If you obtain an IP address of a person attempting to hacking into your computer with a Trojan horse, what can...
you do about it or who can it be reported to?
First off, given the IP address, you need to figure out what domain the attacker is coming from. You can get this by using the nslookup command in Windows NT/2000/XP and Unix. At a command prompt, type nslookup. Then, at the ">" prompt, type the IP address. You'll get the domain name back, such as www.counterhack.net. Now, go to InterNIC to find out where this domain name was registerd. At www.internic.net/whois.html, type in the end of the domain name, such as counterhack.net. The response will tell you the registrar that site used to register their domain name, such as:
Registrar: NETWORK SOLUTIONS, INC.
Whois Server: whois.networksolutions.com
Go to this whois server and do a look-up of the domain name again. Finally, you'll get the data you want. The response will include a human name, phone number and e-mail address responsible for technical oversight of that domain. You can contact that person and let them know that someone on their domain space appears to be attacking you. They may ignore you, but it's possible you'll get their attention. Send them some log snippets explaining the attack. Also, it's possible that the administrator is the one that is attacking you. Still, your e-mail or phone call may act as a warning so they'll stop.
Also, you can report attacks to the Computer Emergency Response Team Coordination Center at Carnegie Mellon University. They collect information about attacks and sometimes offer help in stopping them. Their main site is at www.cert.org, and their incident reporting page is at https://irf.cc.cert.org/.
For more information on this topic, visit these other SearchSecurity.com resources:
Best Web Links: Law, Public Policy and Standards
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.