Hacker left a trace in Security

Hacker left a trace in Security http://www.dslreports.com/forum/r19127768 en Mon, 30 Nov 2009 15:37:23 EDT Mon, 30 Nov 2009 15:37:23 EDT Re: Hacker left a trace http://www.dslreports.com/forum/remark,19132566 yfradkin : Yes...]]> http://www.dslreports.com/forum/remark,19132566 Mon, 24 Sep 2007 00:03:37 EDT Re: Hacker left a trace http://www.dslreports.com/forum/remark,19132562 yfradkin :

said by Marshal

:

You have to keep in mind something.. those 10.x.x.x ip can be something else.....

I sit on a "real" dynamic IP 69.212.x.x. When I changed the password, the system on the other end logged that my Password Change request was made from:

IP address: 69.212.x.x
ISP host: 10.10.63.253

Weird. I was not hiding behind a firewall or a private net.
--
Considering new vehicle? - As a Ford employee I am able to offer you the opportunity to purchase Ford Vehicles at exclusive "X Plan" prices.]]> http://www.dslreports.com/forum/remark,19132562 Mon, 24 Sep 2007 00:02:15 EDT Re: Hacker left a trace http://www.dslreports.com/forum/remark,19128755 caffeinator : Here's the other IP: »network-tools.com/default.asp?pr···26.39.20

I'd be making really sure you don't have an owned box yourself, and change passwords, etc.

Better safe than sorry. :)

-CaFF
--
My 9/11 Tribute..online since 9/14/01
Need an Avatar? Check out Wafen's Avatar Pages]]> http://www.dslreports.com/forum/remark,19128755 Sun, 23 Sep 2007 10:53:25 EDT Re: Hacker left a trace http://www.dslreports.com/forum/remark,19128659 Marshal : You have to keep in mind something.. those 10.x.x.x ip can be something else..

I'm on Cable internet.. when I access some sites, it show my real ip (69.70.x.x) or a 10.82.x.x. That 10.x represent the ip of the cable modem.. it's not a spoofed ip.

So, it can be either spoofed, or can be like me, the ip of my modem..]]> http://www.dslreports.com/forum/remark,19128659 Sun, 23 Sep 2007 10:29:17 EDT Re: Hacker left a trace http://www.dslreports.com/forum/remark,19128538 yfradkin : Yes, I know the method used to hack my account. First my email acct was hacked (I have no idea how); the rest was simple. Virtually all online services will "remind" you a userId associated with a given email address, and will gladly reset your password and send the new password to your registered (hacked, in our case) email.

...Yes, it does look "everything were done correctly from the hackers point of view". Hacker's "ISP host" 10.10.63.251, per »www.iana.org/faqs/abuse-faq.htm, is a "blackhole", or a "prisoner" server. Quoting:

"Private Use" IP addresses:
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
The above address blocks are reserved for use on private networks, and should never appear in the public Internet. There are hundreds of thousands of such private networks (for example home firewalls sometimes make use of them). The IANA has no record of who uses these address blocks. Anyone may use these address blocks within their own network without any prior notification to IANA.
The point of private address space is to allow many organizations in different places to use the same addresses, and as long as these disconnected or self-contained islands of IP-speaking computers (private intranets) are not connected, there is no problem. If you see an apparent attack, or spam, coming from one of these address ranges, then either it is coming from your local environment, or the address has been "spoofed".

--
Considering new vehicle? - As a Ford employee I am able to offer you the opportunity to purchase Ford Vehicles at exclusive "X Plan" prices.]]> http://www.dslreports.com/forum/remark,19128538 Sun, 23 Sep 2007 09:58:51 EDT Re: Hacker left a trace http://www.dslreports.com/forum/remark,19127808 SnowyOne : Have you figured out the method used to hack your account?
What type of account was it?
It would be highly unlikely to find a competent malicious hacker using anything personally identifiable to themselves.
If everything were done correctly from the hackers point of view the IP belongs to a machine that was hacked into & the phone# is a Skype, GrandCentral etc... type of phone#
»www.skype.com/
»www.grandcentral.com/]]> http://www.dslreports.com/forum/remark,19127808 Sun, 23 Sep 2007 02:21:59 EDT Hacker left a trace http://www.dslreports.com/forum/remark,19127768 yfradkin : Hi. One of my online accounts was compromised. A hacker changed the password and "contact information". The Password Change request was made from:

IP address: 207.226.39.20
ISP host: 10.10.63.251

The hacker changed my contact information on that account to:

Joe Benson
XXXX XXXXXXX (masked by me -- yfradkin)
Annapolis MD 21401
United States
(410) 848-XXXX (masked by me -- yfradkin)

Is it possible to use this trace to track the intruder? Any ideas or advice?
--
Considering new vehicle? - As a Ford employee I am able to offer you the opportunity to purchase Ford Vehicles at exclusive "X Plan" prices.]]> http://www.dslreports.com/forum/remark,19127768 Sun, 23 Sep 2007 02:04:44 EDT