Re: Key strokes logger

From: Meritt James (meritt_james@bah.com)
Date: 07/31/01


Message-ID: <3B66EF73.2FD801E6@bah.com>
Date: Tue, 31 Jul 2001 13:48:35 -0400
From: "Meritt James" <meritt_james@bah.com>
To: centipede <centiped@netvision.net.il>
Subject: Re: Key strokes logger

If auditing is enabled on NT systems, the information which you claim
interest (and NOT passwords) is recorded. (Including failures, of
course!). Enable full (and I mean FULL) auditing for an interval.
Beware of exceeding the disk space available- there is a LOT of data!

Why would you want (as in the original request) passwords associated
with usernames?

centipede wrote:
>
> It goes to a host on which I've got the full administrator authority.
> Full access to its Devices, Registry or whatever.
> A remote installation is truly preferable.
> James, to your question, here's the thing:
> I suspect that host to be the source of malicious activity.
> I *DO* suspect a certain user, but I wanna do some research.
> I need to know about every single login, and I'm interested in the
> failures no less than the successes.
> that's about it.
> thanks,
> centipede.
>
> Meritt James wrote:
>
> > Well, THAT looks like a less-than-friendly specification! Why do you
> > want such a thing?
> >
> > centipede wrote:
> >
> >> Hello,
> >>
> >> I'm looking for a key-strokes logging utility for an NT4.0 host.
> >> It should be stealthy and hopefully capable of logging the log-in
> >> username and password.
> >> Any suggestions ?
> >>
> >> thanx
> >> centipede.
> >

-- 
James W. Meritt, CISSP, CISA
Booz, Allen & Hamilton
phone: (410) 684-6566