yfradkin
join:2003-11-28
Farmington, MI
 ·AT&T Yahoo
| Hacker left a trace
Hi. One of my online accounts was compromised. A hacker changed the password and "contact information". The Password Change request was made from:
IP address: 207.226.39.20
ISP host: 10.10.63.251
The hacker changed my contact information on that account to:
Joe Benson
XXXX XXXXXXX (masked by me -- yfradkin)
Annapolis MD 21401
United States
(410) 848-XXXX (masked by me -- yfradkin)
Is it possible to use this trace to track the intruder? Any ideas or advice?
--
Considering new vehicle? - As a Ford employee I am able to offer you the opportunity to purchase Ford Vehicles at exclusive "X Plan" prices. |
|
SnowyOne
Premium
join:2003-04-05
Kailua, HI
 ·RoadRunner Cable
 ·Clearwire Wireless
| Have you figured out the method used to hack your account?
What type of account was it?
It would be highly unlikely to find a competent malicious hacker using anything personally identifiable to themselves.
If everything were done correctly from the hackers point of view the IP belongs to a machine that was hacked into & the phone# is a Skype, GrandCentral etc... type of phone#
»www.skype.com/
»www.grandcentral.com/ |
|
yfradkin
join:2003-11-28
Farmington, MI
·AT&T Yahoo
| Yes, I know the method used to hack my account. First my email acct was hacked (I have no idea how); the rest was simple. Virtually all online services will "remind" you a userId associated with a given email address, and will gladly reset your password and send the new password to your registered (hacked, in our case) email.
...Yes, it does look "everything were done correctly from the hackers point of view". Hacker's "ISP host" 10.10.63.251, per »www.iana.org/faqs/abuse-faq.htm, is a "blackhole", or a "prisoner" server. Quoting: "Private Use" IP addresses:
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
The above address blocks are reserved for use on private networks, and should never appear in the public Internet. There are hundreds of thousands of such private networks (for example home firewalls sometimes make use of them). The IANA has no record of who uses these address blocks. Anyone may use these address blocks within their own network without any prior notification to IANA.
The point of private address space is to allow many organizations in different places to use the same addresses, and as long as these disconnected or self-contained islands of IP-speaking computers (private intranets) are not connected, there is no problem. If you see an apparent attack, or spam, coming from one of these address ranges, then either it is coming from your local environment, or the address has been "spoofed". --
Considering new vehicle? - As a Ford employee I am able to offer you the opportunity to purchase Ford Vehicles at exclusive "X Plan" prices. |
|
Marshal
Premium
join:2003-11-01
Montreal
| You have to keep in mind something.. those 10.x.x.x ip can be something else..
I'm on Cable internet.. when I access some sites, it show my real ip (69.70.x.x) or a 10.82.x.x. That 10.x represent the ip of the cable modem.. it's not a spoofed ip.
So, it can be either spoofed, or can be like me, the ip of my modem.. |
|
caffeinator
Coming soon to a cup near you..
Premium
join:2005-01-16
Spokane, WA
·WebBand
| reply to yfradkin
Here's the other IP: »network-tools.com/default.asp?pr···26.39.20
I'd be making really sure you don't have an owned box yourself, and change passwords, etc.
Better safe than sorry. 
-CaFF
--
My 9/11 Tribute..online since 9/14/01
Need an Avatar? Check out Wafen's Avatar Pages |
|
yfradkin
join:2003-11-28
Farmington, MI
·AT&T Yahoo
| reply to Marshal
said by Marshal  :You have to keep in mind something.. those 10.x.x.x ip can be something else..... I sit on a "real" dynamic IP 69.212.x.x. When I changed the password, the system on the other end logged that my Password Change request was made from:
IP address: 69.212.x.x
ISP host: 10.10.63.253
Weird. I was not hiding behind a firewall or a private net.
--
Considering new vehicle? - As a Ford employee I am able to offer you the opportunity to purchase Ford Vehicles at exclusive "X Plan" prices. |
|
yfradkin
join:2003-11-28
Farmington, MI | reply to caffeinator
Yes... |
|
