Network abuse FAQ series
What is hacking?
It is an attempt to gain access your system. Hackers may be looking for
personal information, such as passwords or credit cards numbers; they may
be trying to make use of your Internet connection to transit their own
material; or they may just be searching at random to see what they can
find. For more information, see CERT's article on the security of the Internet.
Can I stop hackers getting in to my system?
There are many technologies out there such as firewalls, monitoring
software, and security analysis tools that you can use to prevent and
detect network intrusions. Your ISP may be able to give you advice on what
would suit your needs.
What can I do if I have been hacked?
The first step is to report the activity to the hacker's ISP. Most ISPs
realize it is bad for their reputation to have this activity on their
networks and should be able to take action against the hacker. If the ISP
does not respond to your complaint, then you may need to contact law
enforcement agencies either in your jurisdiction or the jurisdiction where
the problem originates.
How do I find the hacker's ISP?
If you are using monitoring software, it should provide you with the IP
address of the hacker.
The software may even do a search on a whois database to find the organization
the hacker's IP address is allocated to. Unfortunately, many
of these tools give incomplete search results. If your software refers you
to on of the four RIR's and not the ISP, then you will need to search for the problem IP address in the
RIR's Whois Database.
You can manually search the whois databases of the four Regional
Internet Registries (RIRs). All Registries (RIR's) will have in-depth help
on how to perform searches on their databases.
How do I complain to a hacker's ISP?
Use the (RIR's) Whois
Database's to get email addresses for the administrative and technical
contacts at the ISP (admin-c and tech-c). Email your
complaint to these contacts for them to investigate.
Please remember that the people you are writing to at this stage are
unlikely to be involved in the attacks on your system, so be firm but
In your complaint, include as much relevant information as possible to
make it easier for the ISP to locate and deal with the abuser. If your
firewall software has generated a log file of the attack, then you should
include that. If not, try to include at least:
- the IP address that attempted the network intrusion
- the date
- the time
- the time zone
Should I retaliate by trying to hack the hacker?
RIR's strongly recommends that you do not try launching a counter
attack. In many cases hackers may work by disguising their location or
hijacking the systems of others. By retaliating you may simply do more
damage to another innocent party. Depending on the applicable laws, you
may also be committing a criminal offence or exposing yourself to
I want to know more about preventing hackers
For more detailed advice on how best to deal with the attacks to your
network, you could visit CERT. You may find the following two articles on the
Internet security helpful: