Re: Intrusion Question

From: winged (winged_at_nofollow.com)
Date: 02/17/05


Date: 16 Feb 2005 20:13:34 EST

BillyBob-JoeJack wrote:
> "Mark St Laurent" <stormrunner'_removethis'@comcast.net> wrote in message
> news:onLQd.526$Pz7.410@newssvr13.news.prodigy.com...
>
>>We do not have any linux or non server unix boxes to run sniffer from.
>>What is the most popular sniffer ported to windows that I could set up and
>>learn to use.
>>
>
>
> http://www.ethereal.com
>
>

Best choice for a low budget(free), works well. Be sure you are using
the current version as I remember a vulnerability bug recently where an
attacker could take over the ethereal equipped PC. Monitoring is best
accomplished from inside the switch closet. My experience indicates
commonly such things may be being done by another employee for various
reasons, so you probably want to keep activity private/quiet. I have
seen Trojans being operated by people inside as well outside the network.

Ensure no plug in type keyloggers are attached to the input plug of the
keyboard plug. I have seen plug type keyloggers do strange activity
with the mouse especially as the keylogger gets full. Of course you
never want to see one of those anywhere on your network, but they are a
readily available device one must be alert for. Because they are so
small (fitting like a keyboard plug extension or adapter) and easily
placed and removed you may need to be aware of the possibility. They
are pretty hard to spot unless you are looking for them. I never have
tried to figure out why/how something on the keyboard plug could
interfere with mouse, but it is something that has been observed.

Winged