I keep getting a warning from Norton firewall, informing me that an attempt has been made (and blocked) to access my computer using a trojan horse. An IP address is given for the attacker.
Is there any way to trace where this attack has originated from ?
(Preferably an e-mail address).

Thanks for any advice

419

Warning; under informed response!!

I'm by no means an expert on this subject but since I have had some strange things going on myself lately computer wise it is of interest to me and I have been playing around with a few things.

Try running the IP through this. (http://www.download.com/NeoTrace-Pro/3000-2648-7139158.html?tag=lst-0-1) (30 day demo). It will give you a location and most likely an indication of the name of ISP being used, you can then complain to their abuse department for them to investigate the matter further.

Most IP's of home users change so will not definately point to the culprit. The ISP will however be able to check their logs to see whom the IP you have was allocated to at any specific time.

Do bear in mind that the IP could be that of a proxy server (??) that hides the true IP of the attacker.

Please be aware that I'm not sure if these are the correct terms for things or even if I'm technically correct in my comments, it is 'as far as I know' type info only!

I look forward to a more informed response from those in the know, having the errors I have most likely made here corrected and learning more on the subject. :ok:

[list=1]
Go here (http://www.dnsstuff.com/)
Paste "offending" IP address into 3rd box down in centre column
Read details
Email the "abuse" email address
Sit back and wait whilst SFA actually happens about it :)
[/list=1]

Or,

Be thankful you have a firewall and forget about it because it happens all the time

419,

Turn off the warnings. It is probably a computer that the P.D.U. does not know is infected.

It is much better to turn off those warnings so you do not know about all the attacks that constantly happen. (Most are just Port Sniffing.)

Take Care,

Richard

http://www.geobytes.com/IpLocator.:ok:

Or try Sam Spade (http://www.samspade.org) The owner has some interesting perspectives on computer security, or rather the lack of it no matter how hard you may try.

Enter the offending IP Adress number into the 'IP Whois' field and get the name and details of the offending computer. It may be spoofed though, and the owner will be unaware that they are hosting a parasite.

Monitoring probe attempts can be interesting, but Firewalls tell you too much and its not a good idea to ping the IPs of the sources. That tells them you're there and you've done the job for them by compromising your own invisibility - if you have any...

Check how tight your firewall is at Steve Gibson's Shields Up (https://grc.com/x/ne.dll?bh0bkyd2) free service. Be prepared for some surprises. After using his site my own PC is so tight it doesn't even know it exists itself, never mind anyone else. ;) But that doesn't guarantee safety. As long as you're on the internet someone, somewhere will get into your computer and screw it up.