Sunday, March 05, 2006

Track down those trying to use your 'puter

Everyone knows that you should run a Firewall program, even in addition to (or instead of) the default Windows Firewall that comes with Windows XP. "So great", you say. "I do have a firewall. But what do I do with alert information the firewall shows -- for example the IP (Internet Protocol) address of another computer trying to access mine?" Personally, I'm mighty curious about even the attempts my firewall blocked. Aren't you?

Well, you can figure out who owns the source IP by looking at the Firewall logs. For example, my ZoneAlarm firewall "More info" option showed that the computer that had sent the data packet that caused an alert to be entered into the log was 70.224.246.43. OK, but exactly who owns that computer IP address and who should I email for details, assuming I want more information?

Luckily, the "WHOIS" database at ARIN (as well as some others) gives a free listing of such information, based on the registration of the IP address/web site. Just enter the IP address at their site and you get detailed information. Try the above IP address and see what you get.

If you have a web address (URL) instead of an IP address, you can get information via the general WHOIS database at whois.net or AllWhoIs.com. For example, enter umc.org into the AllWhoIs Search field and click on "Search". Scroll down through the results to see what data is available.

With such tools, you can often trace attempts to get into or out of your computer. It's important to check on these attempts periodically, if only for peace of mind. I do so every month or so.

And remember -- it's important to check who's trying to send information out of your computer as well as who's trying to get in. Check on both types of attempts.

No comments: