Scan History - checking your machines for suspicious software additions
InternetPeriscope allows you to see a history of the Port Scans that you have performed on your remote hosts.
By checking your Port Scan history, you can determine if unauthorized software has been installed on your machines. If you run Port Scans from outside your firewall, you can use the Port Scan History to ensure that your firewall's configuration has not changed over time, and that your firewall has not been accidentally misconfigured.
To view a host's Port Scan History, right click on the host, and choose "Port Scan...", as shown in the Figure below.
The Port Scan dialog will appear. Click on the "Scan History" button that appears in the middle of this dialog.
The Scan History dialog appears.
This dialog tells us that:
- The user performed a Port Scan on 6/4/01, to determine what services were running on this machine. She scanned ports 1-65535 for both TCP and UDP because she wanted a list of all of the Internet Services that were running on this machine. The results of this scan are shown on the right side of the dialog.
- On 7/4/01, she again scanned the same ports on this machine. She did this to determine if any new services had been installed on this machine. The results of this scan are shown on the left side of the dialog.
- She found that a several services (finger, RPC Portmapper, and NFS) had been installed on her machine. She plans on finding out why these services were installed. She wants to be sure this software is needed and has been authorized.
- She has also found that "BackOrifice", a popular Hacker software program, has been installed on this machine. This is a very serious security breach requiring immediate attention.