Tracing a hacker

[Nipplemilk909]

So say I had a hacker on my PC and consequently on my hole network, 

Like something from "ratter" the movie.. Lol

 

What path's do I have to start tracing this person  and reversing what they have done 

 

I know since they have a connection on me I will have a connection with them 

[corrado33]

2 minutes ago, Nipplemilk909 said:

So say I had a hacker on my PC and consequently on my hole network, 

Like something from "ratter" the movie.. Lol

 

What path's do I have to start tracing this person  and reversing what they have done 

 

I know since they have a connection on me I will have a connection with them 

Your router will have a log of connections in and out on whatever port. Look there, it'll give the IP that the "hacker" connected from. At that point you'd have to figure out where that IP is, but most likely it's a proxy, so then you're done unless you want to hack the proxy yourself.

[Nipplemilk909]

9 minutes ago, corrado33 said:

At that point you'd have to figure out where that IP is, but most likely it's a proxy,

So the IP is a proxy or is the proxy blanketing the IP? 

 

I say this because I'm new to proxyies, I thought proxyies were like a barrior for IP to get in and out, not an actual dummy ip.. 

[Mornincupofhate]

This post looks like it was made by an 8 year old who owns a mac yet tells all his school friends hes a master h4xer.

 

Unless you're the FBI, don't bother.

 

[Mornincupofhate]

26 minutes ago, corrado33 said:

Your router will have a log of connections in and out on whatever port. Look there, it'll give the IP that the "hacker" connected from. At that point you'd have to figure out where that IP is, but most likely it's a proxy, so then you're done unless you want to hack the proxy yourself.

lol "hack the proxy" cringe

 

No home router will log every IP address that it sees. Connections are stored in state tables inside the ram, and most routers will clear entries when you stop communicating with it.

[Nipplemilk909]

45 minutes ago, Mornincupofhate said:

lol "hack the proxy" cringe

 

No home router will log every IP address that it sees. Connections are stored in state tables inside the ram, and most routers will clear entries when you stop communicating with it.

I appreciate that insight, 

 

 If my post looks like a childish rant then I'm concerned for your well being, given, most of us do not know how to breach security or even think about security as a regular user 

 

That's the problem tho, as low level users we're high to attack and easy. ,its pretty easy to go about gathering information from low level networks and users, everyone is suseptable to it  for u to say unless ur the FBI don't bother ? 

 That shows ur interest on the subject matter, because anyone who was remotely aware or wants to really know what's going on behind the scenes would nnOT listen to someone telling them to just let the FBI handle it, 

If you want to call me some sort of script kiddie for learning what is there for me to learn then ima have to invite you to give your opinions elseware and go about telling your friends you can troll people on the internet. 

[Mornincupofhate]

8 minutes ago, Nipplemilk909 said:

I appreciate that insight, 

 

 If my post looks like a childish rant then I'm concerned for your well being, given, most of us do not know how to breach security or even think about security as a regular user 

 

-snip-

You can't just say "abracadabra, open up router" and expect it to give you access to every machine on the network. That's not how it works whatsoever. 99.99% of those big hacking stories you hear on the news usually have an insider that works there to install malware on the companies servers. Most of the time, it's all just human error.

 

 

"everyone is suseptable to it  for u to say unless ur the FBI don't bother ?"

You asked how to trace a hacker, and I gave you the answer.

[Nipplemilk909]

11 minutes ago, Mornincupofhate said:

You can't just say "abracadabra, open up route

But can I say "abracadabra -h" and see who can help tho? I know its not as easy as one click, but I'm willing to do a lot of clicks to get this done.

 

11 minutes ago, Mornincupofhate said:

99.99% of those big hacking stories you hear on the news usually have an insider than installs malware on the co

Yea 99% of the "big hacking stories" why don't you take into account the hole picture, 90% of users on the net are low level users like myself that other 10is "all those big companies" ,, "the big score"  

Look at how often these are broken into, or suseptable to be broken into, 

I don't think I need to tell you that those 90 percent of users on the net he broken into often and that 10 percent only few. 

 

[Nipplemilk909]

16 minutes ago, Mornincupofhate said:

human error.

Indeed its human error, 

NO ONE IS TEACHING this low users anything

 

All everyone ever does is " install ant virus" 

No one not even the companies

Ur buying from really teach you  

[Mornincupofhate]

2 minutes ago, Nipplemilk909 said:

But can I say "abracadabra -h" and see who can help tho? I know its not as easy as one click, but I'm willing to do a lot of clicks to get this done.

 

I've got an idea for you, get the leet hackers IP address, call up his ISP and tell them hes a bad hacker and beg them to hand over his home address. He will be very fearful

[Mornincupofhate]

4 minutes ago, Nipplemilk909 said:

Yea 99% of the "big hacking stories" why don't you take into account the hole picture, 90% of users on the net are low level users like myself that other 10is "all those big companies" ,, "the big score"  

Look at how often these are broken into, or suseptable to be broken into, 

I don't think I need to tell you that those 90 percent of users on the net he broken into often and that 10 percent only few. 

 

For the 11 years I've had internet access and a functional computer, I've never been hacked. I tldr'd this post of your btw because I can't read it. Maybe try formatting it.

[Mornincupofhate]

3 minutes ago, Nipplemilk909 said:

Indeed its human error, 

NO ONE IS TEACHING this low users anything

 

All everyone ever does is " install ant virus" 

No one not even the companies

Ur buying from really teach you  

Google translate isn't working. Maybe try typing it again in english.

[Nipplemilk909]

6 minutes ago, Mornincupofhate said:

I've got an idea for you, get the leet hackers IP address, call up his ISP and tell them hes a bad hacker and beg them to hand over his home address. He will be very fearful

Leet hacker? Yes but how do I get to his IP address ? 

 

5 minutes ago, Mornincupofhate said:

Google translate isn't working. Maybe try typing it again in english

Not sure if your trolling or not, I can see the messages..

[Ryujin2003]

1 hour ago, Nipplemilk909 said:

So say I had a hacker on my PC and consequently on my hole network, 

Like something from "ratter" the movie.. Lol

 

What path's do I have to start tracing this person  and reversing what they have done 

 

I know since they have a connection on me I will have a connection with them 

 

13 minutes ago, Nipplemilk909 said:

Indeed its human error, 

NO ONE IS TEACHING this low users anything

 

All everyone ever does is " install ant virus" 

No one not even the companies

Ur buying from really teach you  

Ok, so I got the gist that you are a low level user. Your English is bad so you either do not speak English natively or your young and not well educated.

 

Considering the lack of basic understanding I get from your posts, you attempting to "reverse" anything a hacker may have done on your system will likely not manifest into much of anything. Your best bet? Change the security settings on your Router/Modem. Change the passwords on everything (Modem, Microsoft Account, Google, Twitter, FB, etc...) Also, considering your responses, I'd recommend you wipe your PC. Why? Because I don't have the confidence you'd know how to properly clean out your system. Lastly, Even though you've done all of this, you need to call your ISP and have them refresh your public IP address. If your IP address is changed by the ISP, then your old IP is no longer useful to the hacker. But if your system isn't clean, then you've probably been turned into a BOT.

 

But I'd recommend wiping the PC before anything else. Just in case you've got a keylogger or some other thing, then it's pointless to change passwords until you know for sure.

 

Also, out of blind curiosity, what were you doing that made you vulnerable or targeted?

[Brightglaive]

I don't know that anyone is going to be able to teach you Networking Forensics in a forum. There are tools and books out there. Google and Amazon are your friend here. Try using Digital Forensics or Networking forensics books or tools as your search term. 

[Nipplemilk909]

10 minutes ago, Ryujin2003 said:

English natively or your young and not well educated.

Or I'm big foot who knows? I don't really see what's wrong with my English , then again I don't care much for English 

 

10 minutes ago, Ryujin2003 said:

But if your system isn't clean, then you've probably been turned into a BOT

OK so how would I know its a bot, what would a bot do to make the new public IP my ISP gave me useless. ? 

 

10 minutes ago, Ryujin2003 said:

But I'd recommend wiping the PC before anything else. Just in case you've got a keylogger or some other thing, then it's pointless to change passwords until you know for sure.

I've wiped my hole network's hard drives and considered re flashing the bios on all machines 

10 minutes ago, Ryujin2003 said:

 

Also, out of blind curiosity, what were you doing that made you vulnerable or targeted?

Long period of time torrenting without more security like ah vpn, , not updating my router passwords and being on a home network that other users probably downloaded fishy things.. Etc.

 

How would It be much of nothing to see the other side of the connection  ?

[Nipplemilk909]

17 minutes ago, Brightglaive said:

I don't know that anyone is going to be able to teach you Networking Forensics in a forum. There are tools and books out there. Google and Amazon are your friend here. Try using Digital Forensics or Networking forensics books or tools as your search term. 

Thank you

[Brightglaive]

59 minutes ago, Nipplemilk909 said:

How would It be much of nothing to see the other side of the connection  ?

Because an IP address doesn't necessarily correspond to a street address in real life. (See Internet Mapping turned a remote farm into a digital Hell) And who knows, The hacker may be hacking from a Starbucks or any one of a hundred "free Wifi" hotspots. He or she could have even spoofed someone's IP Address or logon or bounced it off a hundred different proxies. The most it would do is give you a geographical area to provide to the local law enforcement which, contrary to their portrayal on most TV shows, are not computer saavy enough to even recreate 1/10th of the network forensics required or are tied by those pesky things like "due process", "innocent until proven guilty", and "right to privacy" laws  etc.   LOL. But seriously, It can be extremely difficult for law enforcement to track and catch a hacker "red-handed". It took the US Department of Justice and the FBI two-and-a-half YEARS to track down Kevin Mitnick. And that was before 802.11 Wi-Fi. With this "free wireless internet" a hacker can be miles away from where he is accessing the internet and then drive away when he's done. Counterhacking a hacker is sometimes the only way to catch them. But if you do that you've upped the ante and the hacker may be out for blood, revenge or to totally pwn you.  (Check out the movie: Hackers and then think about this: if it changed from "white knights saving the world" to "lone wolves out to make a buck" how much worse would it have been for Agent Dick Gill if they weren't just screwing around with him and how much worse would the rivalry and ego and even hatred have been between hackers?)

[corrado33]

3 hours ago, Mornincupofhate said:

lol "hack the proxy" cringe

 

No home router will log every IP address that it sees. Connections are stored in state tables inside the ram, and most routers will clear entries when you stop communicating with it.

My router stores connections until I tell it to clear... I don't think I've ever had a router that didn't do that...

 

Actually, it stores it for a week, I just checked....

 

So maybe I have a super special router, but my experience says differently than your writing. Does your router not have logs?

[Coldfuson]

Dude... Youve been over this a thousand times... Please just calm down. 

You're just paranoid. 

[leadeater]

10 hours ago, Nipplemilk909 said:

Or I'm big foot who knows? I don't really see what's wrong with my English , then again I don't care much for English 

Clear and concise communication is required when asking for help else it is impossible. This is required of all parties in a conversion otherwise it has no merit in continuing. It is also basic respect of a language to use it properly if you can do so.

 

Not being a native speaker of the language, being young and still learning or having learning difficulties is perfectly acceptable and is something people will be able to identify and remain respectful of this fact. However if you blatantly do not care then do not expect others to return anything other than in kind.

 

Hacking of home networks is extremely rare, we have nothing of value and is a waste of effort. However you can compromise your own network which is generally what actually happens which triggers a series of other automated processes that have been setup by a malicious person. The biggest threat to home and corporate networks are users, always has been always will be and there is no security tool or firewall that will eliminate this risk. User training and common sense is the best security beyond the pure basics.

 

Tracing any traffic from your network if you have been compromised is a futile effort as it will lead no where. You will never be able to tie it to a real person or actually find the real source.

[Ryujin2003]

10 hours ago, Nipplemilk909 said:

Or I'm big foot who knows? I don't really see what's wrong with my English , then again I don't care much for English 

 

OK so how would I know its a bot, what would a bot do to make the new public IP my ISP gave me useless. ? 

 

I've wiped my hole network's hard drives and considered re flashing the bios on all machines 

Long period of time torrenting without more security like ah vpn, , not updating my router passwords and being on a home network that other users probably downloaded fishy things.. Etc.

 

How would It be much of nothing to see the other side of the connection  ?

Torrenting with VPN is to hide traffic from your ISP. A hacker probably gained access to your machine via a backdoor that you downloaded.

 

Guess what. It's the 21st century, nothing is free. No one is going to go through the trouble of creating cracks and other pirated material to share with the world for free. They often put stuff in the you won't see.

 

You wouldn't know your PC is a bot, that's their goal. If you still have malicious code on your PC, then it would contact the creator, giving up any new IP address.

 

I would invest in some legitimate internet security programs, and change behaviors online. Teaching this hacker isn't going to be fruitless. You've already wiped the HDDs, so there isn't much left for forensics of any agency in law enforcement wanted to trace any code.

 

I'd say it's more a case of hopefully lesson learned. If you have to all how to track this guy, you've been out classed. Granted it could be some 12 year old kid, but I doubt that.

 

Don't torrent and stay off TOR unless you know what you're doing.

[leadeater]

8 hours ago, corrado33 said:

My router stores connections until I tell it to clear... I don't think I've ever had a router that didn't do that...

 

Actually, it stores it for a week, I just checked....

 

So maybe I have a super special router, but my experience says differently than your writing. Does your router not have logs?

Most home routers only store very basic information not every single session and all packet flow information, this is also only logged from internal devices to the internet. You'll almost never see any internet to your router traffic being logged, except for any port forwarding rules you have setup.

 

Detail logging of network traffic is very CPU demanding and keeping this long term requires a fair amount of storage. We have so much traffic at work that it is impossible to log all traffic due to the hardware resource demand and the amount of storage it would take, it would then be impractical to try and search through this log information as it would take far too long. We have about 300TB assigned/projected for storing firewall logs.

 

My FortiGate 60D enterprise firewall I use at home by default does not log any traffic denied by the default rule and that is a $1000 USD device with support and licensing for 3 years. If this can't do it there isn't a basic home device that can either. I could turn it on but that would be CPU torture.

[corrado33]

8 hours ago, Coldfuson said:

Dude... Youve been over this a thousand times... Please just calm down. 

You're just paranoid. 

Looking at this. I think the OP should consider getting checked out by a doctor. Extremely paranoid, for little to no reason. Something wrong there.

[corrado33]

3 hours ago, leadeater said:

Most home routers only store very basic information not every single session and all packet flow information, this is also only logged from internal devices to the internet. You'll almost never see any internet to your router traffic being logged, except for any port forwarding rules you have setup.

 

Detail logging of network traffic is very CPU demanding and keeping this long term requires a fair amount of storage. We have so much traffic at work that it is impossible to log all traffic due to the hardware resource demand and the amount of storage it would take, it would then be impractical to try and search through this log information as it would take far too long. We have about 300TB assigned/projected for storing firewall logs.

 

My FortiGate 60D enterprise firewall I use at home by default does not log any traffic denied by the default rule and that is a $1000 USD device with support and licensing for 3 years. If this can't do it there isn't a basic home device that can either. I could turn it on but that would be CPU torture.

Sure, most routers only store info associated with the forwarded ports, but how else is the hacker to hack into the network if not for a vulnerability like that? I'm pretty sure that if you keep the firmware updated on your router they're not susceptible to hacking, especially if you have remote administration turned off. Someone from the WWW doesn't see your internal network, they ONLY see your router. (this isn't directed at you leadeater) If you have all ports closed off, then it's very likely that you are perfectly safe. Hacking today is generally about finding a vulnerability and exploiting it. Those vulnerabilities generally come from outdated software. "Find the vulnerability by scanning ports and probing software used -> go online to find hack for that particular vulnerability -> apply hack -> granted access." The very large majority of hackers don't WRITE the hacks, they only apply them. It's only a small subset that are smart enough to actually write malware that takes advantages of those vulnerabilities. "Brute force" hacking today doesn't really exist. I can't connect to any router and brute force my way into it. It doesn't work like that. Most, if not all modern routers have safeguards against this. 

 

And sure, maybe the hacker could get some UPNP ports open, but my router logs those as well. (I see all torrent traffic from all of my rooommates...)

 

So again, I'm really confused as to how the hacker would get past the router, access a computer, and not have it logged at all. Maybe I'm ignorant. Maybe I don't know the latest methods, but it seems like an impossibility from my end.