NPF tracer route

Discussion in 'other firewalls' started by tenyrsgone, May 29, 2004.

Thread Status:
Not open for further replies.
  1. tenyrsgone

    tenyrsgone Guest

    Hi
    In NPF sometimes i get those annoying hacker probes saying some type of trojan is trying to access my computer. If you respond and check their ip address with the tracer route in NPF, will you alert the hacker that you are there? Or is it safe to use this feature without alerting the person/hacker who probed you that your there?(provided it is a person/hacker and not something else) Thanks so much.
     
    tenyrsgone, May 29, 2004
    #1
  2. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    Short answer, yes, you will alert them that you are really there (assuming it's really anyone who wanted to know in the first place). It's actually kind of a stupid feature to have, since it largely emasculates the whole concept of being Stealthed. (And it also tells them that you've got a firewall, an IDS, or a NAT router that logs unsolicited incoming communication attempts.) If someone turned into a real pest and you're curious about the source, it's actually much better to use something that the online services such as Visual Route or Neo Trace. These run the trace routes from their own site and pass the results back to you. That way, the guy who got tracerouted has no idea where it came from.

    Use these services sparingly. Abuse of them tends to irritate your own ISP and they may develop an inordinate interest in just what you are doing on the 'net!
     
    jvmorris, May 29, 2004
    #2
  3. tenyrsgone

    tenyrsgone Guest

    That's what i thought. I just wanted to confirm it. Thanks for the help Jvmorris.
     
    tenyrsgone, May 29, 2004
    #3
  4. Ben-Zion Joselson

    Ben-Zion Joselson Guest

    My NIS2004Pro has the same tracing feature, but it is not always immediately responsive so I rarely use it.
    A few nights ago I was really irritated by a repeated attack, so I traced its source directly, using one of the following DNS WhoIs servers:

    http://www.apnic.net/apnic-bin/whois.pl

    http://www.arin.net/whois/index.html

    http://www.ripe.net/perl/whois

    http://lacnic.net/en/index.html

    [You cannot apriori tell from the IP which continent to search so you have to try them all]

    Then, using the data provided in the WhoIs results I contacted the Administrator in charge of the ISP serving the offending user, and together we found who was hit with a malicious virus/worm that troubled other users too.
     
    Ben-Zion Joselson, May 30, 2004
    #4
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...