View Full Version : Tracing a hacker
 
 Kadehadaire
Jul 6, 2006, 11:40 AM
Over the last week, my firewall has blocked 5 intrusion attempts into my machine. I think it is someone in the building trying to hack in to my system. The firewall was able to produce an ID tag on the hacker, but how do I trace them? Is it even possible?:confused:
 NeedKarma
Jul 6, 2006, 11:49 AM
I'm guessing you just installed the firewall. You will typically see quite a bit of "probing" of your IP address. Some of it is from your own ISP but most will be attempts from some guy in Finland turning on a port scanner in the morning, entering a range of IP addresses and returning home at night to see if the reports give him any targets. It's all very impersonal. 
 
What leads you to believe these are actually intrusion attempts and not simple scanning of your PC/IP?
 Kadehadaire
Jul 6, 2006, 11:55 AM
Well, this guy who works in the building with me has been making cracks about my computer and passwords. He hasn't said anything to make me think he has access to my machine, but I simply wanted to know. He kind of gives the impression of being a cyber stalker. He's probably trying to make me feel paranoid, and you're right it is probably some random dude in Finland! 
 
You have helped ease my mind a little! :)
 NeedKarma
Jul 6, 2006, 12:05 PM
Don't connect to the internet for a couple of days then ask him what you've been doing. If he mentions something about websites you've been to in the last few days then you know he's bulls**ing you.
:D
 Kadehadaire
Jul 6, 2006, 12:09 PM
Ah! You are totally right! Thanks so much!! I'm going to see what he says and I'll let you know! Hee hee! :D
 ScottGem
Jul 6, 2006, 12:55 PM
I'm curious as to whether your building has a shared network. Some buildings are wired to provide a LAN within the building. However, if your connection is via Cable or DSL that may not be the case.
 
The most you can tell from the IP address that your firewall blocked is the ISP that issued it. Anything more would require a court order.
 
You can use samspade.org to track the IP back to the ISP.
 Kadehadaire
Jul 6, 2006, 12:56 PM
I'm not sure, but I can check. Would I be able to tell which office the ISP was from? (sorry if this is a stupid question, but I'm a total girl in this area!) :)
 ScottGem
Jul 6, 2006, 01:09 PM
Nope. ISP's don't have "offices" that are specific to areas. An ISP is assigned a block of IP addresses that it can assign to subscribers. Depending on the type of connection an IP may be assigned randomly or sort of permanently. Dial ups tend to be random and broadband sort of permanent.
 
For example, if the ISP is SBC/Yahoo, that's all you will know. There is no way, short of a court order, to find out where in the SBC/Yahoo coverage area the user is.
 
Not sure about what? You don't know how you connect to the Internet?
 Kadehadaire
Jul 7, 2006, 06:30 AM
No, I mean I'm not sure if our building has a shared network. I think it may, but my files aren't workbook shared.
 ScottGem
Jul 7, 2006, 09:06 AM
You should know how your system is setup. Do you pay a fee to the building for access? Or do you pay a carrier like Verizon for access. Do you have your own broadband modem or just connect to a wall jack? 
 
Some buildings are wired for Internet access so they have a router that shares the connection to each apartment. That's what I meant by a shared network. If you do have that, you would just be connected to a wall jack. Otherwise you would have your own broadband modem.