LocostBuilders - powered by XMB

Anyone know who this is?

Mark Allanson - 29/3/05 at 07:41 PM

81.192.95.79

He/she is trying to hack my computer, probably from the states
Rescued attachment HackingBastard.JPG

ned - 29/3/05 at 07:48 PM

do a google on 'whois ip address'

a quick search of the whois database gives this info:

-------------------------------------------------
Search results for: 81.192.95.79

OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL
--------------------------------------

following the 'ripe' company look and doing another lookup on their database gives: (suprise suprise, morocco)

-----------------------------------------
% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
inetnum: 81.192.0.0 - 81.192.255.255
org: ORG-AFNC1-RIPE
netname: AFRINIC-NET-TRANSFERRED-20050223
descr: This network has been transferred to AFRINIC
remarks: These IP addresses are assigned in the AFRINIC region.
remarks: Authoritative registration information for this network
remarks: is available for query and modification in
remarks: the AFRINIC whois database: whois.afrinic.net or
remarks: web site: http://www.afrinic.net
remarks: The routing registry information (route(6) objects)
remarks: may be published in any Routing Registry, including
remarks: RIPE Whois Database
country: EU # country is really somewhere in African Region
admin-c: AFRI-RIPE
tech-c: AFRI-RIPE
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-routes: RIPE-NCC-RPSL-MNT
changed: hostmaster@ripe.net 20050223
source: RIPE
route: 81.192.0.0/16
descr: Morocco-MAROC TELECOM- 6713
descr: MAROC TELECOM Noeud Internet
origin: AS6713
mnt-by: AS6713-MNT
changed: oumlil@iam.net.ma 20030917
source: RIPE
organisation: ORG-AFNC1-RIPE
org-name: African Internet Numbers Registry
org-type: RIR
address: see http://www.afrinic.net
e-mail: bitbucket@ripe.net
admin-c: AFRI-RIPE
tech-c: AFRI-RIPE
remarks: For more information on AFRINIC assigned blocks, use
remarks: AFRINIC's whois database, whois.afrinic.net.
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
changed: bitbucket@ripe.net 20050223
source: RIPE
role: The African Internet Numbers Registry
org: ORG-AFNC1-RIPE
address: AFRINIC, see http://www.afrinic.net
admin-c: AFRI-RIPE
tech-c: AFRI-RIPE
nic-hdl: AFRI-RIPE
e-mail: bitbucket@ripe.net
remarks: For more information on AFRINIC assigned blocks, connect
remarks: to AFRINIC's whois database, whois.afrinic.net.
mnt-by: RIPE-NCC-HM-MNT
changed: hostmaster@ripe.net 20050223
source: RIPE
------------------------------------------------

and finally, on the afrinic whois lookup:

------------------------------------------------
% This is the AfriNIC Whois server.

inetnum: 81.192.95.0 - 81.192.95.255
netname: IAM
descr: Adsl maroc telecom
country: MA
admin-c: em1685-AFRINIC
tech-c: OA78-AFRINIC
status: ASSIGNED PA
mnt-by: ONPT-MNT
changed: mariem.akka@menara.ma 20050201
changed: hostmaster@afrinic.net 20050205
remarks: data has been transferred from RIPE Whois Database 20050221
source: AFRINIC

person: elasri merouane
address: rabat
address: maroc
phone: +212 37260023
fax-no: +212 37260023
e-mail: elasri@menara.ma
nic-hdl: em1685-AFRINIC
changed: elasri@menara.ma 20050201
changed: hostmaster@afrinic.net 20050205
remarks: data has been transferred from RIPE Whois Database 20050221
source: AFRINIC

person: Oumlil Aniss
address: Direction Internet ,division operation Rabat
address: Maroc
phone: +212 61870276
fax-no: +212 37725194
e-mail: oumlil@iam.net.ma
nic-hdl: OA78-AFRINIC
changed: mariem.akka@iam.net.ma 20020402
changed: hostmaster@afrinic.net 20050205
remarks: data has been transferred from RIPE Whois Database 20050221
source: AFRINIC
-------------------------------------------

why not drop them a line or email :p

Ned

[Edited on 29/3/05 by ned]

theconrodkid - 29/3/05 at 08:25 PM

inspector ned clusoue

David Jenkins - 29/3/05 at 08:40 PM

Mark,

Time to set up a firewall - double-quick!

I wouldn't be surprised if they're pinging your machine to see if it's active; then they'll try various weaknesses to see if they can hijack your PC.

Alternatively, if you've got broadband consider getting a router - I've run tests against mine and it's invisible to random searches.

David

Mr G - 29/3/05 at 09:28 PM

my ip tracker gives the latitude of 35.7850 and the longitude of -5.8130

(probably the isp's address)

Here's the location mapquest spat out:

MAP

Cheers

G

billy - 29/3/05 at 09:40 PM

go get em

mangogrooveworkshop - 29/3/05 at 10:16 PM

Seems to be a large delay on the last hop with an adsl2 connection

chunkielad - 29/3/05 at 10:30 PM

Send an amazingly large no of packets to them (quite a few bits of software out there to do it) and bring their system down.

James - 30/3/05 at 07:41 AM

Unfortunately my Moroccan ain't up to much but I know a woman answered:

+212 37260023

Cheers,
James