Intruders will often work from IP Addresses which are not easily resolved (that is, performing a Name Server reverse lookup will not return the network administrator nor any other contact or origin information). Another way to obtain information regarding the intruder's origin is to do a trace route. This will trace every router along the path back to the intruder. In this manner you should be able to determine from what country or region (and backbone network provider) the intruder originates. NOTE: because IPNetSentry automatically installs a filter blocking ALL datagrams from an intruder, a trace route will NOT show return packets from this intruder. The last returned packets will originate from the router nearest the intruder.
IPNetSentry makes it easy to perform a trace route on an intruder. But before you can do this you must:
- setup the "Internet" control panel (Internet Config on older Mac OS systems) so that "traceroute" commands are executed by IPNetMonitor.
To setup the Internet (Internet Config) control panel:
- open the Internet control panel
- select the "Advanced" tab
- click on the "Helper Apps" icon and Add... a new Helper Application
- enter "traceroute" as the type and description
- "Select" IPNetMonitor as the application which should be the target for traceroute commands.
- Click "OK" and save these new settings.
Now, anytime you receive notification of an intrusion, you can automatically run a trace route on this intruder by simply holding down the Control key on your keyboard and closing the notification alert. You can also hold down both the Shift and Control keys to both get more information about the intruder's specific IP address (through your browser) AND run a trace route.
