Someone gave me this Visual Route program and I was able to trace the sircam
that it was from korea:
Korea Network Information Center
About tracing, I would just like to know where it's coming from.
Maybe on an idealistic note: It sounds like fun following the traces of this
would-be hacker.
I know we can't do anything as of the moment.
But it's like... "Hey we got a hacker! Cool! Let's see where he lives."
I dunno. We've been receiving much more attempts on the server like endless.
I don't mind them anymore.
Minsan lang kasi ako maka-encounter ng local attacks. Usually Japan, US,
Korea, Russia.
Kaya kapag dito sa atin. Wow! Ang galing natin. Weird pero parang makes me
proud we can also do more stuff than what other countries think of us.
The thing with this guy, he is trying a very old DOS attack. It makes me
think, why would he do such a thing. You know. Just boggles the mind. Kawawa
bandwidth ng opisina namin. Wawa sysad ng summit. Kasi ako sa websites lang
hawak ko. Siya hawak niya 6 na kompanya. Mag-isa lang rin siya.
Anyway, thanks.
Fritz Mesedilla
Systems Administrator
Summit Interactive, Inc.
FHM | Seventeen | Candy | Cosmopolitan | Preview | Good Housekeeping
femalenetwork.com | candymag.com | fhm.com.ph | cosmo.com.ph
Palm Pilot Software: TVSked - Download from the link below
----------------------------------------------------------------------------
http://mesedilla.tripod.com +Basta Ikaw Lord
-----Original Message-----
From: Rafael 'Dido' Sevilla [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 11, 2001 7:44 PM
To: [EMAIL PROTECTED]
Subject: Re: [plug] ip address trace route
On Tue, Sep 11, 2001 at 06:47:27PM +0800, Fritz Mesedilla wrote:
> Anyway, sana mabigyan niyo ako ng tracing program. Something that can give
> me an idea who is trying to enter our servers.
>
Such a program simply does not exist. You can trace the attacker,
especially if he's stupid (most of them are, fortunately for us), all
the way to the IP address used to launch the attack. If they're
really dumb they'll be using their own boxes to launch the attack
(this is by no means uncommon), and from there, you can easily figure
out what ISP or organization owns that IP address by doing a whois
query on APNIC, ARIN, or RIPE (usually it would be APNIC). Visit
their websites (http://www.apnic.net, http://www.arin.net, and
http://www.ripe.net) for the form you need to do it.
>From there, you should be able to contact the appropriate authorities
who control that IP and figure out who is trying to enter your servers
from there. If the attack was launched from a dialup IP of an ISP,
usually there would be caller ID information in the ISP's Radius logs.
If the attack was launched from some server, it is only prudent to
inform the real owners that their box has been compromised.
Frankly, I'm not sure what you can do with the information if and when
you got it. I've consulted with my company's legal department on this
issue and they've told me that given the present state of cyberlaw,
successfully prosecuting anyone for 'hacking' as defined by RA 8792
(The E-Commerce Act) is a very long shot. While RA 8792 specifically
admits electronic evidence in a criminal case, *there are still no
rules for dealing with electronic evidence in criminal proceedings*.
The recent rules made by JJ Disini promulgated by the Supreme Court
only apply to civil cases (which conspiracy theorists among us may
whisper might apply to the appealed libel case by his brother against
my boss, but that's another story...). Cyberlaw addressing this issue
here in the Philippines is woefully inadequate to the task, and in no
country in the world does it seem to be much better. It's really a
difficult issue...
--
Rafael R. Sevilla <[EMAIL PROTECTED]> +63(2) 8177746 ext. 8311
Programmer, InterdotNet Philippines +63(917) 4458925
http://dido.engr.internet.org.ph/ OpenPGP Key ID: 0x5CDA17D8
_
Philippine Linux Users Group. Web site and archives at
http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
