Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Blocked a hacker through norton firewall,they are sending a trojon horse. But they keep tryin to send it and was wondering what i should do?

Posted on 2004-04-14
6
Medium Priority
?
224 Views
Last Modified: 2013-11-16
Hi, my internet firewall has blocked a particular ip several times from the same location. But they continue to persist in trying to send me a trojon horse, what should i do? is there anything i can do?
Is there anyway of sending a message to the ip telling him that i know what he is doing?
Many thanks Andrew
0
Comment
Question by:neo-deadconcept
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
6 Comments
 
LVL 4

Expert Comment

by:hawgpig
ID: 10838137
What OS???
Is your drive shared??
If it is unshare it and update your OS!!
Good Luck
0
 

Author Comment

by:neo-deadconcept
ID: 10840651
I am running windows xp and i have norton firewall running and the firewall has blocked the ip several times, really all i wanted to know was there some way of scaring off whoever is sending the trojon? and am i able to report them at all?
thanks Andrew
0
 
LVL 4

Accepted Solution

by:
hawgpig earned 500 total points
ID: 10843051
look up the owner of the IP address at
http://wwwdnsstuff.com
use the who is look up or who is search....
This will tell you who owns the IP address range that the attack is coming from....
you can then send a message to the ISP complaining about the attack...
They may or may not do anything about it.....I am getting attacks all day long on my hardware firewall...
I could spend all of my time just e-mailing ISPs all over the place....
But doesn't do any good...The attack is probably not targeted against you......
it is probably some schmo that has the worm on his computer and doesn't even know it.....
and it just keeps trying to send to random computers on the NET....
The firewall is doing it's job, just let it....telll the firewall to block the address all the time....
If the firewall is working don't worry about it......it is not going to get in....
make sure your patches are installed and forget it...
Many have tried and MOST have failed to catch up with these guys....
Good Luck
0
 
LVL 3

Expert Comment

by:alwayssmiling
ID: 11019649
Another site to check who the ISP is is http://www.arin.net Just put the IP in the box at the top, and click on Whois.

As for sending an e-mail or something to the person, don't.  More than likely as hawgpig pointed out, it's possibly someone with a worm on their computer.  But, if it is indeed someone with malicious intents, they will try harder..  By sending them an e-mail, you're confirming that one of the IP addresses they are scanning is valid.  

Symantec should have a reporting feature in their firewall (most do).  I know in free versions, it's disabled, but since you have their Personal Firewall, you paid for it.  I would go through their help menus and see if there is a reporting option somewhere.

Also like hawgpig said, as long as your firewall is blocking them, sleep easy.  But, keep everything updated (Firewall, antivirus, and Windows).  That's the best way to make sure the 'nasties' don't get to you.
Hope this helps you.
Patrick.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question