- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In the last few months, someone from overseas has been attempting to hack my computer via port forwarding that I have configured. I know, because my event logs are full of these (some information redacted):
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 3/26/2013 12:15:03 AM
Event ID: 4625
Task Category: Logon
Level: Information
Keywords: Audit Failure
User: N/A
Computer:
Description:
An account failed to log on.
Subject:
Security ID: SYSTEM
Account Name:
Account Domain: PRIDEDALLAS
Logon ID: 0x3e7
Logon Type: 10
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: jonas4
Account Domain:
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xc000006d
Sub Status: 0xc0000064
Process Information:
Caller Process ID: 0x22b4
Caller Process Name: C:\Windows\System32\winlogon.exe
Network Information:
Workstation Name:
Source Network Address: 188.130.251.74
Source Port: 3569
Detailed Authentication Information:
Logon Process: User32
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
I've changed the port, which throws him off the trail for a while, but then it starts again. Can I turn that IP address into FiOS for them to block? Are there other protocols that I should follow? FBI?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
They make port scanners available online for free downloads.
So he probably has your IP Address
Everytime you change your port he simply scans it again and finds the new port, and then trys to hack you with dictionary or brute force attacks.
I Think you should probably just try to change your IP.
Unless he has a virus on your PC that sends him the new IP Address then he shouldn't be able to find you, unless you are on websites that broadcast your IP.
To change your IP try this.
go to www.whatismyip.org write down your ip address.
Actiontec MI424-WR - RELEASE DHCP
Click on MY NETWORK icon at the top.
Select NETWORK CONNECTIONS from the menu on the left.
Select BROADBAND CONNECTION (coax or ethernet) depending on your connection to the ONT.
Click SETTINGS
Click RELEASE
Click APPLY
Disconnect the router immediately to prevent it from re-requesting a DHCP lease. You have to NOW leave it off for 10-20 minutes.
If you plug it in too fast, it will probably get the very same IP Address that you had before.
Now go back to www.whatismyip.org and make sure that it changed.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sorry, I should have give more detail. I realize how he is doing it (I'm an I.T. person myself) and I suppose I could change my IP, but I don't want to. My equipment is fairly secure. I am looking for an alternate recourse.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
#1 I went to http://network-tools.com/
#2 Selected Network Lookup
#3 Typed in that IP Address.
#4 Pressed Go
#5 That site gave:
a) An abuse contact
b) and a link to http://www.ripe.net/whois
#6 I used that other URL and I see another abuse contact.
**
Your Directions are: Get the abuse e-mal addresses and report the abuse.