Jump to content

Yeah!........right !!!!!!!

henry d

By henry d,
in Off Topic

 Share

Recommended Posts

henry d

henry d

Posted
Posted

Just looked at a blocked attempted access to my computer, but I don`t believe him..........

 

person: Pedro Jose Goncalves

address: PT.Com - Comunicacoes Interactivas, SA

address: Av. Fontes Pereira de Melo, 40 - 3 - BL A

address: Forum Picoas - 1069-300 Lisboa

address: PT

phone: +351-21-7907000

fax-no: +351-21-7907001

nic-hdl: PG259-RIPE

remarks: *** PLEASE READ THIS ***

remarks: I am NOT hacking into your computer!

remarks: I am listed here as contact for network IP blocks

remarks: allocated and assigned to PT.Com, SA ISP services.

remarks: Please DO NOT send me any reports of network abuse.

remarks: For abuse reports e-mail to abuse@mail.telepac.pt

remarks: *** THANK YOU ***

e-mail: pgoncalves@mail.telepac.pt

 

:rolleyes:

Link to comment
Share on other sites
russuk

russuk

Posted
Posted
Just looked at a blocked attempted access to my computer, but I don`t believe him..........

 

person: Pedro Jose Goncalves

address: PT.Com - Comunicacoes Interactivas, SA

address: Av. Fontes Pereira de Melo, 40 - 3 - BL A

address: Forum Picoas - 1069-300 Lisboa

address: PT

phone: +351-21-7907000

fax-no: +351-21-7907001

nic-hdl: PG259-RIPE

remarks: *** PLEASE READ THIS ***

remarks: I am NOT hacking into your computer!

remarks: I am listed here as contact for network IP blocks

remarks: allocated and assigned to PT.Com, SA ISP services.

remarks: Please DO NOT send me any reports of network abuse.

remarks: For abuse reports e-mail to abuse@mail.telepac.pt

remarks: *** THANK YOU ***

e-mail: pgoncalves@mail.telepac.pt

 

:rolleyes:

 

What you have there is a RIPE query of a netblock (81.193.0.0 - 81.193.127.255). Old Pedro is listed as the contact for the company holding that block of IP addresses. So someone using one of that companies IP addresses has been picked up by your firewall. The infomation there is not the IP address in question, but the info of the company who own the IP block, ie. the ISP http://www.telepac.pt/ http://www.portugaloffer.com/pt_com/index.html

 

More here... http://torstatus.kgprog.com/cgi-bin/whois....p=81.193.58.181

Link to comment
Share on other sites
pin

pin

Posted
Posted

Indeed

 

Old Pedro will probably be the unlucky feller listed as contact for these blocks which probably run shell servers or have a load of dodgy cable punters on them or something - by the looks of things he gets a lot of people going "OI you hax0ring me!!" when it really won't be him!

 

In this case I, like russ, think he's telling the truth B)

 

In my ISP days this happened all the time, in the end things like spamcop and black ice defender which do a whois, harvest an email address and send out automated "hack attack" reports forced us to delist actual people and just have a generic abuse@ email listed with a bot there to pick up anything which wasn't someone trying to claim our mailserver was "hacking" them on port 25 :rolleyes:

Link to comment
Share on other sites
pin

pin

Posted
Posted

An analogy would be ...

 

The IP address which connected to henryd's machine is the vehicle, lets say it was Pedro's car.

 

The invesigative work henry did was to check the plates on Pedro's car, it rightly came back with Pedro's details.

 

Doesn't prove that Pedro was driving though!

Link to comment
Share on other sites
Wookie

Wookie

Posted
Posted

Nope, in fact it's more like it came back with an address for Pedro's company and proved that someone in his company was driving the car.

 

Mind you, you could probably still find out by e-mailing him and demanding IP logs for the IP in question at the time it happened, then getting him to ban them. It's always fun doing that. Or, just talk to the Portugese equivilent of Special Branch and mention hackers. That might do something (if they aren't at lunch! *grin*)

Link to comment
Share on other sites
pin

pin

Posted
Posted

Grr, not really, it was pedro who was identified as a person, not his company B)

 

Why would the tech contact for an IP block be the person to ask for "IP logs", in fact he specifically says it's not him :rolleyes:

 

You could ask abuse@mail.telepac.pt to identify which of thier customers had the IP in question at the time of the incident. However if they would do anything about a complaint (most don't).

 

At home I don't even bother logging dropped packets. when I occasionally have a look I'd expect to see something in the region of 10's thousands of "attempts" to connect.

 

Most of these are port scan's to attempt to identify vulnerable services and they have not tried to attack "you" per-se, they are just looking for some sucker with an unpatched copy of XP and no firewall :evil:

Link to comment
Share on other sites
henry d

henry d

Posted
  • Author
Posted
Most of these are port scan's to attempt to identify vulnerable services and they have not tried to attack "you" per-se, they are just looking for some sucker with an unpatched copy of XP and no firewall :evil:

 

 

Much like a pickpocket finding a zipped pocket :rolleyes: I get a port scan blocked every 5 minutes or so with my firewall and it`s surprising where they come from, Mexico, Mumbai, Thailand, Eastern europe.................Gee it`s great to be popular B)

Link to comment
Share on other sites
henry d

henry d

Posted
  • Author
Posted

I can get alerts from my firewall, and if I click on "More info" it gives more info, including the RIPE query, where the attempted hack APPEARS to have come from, as poor old pedro may have been the victim of a hack himself............or so I believe :rolleyes:

 

 

"Watching the detectives.........OOooooh, OOooooh, OOooooh............"

Link to comment
Share on other sites
pin

pin

Posted
Posted

In theory, unless you are a fairly well skilled security analysist you won't find out who's been trying but you can probably find out who's PC / net connection they used though.

 

Keep a firewall locked down, don't open attachments from people you don't trust (even then be cautious), keep virus checkers updated daily and install all the patches as soon as they come out and you have little to worry about.

 

If you think about it you get worried, but if you don't know about it then you worry. We obviously don't want to be burgaled but we don't spend all our time wondering who walks past our homes looking for an open window :rolleyes:

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...