Spoofing or hacker reply 3

[flipineck]

Hi everyone,

I constantly get spoofed and port checked, I have Sygate Firewall PRO installed and it seems to do a grand job at stopping them. I also block their specific IP addresses, but it is annoying. I do a 'back check' of who they are, I also 'ping' them and do a 'tracert' to their IP address.
I know I can contact their ISP and try to resolve the problem that way but I have an image of somebody somewhere sat in front of a computer trying to hack into my computer, I would like to give them an immediate reply.
Is there a command or process I could use to have this affect, a determined hacker could allways get in but most are allways kids or idiots running pre-wrote software with little networking knowledge, a little shock factor would at least give me some satisfaction.

For me its a bit like someone is testing all the doors and windows ( no pun ) of my home, I don't mind spending time and effort learning something that will put a huge grin on my face and have them running down the street.

Any reply would be gratefully welcome, apart from spoofing or port checks!

 

[vesselescape]

At the very least, you might forward your firewall logs to an org like "d-shield" (

http://www.dshield.org)

Entered in a data base, they provide ammo for dshield when they send out abuse notices to the offending ip hosts.

 

[flipineck]

Thanks for the address. I must say I didn't know about dshield but it's a site I'll now start to visit often.

 

[vesselescape]

Your Welcome

 

[indytshooter]

Thanks for the link to dshield vesselescape! ZoneAlarm has been blocking my computer from accessing two IP addresses that aren't linked to any of my programs for over a month now. Dshield gave me the detailed information I need. I submitted the information to abuse@att.net.

 

[vesselescape]

FYI

Remember....many of the networks that are scanning your ports, don't know they have been compromised. Had an open port that was exploited by a worm, and now they are part of the problem.
Organizations like DShield and Netwatchman (

http://www.mynetwatchman.com)

help to let these folks know they are being used, and help eliminate at least some of the bandwith loads caused by the script-kiddies

Take the time to set up one of their log clients, and be part of the solution. It ain't the answer, but it helps.

Regards,
David

 

[flipineck]

Good advice, I must admit I started this thread to try and find out a way to give a malicious user a bit of a shock, nothing over the top, just something to make them realise another person could see what they were doing and didn't like it.
After reading about the latest SQL-Sapphire/Hell virus and going to your suggested Dshield site, I can see how a lot of spoofing and port checks come about from innocent users.
I for one would be grateful if somebody contacted me and stated my computer was behaving like a spoilt brat and annoying other people, ie/ I had been compromised.

It's nice to know that such sites exist, thanks again, not just for the link but for insight.

 

[crow053]

flip, try the "killer wall" if you would like a little revenge...

http://www.blackcode.com/labs/

 

[flipineck]

Thanks crow, I may just take a look, it never hurts to have something up your sleeve.