Hacking Attempts / Block IP
laurin1
Enthusiast - Level 3

In the last few months, someone from overseas has been attempting to hack my computer via port forwarding that I have configured. I know, because my event logs are full of these (some information redacted):

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          3/26/2013 12:15:03 AM
Event ID:      4625
Task Category: Logon
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:     

Description:
An account failed to log on.

Subject:
 Security ID:  SYSTEM
 Account Name:  
 Account Domain:  PRIDEDALLAS
 Logon ID:  0x3e7

Logon Type:   10

Account For Which Logon Failed:
 Security ID:  NULL SID
 Account Name:  jonas4
 Account Domain:  

Failure Information:
 Failure Reason:  Unknown user name or bad password.
 Status:   0xc000006d
 Sub Status:  0xc0000064

Process Information:
 Caller Process ID: 0x22b4
 Caller Process Name: C:\Windows\System32\winlogon.exe

Network Information:
 Workstation Name:
 Source Network Address: 188.130.251.74
 Source Port:  3569

Detailed Authentication Information:
 Logon Process:  User32
 Authentication Package: Negotiate
 Transited Services: -
 Package Name (NTLM only): -
 Key Length:  0

I've changed the port, which throws him off the trail for a while, but then it starts again. Can I turn that IP address into FiOS for them to block? Are there other protocols that I should follow? FBI?

0 Likes
Re: Hacking Attempts / Block IP
Hubrisnxs
Legend

They make port scanners available online for free downloads. 

So he probably has your IP Address

Everytime you change your port he simply scans it again and finds the new port, and then trys to hack you with dictionary or brute force attacks. 

I Think you should probably just try to change your IP.  

Unless he has a virus on your PC that sends him the new IP Address then he shouldn't be able to find you, unless you are on websites that broadcast your IP. 

To change your IP try this.   

go to www.whatismyip.org write down your ip address.

Actiontec MI424-WR - RELEASE DHCP
Click on MY NETWORK icon at the top.
Select NETWORK CONNECTIONS from the menu on the left.
Select BROADBAND CONNECTION (coax or ethernet) depending on your connection to the ONT.
Click SETTINGS
Click RELEASE
Click APPLY
Disconnect the router immediately to prevent it from re-requesting a DHCP lease.  You have to NOW leave it off for 10-20 minutes. 

If you plug it in too fast, it will probably get the very same IP Address that you had before. 

Now go back to www.whatismyip.org and make sure that it changed.

 

 

0 Likes
Re: Hacking Attempts / Block IP
laurin1
Enthusiast - Level 3

Sorry, I should have give more detail. I realize how he is doing it (I'm an I.T. person myself) and I suppose I could change my IP, but I don't want to. My equipment is fairly secure. I am looking for an alternate recourse.

0 Likes
Re: Hacking Attempts / Block IP
dslr595148
Community Leader
Community Leader

#1 I went to http://network-tools.com/

#2 Selected Network Lookup

#3 Typed in that IP Address.

#4 Pressed Go

#5 That site gave:

a) An abuse contact

b) and a link to http://www.ripe.net/whois

#6 I used that other URL and I see another abuse contact.

**

Your Directions are: Get the abuse e-mal addresses and report the abuse.