Now you have a complete intrusion detection system that
monitors your own traffic. All of a sudden, you start seeing
things you've never seen before--Internet attacks on your computer.
They've always been there, but now you can actually see them.
Now that you see all these things happening on the network, is your
computer safe? Has something already happened that you should be
doing something about? What can you do about it?
With Defender running on your computer, you should feel much
safer surfing the Internet. At its default setting, most attacks will
be blocked and will be detected. You really don't have to do much
except to be aware of what's happening.
If you're the type who wants to take action, there is at least one
thing you could do--report the Internet abuser to the hacker's ISP (Internet
Service Provider).
The ISP that can actually stop the abuser is the ISP that has the hacker's
account. So, if you go there first, they can actually do something about
it--like cancel the hacker's account. E-mail the evidence
to the address "abuse@hackersisp.net" (where the domain name
is that of the hacker's ISP).
One of the things an ISP will want is some information. You can get
the basic attack information from a file called attack-list.csv.
This file is located in the installation directory. You should
make a copy of it, and use the copy as you wish. The original should
be left alone because it is actually a working file that is constantly being
written to.
If you open the copy of attack-list.csv, you will find data separated
by commas. The format of attack-list.csv is very easy to follow.
Other files you can use are the files with the prefix "evd" and the
extension ".enc" (for example, evd19990824-04.enc). These files
contain raw packet data from the offending attacks. Most ISPs should
have the means to read these Network Associates Sniffer-compatible or
Microsoft Network Monitoring Agent-compatible trace files.
You may find the following article interesting, around page 3.
In Pursuit of Internet Intruders by Sal Ricciardi
