Network abuse FAQ series
Spammers & hackers : Reporting network abuse | Spam | Using the RIR's Whois Database to find their network
It is an attempt to gain access your system. Hackers may be looking for personal information, such as passwords or credit cards numbers; they may be trying to make use of your Internet connection to transit their own material; or they may just be searching at random to see what they can find. For more information, see CERT's article on the security of the Internet.
There are many technologies out there such as firewalls, monitoring software, and security analysis tools that you can use to prevent and detect network intrusions. Your ISP may be able to give you advice on what would suit your needs.
The first step is to report the activity to the hacker's ISP. Most ISPs realize it is bad for their reputation to have this activity on their networks and should be able to take action against the hacker. If the ISP does not respond to your complaint, then you may need to contact law enforcement agencies either in your jurisdiction or the jurisdiction where the problem originates.
If you are using monitoring software, it should provide you with the IP address of the hacker.
The software may even do a search on a whois database to find the organization the hacker's IP address is allocated to. Unfortunately, many of these tools give incomplete search results. If your software refers you to on of the four RIR's and not the ISP, then you will need to search for the problem IP address in the RIR's Whois Database.
You can manually search the whois databases of the four Regional Internet Registries (RIRs). All Registries (RIR's) will have in-depth help on how to perform searches on their databases.
Use the (RIR's) Whois Database's to get email addresses for the administrative and technical contacts at the ISP (admin-c and tech-c). Email your complaint to these contacts for them to investigate.
Please remember that the people you are writing to at this stage are unlikely to be involved in the attacks on your system, so be firm but polite.
In your complaint, include as much relevant information as possible to make it easier for the ISP to locate and deal with the abuser. If your firewall software has generated a log file of the attack, then you should include that. If not, try to include at least:
RIR's strongly recommends that you do not try launching a counter attack. In many cases hackers may work by disguising their location or hijacking the systems of others. By retaliating you may simply do more damage to another innocent party. Depending on the applicable laws, you may also be committing a criminal offence or exposing yourself to litigation.
For more detailed advice on how best to deal with the attacks to your network, you could visit CERT. You may find the following two articles on the Internet security helpful: