General discussion

Locked

IP Addresses

By mckay_w ·
I have recently installed ZoneAlarm, which stops incoming attempts at communicating with my ports. It supplies me with an IP address of which the attempt was made. And can supply with the location of what i think is the ISP. is there a way to actually find out who it is doing this? not just which ISP they're connected through. I have heard something about pinging IP addresses, what does this mean?
Thankyou.

This conversation is currently closed to new comments.

13 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

IP Addresses

by dRb63 In reply to IP Addresses

To "ping" someones IP is in essence "knocking at the door". You may or may not get a response. This depends soley upon the door you're knocking on. Resolving an IP address to a hostname won't be much help either, unless you are wanting to make a complaint to the ISP. To ping, exit to a command prompt and type "ping XXX.XXX.XXX.XXX", where X represents segments of the IP (NOTE: don't use the double quotes). If you need help using ping then type "ping /?" and you'll get a list of switches.

Collapse -

IP Addresses

by mckay_w In reply to IP Addresses

Poster rated this answer

Collapse -

IP Addresses

by hinrgman In reply to IP Addresses

If you use Zonealarm Pro you can have access to the "who is this" database. This is interesting because you will find that you will get pings from all over the world.

I would not pay much attention to these alerts unless they stop because that may mean that your firewall is not working.

After several months look at the log which is created by Zonealarm and look for IP address that continually tries to gain access to your machine and then you might want to persue that IP address.

You will find that you get a significant amount of pings that are in your own ISP's subnet. With your firewall working the pings that you receive get a no response returned to them and that will end the pinger(s) from attempting to access your machine.

Collapse -

IP Addresses

by mckay_w In reply to IP Addresses

Poster rated this answer

Collapse -

IP Addresses

by Joseph Moore In reply to IP Addresses

There is another product from a company called Visualize Software called VisualZone Report Utility 5.6
This program reads the ZoneAlarm log every 10 seconds (by default, but this time can be modified; I run it every 60 seconds). When an "attack" ispicked up by ZA and blocked (and therefore, logged in ZA's log file), VisualZone will parse the info and put it in its spreadsheet-like interface.
You can easily read the intruder IP address, and port they were attacking.
It also has a built in WHOIS lookup of the IP address, so you can see what ISP or company ownes that IP address. You can then use the info it collects to go about contacting the IP address owner about the abuse.
There is also a cool mapping feature, that will map out where the IP address is physically located on the globe! Now, this info is not exactly accurate (if the ISP is based in Chicago, and a remote user calls in from DAllas, the IP address will still show up as being in Chicago!), but it is fun nonetheless.
The 2 best features of VisualZone, though, are the built-in DSHIELD functionality and the Backtrace. http://www.dshield.org/ is a site that collects Internet attack info, and they will forward attacks to the respective ISPs from those of us hit by people. VisualZone can make the submission to DSHIELD automatic when an attack is recorded by ZoneAlarm.
The other feature, Backtrace, works against unprotected Windows machines. If an attacker is not running a firewall on his machine, VisualZone can (again, automatically, after the attack is recorded by ZA), do a reverse lookup of the attacker. It will generate DNS info, plus Windows NetBIOS information (machine name, logged in user name, domain name of the attacker machine).
I stumbled over VisualZone right after I started running ZA, and I love it!
http://www.visualizesoftware.com

hope this helps

Collapse -

IP Addresses

by mckay_w In reply to IP Addresses

Thankyou for ur answer

Collapse -

IP Addresses

by BigDawg2000 In reply to IP Addresses

If you Know the ISP you can call them or most of them have an email contact for abuse of IP address. It is unlikely you find out who did it. If it is small ISP they do not mnitor their systems to well.

Collapse -

IP Addresses

by mckay_w In reply to IP Addresses

Poster rated this answer

Collapse -

IP Addresses

by BigDawg2000 In reply to IP Addresses

If you Know the ISP you can call them or most of them have an email contact for abuse of IP address. It is unlikely you find out who did it. If it is small ISP they do not mnitor their systems to well.

Collapse -

IP Addresses

by mckay_w In reply to IP Addresses

Poster rated this answer

Back to Security Forum
13 total posts (Page 1 of 2)   01 | 02   Next

Security Forums