Got a hacker :P

HalfLifer · Post by **HalfLifer** » Thu Apr 19, 2001 11:57 am

Some moron keeps trying to hack me. I have his IP, should I call @hoem and tell them>

mikemean · Post by **mikemean** » Thu Apr 19, 2001 1:44 pm

Originally posted by HalfLifer:
Its tons of these:
he firewall has blocked Internet access to your computer (TCP Port 6667) from 65.13.17.169 (TCP Port 2530).

Time: 4/19/2001 11:57:26

Using Neo Trace it appears that the above address is somewhere between Anaheim and Santa Ana California.

HalfLifer · Post by **HalfLifer** » Thu Apr 19, 2001 2:03 pm

Thanks Mike.

He really fux0red me good. Knocked out the config in my modem and everything. 1 hour with comcast tech support sucked.

HalfLifer · Post by **HalfLifer** » Thu Apr 19, 2001 2:18 pm

And I keep getting kicked off ICQ and MIRC stilll.....

Zporttech · Post by **Zporttech** » Thu Apr 19, 2001 4:48 pm

Hey Half,

Here is your buddies computer name. Hope this helps.....

cx945686-g.rsmt1.occa.home.com

bleach · Post by **bleach** » Thu Apr 19, 2001 5:16 pm

if someones trying to connect to you on 6667 that's not a hacking attempt, the person might think you're running ircd, and it certainly won't reset your modem configuration

g-c0de · Post by **g-c0de** » Thu Apr 19, 2001 5:34 pm

yeah port 6667 is the default port to connect to an irc server. i dont think he's trying to hax0r you, atleast your firewall works =), try canceling your firewall and try connecting to icq again, it could be that your firewall is blocking you

dannjr · Post by **dannjr** » Thu Apr 19, 2001 5:41 pm

This is as much info I could get through http://www.pingmeplease.com

Whois for cx945686-g.rsmt1.occa.home.com
.com is the global domain of USA & International Commercial

(Whois queries for .com domains can be performed at http://rs.internic.net/cgi-bin/whois)

whois -h whois.crsnic.net home.com

Redirecting to NETWORK SOLUTIONS, INC.

The Data in Network Solutions' WHOIS database is provided by Network
Solutions for information purposes, and to assist persons in obtaining
information about or related to a domain name registration record.
Network Solutions does not guarantee its accuracy. By submitting a
WHOIS query, you agree that you will use this Data only for lawful
purposes and that, under no circumstances will you use this Data to:
(1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail
(spam); or (2) enable high volume, automated, electronic processes
that apply to Network Solutions (or its systems). Network Solutions
reserves the right to modify these terms at any time. By submitting
this query, you agree to abide by this policy.

Registrant:
Home Network (HOME-DOM)
425 Broadway St.
Redwood City, CA 94063
US

Domain Name: HOME.COM

Administrative Contact, Technical Contact:
DNS Administration (DA24627-OR) abuse@HOME.COM
@Home Network
425 Broadway St
Redwood City , CA 94063
US
650-556-5399
Fax- 650-556-6666
Billing Contact:
Du, Trung (TD2157) trung@CORP.HOME.NET
@Home Network
425 Broadway Street
Redwood City, CA 94063-3126
650-569-5437 (FAX) 650-569-5100

Record last updated on 15-Mar-2001.
Record expires on 17-Dec-2002.
Record created on 16-Dec-1993.
Database last updated on 19-Apr-2001 03:21:00 EDT.

Domain servers in listed order:

NS3.HOME.NET 24.0.95.250
NS4.HOME.NET 24.14.77.13
NS5.HOME.NET 24.0.95.252
NS6.HOME.NET 24.14.77.14

--------------------------------------------------------------------------------

Traceroute 65.13.17.169
This end is where samspade.org lives

1 206.117.161.1 (206.117.161.1) 0.700 ms 0.451 ms
2 isi-acg.ln.net (130.152.136.1) 327.181 ms 348.326 ms
3 s4-1-1.lsanca1-cr3.bbnplanet.net (4.24.40.13) 4.827 ms 3.835 ms
4 p2-0.lsanca1-ba1.bbnplanet.net (4.24.4.17) 3.806 ms 6.175 ms
5 p5-0.lsanca2-br1.bbnplanet.net (4.24.4.2) 6.219 ms 4.77 ms
6 p7-3.paloalto-nbr2.bbnplanet.net (4.24.5.210) 18.560 ms 18.284 ms
7 p1-0.paix-bi1.bbnplanet.net (4.0.6.102) 19.258 ms 20.159 ms
8 p7-0.paix-bi2.bbnplanet.net (4.0.3.142) 19.532 ms 19.768 ms
9 c1-pos5-0.snjsca1.home.net (24.7.70.217) 21.82 ms 19.492 ms
10 c1-pos4-0.anhmca1.home.net (24.7.65.166) 22.207 ms 22.263 ms
11 bb1-pos1-0.rdc2.occa.home.net (24.7.74.74) 22.46 ms 19.879 ms
12 10.0.242.74 (10.0.242.74) 22.849 ms 17.701 ms
13 cr4.rsmt1.occa.home.net (24.19.241.91) 26.64 ms *
14 cx945686-g.rsmt1.occa.home.com (65.13.17.169) 103.225 ms 36.679 ms

Now its confirmed at least on the name hope it gets fixed

[ 04-19-2001: Message edited by: dannjr ]

HalfLifer · Post by **HalfLifer** » Thu Apr 19, 2001 10:39 pm

He was trying to hack me, he even said it himself. The log shows tons more ports.

g-c0de · Post by **g-c0de** » Thu Apr 19, 2001 10:53 pm

you were port scanned than i get that alot too (10.3MB of text in my logfile) , some script kiddie trying to be a hacker, call your isp and report them hehe

[ 04-19-2001: Message edited by: G-C0DE ]

Matt615 · Post by **Matt615** » Fri Apr 20, 2001 12:00 am

I would either call @home or send them an e-mail at like abuse@home.com. Definately report him.

HalfLifer · Post by **HalfLifer** » Fri Apr 20, 2001 12:00 am

Its tons of these:
he firewall has blocked Internet access to your computer (TCP Port 6667) from 65.13.17.169 (TCP Port 2530).

Time: 4/19/2001 11:57:26

HalfLifer · Post by **HalfLifer** » Fri Apr 20, 2001 12:05 am

Ok, I cant get on ICQ, email wont work. This is pissing me off. Im going to call.

ghost · Post by **ghost** » Fri Apr 20, 2001 9:06 am

In the future, you may want to consider using BlackIce Defender. It has been bulletproof for me. It can do a direct trace or an indirect trace (upon "attack") so they don't know you're tracing them. Simple to set up and use, has logging. Excellent program, highly recommended.

I'm not connected in any way with Network Associates, and do not benefit from this recommendation.

ghost

HalfLifer · Post by **HalfLifer** » Fri Apr 20, 2001 10:54 am

ZA is free, blackice costs money.

donald_k · Post by **donald_k** » Fri Apr 20, 2001 5:35 pm

ZA is a good firewall to use. But what really gets me going is how your config on the modem got wiped. Either just a real hard DDoS attack or it could have had some creative action done with it. I do not know if ZA can block your modem from furthur attacks... and if it happens again do not hesitate to call comcast and get them to handle it (if you are leasing the modem then it is their modem which means the guy would have to deal with them for screwing with it

), if you bought it you still might be able to get comcast to handle it. Anyways RUN A FIREWALL!!!!

[ 04-22-2001: Message edited by: donald_k, damn I had too much typos]

[ 04-22-2001: Message edited by: donald_k ]

Storm90 · Post by **Storm90** » Sat Apr 21, 2001 3:51 am

Try sysgate they have a new free version out the gives more accurte details. Plus Blocks all ports Nicely. You can get it at www.sygate.com. GoodLuck!

Plus you can block his Ip.

BaLa · Post by **BaLa** » Sat Apr 21, 2001 3:59 am

I use Tiny Personal Firewall
it's great
It costs money you say

Bah not if you know how to get it free

KSJNX · Post by **KSJNX** » Sat Apr 21, 2001 1:34 pm

umm you can download tiny for free off there website (http://www.tinysoftware.com)

Storm90 · Post by **Storm90** » Sun Apr 22, 2001 7:24 pm

tiny is free to the public. If you use it for home use. It has been for a long time. Plus it has been upgraded. Just go to there web site posted on the front page under Extra's for cable and dls. GoodLuck!

drdoug99 · Post by **drdoug99** » Mon Apr 23, 2001 8:13 pm

hell yea, get that hacker banned from his isp or press charges! since your lucky enough he's actually on the @Home network, @home can actually do something about it.