In the last few months, someone from overseas has been attempting to hack my computer via port forwarding that I have configured. I know, because my event logs are full of these (some information redacted):
Log Name: Security
Date: 3/26/2013 12:15:03 AM
Event ID: 4625
Task Category: Logon
Keywords: Audit Failure
An account failed to log on.
Security ID: SYSTEM
Account Domain: PRIDEDALLAS
Logon ID: 0x3e7
Logon Type: 10
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: jonas4
Failure Reason: Unknown user name or bad password.
Sub Status: 0xc0000064
Caller Process ID: 0x22b4
Caller Process Name: C:\Windows\System32\winlogon.exe
Source Network Address: 184.108.40.206
Source Port: 3569
Detailed Authentication Information:
Logon Process: User32
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
I've changed the port, which throws him off the trail for a while, but then it starts again. Can I turn that IP address into FiOS for them to block? Are there other protocols that I should follow? FBI?
They make port scanners available online for free downloads.
So he probably has your IP Address
Everytime you change your port he simply scans it again and finds the new port, and then trys to hack you with dictionary or brute force attacks.
I Think you should probably just try to change your IP.
Unless he has a virus on your PC that sends him the new IP Address then he shouldn't be able to find you, unless you are on websites that broadcast your IP.
To change your IP try this.
go to www.whatismyip.org write down your ip address.
Actiontec MI424-WR - RELEASE DHCP
Click on MY NETWORK icon at the top.
Select NETWORK CONNECTIONS from the menu on the left.
Select BROADBAND CONNECTION (coax or ethernet) depending on your connection to the ONT.
Disconnect the router immediately to prevent it from re-requesting a DHCP lease. You have to NOW leave it off for 10-20 minutes.
If you plug it in too fast, it will probably get the very same IP Address that you had before.
Now go back to www.whatismyip.org and make sure that it changed.
Sorry, I should have give more detail. I realize how he is doing it (I'm an I.T. person myself) and I suppose I could change my IP, but I don't want to. My equipment is fairly secure. I am looking for an alternate recourse.
#1 I went to http://network-tools.com/
#2 Selected Network Lookup
#3 Typed in that IP Address.
#4 Pressed Go
#5 That site gave:
a) An abuse contact
b) and a link to http://www.ripe.net/whois
#6 I used that other URL and I see another abuse contact.
Your Directions are: Get the abuse e-mal addresses and report the abuse.
If you are the original poster (OP) and your issue is solved, please remember to click the "Solution?" button so that others can more easily find it. If anyone has been helpful to you, please show your appreciation by clicking the "Kudos" button.