What can be done with an IP address?
Discussion
A friend of mine is having a bit of trouble with someone online.
It's the usual stuff.. threatening emails, harassing phone-calls, etc. However, she seems particularly worried that he claims to be a "hacker" (lol, I know). When I asked how she knows this, apparently he's able to always get her IP address and mess with her connection.
Assuming the worst case scenario, and this is true - there's not much he can realistically do with an IP address, is there? He can port scan (she's behind a router and firewall), and maybe DOS her connection, which is what I suspect may be going on. To do anything else would take a serious level of technical ability.. am I right? She's quite tech savvy, runs an up to date patched system, and aware of phishing/trojan type scams.
She's on a dynamic IP, so he's clearly got a way of getting it when it changes. I'm going to have her look through her router logs to see what's going on.. but until then, assuming he has her IP address.. no _real_ harm can be done, so long as she's fully patched and takes precautions? This is assuming he's basically a skript kiddie, maybe playing around with metasploit or some DOS tool.
Going to the police is the next option - but I just want to be able to reassure her until then.
Thanks in advance.
Not sure he can do much to be honest. I'd check that the remote admin of the router was locked down though as there is one way he could track her ip (for all the use of it).
If I was trying to track someone, and had had access to their router at some point, and assuming the password was still default, then I'd simply set dyndns. Everytime the router got a new ip dynamically, then it simply tells dyndns what it is. Simple bit of mapping at the dyndns admin (which is on the net somewhere), I would then link:
stalker.dysdns.org ---> her ip address
So if he ever needed her ip it would always be at stalker.dyndns.org or something like that.
If I was trying to track someone, and had had access to their router at some point, and assuming the password was still default, then I'd simply set dyndns. Everytime the router got a new ip dynamically, then it simply tells dyndns what it is. Simple bit of mapping at the dyndns admin (which is on the net somewhere), I would then link:
stalker.dysdns.org ---> her ip address
So if he ever needed her ip it would always be at stalker.dyndns.org or something like that.
erdnase said:
A friend of mine is having a bit of trouble with someone online.
It's the usual stuff.. threatening emails, harassing phone-calls, etc. However, she seems particularly worried that he claims to be a "hacker" (lol, I know). When I asked how she knows this, apparently he's able to always get her IP address and mess with her connection.
Assuming the worst case scenario, and this is true - there's not much he can realistically do with an IP address, is there? He can port scan (she's behind a router and firewall), and maybe DOS her connection, which is what I suspect may be going on. To do anything else would take a serious level of technical ability.. am I right? She's quite tech savvy, runs an up to date patched system, and aware of phishing/trojan type scams.
She's on a dynamic IP, so he's clearly got a way of getting it when it changes. I'm going to have her look through her router logs to see what's going on.. but until then, assuming he has her IP address.. no _real_ harm can be done, so long as she's fully patched and takes precautions? This is assuming he's basically a skript kiddie, maybe playing around with metasploit or some DOS tool.
Going to the police is the next option - but I just want to be able to reassure her until then.
Thanks in advance.
It depends what the "ip address" is is it the internal ip adress she is referring to and he is just messing with her head?It's the usual stuff.. threatening emails, harassing phone-calls, etc. However, she seems particularly worried that he claims to be a "hacker" (lol, I know). When I asked how she knows this, apparently he's able to always get her IP address and mess with her connection.
Assuming the worst case scenario, and this is true - there's not much he can realistically do with an IP address, is there? He can port scan (she's behind a router and firewall), and maybe DOS her connection, which is what I suspect may be going on. To do anything else would take a serious level of technical ability.. am I right? She's quite tech savvy, runs an up to date patched system, and aware of phishing/trojan type scams.
She's on a dynamic IP, so he's clearly got a way of getting it when it changes. I'm going to have her look through her router logs to see what's going on.. but until then, assuming he has her IP address.. no _real_ harm can be done, so long as she's fully patched and takes precautions? This is assuming he's basically a skript kiddie, maybe playing around with metasploit or some DOS tool.
Going to the police is the next option - but I just want to be able to reassure her until then.
Thanks in advance.
Ip address is irrelevant. what may be on here computer isn't. If there is something on her computer he can control then the firewall is irrelevent as by default most of them allow all outgoing connections from internal computers ( ie this is how gotomy pc works)
Also how does she know he is messing with her connection as it could just a crap interent connection, and it's always been the same but because he's said that he's messing with it (planting the seed) she is now thinking about it more so if IE, safari etc take just s little longer to load (seed growing) she now thinks he's in effect controllling it, unless he is remotely accessing her pc wat os is she running?
I don't think it's any sort of remote access trojan. She's ran a load of virus scans and antispyware that came up negative. To be able to DOS or mess about with her connection, he must have a way of getting her external IP address though.
I made sure her router passwords are set to something other than default, and tomorrow I'll pop round and have a look at her logs and general setup - maybe run wireshark to see what's communicating with the net.
The sort of things I'm talking about, is that he'd email her and tell her he's going to mess up her connection.. and within a few minutes of receiving the email, her connection goes down for 15 mins or so. I've told her not to reply to any emails so he can't get her IP from the headers - as well as storing them for evidence. Her connection is normally stable, so I don't think it's coincidence, and neither does she.
As I say, she runs an up to date patched system, firewall, and doesn't do anything like downloading warez or running dodgy exes. I'll know a lot more once I have a look at her system tomorrow, but I was just wondering if there's anything I should be looking for that I never thought of.
Thanks again!
erdnase said:
The sort of things I'm talking about, is that he'd email her and tell her he's going to mess up her connection.. and within a few minutes of receiving the email, her connection goes down for 15 mins or so. I've told her not to reply to any emails so he can't get her IP from the headers - as well as storing them for evidence. Her connection is normally stable, so I don't think it's coincidence, and neither does she.
easy to do a dos. ping -s will do the trick. he would have to have access to a serious line to do it with though.In terms of how hard it is or taking a lot of technical ability it doesn't.
of course the very first person to do it does need this but then they release the know-how or "code" to do it so any kid and a computer can copy if they know the right sites to look on.
Just out of interest, who is this guy and why has he picked her in particular to mess with?
Unless he is in charge of a botnet or some sort of hacking "crew" on the internet then I don't see how he could completly take down her connection with something like a DOS attack...and in that case, people that have that kind of pull on the internet generally get their jollies from doing something a bit more crazy then messing with a normal woman behind a standard network router.
My thoughts for getting the changing ip address is maybe he is an admin at a forum she may visit, is a member on her MSN contacts or something similar to this. If he was its just a case of having the correct software to rip the ip address (for MSN) and then you have it again.
In terms of access, routers (modern ones) will ussualy have their own built in firewalls which are ussualy not too shabby. However, if its a popular make it may have a known bug or "hack" which canbe exploited for access.
Has this continued after you changed all the passwords?
of course the very first person to do it does need this but then they release the know-how or "code" to do it so any kid and a computer can copy if they know the right sites to look on.
Just out of interest, who is this guy and why has he picked her in particular to mess with?
Unless he is in charge of a botnet or some sort of hacking "crew" on the internet then I don't see how he could completly take down her connection with something like a DOS attack...and in that case, people that have that kind of pull on the internet generally get their jollies from doing something a bit more crazy then messing with a normal woman behind a standard network router.
My thoughts for getting the changing ip address is maybe he is an admin at a forum she may visit, is a member on her MSN contacts or something similar to this. If he was its just a case of having the correct software to rip the ip address (for MSN) and then you have it again.
In terms of access, routers (modern ones) will ussualy have their own built in firewalls which are ussualy not too shabby. However, if its a popular make it may have a known bug or "hack" which canbe exploited for access.
Has this continued after you changed all the passwords?
Edited by ymwoods on Saturday 27th February 04:42
Until I am able to check the router logs and ask her about it in more detail, I'm keeping an open mind.
As far as why would he do this - it was a soured relationship, so there's definitely a motive at least.
I've had her keep a diary of when he say he'll take her internet down, when it actually goes down, and I'll have a look at the router logs and compare.
He always emails her from these anonymous email servers - I think it's Hushmail - so checking the headers is a no-no. My gut instinct is that if he is actually doing anything, he'll eventually get bored with it and move on. However, the content of some of the emails he's sent are definitely of a threatening nature, and I think the best option would be to get the police involved.
I'm just wondering about him being able to mess with her connection. That stood out to me, and whilst I really doubt he's capable of doing that, my friend is quite tech savvy herself and is convinced that he is. I'd just like to be able to either reassure her, or at least be able to have a decent log trail for when/if it goes to the police.
Thanks again guys
maybe post the headers, removing her email address
http://www.hushmail.com/terms/free/
You agree not to transmit, or allow others to use your address to transmit, through Hushmail, any objectionable material including, but not limited to, unlawful or harassing, libelous, abusive, threatening, harmful, vulgar or obscene material that encourages conduct that could constitute a criminal offence, give rise to civil liability or otherwise violate items discussed in #2 above.
suspect that covers it, file an abuse report with hushmail and suspect the mark's account will be nuked
find the local police website and cc them into the complaint after emailing them the problem
high chance that the mark is using hushmail from his home connection and is not using a internet cafe...
http://www.hushmail.com/terms/free/
You agree not to transmit, or allow others to use your address to transmit, through Hushmail, any objectionable material including, but not limited to, unlawful or harassing, libelous, abusive, threatening, harmful, vulgar or obscene material that encourages conduct that could constitute a criminal offence, give rise to civil liability or otherwise violate items discussed in #2 above.
suspect that covers it, file an abuse report with hushmail and suspect the mark's account will be nuked
find the local police website and cc them into the complaint after emailing them the problem
high chance that the mark is using hushmail from his home connection and is not using a internet cafe...
He couldsend email with a remote image embedded, then check webserver logs to get the IP. image may be transparent etc.
First thought was dyndns. Router isn't configable from WAN is it, regardless of password. Check for daftness like MTU being set to 500000 etc! Factory reset and firmware update router also.
Set her up with 2nd pc, see if problem still happens - know the PC is compromised then. Linux livecd is no another PC
First thought was dyndns. Router isn't configable from WAN is it, regardless of password. Check for daftness like MTU being set to 500000 etc! Factory reset and firmware update router also.
Set her up with 2nd pc, see if problem still happens - know the PC is compromised then. Linux livecd is no another PC
Taita said:
He couldsend email with a remote image embedded, then check webserver logs to get the IP. image may be transparent etc.
That would be a good way to get it. You could suggest she changes her email client to only read emails as plain text and not HTML. The links to these sorts of hidden images will appear and he won't get any feedback that could reveal the IP address ...
ks with her again.Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff