Q

Reporting hack attempts

If you obtain an IP address of a person attempting to hacking into your computer with a Trojan horse, what can you do about it or who can it be reported to?

First off, given the IP address, you need to figure out what domain the attacker is coming from. You can get this by using the nslookup command in Windows NT/2000/XP and Unix. At a command prompt, type nslookup. Then, at the ">" prompt, type the IP address. You'll get the domain name back, such as www.counterhack.net. Now, go to InterNIC to find out where this domain name was registerd. At www.internic.net/whois.html, type in the end of the domain name, such as counterhack.net. The response will tell you the registrar that site used to register their domain name, such as:
Registrar: NETWORK SOLUTIONS, INC.
Whois Server: whois.networksolutions.com

Go to this whois server and do a look-up of the domain name again. Finally, you'll get the data you want. The response will include a human name, phone number and e-mail address responsible for technical oversight of that domain. You can contact that person and let them know that someone on their domain space appears to be attacking you. They may ignore you, but it's possible you'll get their attention. Send them some log snippets explaining the attack. Also, it's possible that the administrator is the one that is attacking you. Still, your e-mail or phone call may act as a warning so they'll stop.

Also, you can report attacks to the Computer Emergency Response Team Coordination Center at Carnegie Mellon University. They collect information about attacks and sometimes offer help in stopping them. Their main site is at www.cert.org, and their incident reporting page is at https://irf.cc.cert.org/.


For more information on this topic, visit these other SearchSecurity.com resources:
Best Web Links: Law, Public Policy and Standards


This was first published in November 2002

Dig deeper on Disaster Recovery and Business Continuity Planning

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close