Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Tracing location from IP Address, it is possible ?
New Posts  All Forums:Forum Nav:

Tracing location from IP Address, it is possible ? - Page 3

post #21 of 28
only reason a portscan is used is to identify services and holes available/exploitable if the initiator is malicious. Then again if you've got a malicious initiator portscanning a system and they can't mask their own activity, they deserve to be visited. No room for script kiddies or wanna-be's in the gene pool.
     
CPUGraphicsRAMHard Drive
Intel Core 2 Duo T7500 2.4Ghz NVIDIA GeForce Go 8600M GT  8GB DDR2-667 SDRAM OCZ Vertex 3 VTX3-25SAT3-120G 2.5" 120GB SATA I... 
CoolingOSOSMonitor
Hacked and Slashed Quad-Cooler Halcyon-Twin Style! Windows 7 Ultimate 64-bit Backtrack 5 15.4" WXGA (1280x800) 
  hide details  
Reply
     
CPUGraphicsRAMHard Drive
Intel Core 2 Duo T7500 2.4Ghz NVIDIA GeForce Go 8600M GT  8GB DDR2-667 SDRAM OCZ Vertex 3 VTX3-25SAT3-120G 2.5" 120GB SATA I... 
CoolingOSOSMonitor
Hacked and Slashed Quad-Cooler Halcyon-Twin Style! Windows 7 Ultimate 64-bit Backtrack 5 15.4" WXGA (1280x800) 
  hide details  
Reply
post #22 of 28
Quote:
Originally Posted by Ulquiorra View Post

the way i read good plan whats to use zenmap ... which is a port scan so its the same? If you didnt mean this then meh oki coke read it wrong but thats the first thing you sudgested ^_^
No, that's not what happened in the slightest. Quite the opposite in fact.
Quote:
Originally Posted by Ulquiorra View Post

Nmap shows you nothing more than zenmap as its the same thing :s
Seeming as we're lecturing each other on the bleeding obvious: Actually it's the other way around. zenmap is just a GUI for nmap rather than nmap being the same thing as zenmap tongue.gif
Quote:
Originally Posted by Ulquiorra View Post

I didnt mean to sugest yours was bad but a nmap is meh ... pretty useless for this, what information would it give you?
Oh I agree. nmap was a terrible suggestion of mine. If you go back and re-read the thread then you'll notice that I quickly retracted that suggestion (re the "good plan" comment). This is why I got narky. The "good plan" comment was in reference to me saying the OP should ignore my nmap comment and focus on the whois, and yet you guys wade in later and kick off about something that's already been scrubbed.

Quote:
Originally Posted by Ulquiorra View Post

Also running a nmap against someone (basic scan so nmap ip) is illigal,
Not in the UK. How would I know what retarded laws your technologically inept government decides to pass?
Quote:
Originally Posted by Ulquiorra View Post

it trys to connect to services such as SNMP which is unautherised access wink.gif
You're not entirely correct there. A default scan (you can program additional modules, but we're talking default behaviour here) will open a raw TCP or UDP connection to open ports. nmap doesn't try to log in to the service, it just requests a connection. SNMP, SSH, HTTP, FTP and so on, all then publish their details in clear text. There is no attempt to log into the service what-so-ever. The details returned are the daemons indiscriminately broadcasting to any connection request. Thus, technically, no attempted hack has taken place. And yes, even SSH broadcasts it's server details in clear text upon an TCP connection.

This is why I likened the process to pinging - except we're talking TCP/IP pings instead of ICMP echos. Another comparison would be wireless devices scanning SSIDs when you select a network to connect to. It's all the same principle: networking services indiscriminately broadcasting service details upon request. The only difference is most people don't really understand what nmap is so crudely assume it's for hacking.

The fact is, you can do a great deal of damage with pings too. In fact forged ICMP packets with faked host IP details are (or rather were) often used as a method of ping flooding servers offline (ie I'd ping Google with a forged ICMP packet that looked like it was sent from one of your servers. Google then replies to you rather than me. You get ping flooded and Google would be the attacker and thus I get away undetected). So why is ping legal and a common recommendation?

So anyway, yes nmap can be used to aid hackers, but on it's own it's completely harmless.

Quote:
Originally Posted by Ulquiorra View Post

but thats a minor niggle and you can turn that off, scans on the internet as you know from running serevrs are just for the most part annoying so please dont go sugesting them to others =D it makes more work for us poor logwatch reviewers wink.gif
[/quote]
I don't mean to be rude, but now you're making terrible suggestions. If people want to scan your box then they'll learn how to one way or another. Thus the best advice is to educate people about what a port scan is so they learn how to secure their own boxes. Who cares if it's also more work for people like you and I - that's what we're bloody well paid to do. Besides, it's not exactly hard to set up iptables to adaptively block port scans (or to buy a Cisco firewall if you really need to be spoon fed).

Quote:
Originally Posted by halcyon-twin View Post

only reason a portscan is used is to identify services and holes available/exploitable if the initiator is malicious.
Clearly that's not true because I listed another reason in this thread.

Another example of legitimate use would be when I have trolls on one of the forums I moderate, I've used nmap (amongst other IP tracing / lookups) to gauge whether the offender is using a proxy, Tor or on their own home connection. I do this so I know what level I want to ban them at. eg an IP ban would be worse than useless if it's a Tor node but proxies should be blacklisted.
Edited by Plan9 - 7/20/12 at 1:49pm
post #23 of 28
Quote:
Originally Posted by Plan9 View Post

No, that's not what happened in the slightest. Quite the opposite in fact.
Seeming as we're lecturing each other on the bleeding obvious:

I didnt mean to sound like im lecturing at all :s no need to get rude!
Quote:
Originally Posted by Plan9 View Post

Actually it's the other way around. zenmap is just a GUI for nmap rather than nmap being the same thing as zenmap tongue.gif
Oh I agree. nmap was a terrible suggestion of mine. If you go back and re-read the thread then you'll notice that I quickly retracted that suggestion (re the "good plan" comment). This is why I got narky. The "good plan" comment was in reference to me saying the OP should ignore my nmap comment and focus on the whois, and yet you guys wade in later and kick off about something that's already been scrubbed.

I have allready appologised for misunderstanding you point ... I though you were dsaying dont use Nmap use zenmap, also you replyed wink.gif!
Quote:
Originally Posted by Plan9 View Post

Not in the UK. How would I know what retarded laws your technologically inept government decides to pass?
It can be classed as a "hacking tool" and so can fall under the computer misuse act (I know its a netowrk admin tool but so id john the ripper), they are never going to nick you for having it but if you dont need it done use it, im from the UK too
Quote:
Originally Posted by Plan9 View Post

You're not entirely correct there. A default scan (you can program additional modules, but we're talking default behaviour here) will open a raw TCP or UDP connection to open ports. nmap doesn't try to log in to the service, it just requests a connection. SNMP, SSH, HTTP, FTP and so on, all then publish their details in clear text. There is no attempt to log into the service what-so-ever. The details returned are the daemons indiscriminately broadcasting to any connection request. Thus, technically, no attempted hack has taken place. And yes, even SSH broadcasts it's server details in clear text upon an TCP connection.
This is why I likened the process to pinging - except we're talking TCP/IP pings instead of ICMP echos. Another comparison would be wireless devices scanning SSIDs when you select a network to connect to. It's all the same principle: networking services indiscriminately broadcasting service details upon request. The only difference is most people don't really understand what nmap is so crudely assume it's for hacking.

Nmap is just a tool, you could liken nmap to a sonar device i guess, it sends stuff out lets you know if its there, however i belive in nmap 5 / 6 the default behaviout is more aggresive and when it finds servives such as SNMP it will issue the commands to establish a basic connection thus showing if a service is lising on the port. It only attmpts logins as you correctly said of you use NSE to tell it too
Quote:
Originally Posted by Plan9 View Post

The fact is, you can do a great deal of damage with pings too. In fact forged ICMP packets with faked host IP details are (or rather were) often used as a method of ping flooding servers offline (ie I'd ping Google with a forged ICMP packet that looked like it was sent from one of your servers. Google then replies to you rather than me. You get ping flooded and Google would be the attacker and thus I get away undetected). So why is ping legal and a common recommendation?
So anyway, yes nmap can be used to aid hackers, but on it's own it's completely harmless.

Yes and if you forge a ICMP packet and break a box you can get done for that as its a DOS xD!, The attack you descibe is a teardrop attack and nmap is not complety harmless it can overload "old" computers . even the creators of namp admit it can crash a box in rare occasions see here
Quote:
Originally Posted by Plan9 View Post

I don't mean to be rude, but now you're making terrible suggestions. If people want to scan your box then they'll learn how to one way or another. Thus the best advice is to educate people about what a port scan is so they learn how to secure their own boxes. Who cares if it's also more work for people like you and I - that's what we're bloody well paid to do. Besides, it's not exactly hard to set up iptables to adaptively block port scans (or to buy a Cisco firewall if you really need to be spoon fed).

To be fair thats one part of my job I prefer management / development .. I know its my job but its bloody annoying not because its hard but due to paper work thats all ..

Also on a differnt note why would you need a adaptive firewall if its set up porpley nothing gets though it anyways, deny all in / out all what you need from and too where you need it (whenever possible of course)
Quote:
Originally Posted by Plan9 View Post

Clearly that's not true because I listed another reason in this thread.
Another example of legitimate use would be when I have trolls on one of the forums I moderate, I've used nmap (amongst other IP tracing / lookups) to gauge whether the offender is using a proxy, Tor or on their own home connection. I do this so I know what level I want to ban them at. eg an IP ban would be worse than useless if it's a Tor node but proxies should be blacklisted.

great for you .. you know what your doing though which is all i meant by saying it can cause harm, you know to not set nmap off at its standard T4 setting and not to do all ports but somone else may not, thats all


(PS on a serious note its good to chat to a proper sysadmin like yourself =D makes a change when someone knows there stuff thumbsupsmiley.png)
Edited by Ulquiorra - 7/20/12 at 2:10pm
Escobar
(9 items)
 
Supercomputer ^_^
(13 items)
 
 
CPUMotherboardGraphicsRAM
1055T M4A88T-D EVO USB3 ATI 6850 4 GB 
Optical DriveOSMonitorKeyboard
DVD RW Windows 8 Pro lp1900 + 2 X 15 inch dell Microsoft Comfort Curve 
PowerCase
600watt thermaltake antec 200 
  hide details  
Reply
Escobar
(9 items)
 
Supercomputer ^_^
(13 items)
 
 
CPUMotherboardGraphicsRAM
1055T M4A88T-D EVO USB3 ATI 6850 4 GB 
Optical DriveOSMonitorKeyboard
DVD RW Windows 8 Pro lp1900 + 2 X 15 inch dell Microsoft Comfort Curve 
PowerCase
600watt thermaltake antec 200 
  hide details  
Reply
post #24 of 28
Quote:
Originally Posted by Ulquiorra View Post

I didnt mean to sound like im lecturing at all :s no need to get rude!
Fair point. Sorry smile.gif
Quote:
Originally Posted by Ulquiorra View Post

Yes and if you forge a ICMP packet and break a box you can get done for that as its a DOS xD!, The attack you descibe is a teardrop attack and nmap is not complety harmless it can overload "old" computers . even the creators of namp admit it can crash a box in rare occasions see here
Quote:
The legal ramifications of scanning networks with Nmap are complex and so controversial that third-party organizations have even printed T-shirts and bumper stickers promulgating opinions on the matter[6], as shown in Figure 1.3. The topic also draws many passionate but often unproductive debates and flame wars. If you ever participate in such discussions, try to avoid the overused and ill-fitting analogies to knocking on someone's home door or testing whether his door and windows are locked.
lol that bit in bold sounds familiar.

Thanks for the link by the way
Quote:
Originally Posted by Ulquiorra View Post

Also on a differnt note why would you need a adaptive firewall if its set up porpley nothing gets though it anyways, deny all in / out all what you need from and too where you need it (whenever possible of course)
If people are port scanning then there's a reasonable chance that they're looking for a way in. So I'd rather hide the fact that I have a few listening ports open so I don't get irritated by masses upon masses of log entries from break in attempts (reading your last post - I think you can sympathise with this a lot hehe). I know it's a little bit like security through obscurity, but it still makes my life a little easier. It's also why I run my home server's SSH on a non-standard port - it offers no protection what-so-ever and I'd normally advice against people doing that, but I do all this stuff for a day job so really cannot be bothered to check security logs on an evening unless there is really something of concern.
Quote:
Originally Posted by Ulquiorra View Post

great for you .. you know what your doing though which is all i meant by saying it can cause harm, you know to not set nmap off at its standard T4 setting and not to do all ports but somone else may not, thats all
Fair point smile.gif
Quote:
Originally Posted by Ulquiorra View Post

(PS on a serious note its good to chat to a proper sysadmin like yourself =D makes a change when someone knows there stuff thumbsupsmiley.png)
hehehe thanks smile.gif

Sorry for being so rude by the way. I've taken this discussion far to personally redface.gif
Edited by Plan9 - 7/20/12 at 2:22pm
post #25 of 28
No need i think we both need to cool off smile.gif! cookie? we were both in the wrong ^_^ me more i guess xD!



And aha i guess so ^_^ to be fair most of the wordpress scanners io get i just block there IP block im not losing anything haha xD i keep meaning to set squid proxy up to redirect them to random prons / goverment agencys xD thumb.gif
Escobar
(9 items)
 
Supercomputer ^_^
(13 items)
 
 
CPUMotherboardGraphicsRAM
1055T M4A88T-D EVO USB3 ATI 6850 4 GB 
Optical DriveOSMonitorKeyboard
DVD RW Windows 8 Pro lp1900 + 2 X 15 inch dell Microsoft Comfort Curve 
PowerCase
600watt thermaltake antec 200 
  hide details  
Reply
Escobar
(9 items)
 
Supercomputer ^_^
(13 items)
 
 
CPUMotherboardGraphicsRAM
1055T M4A88T-D EVO USB3 ATI 6850 4 GB 
Optical DriveOSMonitorKeyboard
DVD RW Windows 8 Pro lp1900 + 2 X 15 inch dell Microsoft Comfort Curve 
PowerCase
600watt thermaltake antec 200 
  hide details  
Reply
post #26 of 28
Quote:
Originally Posted by johnwilley View Post

Thank you. That was helpful. I found the country, but the site I posted claims that it is able to give me the exact location ( street address ). Should I go with it ?
Not if you have to pay rolleyes.gif
 
Thuban Powah!
(14 items)
 
 
CPUMotherboardGraphicsRAM
Xeon X5650 Asus P6X58D-E Sapphire HD 7950 G.Skill Trident-X 2600 CL10 
Hard DriveCoolingPowerCase
Samsung 840 pro Bong cooler / RASA waterblock Rosewill Capstone Gold 750 None 
MouseMouse PadAudio
cheap! Newegg box panel ibeats with onboard. 
CPUMotherboardGraphicsRAM
AMD Phenom II X6 1075T w/2 cores locked @ 4.2+ M4a89GTD-Pro XFX Radeon HD 5870 8gb Samsung ddr3 1600 11-11-11-28@ 8-8-8-24 
Hard DriveHard DriveOptical DriveCooling
OCZ Agility2 40gb WD Blue 500GB Lite-On RASA waterblock 
OSMonitorKeyboardPower
Windows & Linux Samsung 1080p 2 ms Dell Thermaltake TR2-800 
CaseMouse
Cooler Master Elite 330 (was) cheap 
  hide details  
Reply
 
Thuban Powah!
(14 items)
 
 
CPUMotherboardGraphicsRAM
Xeon X5650 Asus P6X58D-E Sapphire HD 7950 G.Skill Trident-X 2600 CL10 
Hard DriveCoolingPowerCase
Samsung 840 pro Bong cooler / RASA waterblock Rosewill Capstone Gold 750 None 
MouseMouse PadAudio
cheap! Newegg box panel ibeats with onboard. 
CPUMotherboardGraphicsRAM
AMD Phenom II X6 1075T w/2 cores locked @ 4.2+ M4a89GTD-Pro XFX Radeon HD 5870 8gb Samsung ddr3 1600 11-11-11-28@ 8-8-8-24 
Hard DriveHard DriveOptical DriveCooling
OCZ Agility2 40gb WD Blue 500GB Lite-On RASA waterblock 
OSMonitorKeyboardPower
Windows & Linux Samsung 1080p 2 ms Dell Thermaltake TR2-800 
CaseMouse
Cooler Master Elite 330 (was) cheap 
  hide details  
Reply
post #27 of 28
Quote:
Originally Posted by Plan9 
Who cares if it's also more work for people like you and I - that's what we're bloody well paid to do.

This guy... marry me?
Main Rig.
(14 items)
 
Battlefield 2 review.
Battlefield 2 PC Game EA
 
CPUMotherboardGraphicsRAM
Bulldozer FX4100 Gigabyte GA-M68MT-S2 MSI 7770 Kingston Hyper X | 2 x 2 GB 
Hard DriveOptical DriveCoolingOS
WD 2 TB  LiteON DVD/CD R-W Drive AMD Standard cooler Windows 7 Ultimate 
MonitorKeyboardPowerCase
32' Luxor Full HD TV Microsoft comfort curce Antec 450 Watt OcUK Value case 
MouseAudio
Microsoft wireless mouse Logitech speakers & Bass 
  hide details  
Reply
Main Rig.
(14 items)
 
Battlefield 2 review.
Battlefield 2 PC Game EA
 
CPUMotherboardGraphicsRAM
Bulldozer FX4100 Gigabyte GA-M68MT-S2 MSI 7770 Kingston Hyper X | 2 x 2 GB 
Hard DriveOptical DriveCoolingOS
WD 2 TB  LiteON DVD/CD R-W Drive AMD Standard cooler Windows 7 Ultimate 
MonitorKeyboardPowerCase
32' Luxor Full HD TV Microsoft comfort curce Antec 450 Watt OcUK Value case 
MouseAudio
Microsoft wireless mouse Logitech speakers & Bass 
  hide details  
Reply
post #28 of 28
Quote:
Originally Posted by johnwilley View Post

Hello.
There is a guy that I chat over the internet but I am unsure if it is good to trust him.

What do you mean?

If you have business with him, use a trusted medium. Paypal, for example.
2500k
(10 items)
 
  
CPUMotherboardGraphicsHard Drive
i5-2500k asus p8p67 Powercolor PCS+ HD 6870 Mushkin Chronos MX 120GB 
CoolingOSMonitorPower
Asetek 240mm Radiator Win 7 3x Dell Ultrasharp U2312HM 850W 
CaseMouse
Xion Predator 970 logitech MX 
  hide details  
Reply
2500k
(10 items)
 
  
CPUMotherboardGraphicsHard Drive
i5-2500k asus p8p67 Powercolor PCS+ HD 6870 Mushkin Chronos MX 120GB 
CoolingOSMonitorPower
Asetek 240mm Radiator Win 7 3x Dell Ultrasharp U2312HM 850W 
CaseMouse
Xion Predator 970 logitech MX 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Tracing location from IP Address, it is possible ?