Viewing a History of Intrusion Attempts
InternetPeriscope allows you to keep and view a history of Hacking attempts.
Before you can view the history of intrusion attempts, you must setup Intrusion Detection.
To see a history of Intrusion Attempts, click on the "Hosts" menu, move your mouse over the "This Host" menu, and click on the "History of Detected Port Scans..." menu item, as shown in the figure below.
The Detected Port Scans dialog box appears. This dialog box shows several hacker attempts in the "Detected Ports Scans" listbox. You can click on any of the scans in this listbox to see what the hacker attempted to probe. In this example, the hacker attempted to connect to port 111, the Sun RPC Portmapper Service. As of this writing, this is a very popular port to test with Hackers from outside the US.
Click on the "Get ISP contact info (arin.net)..." button to bring up the Whois (arin.net) dialog box.
The whois.arin.net dialog appears. Click on the search button to find out the hacker's ISP. Note that the Registry is set to the American Registry for Internet Numbers.
After a few moments, InternetPeriscope displays the Whois Search Results Dialog.
The text informs us that these IP addresses are managed by European Regional Internet Registry (RIPE). To find the hacker's ISP, we must ask InternetPeriscope to search this registry for us. Click on OK to remove the Results dialog box.
Change the Registry to "RIPE" as shown in the figure below, and click on the Search button.
After a few moments, the following results will be displayed.
Scrolling through this information, you will see a number of email addresses. It is recommended that you send a complaint email to all of these addresses, notifying them of the intrusion attempt.
You may be able to find out more information about the hacker by using InternetPeriscope's Whois and DNS features.