First and foremost, check your logs. If you have a firewall with any intrusion protection, make sure you set it to notify you when someone is scanning your ports. Make sure you are monitoring the traffic going to any remote access connections, even if you use non-standard ports. If you have a Microsoft shop; Your security logs in Event Viewer for Windows are a critical first look. Use them. Other Great Tools for hunting and tracking those that attack through the web: TCPView
http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx
TCPView
is a Windows program that will show you detailed listings of all TCP and UDP
endpoints on your system, including the local and remote addresses and state of
TCP connections. On Windows Server 2008, Vista, and XP, TCPView also reports
the name of the process that owns the endpoint. TCPView provides a more
informative and conveniently presented subset of the Netstat program that ships
with Windows.
The TRACERT (Trace Route) command is a route-tracing utility used to determine the
path that an IP packet has taken to reach a destination.
Provides information about network latency and network loss at intermediate hops between
a source and destination. Pathping sends multiple Echo Request messages to each
router between a source and destination over a period of time and then computes
results based on the packets returned from each router. Because pathping
displays the degree of packet loss at any given router or link, you can
determine which routers or subnets might be having network problems. Pathping
performs the equivalent of the tracert command by identifying which routers are
on the path. It then sends pings periodically to all of the routers over a
specified time period and computes statistics based on the number returned from
each. Used without parameters, pathping displays help.
GEO
IP Tool http://www.geoiptool.com/
An IP address ( internet protocol address ) is a unique number that devices use in
order to identify and communicate with each other on a network utilizing the
Internet Protocol standard. Any
participating device including routers , computers , servers, printers, and
even some telephones(VOIP) must have its own unique communicable address. This tool shows you a location of an IP
address in a Geo-spatial way.
This test will return WHOIS registration results for a DOMAIN name. Depending
on the registrar, you can see various information like who is it registered to,
when it was registered and when it expires, where the DNS is hosted, and
more. In some cases, you will be able to go the registrar's site to get
more information. A host of tools that you may find useful for finding or checking on various computers on the internet NSLookup http://support.microsoft.com/kb/200525
Microsoft and Unix command-line administrative tool for testing and troubleshooting DNS
servers. The first thing that you need to understand about NSLOOKUP is that when you use the
NSLOOKUP command, it assumes that you are querying a local domain on your private network. You can query an external domain, but NSLOOKUP will try to search for the domain internally first.
|