Help Quick! How to track/ping IP addresses.

[Irish BoneZ]

I have someone trying to access my computer, and I would like to ping his ass offline. I use to have a ton of programs to do this, but do not know how to do it manually. Can anyone help? Also tracking his IP address would be nice so that I could really screw him over.

His IP is 66.76.97.183.

Thanks for any help.

 

[DcupSheepNipples]

Back Orifice

 

[Lao Tzu]

Back Orifice

isnt that a hacking tool rather than a tracer.

 

[HappyScrappy]

pinging doesn't really do much. I'm pinging him right now.

also, his IP could change when he reconnects to the internet or even reboots.
so if you attack it - there is a solid chance it isn't even him.

there are also tons of reasons it could be hitting any of your ports - some of the malicious - but also any number of valid reasons.

so unless you have reason or proof that you are getting hacked of DoS'ed - I would forget it.

 

[HappyScrappy]

an nslookup doesn't return anything on him, pinging just shows he is up and that is designed not to strain the server - it used to be you could scan and ping all the ports, and it would sometimes crash b/c if you sent big enoguh packets, those ports weren't used to that.
but not anymore.

and yeah, back orifice is a thing where you need him to install it on his comptuer - usually via a trojan horse.

then you have access to it.

 

[CONTRACTION]

Simple.

From your command prompt type "tracert 66.76.97.183" and hit enter. I traced him back already. Lots of hops too!

 

[CONTRACTION]

Here Ya Go...Traceroute from my router

Can't be giving out clues-took out some IPs of mine...

[xxxx@jumpgate xxxxxxx$ traceroute 66.76.97.183
traceroute to 66.76.97.183 (66.76.97.183), 30 hops max, 38 byte packets
1 host1.xxxxxxxxx (10.0.0.1) 0.446 ms 0.385 ms 0.379 ms
2 host-xxxxxxxxxxxxxxxx 0.734 ms 0.748 ms 1.059 ms
3 host-xxxxxxxxxxxxxxxxxxxx 1.532 ms 1.377 ms 1.377 ms
4 xxxxxxxxxxxxxxxxxxxxxxxxx 6.992 ms 1.539 ms 1.519 ms
5 main2-main1-ge.colo1.xxxx.above.net (xxxxxxxxxxx) 1.503 ms 1.683 ms 1.484 ms
6 core2-main2colo1-oc48.xxxx.above.net (xxxxxxxxxxx) 1.875 ms 1.764 ms 2.174 ms
7 core4-sjc4-oc48.xxxx.above.net (xxxxxxxxxxx) 2.613 ms 2.492 ms 3.282 ms
8 att-above-2.xxxx.above.net (xxxxxxxxxxxxx) 111.709 ms 105.415 ms 107.079 ms
9 gbr4-p50.sffca.ip.att.net (12.123.13.70) 109.992 ms 112.778 ms 114.723 ms
10 gbr3-p20.la2ca.ip.att.net (12.122.2.70) 121.393 ms 123.445 ms 128.168 ms
11 gbr3-p30.dlstx.ip.att.net (12.122.3.69) 161.996 ms 163.411 ms 160.342 ms
12 gbr2-p40.hs1tx.ip.att.net (12.122.2.98) 164.637 ms 158.983 ms 156.234 ms
13 ar1-p3110.hs1tx.ip.att.net (12.123.134.9) 154.354 ms 152.389 ms 155.266 ms
14 * 12.124.30.38 (12.124.30.38) 188.499 ms *
15 sw2-laft.cox-internet.com (208.180.48.5) 182.899 ms 171.383 ms 169.758 ms
16 66.76.97.1 (66.76.97.1) 172.621 ms 173.742 ms 176.586 ms
17 66.76.97.183 (66.76.97.183) 198.717 ms 207.354 ms 204.623 ms

 

[CONTRACTION]

AM I GOOD OR WHAT???

TCA Internet (NETBLK-TCAC-2)
3314 SSW Loop 323
Tyler, TX 75701
US

Netname: TCAC-2
Netblock: 66.76.0.0 - 66.76.191.255
Maintainer: TCAC

Coordinator:
Strout, Jeff (JS2407-ARIN) [email protected]
903-939-7200

Domain System inverse mapping provided by:

ROSE.TYLER.NET 205.218.118.1
NS.TCA.NET 208.180.0.2

ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE

Record last updated on 09-Aug-2001.
Database last updated on 24-Oct-2001 02:52:58 EDT.

 

[Code]

I'd lay good money it's simply the nimda virus.

Capture a packet or two and tell me it the header dest is FF:FF:FF:FF:FF:FF. If my guess is right it's just some sloppy virus doing broadcast attacks.

 

[Irish BoneZ]

Thanks guys, actually it was a nimda virus that my brother got on his computer. Since we are all on a LAN it sent me the virus and there was nothing I could do about it. I keep my computer running 24/7 because I run a small business, and therefor someone was able to come into my computer during night and install a back door. As soon as I found the virus i got rid of it on all the computers on the LAN then installed better FireWalls on all the computers. It blocks him from coming on now (unlike the other which was easy to get by) but I still want to get back at him. I figured out how to trace him using my firewall and it gave me the same information as Conratction posted. The funny thing is, he's using the same ISP as I am, just in another state. I emailed my ISP, hopefully I can get more detailed information. It doesn't really matter though, since I'm installing XP this weekend.

 

[HappyScrappy]

hee hee.
xp
yeah.
that'll be more secure.
it has several holes open on install.

enjoy it.