Getting Hacked

the best thing that you can do it research a little into his ISP, most ISP have anti misuse rules, if you can send his ISP a list of their rules, stating clearly how he has broken them. then some action maybe taken. but I doubt you will ever feel justice has been done.
 
CustName: Alexander Levin
Address: 520 Chalet Ct.
City: Saint Louis
StateProv: MN
PostalCode: 63141
Country: US
RegDate: 2004-07-19
Updated: 2004-07-19

NetRange: 207.150.167.200 - 207.150.167.209
CIDR: 207.150.167.200/29, 207.150.167.208/31
NetName: SAGO-207-150-167-200
NetHandle: NET-207-150-167-200-1
Parent: NET-207-150-160-0-1
NetType: Reassigned
Comment: NOCWorx SWIP Interface v1.5 - http://interworx.info
RegDate: 2004-07-19
Updated: 2004-07-19

AbuseHandle: ABUSE32-ARIN
AbuseName: Abuse Team
AbusePhone: +1-866-510-4000
AbuseEmail: abuse@sagonet.com

OrgTechHandle: TECHN20-ARIN
OrgTechName: Technical Support
OrgTechPhone: +1-866-510-4000
OrgTechEmail: support@sagonet.com

i just email there security
 
yes again

hi,

I have an attack from the same person with MSSQL_Null_Packet_DoS

i find ip adress and info of it:

66.111.59.130 (may he changed it)

OrgID: C00970168
CustName: Alexander Levin
Street: 520 Chalet ct.
City: Saint Louis
StateProv: MO
Country: US
PostalCode: 63141
RegDate: 2004-12-13
Updated: 2004-12-13

NetHandle: NET-66-111-59-130-1
OrgID: C00970168
Parent: NET-66-111-32-0-1
NetName: SAGO-66-111-59-130
NetRange: 66.111.59.130 - 66.111.59.139
NetType: reassignment
RegDate: 2004-12-13
Comment: NOCWorx SWIP Interface v1.5 - http://interworx.info
Updated: 2004-12-13

Do you think he probably try to enter my pc? my firewall pop an warning message about this attack ...
 
wow that ISP sucks big time!


root said:
the person is a blue yonder cable customer.
their specific node is
82-36-113-183.cable.ubr03.king.blueyonder.co.uk.

the ports are (according to) http://www.iana.org/assignments/port-numbers
sgi-esphttp 5554/tcp SGI ESP HTTP
ms-sql-s 1433/tcp Microsoft-SQL-Server
netbios-ssn 139/udp NETBIOS Session Service
# 6124-6140 Unassigned
commplex-link 5001/udp
rfe 5002/tcp radio free ethernet
rfe 5002/udp radio free ethernet
fmpro-internal 5003/tcp FileMaker, Inc. - Proprietary transport
fmpro-internal 5003/udp FileMaker, Inc. - Proprietary name binding
# Clay Maeckel <clay_maeckel@filemaker.com>
avt-profile-1 5004/tcp avt-profile-1
avt-profile-1 5004/udp avt-profile-1
avt-profile-2 5005/tcp avt-profile-2
microsoft-ds 445/tcp Microsoft-DS
microsoft-ds 445/udp Microsoft-DS
# 6124-6140 Unassigned

networklenss 3410/tcp NetworkLens SSL Event
networklenss 3410/udp NetworkLens SSL Event

For the SQL (1433) if it was only on this port I'd say it was the SQL slammer (or variant) worm,
the guy is looking to port 139 to try to find the name of your machine, simply the amount of services he/she/it is looking for, (even to the extent they are looking for services that don't have properly assigned ports) tells me that this is (most likely definitly) a hacker.

Your only course of action would be to report this to blue yonder...

Don't hope for too much luck though, I once reported a guy running hacking scripts against the webserver at the company I work for to BT (nslookup showed the address belonged to a BT customer) they simply emailed me back to say port scanning and running illicit scripts against a server isn't illegal, and there was nothing they could do, unless we could proove that one of their customers had actually hack our machines gained entry and either stole erased or oftherwise chaged data...
-from the UKs largest ISP I found that a shocking response.
 
ahahahah

that dude live by me st.louis mo SOUTH COUNTY WOOT WOOT MHS MELVILLIE HIGH SCHOOL GOTTA REP THE M ALL i should stick some shit on his door and tp him :)
 
Back
Top Bottom