Viewing a History of Intrusion Attempts

InternetPeriscope allows you to keep and view a history of Hacking attempts.

Before you can view the history of intrusion attempts, you must setup Intrusion Detection.

To see a history of Intrusion Attempts, click on the "Hosts" menu, move your mouse over the "This Host" menu, and click on the "History of Detected Port Scans..." menu item, as shown in the figure below.
Hosts menu

The Detected Port Scans dialog box appears. This dialog box shows several hacker attempts in the "Detected Ports Scans" listbox. You can click on any of the scans in this listbox to see what the hacker attempted to probe. In this example, the hacker attempted to connect to port 111, the Sun RPC Portmapper Service. As of this writing, this is a very popular port to test with Hackers from outside the US.

Detected Port Scans Dialog

Click on the "Get ISP contact info (" button to bring up the Whois ( dialog box.

The dialog appears. Click on the search button to find out the hacker's ISP. Note that the Registry is set to the American Registry for Internet Numbers.
Whois Arin Dialog

After a few moments, InternetPeriscope displays the Whois Search Results Dialog. Whois Search Results

The text informs us that these IP addresses are managed by European Regional Internet Registry (RIPE). To find the hacker's ISP, we must ask InternetPeriscope to search this registry for us. Click on OK to remove the Results dialog box.

Change the Registry to "RIPE" as shown in the figure below, and click on the Search button. Search Button

After a few moments, the following results will be displayed. Results Displayed

Scrolling through this information, you will see a number of email addresses. It is recommended that you send a complaint email to all of these addresses, notifying them of the intrusion attempt.

You may be able to find out more information about the hacker by using InternetPeriscope's Whois and DNS features.