How not to be found

[DanCJ]

Hey All

I'm new here... but I'll ask about the subject that led me to find this site.  Was looking up what scanreg does.... since I just removed it from start up.

I have a hacker creep following me around on the internet harrasing and trying to get into my computer to do who knows what.  Offers lots of presents like the Sub7 of this morning.  So far my McAfee firewall, Spybot and other blocking means have refused the gifts.

The big question is HOW is the creep finding my ever changing dial-up IP address?  I can start up with nothing but connecting and with McAfee firewall running and the creep finds me!  Have stripped out EVERYTHING and blocked anything non-essential.  Even blocked McAfee from checking updates.  Run McAfee, Spybot, Ad-Aware and nothing. This morning I first connected and he's on to me in under 5 minutes.  It looks like a hack into the local server to me but my ISP tells me that is impossible.  And of course they say they can't back track him either since he fakes his sending IP addresses.  Spoofs and zombies I think they are called. According to the ISP it's not a server hack so something must be transmitting to him. I don't see it nor can I find anything doing so.  I'm running so quiet at this point that often my ISP will disconnect me in 20 minutes thinking no one is using the connection!  Any ideas how I'm being found?

I'm using Win 98SE, up dated IE yesterday (IE is not how I'm found tho) using a dial-up connection in about a 500 user group of IP addresses.  

Thanks
Dan

[Raptor]

Perhaps you shouldn't give away any nudies in chatboxes?

Joleen learnt that the hardway.  

Scan for viruses, spyware and trojans.

Read these articles:

How Stuff Works - Internet Channel

How Stuff Works - Security Channel

How about formatting your PC? That will certainly remove everything that could be leading him to you?

[DanCJ]

Hey Raptor

It is some sicko with no known motivation beyond having worms in his/her head.  I'm not worth that time or trouble to anyone in their right mind.

I've scanned withe McAfee, Spybot, Guard Dog, Ad-Aware.  Nothing detected.  Never has been anything that would relate to this problem.

The creep found a completely different PC rather quickly!  So the format thing won't help.  That's why I would think my constant ISP given ID at the local server would seem the only means.  

I'll read what you suggested.

Thanks
Dan

[Raptor]

Those are very basic articles, but you may derive some useful information from them.

Are you certain this is a person that is tracking you and not a very well  hidden trojan?

Perhaps using a different Operating System is a good choice. (Windows XP..?)

[DanCJ]

Hey Raptor

Can't get to the articles just now... that new Spybot needs some training!  But I've had trouble with How-it-works before.  Their ad crap is most unforgiving of denials.  I block some advertisers... which this hacker can grab as download vectors toward my computer.

Anyway, old computer was Win98, New computer is 98SE.  That's about as different as it gets.  A friend has been hit by this same creep and has XP and cable and a router service as well!  For numerous reasons XP isn't an option.  The creep likes to victimize members of a particular website... which I won't mention here because the curious would be at risk.  The site is a family oriented thing and not what you would typically think of as hacker turf.  Good teen gone insane is my best guess.  

This is most definitely a person, but a hidden transmitter on my computer is quite possible.  If there is one it would seem to be either something normal being spotted or something totally custom and unrecognized by scan programs.  I have no idea what can be seen of another computer from the outside, but with 500 possibile computers on 3 subnet ranges it seems weird that I can be found in that clutter of changing IP addresses.

Dan

[dl65]

DanCJ...If you think that you can be on line and no one can find you ...think again .....If you want to find out where your pc is lacking in security .......please visit........
http://www.grc.com/      ........ and let it run the shields up scan of your machine .....it will let you know which of your ports are not being blocked .........
The other thing to be aware of is if in fact someone is
"I have a hacker creep following me around on the internet harrasing "  ..........stalking you.....you should inform your local police or law enforcement agency. They have the resources to track this person down. On the other hand if you are just a little paranoid......remember that whenever you go to a site ...ie chat rooms .....game rooms....or for that matter any site....your ip addresss is logged......So my best advice to you would .....given that the threats as you put it are not of a serious nature........ignore them and get on with your life. The other option is to NOT use the internet........

Let us know how you make out

dl65  

[DanCJ]

Hey DL65

I have some business interests on the internet so not using it is a non-option.  It's not my imagination.  And there is damage to my business activities.  Have you ever heard of a backwoods sheriff being any use understanding what a hacker is?... much less doing something about a problem.  The county law is cyber ignorant.  If you ask if I'm paranoid...  imagine trying to get them to comprehend what is occuring. My county is about the most no-tech in the USA. No 911 service, but they did get county purchased police cars a few years back.  Their personal cars were getting rather ragged for patrol duty. I have my ISP a bit interested but so far no luck hunting him down.  These "resources" you and I've heard others mention are largely mythical it seems.  It's difficult to trace back something that requires the cooperation of secondary ISP... that are different... and may be anywhere in the world... in 5 minutes!  You can never predict when a given hit is a real feedback connection among 100 spoofs.  Even then it's not a direct connection.  Try to tell Barney Fife about this stuff.  Yikes!

Thanks for the scan link I'll try that later.  I don't think it is a matter of vulnerable ports.  But he sure constantly scans to find any.  I have McAfee firewall, Guard Dog and just recently Spybot watching for any intrusions.  The damage so far is all exterior.  Unfortunately my websites, business customers and friends are exterior as well.

Yes this creep without doubt got one of my ever changing IP addresses.  Same with the others he has hit at.  The question is how does he consistantly find me when I'm one of the other 499 possible.  Even if I can duck him, I'd like to help the others know how to "hide" from his IP sighting.  How does he locate us out of the crowd of ever changing IP addresses? The cable/router locating is plain spooky, but he has apparently done so.  My ISP recently added a new subnet block... but this creep found me on the new block in almost no time.  

Thanks for any help
Dan

[Raptor]

Have you tried tracing the IP's you have blocked from him with a program such as Neotrace Pro 3.25 which can give you detailed information on the IP's owner his/her whereabouts.

[DanCJ]

Het Raptor

The IP are all fakes.  Most are spoofs to nowhere in places like Argentina and China.  Totally faked sources.  A small percent are apparently returning info but they are just short term stolen routes.  By the time you trace them they just go to Joe Computer User in Colorado or such.  I've caught a few, but the next day they go somewhere completely different.  One went to Canada at first and the next day Amsterdam!  Same IP address!  Being an 81 net for both.  How many 81 net users are in Canada?  I guess he had a zombie in Amsterdam and is really in Canada.  A couple others like that went back to western Canada as well.  Shaw cable in Canada.  That narrows it to only a few million.  

Anyway... the question really is how to NOT be found?  This creep might get busted, but there are more right behind him.  I've only been on the net since summer of 2003 and this is my second hacker encounter!  The first was a 15 year old mental case that got busted.  This one likely is similar!  When I was a 16 year old kid I rode motorcycles and heard "born to be wild" in my antic imagination.  Now we have teens with hacker 'power trips'... geekazoids.  What will this world become?  If they would only stick to messing with each other.

Again the thing I need here really isn't how to catch the hacker, but how not to be trackable by this one or any more in the future.  How can he be doing this and how can I stop it?

Thanks for the help
Dan

[DanCJ]

Hey Raptor

Got to read the 'How it works' that you recommended.  Learned a few things.... thanks... but not what I need.  Although it's too early to be certain, since I removed scanreg and systray, I haven't been "found".  He has been probing but no apparent find.  Could one of those be utilized?  Sending info out as well as the intended normal use?  They would seem to likely have a rather unique signature to a given computer.

thanks
Dan

[Raptor]

I really have no experience with hacking or tracing other computers - I think you are better off posting on a forum that is dedicated to Computer Security.

Have you taken a look at the Gibson Research Corporation website?

Perhaps, if you have not yet done so, you can add a Router between you and your connection so that you have a software and firmware firewall.

[DanCJ]

Hey Raptor

He found me again, so I can put scanreg and systray back in start up.  Guess he had someone else to hack for a while.  I'll check out that link.

Thanks for the help
Dan

[DanCJ]

Hey Raptor and dl65

I checked out that Gibson Research and have been testing everything and looking for the ID leak.  Everything is reported operating stealth and working as should so I'm still looking.  Nice website!  Helps to know what definitely is not giving me away.  Unless I'm the only computer on my subnets that is full stealth... and that gives me away!  

Thanks for the help!
Dan

[Raptor]

Stealth does not always necessarily mean that these ports can not be found - I am certain there is information avaible on that as well.

Have you considered upgrading to another operating system? Windows XP for example.

And just to check: Have you downloaded the latest Windows updates?

[DanCJ]

Hey Raptor

Updated my 98SE a day or so back and XP isn't an option fo various reasons... mostly compatibility issues.

Yeah I realize probing ports returns info. My point was that if I'm about the only "all steath" machine being shown by his probes, I might stand out.  I am playing with Gibsons "idserver" program right now.  A port is reported as closed, open, or stealth; by even his tiny program.  I'm looking at results from fellow subnet users.  Guess I need actual hacker tools to see what a hacker sees....  I'd need to take bath after using them. lol

Thanks
Dan

[Raptor]

Let us know what you find out.

Have you considered using a firmware Firewall?

[DanCJ]

Hey Raptor

I'll certainly let you know here if I find the answer.  That is my goal.  Have an understanding and solution to this hacker crap and let it be known to all that need it.  A free solution is also the goal.  I think I personally can 'buy' a solution for $120 a year.  That doesn't help anyone else visiting my website.  

Thanks for the help
Dan

[merlin_2]

port scanner...?...msn messager etc sub 7 is illegal and you should report it..to your isp...download sygate firewall...or  try a program called ghost server...

[Raptor]

I think I personally can 'buy' a solution for $120 a year

What kind of solution would that be, Dan?

[Joleen]

I only skimmed most of the posts but have you tried a router or some other hardware firewall?  Piggy back that with something like the Sygate software mentioned above.  As for me learning about how not to post nudies.. thank goodness they were the ones Raptor sent and not my own!  

[Raptor]

Aw, come on, don't be ashamed. It's okay to be a bit chubby.. Well a bit..