This person has port scanned me several times (over 20 times with 2 attacks each time)..
IP: 64.136.16.85
DNS: m22.jersey.juno.com Im wondering if anyone can find out who this is? Do anything about it ...Or direct me to who I should talk to about it...Black Ice says no intrusion occured...But its kinda like someone checking the locks your doors....It does get kinda old ...I would be thankfull for any feedback...If anyone wishes to deal with this matter themselves ...knock yourselves out....I wont be offended...

you running aim or napster???? any kind of file sharing or chat programs?

JaYsin

None.Im not using any kidna file shareing program what so ever.....I kinda keep to myself....Thats why its buggin me...This person has no reason to scan me......

There's a proggy called NeoTrace, it may help you track that person down.

Rat...

yeah... that NeoTrace proggy is pretty good.
here's a post with links to that, as well as a couple other good "finders" like that.
http://sysopt.earthweb.com/forum/Forum1/HTML/009837.html


later.

BTW, I can tell you that your "perp" is from New Jersey and uses Juno as an ISP.

Check out a bit more info on him right here:  http://samspade.org/t/lookat.cgi?address=64.136.16.85&whois=on&traceroute=on


later.

My best suggestion is to put him/her on "BLOCK" in your BID list, and just forget about it. Reporting this attacker to the your or attackers ISP isn't going to do much. As you may already know, majority of cable and DSL users go through this..... it isn't anything abnormal. http://sysopt.earthweb.com/forum/smile.gif

BTW, how long is the lease on your IP? You should be able to see at the bottom by typing the following at the DOS Prompt:

Win9x = winipcfg /all

Win2K & NT4 = ipconfig /all


The lease on my IP is 2 hours, meaning that it changes every 2 hours. It may be possible that you have a static IP.


[This message has been edited by NDC (edited 11-26-2000).]

As long as they don't actually get in, you may not want to do anything about it.

After I got Black Ice in addition to ZA, I had one that was somehow getting to be a problem. (was getting past ZA every time but I think BI stopped their sub7)
Since we were both on aol, I reported it. A few days later, same IP & same probes from a different isp, but I found a small file was eating up space on my drive after each attack. This happened with the original attacks too, just didn't become noticeable for a while.These were 2 attacks 2 minutes apart for hours.

No virus, not really a trojan, but a hassle to be typing & get the alert so you have to start over again on what you were saying before the attack. Black Ice was set to block the IP too.

After several correspondences (and a reinstall of both ZA & Black Ice)with that isp these stopped. The Black Ice log was the clincher.

So as long as you're "stealthed", just let it go. Once one gets past your firewalls, report it to their isp.

It's a shame the 2nd isp didn't act as quickly ast aol did.

your profile doesnt say your location,do you live in the same city,,the reason i ask is i get scanned 20 times a day by my own provider.they say they do it for my own protection..if a users ports are open they will notify them of the vulnerability.just a thought..

Nope...were not in the same town...The static ip thing shouldnt be a issue...Im using a dial up connection..With a non static IP addy..The same person has scanned me a couple of times in since I placed this post.....
Thanks for the input....
Hell

[This message has been edited by Hellhound (edited 11-27-2000).]

Zone Alarm or BID will tell you.

t048, for more information about personal software firewalls, I would recommend reading Sysopt's own Personal Firewall Comparison:

http://sysopt.earthweb.com/reviews/firewall/index.html

Good Luck,
Robert Richmond

View topic in Zonealarm posted just above.


Here is a sample of my email that i send to the ISP Provider of the attacker.


----- Original Message -----
From: Robert-François Trudeau
To: abuse@videotron.ca
Sent: Monday, November 27, 2000 7:50 PM
Subject: Unlawful entry attempt.


Your IP has been logged !!FWIN,2000/11/27,19:32:52 -5:00 GMT,24.202.33.68:21168,24.202.111.58:137,UDP

Do not attempt to communicate with this IP: 24.202.111.58 or any of it's subnets.

This is personal computer on a legal ISP provider in a Country other than the USA.

Further attempts will be logged for 76 hours.

3 more attempts and this automated server will report this activity to the appropriate authorities of your country of your business.

Source ARIN WHOIS

Result
Videotron Ltee (NETBLK-VL-2BL)
2000 Rue Berri
Montreal, Quebec H1V 2E4
CA

Netname: VL-2BL
Netblock: 24.200.0.0 - 24.202.255.255
Maintainer: VLCA

Coordinator:
Roy, Pierre (PR163-ARIN) pierre_roy@VIDEOTRON.COM | for abuse, E-mail abuse@videotron.ca
(514) 985-8656

End of report
Tag ID # 010
Entry # 1
Port # 21168
Status BLOCKED
script=mailto_whois_logdenied_advise

Note that an IP listed might be spoofed and therefore not necessarily be the IP of the real attacker.

Ok, I probably already know, but:

How can you tell if someone is scanning your ports?