NPF tracer route

Discussion in 'other firewalls' started by tenyrsgone, May 29, 2004.

Thread Status:
Not open for further replies.
  1. tenyrsgone

    tenyrsgone Guest

    In NPF sometimes i get those annoying hacker probes saying some type of trojan is trying to access my computer. If you respond and check their ip address with the tracer route in NPF, will you alert the hacker that you are there? Or is it safe to use this feature without alerting the person/hacker who probed you that your there?(provided it is a person/hacker and not something else) Thanks so much.
  2. jvmorris

    jvmorris Registered Member

    Feb 9, 2002
    Short answer, yes, you will alert them that you are really there (assuming it's really anyone who wanted to know in the first place). It's actually kind of a stupid feature to have, since it largely emasculates the whole concept of being Stealthed. (And it also tells them that you've got a firewall, an IDS, or a NAT router that logs unsolicited incoming communication attempts.) If someone turned into a real pest and you're curious about the source, it's actually much better to use something that the online services such as Visual Route or Neo Trace. These run the trace routes from their own site and pass the results back to you. That way, the guy who got tracerouted has no idea where it came from.

    Use these services sparingly. Abuse of them tends to irritate your own ISP and they may develop an inordinate interest in just what you are doing on the 'net!
  3. tenyrsgone

    tenyrsgone Guest

    That's what i thought. I just wanted to confirm it. Thanks for the help Jvmorris.
  4. My NIS2004Pro has the same tracing feature, but it is not always immediately responsive so I rarely use it.
    A few nights ago I was really irritated by a repeated attack, so I traced its source directly, using one of the following DNS WhoIs servers:

    [You cannot apriori tell from the IP which continent to search so you have to try them all]

    Then, using the data provided in the WhoIs results I contacted the Administrator in charge of the ISP serving the offending user, and together we found who was hit with a malicious virus/worm that troubled other users too.
Thread Status:
Not open for further replies.