk doesn't knock them offline I think I will be ok.
     
  17. Geffy

    Geffy Moderator Folding Team

    Messages:
    7,805
    Location:
    United Kingdom
    good luck, I hope your ISP gets their thumbs out, I dont see why they would want a high packet attack on their network, its going through their servers/routers/nodes
     
  18. X-Istence

    X-Istence * Political User

    Messages:
    6,498
    Location:
    USA
    For a quick deterent, grab knoppix, an old machine, and install it on there, it should have a way for the firewall to be configured.

    Set it to drop all packets from whoever is doing this. That way you don't send anything back, and you still have your upload to use, also, the attacker will then have to put more power on to saturate your download, but i doubt it would knock you offline again. unless it is a huge amount of bandwidth.

    Good luck :).
     
  19. Maveric169

    Maveric169 The Voices Talk to Me

    Messages:
    1,148
    Location:
    Elkhart, IN
    Well, I booted up this morning and guess who is knocking on my firewall again for day 4. But now it looks like this person is back to scanning for open ports and not just trying certain ones over and over. I have the comp under a near full lockdown (which sucks as I can't use 90% of my programs) but it should keep me safer than I was.

    >X, I wish I had an old machine to setup but I don't anymore.
     
  20. dave holbon

    dave holbon Moderator

    Messages:
    1,014
    Location:
    London England
    Coming from [klika.sh.cvut.cz] causing grief? Yes to knobble, no to allow.

    If you are only using an internet connection (not internal network) disable NetBios over TCP/IP and block port 445 (I think). Go here for more info : -

    http://www.petri.co.il/what's_port_445_in_w2k_xp_2003.htm
    :) :) :)