Re: Intrusion Question
From: donnie (donnie_at_queyosepa.org)
Date: Fri, 18 Feb 2005 00:51:43 GMT
On Thu, 17 Feb 2005 20:59:14 GMT, "Mark St Laurent"
>Ethereal version I installed on my PC to become familiar with interface is
>0.10.9 I believe this is most recent. I am in switched environment. I
>noticed packet capture appears limited to interfaces directly connected to
>PC at which program is installed. How is this overcome? If installed to
>affected users PC woul not remote control user would have access to stop
>recording and delete record.
>Also the effected PC is not an optimal target (suspect horseplay) so if it
>was being compromised through firewall (both windows and hardware) using
>trojan program not detected by norton corporate and not listed by netstat
>what variants of current viruses such as NetBus or Back Orafice could be
>enabled on a machine without having an entry in registry run key to enable
>Machine does have USB to PS2 keyboard adapter (Belkin - no PS2 port native
>to PC) since moving receiver closer to mouse no more incidents. This is no
>reason however to ignore what I saw or to stop tring to learn more about
>these kind of attacks.
>Now that legitamate programs such as "GoToMyPc" are using port 80, spinoffs
>using similiar programming will make this type of connection become more
>difficult to trace.
Take that machine off line for a few days and see what happens.