Ask the Expert

Reporting hack attempts

If you obtain an IP address of a person attempting to hacking into your computer with a Trojan horse, what can you do about it or who can it be reported to?

    Requires Free Membership to View

First off, given the IP address, you need to figure out what domain the attacker is coming from. You can get this by using the nslookup command in Windows NT/2000/XP and Unix. At a command prompt, type nslookup. Then, at the ">" prompt, type the IP address. You'll get the domain name back, such as www.counterhack.net. Now, go to InterNIC to find out where this domain name was registerd. At www.internic.net/whois.html, type in the end of the domain name, such as counterhack.net. The response will tell you the registrar that site used to register their domain name, such as:
Registrar: NETWORK SOLUTIONS, INC.
Whois Server: whois.networksolutions.com

Go to this whois server and do a look-up of the domain name again. Finally, you'll get the data you want. The response will include a human name, phone number and e-mail address responsible for technical oversight of that domain. You can contact that person and let them know that someone on their domain space appears to be attacking you. They may ignore you, but it's possible you'll get their attention. Send them some log snippets explaining the attack. Also, it's possible that the administrator is the one that is attacking you. Still, your e-mail or phone call may act as a warning so they'll stop.

Also, you can report attacks to the Computer Emergency Response Team Coordination Center at Carnegie Mellon University. They collect information about attacks and sometimes offer help in stopping them. Their main site is at www.cert.org, and their incident reporting page is at https://irf.cc.cert.org/.


For more information on this topic, visit these other SearchSecurity.com resources:
Best Web Links: Law, Public Policy and Standards


This was first published in November 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: