re what kind of software to run to see if you're being scanned - a simple one would be 'a firewall'
Zone Alarm is fairly easy and simply to install, and you can set it to give you a shout when there's a sniff at your IP.. if you're on sort've perm, then its a basic thing which you should have anyway..
once you get the IP, you can use a range of easy tools - like ping plotter, for instance, to see who/where the sniff came from..
it can be fun to ruin someones day entirely, when you get a scan from any of the big local ISP's users, to cut n paste the zone alarm (or whichever firewalls) alert, onto a simple form letter and fire it off to the abuse section of that ISP.. (along with the time of the incident)
Here's a basic form letter that I used to use before becoming invisible online..
'To Whom It May Concern
I received an intrusion attempt from an IP address which appears to originate from your domain.
(I'm cutting and pasting the alert from Zone Alarm below.)
Could you determine whether this IP was in fact, one of your users - and if so - could you please take whatever steps you deem necessary to ensure this doesn't happen again.
Many thanks.
-------snip
(insert firewall alert info here)
Yours sincerely
etc etc
------end
Stash this in a text format and just cut n paste when necessary - ISP abuse/security departments tend to respond well to a reasonable email which contains the info they need, and minimal attitude from the complainant. Usually this means the end of the world is about to happen to some lil l33t hacker-wannabee using daddy's dialup account and a copy of Grims Ping
] [
]
