someone is trying to hack me since yesterday :angry:
wut should i do?
heres the info: the ip to the hacker is 200.193.90.179



OrgName:    Latin American and Caribbean IP address Regional Registry
OrgID:      LACNIC
Address:    Potosi 1517
City:       Montevideo
StateProv:  
PostalCode: 11500
Country:    UY

NetRange:   200.0.0.0 - 200.255.255.255
CIDR:       200.0.0.0/8
NetName:    LACNIC-200
NetHandle:  NET-200-0-0-0-1
Parent:    
NetType:    Allocated to LACNIC
NameServer: TINNIE.ARIN.NET
NameServer: NS.LACNIC.ORG
NameServer: NS.DNS.BR
NameServer: NS2.DNS.BR
Comment:    This IP address range is under LACNIC responsibility for further
Comment:    allocations to users in LACNIC region.
Comment:    Please see http://www.lacnic.net/ for further details, or check the
Comment:    WHOIS server located at whois.lacnic.net
RegDate:    2002-07-27
Updated:    2003-06-12

TechHandle: LACNIC-ARIN
TechName:   LACNIC Hostmaster
TechPhone:  (+55) 11 5509-3522
TechEmail:  [email protected]

OrgTechHandle: LACNIC-ARIN
OrgTechName:   LACNIC Hostmaster
OrgTechPhone:  (+55) 11 5509-3522
OrgTechEmail:  [email protected]

# ARIN WHOIS database, last updated 2004-02-28 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.

OrgName:    Latin American and Caribbean IP address Regional Registry
OrgID:      LACNIC
Address:    Potosi 1517
City:       Montevideo
StateProv:  
PostalCode: 11500
Country:    UY
Comment:    
RegDate:    2002-07-27
Updated:    2004-02-24

AdminHandle: LACNIC-ARIN
AdminName:   LACNIC Hostmaster
AdminPhone:  (+55) 11 5509-3522
AdminEmail:  [email protected]

TechHandle: LACNIC-ARIN
TechName:   LACNIC Hostmaster
TechPhone:  (+55) 11 5509-3522
TechEmail:  [email protected]

# ARIN WHOIS database, last updated 2004-02-28 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.

How do you know you were being hacked?

sorry.

this could be your isp doing a scan of your computer . i get this a lot with NTL . i am using sygate firewall and it is always picking up these scans and they always turn out to be my isp .

dont know but my Norton Internet Security
say that i have been attacked on
3/20/04
11:30:05 am
attemps :45
most frequent attacker is 200.193.90.179

He's trying to 0wn you with netbus....

Stupid scriptkiddies


Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2004-03-20 13:35 CST
Interesting ports on 200-193-090-179.fnsce7001.dsl.brasiltelecom.net.br (200.193.90.179):
(The 1646 ports scanned but not shown below are in state: closed)
PORT      STATE    SERVICE
21/tcp    filtered ftp
25/tcp    filtered smtp
80/tcp    filtered http
135/tcp  filtered msrpc
137/tcp  filtered netbios-ns
138/tcp  filtered netbios-dgm
139/tcp  filtered netbios-ssn
1080/tcp  filtered socks
3128/tcp  filtered squid-http
12345/tcp filtered NetBus
12346/tcp filtered NetBus

Originally posted by baccy_man@20 March 2004 - 20:29
this could be your isp doing a scan of your computer . i get this a lot with NTL . i am using sygate firewall and it is always picking up these scans and they always turn out to be my isp .
but the trace is coming from Brazil :unsure:

Originally posted by toco004+20 March 2004 - 19:35--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (toco004 @ 20 March 2004 - 19:35)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin-baccy_man@20 March 2004 - 20:29
this could be your isp doing a scan of your computer . i get this a lot with NTL . i am using sygate firewall and it is always picking up these scans and they always turn out to be my isp .
but the trace is coming from Brazil :unsure: [/b][/quote]
do you have any filesharing program open such as bittorrent or kazaa?

now to think of it Kazaa :lol:

Do you use ZoneAlarm? Then just click the rapport tab...it will give you more information...

im using norton

@toco004

The best thing to do is send an email to his ISP giving them all the relevant details concerning the attacks and ask them to look into it.


Originally posted by LSA
Someone stomp this mother fucker&#33;&#33; :angry:
With all due respect dude use a little common sense.

This guys box could have been hacked and could be being used by someone else as a platform to carry out further attacks.

The fact that the guy is infected with netbus shows that this could be the case.

Fair enough... it could be some clueless Brazilian script kiddie who&#39;s infected himself but you don&#39;t know that for sure so you shouldn&#39;t encourage aggressive action.

sometimes i get scans when i am using a p2p app other times i get scanned when the comp has been idle . it can happen anytime . i use sygate with the ip blocks from peer guardian as special rules updated a few days ago . and if i use kazaa i dont show my files . i share files but dont show them that way i hope the riaa and others dont get any screenshots of what i am sharing.

Originally posted by leftism@20 March 2004 - 20:42
@toco004

The best thing to do is send an email to his ISP giving them all the relevant details concerning the attacks and ask them to look into it.

ok ill do that

Originally posted by toco004@20 March 2004 - 19:39
now to think of it Kazaa :lol:
try closing kazaa and see if u get the errors

Originally posted by LSA@20 March 2004 - 14:34
He&#39;s trying to 0wn you with netbus....

Stupid scriptkiddies


Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2004-03-20 13:35 CST
Interesting ports on 200-193-090-179.fnsce7001.dsl.brasiltelecom.net.br (200.193.90.179):
(The 1646 ports scanned but not shown below are in state: closed)
PORT&nbsp; &nbsp; &nbsp; STATE&nbsp; &nbsp; SERVICE
21/tcp&nbsp; &nbsp; filtered ftp
25/tcp&nbsp; &nbsp; filtered smtp
80/tcp&nbsp; &nbsp; filtered http
135/tcp&nbsp; filtered msrpc
137/tcp&nbsp; filtered netbios-ns
138/tcp&nbsp; filtered netbios-dgm
139/tcp&nbsp; filtered netbios-ssn
1080/tcp&nbsp; filtered socks
3128/tcp&nbsp; filtered squid-http
12345/tcp filtered NetBus
12346/tcp filtered NetBus

"filtered"

That&#39;s more than likely an isp or proxy server your scanning. :frusty: :)

Originally posted by leftism@20 March 2004 - 14:42
@LSA

With all due respect dude use a little common sense.

This guys box could have been hacked and could be being used by someone else as a platform to carry out further attacks.

The fact that the guy is infected with netbus shows that this could be the case.

Fair enough... it could be some clueless Brazilian script kiddie who&#39;s infected himself but you don&#39;t know that for sure so you shouldn&#39;t encourage aggressive action.
Guess your right :stupid:

I edited out my encouragement for aggresive action a while ago, that was dumb to say.

So please take that out of your post.

@shn: When am I going to learn&#33;?&#33;? :frusty: :lol:

Originally posted by Marius24+20 March 2004 - 20:45--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (Marius24 @ 20 March 2004 - 20:45)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin-toco004@20 March 2004 - 19:39
now to think of it Kazaa :lol:
try closing kazaa and see if u get the errors [/b][/quote]
ok

when i trunded Counter Strike on it showed werd leters :(

what firewall you got?

Norton Internet Security

you could try doing a scan with trend micro house call to see if that picks anything up. the scan is free .

http://uk.trendmicro-europe.com/index_consumer.php

if you are not in europe then you will need to go to trend micro . com

Originally posted by toco004@20 March 2004 - 20:03
Norton Internet Security
When I had that I was constantlly being warned of people hacking me - get Kerio (loads better) and the "intruder" was probably just some spam mail thing

i think it was just Kazaa cause i havent got a attack :)

Dispite the hype - Norton&#39;s crap - get Kerio

ill check it out :)

If you PM me and coem on MSN, I&#39;ll send you it :)

Originally posted by samsamsamsam@20 March 2004 - 15:25
Dispite the hype - Norton&#39;s crap&nbsp; - get Kerio
All software based firewalls are crap.

Get a router. :)

@shn
i got a router but my dad took it to work to change the ip
cause its haveing a conflict with the servers ip :(

@Sam4
its ok ill just wait till my dad brings the router back.