我用seednet的adsl，看到很多人都在討論防火牆的問題，於是我也去找來裝一套，我用LockDown2000（7.0.0.6）我剛裝好差不多二十分鐘有，突然立刻叫出警報聲（超尖銳的！嚇到我！）出現有人正在進入侵我的電腦，可是我才剛用，我也不知道應怎麼辨，只好放著讓他看，後來看到他的離開時間差不多入侵我有十分鐘，我才看到有「追蹤器」來查，查到的是Checking Class C (net.net.net.host) network address...address ok.

--------------------------------------------------------------------------------
Scanning IP address 211.236.21.208.
--------------------------------------------------------------------------------
Performing ping to 211.236.21.208.
--- ping ---
PING 211.236.21.208 (211.236.21.208): 16 data bytes
24 bytes from 211.236.21.208: icmp_seq=0 ttl=103 time=291.1 ms
24 bytes from 211.236.21.208: icmp_seq=1 ttl=103 time=265.6 ms
24 bytes from 211.236.21.208: icmp_seq=2 ttl=103 time=283.3 ms

--- 211.236.21.208 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 265.6/280.0/291.1 ms

這只有全部的五分之一也！他是用網頁查給我看的，但是我又不懂這麼多，所以... 麻煩各位大大知道可以跟我說嗎？之前也曾經常被灌特若依，也常被我砍，我才這麼覺得是入侵，如果不是...呵..原諒我！

贊助商連結

原始作者是 : deave
我用seednet的adsl，看到很多人都在討論防火牆的問題，於是我也去找來裝一套，我用LockDown2000（7.0.0.6）我剛裝好差不多二十分鐘有，突然立刻叫出警報聲（超尖銳的！嚇到我！）出現有人正在進入侵我的電腦，可是我才剛用，我也不知道應怎麼辨，只好放著讓他看，後來看到他的離開時間差不多入侵我有十分鐘，我才看到有「追蹤器」來查，查到的是Checking Class C (net.net.net.host) network address...address ok.

--------------------------------------------------------------------------------
Scanning IP address 211.236.21.208.
--------------------------------------------------------------------------------
Performing ping to 211.236.21.208.
--- ping ---
PING 211.236.21.208 (211.236.21.208): 16 data bytes
24 bytes from 211.236.21.208: icmp_seq=0 ttl=103 time=291.1 ms
24 bytes from 211.236.21.208: icmp_seq=1 ttl=103 time=265.6 ms
24 bytes from 211.236.21.208: icmp_seq=2 ttl=103 time=283.3 ms

--- 211.236.21.208 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 265.6/280.0/291.1 ms

這只有全部的五分之一也！他是用網頁查給我看的，但是我又不懂這麼多，所以... 麻煩各位大大知道可以跟我說嗎？之前也曾經常被灌特若依，也常被我砍，我才這麼覺得是入侵，如果不是...呵..原諒我！


...
恩~~上WHOIS查過~~他應該不是固接的~~因為查不到他的資料~~
理論上你如果裝了防火牆~~就應該會自動的擋住他的行動~~所以~~
他應該不會在你的電腦上作動作~~

感謝版主給我的回應！我一次把資料post出來看看把！（我不知道有沒有用！）

Checking Class C (net.net.net.host) network address...address ok.

--------------------------------------------------------------------------------
Scanning IP address 211.236.21.208.
--------------------------------------------------------------------------------
Performing ping to 211.236.21.208.
--- ping ---
PING 211.236.21.208 (211.236.21.208): 16 data bytes
24 bytes from 211.236.21.208: icmp_seq=0 ttl=103 time=291.1 ms
24 bytes from 211.236.21.208: icmp_seq=1 ttl=103 time=265.6 ms
24 bytes from 211.236.21.208: icmp_seq=2 ttl=103 time=283.3 ms

--- 211.236.21.208 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 265.6/280.0/291.1 ms

--------------------------------------------------------------------------------
Performing NS lookup to retrieve hostname.
--- nslookup ---



--------------------------------------------------------------------------------
Performing trace route to 211.236.21.208.
--- Traceroute ---
1 gw.cust.lockdown2000.com (216.204.66.1) 3.314 ms 2.913 ms 2.645 ms
2 bbr6973-mht.lightship.net (216.204.69.73) 8.032 ms 7.909 ms 7.799 ms
3 bbr7165-noc.lightship.net (216.204.71.65) 10.133 ms 10.887 ms 9.506 ms
4 bbr8337-wlm.lightship.net (216.204.83.37) 17.591 ms 13.943 ms 33.704 ms
5 216.34.112.161 (216.34.112.161) 18.399 ms 15.401 ms 15.999 ms
6 dcr04-g10-0.wlhm01.exodus.net (64.14.70.25) 16.519 ms 26.133 ms 26.242 ms
7 bbr01-g1-0.wlhm01.exodus.net (64.14.70.51) 17.139 ms 15.611 ms 14.634 ms
8 bbr02-p2-0.okbr01.exodus.net (216.32.132.209) 37.903 ms 42.878 ms 36.605 ms
9 ibr02-g5-0.okbr01.exodus.net (216.34.183.99) 36.701 ms 36.054 ms 55.986 ms
10 POS4-0-0.GW3.CHI6.ALTER.NET (157.130.104.33) 50.795 ms 36.32 ms 35.914 ms
11 113.ATM2-0.XR2.CHI6.ALTER.NET (146.188.208.86) 37.228 ms 36.779 ms 35.055 ms
12 290.at-2-0-0.TR2.CHI4.ALTER.NET (146.188.209.14) 45.658 ms 37.636 ms 35.85 ms
13 106.at-6-1-0.TR2.SAC1.ALTER.NET (146.188.141.238) 95.322 ms 89.688 ms 88.251 ms
14 152.63.3.198 (152.63.3.198) 88.636 ms 89.122 ms 88.921 ms
15 184.ATM6-0.GW3.SAC1.ALTER.NET (152.63.51.113) 91.215 ms 91.564 ms 89.043 ms
16 thrunet2-gw.customer.alter.net (157.130.194.50) 229.933 ms 228.281 ms 230.848 ms
17 211.110.7.193 (211.110.7.193) 228.559 ms 229.839 ms 227.343 ms
18 210.117.67.4 (210.117.67.4) 228.517 ms 231.042 ms 227.235 ms
19 210.117.127.18 (210.117.127.18) 229.372 ms 230.775 ms 235.545 ms
20 210.117.127.22 (210.117.127.22) 231.925 ms 234.019 ms 232.99 ms
21 210.117.127.26 (210.117.127.26) 234.249 ms 234.244 ms 236.203 ms
22 210.221.2.135 (210.221.2.135) 238.533 ms 242.268 ms 235.24 ms
23 211.59.255.14 (211.59.255.14) 240.694 ms 235.794 ms 239.886 ms
24 210.98.224.114 (210.98.224.114) 237.305 ms 237.058 ms 234.761 ms
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *

--------------------------------------------------------------------------------
Attempting to find owner of IP address 211.236.21.208.
--- whois ---
[whois.arin.net]
Asia Pacific Network Information Center (NETBLK-APNIC-CIDR-BLK)
These addresses have been further assigned to Asia-Pacific users.
Contact information can be found in the APNIC database,
at WHOIS.APNIC.NET or http://www.apnic.net/
Please do not send spam complaints to APNIC.

Netname: APNIC-CIDR-BLK2
Netblock: 210.0.0.0 - 211.255.255.255

Coordinator:
Administrator, System (SA90-ARIN) [email protected]
+61-7-3367-0490

Domain System inverse mapping provided by:

NS.APNIC.NET 203.37.255.97
SVC00.APNIC.NET 202.12.28.131
NS.TELSTRA.NET 203.50.0.137
NS.RIPE.NET 193.0.0.193

Regional Internet Registry for the Asia-Pacific Region.

*** Use whois -h whois.apnic.net***

*** or see http://www.apnic.net/db/ for database assistance ***


Record last updated on 03-May-2000.
Database last updated on 29-Jan-2001 18:35:13 EDT.

The ARIN Registration Services Host contains ONLY Internet
Network Information: Networks, ASN's, and related POC's.
Please use the whois server at rs.internic.net for DOMAIN related
Information and whois.nic.mil for NIPRNET Information.

--------------------------------------------------------------------------------

全部了！算有入侵到嗎？

我剛剛又再用LockDown2000內所具備可以掃特洛伊的來掃掃看，結果掃出我把win98安裝程式內有一個檔案中了頭獎！
C:\WIN98\TOOLS\RESKIT\BATCH\SETUP.EXE-SOLARIS 1.0 SETUP

這..........是不是主因！喔！真是防不勝防也！請各位大大教我如何是好..........

原始作者是 : deave
--- whois ---
[whois.arin.net]
Asia Pacific Network Information Center (NETBLK-APNIC-CIDR-BLK)
These addresses have been further assigned to Asia-Pacific users.
Contact information can be found in the APNIC database,
at WHOIS.APNIC.NET or http://www.apnic.net/
Please do not send spam complaints to APNIC.

Netname: APNIC-CIDR-BLK2
Netblock: 210.0.0.0 - 211.255.255.255

Coordinator:
Administrator, System (SA90-ARIN) [email protected]
+61-7-3367-0490

Domain System inverse mapping provided by:

NS.APNIC.NET 203.37.255.97
SVC00.APNIC.NET 202.12.28.131
NS.TELSTRA.NET 203.50.0.137
NS.RIPE.NET 193.0.0.193

Regional Internet Registry for the Asia-Pacific Region.

*** Use whois -h whois.apnic.net***

*** or see http://www.apnic.net/db/ for database assistance ***


Record last updated on 03-May-2000.
Database last updated on 29-Jan-2001 18:35:13 EDT.

The ARIN Registration Services Host contains ONLY Internet
Network Information: Networks, ASN's, and related POC's.
Please use the whois server at rs.internic.net for DOMAIN related
Information and whois.nic.mil for NIPRNET Information.

--------------------------------------------------------------------------------

全部了！算有入侵到嗎？


so~~這軟體我覺得比NS好多了~~還可以直接查出來他的ISP
可以直接上WHOIS~~恩~他不是應該是在台灣的吧!
不然~~...ㄟ~~算了我直接把我從你這邊拿到的資料PO出來~~
Search results for '211.236.21.208'
inetnum 211.232.0.0 - 211.255.255.255
netname KRNIC
descr Korea Network Information Center
country KR
admin-c WK1-AP, inverse
tech-c SL119-AP, inverse
mnt-by APNIC-HM, inverse
mnt-lower MNT-KRNIC-AP, inverse
changed [email protected] 20000908
source APNIC


person Weon Kim, inverse
address Korea Network Information Center (KRNIC)
address **************** Important Notice **********************
address KRNIC is the National Internet Registry.
address If you want to find detail assignment information
address about above IP address, please use "http://whois.nic.or.kr"
address *****************************************************
address Narajongkeum B/D 14F, 1328-3, Seocho-dong, Seocho-Ku
address Seoul, 137-070, Republic of Korea
phone +82-2-2186-4500
fax-no +82-2-2186-4496
country KR
e-mail [email protected], inverse
nic-hdl WK1-AP, inverse
mnt-by MNT-KRNIC-AP, inverse
changed [email protected] 20000927
source APNIC


person Seung-Min Lee, inverse
address Korea Network Information Center (KRNIC)
address **************** Important Notice **********************
address KRNIC is the National Internet Registry
address If you want to find detail assignment information
address about above IP address, please use "http://whois.nic.or.kr"
address *****************************************************
address Narajongkeum B/D 14F, 1328-3, Seocho-dong, Seocho-Ku
address Seoul, 137-070, Republic of Korea
phone +82-2-2186-4500
fax-no +82-2-2186-4496
country KR
e-mail [email protected], inverse
nic-hdl SL119-AP, inverse
mnt-by MNT-KRNIC-AP, inverse
changed [email protected] 20000927

...這是從你這邊在去查的資料~~你自己看吧!
要嘛就是他用轉的~~要嘛~~就是你拿到的IP不是入侵者的~~而是某個軟體的回傳資料的ip~~要嘛~~就是這個入侵者在外國~~
ㄟ~~這ISP我沒看過~~
對了~~以後你可以慢慢自己看你裡面的內容~~挺齊全的∼比NS好用~~我開始動搖了...<ㄟ~~這資料好像是這區IP的網管~~你可以SEND你的訊息給他知道~~>...ㄟ~~如果誰對這方面比較了解的~~可以指點一下~~我也還是半瓶水

""Korea Network ""我有沒有看錯？那是真的嗎？
""[email protected]""連E-MAIL 也有，是對方的嗎？

不過我用LockDown2000感覺有點難用！因為我不太會用他的設定，像我另一台電腦要連一下就叫一下，實在是受不了！雖然可以直接關掉
，但是我想還是直接去設定它而讓他可以繼續監視我的電腦來的好！
有沒有人可以教一下這套防火牆怎麼用比較好呢？或者有人寫它的教學文件之類的.....

謝謝winson版主大人....感激不敬....受感萬分....有你卡好....

（有沒有想過要做一個防駭討論區是為防駭來做的呢？.....我想想而已....）

我自己是久病成醫...且自知還不是很通的那種!
如果要開防駭版可以去版務版跟阿土老大建議~~如果老大覺得可行~~那就找一個網路概念很強的來管理囉!...
其實這裡已經PO了不少防駭的文章跟軟體~~可以先去瀏覽一下!~~
網路上也有不少這類型的站^_^找到好的也可以到優良網路版去推薦給大家看!
就這樣啦~~有機會互相切磋囉!

使用LockDown2000
你一天可以聽到超多的警報聲的
這軟體具備有auto trace route的功能(只要你有開啟)
每擋掉一個
就會自動幫你追蹤他的ip
結果沒巷之前po的這麼複雜
大概像降:

1 253 ms 61 ms 58 ms 1.c160.ethome.net.tw [202.178.160.1]
2 54 ms 45 ms 48 ms 65.c87.ethome.net.tw [210.58.87.65]
3 88 ms 48 ms 44 ms 17.c88.ethome.net.tw [210.58.88.17]
4 55 ms 48 ms 43 ms 2.c88.ethome.net.tw [210.58.88.2]
5 240 ms 240 ms 256 ms n166.n202-178-245-0-24.ethome.net.tw [202.178.245.166]
6 99 ms 49 ms 45 ms n022.n202-178-245-0-24.ethome.net.tw [202.178.245.22]
7 81 ms 44 ms 55 ms 216.200.39.253.has.no.reverse [216.200.39.253]
8 * 646 ms 552 ms core2-napa.tasc.com.tw [216.200.151.26]
9 611 ms 648 ms 602 ms 400.ATM1-0.GW6.SJC2.ALTER.NET [157.130.3.81]
10 658 ms 661 ms 573 ms 171.ATM2-0.XR1.SJC1.ALTER.NET [152.63.52.98]
11 695 ms 588 ms 649 ms 193.at-1-0-0.TR1.SAC1.ALTER.NET [152.63.51.26]
12 660 ms 722 ms 636 ms 127.at-6-1-0.TR1.ATL5.ALTER.NET [152.63.0.177]
13 682 ms 948 ms 702 ms 197.at-6-1-0.XR1.ATL1.ALTER.NET [152.63.81.25]
14 700 ms 759 ms 716 ms 195.ATM7-0.GW6.MIA1.ALTER.NET [152.63.83.45]
15 663 ms 782 ms 701 ms impsat-mia-gw.customer.alter.net [157.130.79.58]
16 674 ms 664 ms 757 ms 200.41.115.5
17 649 ms 654 ms 654 ms 200.41.115.90
18 792 ms 848 ms 843 ms 200.55.0.6
19 797 ms 817 ms 833 ms rcoreesm1.impsat.net.ar [200.41.32.1]
20 886 ms 795 ms 809 ms 200.41.69.203
21 785 ms 815 ms 888 ms tntlima9.prima.com.ar [200.42.0.6]
22 1000 ms 1226 ms 1024 ms a200042134092.rev.prima.com.ar [200.42.134.92]

最後一個就是入侵者的ip
最後還可使用內建的網路裝置查詢入侵者的伺服器(本例prima.com)
再寫信告知伺服器

不過假如入侵者比較高招
他的ip根本是假的
或是根本搜尋不到任何東西
那也沒辦法了

原始作者是 : deave
""Korea Network ""我有沒有看錯？那是真的嗎？
""[email protected]""連E-MAIL 也有，是對方的嗎？



那是 Korea Network Information Center 的E-mail吧！
http://whois.nic.or.kr/english/index.html

原始作者是 : hsun
使用LockDown2000

不過假如入侵者比較高招
他的ip根本是假的
或是根本搜尋不到任何東西
那也沒辦法了

據我所知既使他用了很多台電腦<IP>當跳板~~還是可以用逆流法追蹤的~~不是嗎??~~
ㄟ我所知道的跳板方法是用UNIX~~可以去查他的紀錄吧~~
ㄟ~~聽說9X也可以用跳板~~有沒有人可以教一下呢?!~~呵呵!~

正在學習中!~~

不過~~反正只要抓到他的IP位址~~不管是要查幾次~~只是麻煩或者是一次OK~~都是有蹤可循的...
對了~~我所知的也都是從網路有經驗的人講的~~所以我自認我是二手者~~歡迎指教~~別罵我到臭頭就行了