Results 1 to 10 of 10

Thread: Can "THEY" see what I am doing ????

  1. #1
    Member
    Join Date
    Jan 2002
    Posts
    61

    Can "THEY" see what I am doing ????

    I was wondering, if while doing port scanning on subnets can this type of traffic be detected? First, can this type of traffic be detected by the potential "victims" PC that you scanning. Second, more importantly, can it be detected by say Optimum Online or the Fed. I know a port scanner takes the range of IPs specified and probes each port to find one that is listening or "open". This sounds like it could generate a whole 5HI7 load of traffic comming from your IP. Is there someone out there watching these lines for this type of traffic?

    I would be naive to think that there is nobody watching? This would be a perfect place for an anti-hacking element to find potential hackers.


  2. #2
    can this type of traffic be detected by the potential "victims" PC that you scanning

    Yes using a firewall
    can it be detected by say Optimum Online or the Fed

    Am assuming Optimum online is an isp then yes - and the feds could just as easily but do really think they are going to be worried about some script kiddie port scanning?
    I know a port scanner takes the range of IPs specified and probes each port to find one that is listening or "open". This sounds like it could generate a whole 5HI7 load of traffic comming from your IP

    Yes it does - if you must port scan do it remotely
    Is there someone out there watching these lines for this type of traffic?

    Yes
    I would be naive to think that there is nobody watching? This would be a perfect place for an anti-hacking element to find potential hackers

    Yes you would - and they wouldn't catch hackers they'd catch script kiddies

    v_Ln

  3. #3
    AO Curmudgeon rcgreen's Avatar
    Join Date
    Nov 2001
    Posts
    2,716

    Thumbs up

    Not only can they see what you're doing,
    but they can also know what you're thinking.
    I came in to the world with nothing. I still have most of it.

  4. #4
    Member
    Join Date
    Jan 2002
    Posts
    61
    I agree, It would not be hard for them to figure out that if I'm scanning a subnet that my next step would be to hack those PCs that I found.


  5. #5
    AO Curmudgeon rcgreen's Avatar
    Join Date
    Nov 2001
    Posts
    2,716
    yep
    I came in to the world with nothing. I still have most of it.

  6. #6
    Senior Member
    Join Date
    Jan 2002
    Posts
    458
    Nearly everything you do can be seen, logged, and traced back to you if they really wanted to. I recently got the chance to see a new product called SilentRunner, and it is amazing what it can do.

    http://www.silentrunner.com

    Some of the algorithms used in this product were developed by the NSA, and now are released to the general public, although nobody....inluding the company that makes the software, actually knows exactly how the algorithms work. The scarriest thing to me is that if a product this good has been released to the public....just think about the tools that we do not yet know about. You have heard of Echelon right?

  7. #7
    AntiOnline Senior Medicine Man
    Join Date
    Nov 2001
    Posts
    724
    Yeah the Echleon sattelite.....Big Brother is watching. That bad boy is serious. There's no stopping that thing can see you hiding in your closet covered in mud, with lead lining in your house. <just a little exageration> Makes you wonder why the hell we don't know where Osama punk ass is at.
    It is better to be HATED for who you are, than LOVED for who you are NOT.

    THC/IP Version 4.2

  8. #8

    Re: Can "THEY" see what I am doing ????

    Originally posted by Gixxer
    I was wondering, if while doing port scanning on subnets can this type of traffic be detected? First, can this type of traffic be detected by the potential "victims" PC that you scanning. Second, more importantly, can it be detected by say Optimum Online or the Fed. I know a port scanner takes the range of IPs specified and probes each port to find one that is listening or "open". This sounds like it could generate a whole 5HI7 load of traffic comming from your IP. Is there someone out there watching these lines for this type of traffic?

    I would be naive to think that there is nobody watching? This would be a perfect place for an anti-hacking element to find potential hackers.

    Most definately any kind of scanning would be detected if the target is running any kind of firewall, hardware or software. I know that some firewalls have an alarm that sounds when it detects port scans, but even if a detection system like that isn't in place, if the firewall is configured right then the scans will show up in the logfiles. An administrator who knows about security would pick up on this in a heartbeat while scanning logs. Those scans would probably also be traced back to the source IP address, which would also show up in the log.
    But yes, port scanning traffic will be detected unless the target is completely oblivous to networking security (not running firewalls, etc.). Running without firewalls these days is like suicide - if a network is not protected, sooner or later the network will be found and exploited.
    - Maverick

  9. #9
    Senior Member
    Join Date
    Dec 2001
    Posts
    137
    Can THEY see what your doing??
    Its all what is your perception of they.
    If your tryin to port scan some kiddie on aol the answer is probably not.
    If your tryin to hack any kind of host with a firewall they will see everything your doing.
    They probably won't do anything about it but if you get in you'll get busted...

    Just my two cents,
    XPaCiScOoL

    [glowpurple]\"Your Smallest Flaw is my greatest Strength.\" - Me[/glowpurple]

  10. #10
    Senior Member
    Join Date
    Jan 2002
    Posts
    458
    I'll tell you what guys...I think THEY means the feds, or the NSA, etc. And yes....THEY can see what you are doing even without a firewall. A firewall is simply a tool to block unwanted traffic. Although it does provide logging capabilities, it is not intended to reconstruct an attack. I have been working in network security for many years now, and I can tell you for a fact that the firewall is not the best place to get information regarding an attack. For one, ports are always left open on a firewall, and many times are not even logged (i.e. HTTP) because logs would be way to large to do anything with.

    What we are talking about here goes WAY beyond the realm of the firewall. Don't get me wrong, a firewall plays a critical part in securing your network, but it is not the ultimate solution. Many ISP's capture all traffic going across their networks. These packet captures can be reviewed at any time, and even in real-time to find out everything about what is happening on a network. So if you are port scanning or something like that...it can be traced back to you if it became necessary. Like I said...go to http://www.silentrunner.com and check out the software, you will be in awe when you realize what can be seen by others. For example, silentrunner can search for key words in real-time packet captures, and can give source IP's, source MAC addresses, and can pinpoint the exact source of an attack. It can also analyze to completely different pictures with different characteristics (like britney spears with blonde hair in one with a pink outfit, and with brown hair in another wearing a blue outfit) and can still distinguish the fact that they are both the same person. Now you might not think this is a big deal, but it can do the exact same thing with attack signatures. So it can correlate two diferent attacks to two different locations, at two different times, and still tell that the attacks are from the same person.

    The only thing SilentRunner can't do yet, is inspect encrypted traffic....hint....

    But that also does not mean that there is not other software out there which we do not know about that can.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •