Using Norton Firewall logs to report hackers

Just a note, I am using Norton System Works 2003 and Norton Firewall 2002, so there might be some slight differences if your versions are not the same

  1. Click on Firewall Icon--Norton system Works Opens

  2. Click on Options

  3. Click on Personal Firewall

  4. Where it says "Click to view the events in the event log"  click on View Event Log

You will see two frames. The top frame reports a summary of the event and the bottom frame gives you detailed information. (see graphic below)

  1. In the log for each event you will see two lines (if you created a rule) The first line reports the security alert but the info in the lower frame is not the complete info needed to report the issue.

  2. What you really want is the Rule, this give you the evidence you need to report the attack.

  3. Once you have highlighted the rule in the top frame, look in the bottom frame. Look for "Remote address, service is (IP Address)". You will want to copy the first 4 sets of numbers to paste them into the search. If you look at the graphic above you will see a ,3026, this part of the IP address you do not want to include in your search.. You want ***.***.***.*** and these can each be 1-3 digits.

  4. Go to either DSL Reports or Arin and enter your copied IP Address into the appropriate place and hit enter.

  5. It will then either show you a name of the ISP or it will give you a detailed list with email addresses. If you are lucky enough to have an email address provided for you then try and find the one for abuse, if that isn't there just use one that looks official. For the providers not leaving a contact copy their name and place it in your search engine and find their website. Then find an email address or contact form. Don't even pay attention if it doesn't pertain to your complaint, fill the dang form out and report the attack under comments. I will NOT give any of them my real address and phone #, sometimes I put "me" for my name other times I put my real name. The people don't need your address and phone # to deal with "their" abusive customers. You do need to provide them with a valid email address as they may need to contact you. (And as an added bonus when they confirm your complaint you can verify that the email address you used was correct and add it to your contact list or address book for future use.)

  6. Once you have their email address go to your email program (or a contact form) and write your complaint. Copy your event log for that ISP (The grayed area in the graphic above) and paste it into the email or contact form.

  7. Send your email or contact form.

  8. Be prepared if you are doing a large list of complaints that each and every ISP will send you a confirmation email. At least you know they received yours!


   Site Map

    Copyright © 2001-2005 Margaret Walker