kurzer auszug aus dem helpfile von lockdown2000.
ich weiss garnicht wo das problem ist.
habe es selber mehere male so gemacht und habe immer mehr ruhe.
leider nur in english
(
Remember your log is always auto saved by LockDown 2000
in the LockDown program directory in a file called
currentdate.log. If todays date was 12/23/99 the saved
log file would be 122399.LOG
Play close attention to the first few lines which would look something like what you see below in ver 3.0 of LockDown 2000:
<1:46:29 PM> Trojan network connectivity check enabled.
<1:46:29 PM> Auto Trojan scan is activated.
<1:46:29 PM> Nuke protection disabled.
<1:46:29 PM> ICQ Nuke protection disabled.
<3:14:24 PM> Incoming hack attempt from IP Address: 207.136.9.251
Notice the 5th line. Here you will have the hackers IP address and the method he was using to try to gain access to the computer. In this case the hacker tried to connect using the SubSeven Trojan, and his IP address is 207.136.9.251
As you can see LockDown terminates the connection and starts a trace route on the hacker in the next few lines:
<3:14:24 PM> Terminated connection attempt...
<3:14:24 PM> Attempting trace route... Please stand by...
Now if you scroll to the last few lines of the trace you will find the hackers ISP, and you can send in a complaint letter.
<3:14:50 PM> => 194.ATM8-0-0.GW1.DFW1.ALTER.NET
<3:14:50 PM> => iadfw3-gw.customer.ALTER.NET
<3:14:50 PM> => big-bro-f5-0.iadfw.net
<3:14:50 PM> => ghtia-ds3-1.net.iadfw.net
<3:14:50 PM> => atnt03.ght.iadfw.net
<3:14:50 PM> => pppt03-251.ght.iadfw.net
To make this complaint complete send your e-mail complaint to both the hackers ISP and also the hackers ISP's ISP. (the upstream provider). Make sure also to include the fact that you sent the upstream a complaint also. This will help you get a faster response with them knowing that you also complained to 'their boss'.
We see from the above that the hacker is dialed into the account pppt03-251.ght.iadfw.net (because this is the last line of the trace.)
Now you take ONLY the last part of this address and copy it or write it down. In this case it is: IADFW.NET. The next domain up would be the upstream provider. In this case ALTER.NET. (again leaving off the part before it "iadfw3-gw.customer." all you need is the part at the end
iadfw3-gw.customer.(*ALTER.NET*).
Now you are ready to find the e-mail address for the providers and send in your letter. You do this by clicking on "Net Utilities" in the LockDown 2000 program. On the right hand side you will see the whois section. Type the first address into the whois line (in this case it is IADFW.NET. Make sure you are connected to the Internet when using the Net Utilities. Click on Execute and you should see something like:
==[Looking up IADFW.NET on whois.internic.net]==
-
- Registrant:
- Internet America (IADFW-DOM)
- 350 N. St. Paul, Suite #3000
- Dallas, TX 75201
- US
-
- Domain Name: IADFW.NET
-
- Administrative Contact:
- Davis, Doug (DD344)
[email protected]
- 214.979.9009
- Technical Contact, Zone Contact:
- NOC, IA (IN167)
[email protected]
- 214.861.2577
- Billing Contact:
- Chaney, Jim (JC12164)
[email protected]
- 214.861.2553 (FAX) 214.861.2663
-
- Record last updated on 30-Nov-98.
- Record created on 09-Jan-95.
- Database last updated on 27-May-99 13:27:39 EDT.
-
- Domain servers in listed order:
-
- NS1-ETHER.IADFW.NET 204.178.72.1
- NS2.IADFW.NET 204.178.72.30
-
Now you have the e-mail and phone/address information for the hackers ISP. After you do the first one follow the same directions as above and type in the second ISP to get their information as well.
Now for the letter. You can make this say what ever you want. But make sure you either attach or paste your logs into the email you are sending.
Here are a couple letters from real users of LockDown 2000.
Subject: Illegal hacker attempt using NETBUS trojan techniques
Date: Mon, 24 May 1999 08:54:54 EDT
From: -removed for
[email protected]
To:
[email protected],
[email protected],
[email protected],
[email protected],
[email protected],
[email protected],
[email protected],
[email protected],
[email protected]
CC sent to:
[email protected],
[email protected],
[email protected],
[email protected],
[email protected],
[email protected],
[email protected]
To Whom It May Concern:
Illegal hacker attempt using NETBUS trojan techniques
on 5/24/99 8:44:33 AM (USA East Coast Daylight Savings Time)
from IP address 203.197.131.201
Detected, blocked and traced by LOCKDOWN 2000 (www.lockdown2000.com)
This incident is being reported separately to the Federal Bureau of
International Communications Regulatory Commission - Division of
Criminal Activities.
Please take appropriate actions to stop this illegal activity.
[Logs attached to this message]
Thank you,
-removed for
[email protected]
Here is one from another LockDown 2000 user.
Subject: Attempt to Hack My Computer
Date: Fri, 21 May 1999 01:47:42 +0500
From: SYED KAMRAN HUSSAIN <-removed for privacy-.compol.com>
Reply-To: -removed for
[email protected]
To:
[email protected],
[email protected]
CC:
[email protected],
[email protected]
Dear Mr Haque:
21st May 1999 attempt for hacking report.
<1:03:39 AM> Received connection request from 208.207.93.35 for NetBus <1:03:39 AM> Terminated connection attempt...
<1:03:39 AM> Attempting trace route... Please stand by...
<1:03:39 AM> =[Trace Route ============
<1:03:39 AM> 5/21/99 1:03:39 AM-[From 208.207.93.35]-
<1:03:46 AM> => Dialup-Stub-B.92.207.208.in-addr.arpa
<1:03:46 AM> => 208.209.175.193
<1:03:46 AM> => Dialup-Stub-F.93.207.208.in-addr.arpa
<1:03:46 AM> => 208.207.93.35
===============================================
An early positive action is kindly requested.
Best Regards,
S. K. Hussain <-removed for
[email protected]>
The reply:
A. Haque wrote:
Dear Mr. Kamran,
The person has been called and warned on email, not to
indulge in this kind of activity henceforth. We hope you
will not observe this problem again. If you do, please
let us know and we will terminate this account.
Regards/Ansar
gruesse slie