Monitoring Internet Activity- (spywares)

[FP-WWIII]

Hello everyone,

I always run security programs on my PC, whether i am online or offline (like antivirus, and firewalls). And i test my PC firewall security on testing sites like (http://scan.sygate.com). My system checks cleans, and nothing seems to be wrong. However i still have doubts that some one might have been monitoring my internet activities from a remote location.

I am not sure if this is the right place to ask these questions. But i am sure the experts who might read my post, would be able to find an answer, and help me with my problems. I appreciate that a lot.

I have two questions with regard to Internet Privacy.

The first question. Can someone monitors my internet activities from a remote location, without any spy wares? If a hacker knows my IP address for example, can he still be able to monitor my internet activities, and view what i browse or do on the net?

The second question. I know, that a hacker would be able to do this kind of monitoring, if he successfully install a spyware program on my machine (spynet, or trojans, etc.). If this is the case, how can i be able to find those spywares?

I had doubts that i might have a spyware installed on my machine. I often go to port scan and security sites to test my ports, and their vulnerablity, but my ports are clean, and non of of the ports that are usually used for trojans or spyware (like spynet for example) are open. All of them are actually stealthed and blocked. Except for my ICMP port.

Thank you for your help.

[avdven]

To answer your second question, there have been many threads discussing various trojan/spyware removal tools. I personally like Lavasoft Ad-aware for looking for spyware. It's a free program and should find any known spyware on your computer. As for Trojan's you can download something like The Cleaner, or smiply keep your virus scanner updated and perform occassional scans to make sure nothing got it. Search the forums for more info about ad-aware and cleaner, or just find them on Google. I would help with your first question, but I haven't slept yet, and I'm too tired... good luck!

AJ

[maximus_neo]

I am using 'Active Ports' utility to scan my all active ports while i am online.

This utility shows all open and connected ports with remote location. so that i can define unknown session connections. If i found any connection as 'SPYWARE' i can terminate that connection.

You can find more details about 'Active Ports' from http://www.ntutility.com . This utility is a freeware

[nebulus200]

There are a few ways they could do that, the most obvious would be by owning your system. There are several other ways that they could intercept your traffic, for example by sniffing your traffic at some point between you and the destination or maybe they might even try a little tcp hijaaking. Your ISP could also provide that information about your browsing habits as well, if memory servers COMCAST got majorly slapped for that...

Neb

[Remote_Access_]

You can download Ad-aware here: www.lavasoftusa.com
Like avdeven said, it's free and it removes spyware components from your computer. Registry entries, directories, programs, etc.. If you're concerned about privacy, you should use SOCKS or an anonymous proxy. SOCKS are very slow though but if you wish to use it here's a list of servers: http://theproxyconnection.com/proxylist2.htm

If you'd prefer a proxy then try Multyproxy.

MultiProxy is a multifunctional personal proxy server that protects your privacy while on the Internet as well as speeds up your downloads, especially if you are trying to get several files form overseas or from otherwise rather slow server. It can also completely hide your IP address by dynamically connecting to non-transparent anonymizing public proxy servers. You can also test a list of proxy servers and sort them by connection speed and level of anonimity.

You can download it here: http://www.multiproxy.org/downloads.htm

If you use SOCKS then you should also use a web proxy to speed up your internet viewing. Check out The Proximitron if you decide to do so. It can maintains a list of different proxy servers and allow you to easily switch between them. You can even test proxy servers for accessability and see what, if any, HTTP headers they may add.. and it's free. You can download it here: http://proxomitron.org/

[FP-WWIII]

Thank you All for your help.

I do have Ad-aware from Lavonsof. and i do believe its a great program. Thank youf or mentioning it for me.

As for the Active Port Utility, well this is a new app that i heard of, and i really appreciate the hint. I just downloaded and i am going to try to use it. Thank you

With regad to the proxies and the SOCKS, i tried to use them, but i usually encountered problems viewing website, and with speed too. However, i thank you for the information which you included about multiproxy and about SOCKS. It looks like i didn't have accurate information about them. I will look thoroughly into both and try to learn more.

Thank you all very much.

[FP-WWIII]

Hello Nebulus,

Originally posted here by nebulus200
There are a few ways they could do that, the most obvious would be by owning your system. There are several other ways that they could intercept your traffic, for example by sniffing your traffic at some point between you and the destination or maybe they might even try a little tcp hijaaking. Your ISP could also provide that information about your browsing habits as well, if memory servers COMCAST got majorly slapped for that...

Neb

Thank you for your help. I need to understand few things that you mentioned.

First, What do you mean by "the most obvious would be by owning your system", do you mean that the hacker is someone who is a network administrator that my system is attached to, or my ISP provider? or someone who actually have access to my machine?

Second, you mentioned the technique of sniffing traffic as a way to monitor my internet activities. How accurate that procedure is? Would the hacker be able to form for example, actual view of pages i visited and read and looked at? Let's say for example i was browsing through a thumnail post, does that mean that the person can also see the thumbnail post?

Third, let's say that the hacker used a sniff to monitor my system. Is there a way where i can detect this sniffing procedure and stop it?

Fourth, TCP hijacking, i never heard of this term, and i really appreciate you or anyone else, post any information where i can read about it.

Ok my final question is with regard to how can i found out of my ISP is secure enough, to prevent any personal info about my as a user from leaking to hackers. How can i find out about that. Is there any websites that offer charts or audits on some of the ISPs out there?

By the way, i use Sympatico high speed Internet. similar to DSL and capable connections. Did anyone heard of them? If so do you know how safe their service is?

Thank you for your time, I really appreciate the help.

[nebulus200]

1) What I originally meant was that your system was already compromised and had a remote control agent or some kind of other backdoor installed. This would allow the remote person to see everything you do, but the way you brought this up reminded me of other things. For example, if you log onto a windows domain, there are software packages (SMS I think), that allows for complete control of your box down to controling the mouse on your screen. If you log onto any domains at your ISP, it is possible they could do this...

2) Depending on the quality of the product you are using to sniff and assuming they are somewhere in the path betwen you and the destination, the can see everything crossing on the wire. A low tech sniffer will just pass along packet contents, which gives enough information to at least tell what you are looking at and if you are really interested, to go to the site to see for yourself (and yes this does include usernames/passwords passed in cleartext). However, there are some exceptionally well written sniffer products that can entirely rebuild the session and replay it for the person doing the sniff...very interesting to see...Anything you do on the network has to traverse it through packets and unless your information is encrypted (think SSL web site), it will pass in plaintext and allow the person to read it, be it mail ,web traffic, telnet, whatever.

3) There are ways you can detect a sniffing product on your own particular network by trying to sense if any cards are out there in promiscious mode. If memory serves, l0pht had a tool that did that.

4) TCP Session Hijaacking. Very complicated to explain and it requires a pretty good understanding of how a TCP/IP connection is established. First thing that turned up on google was: http://cs.baylor.edu/~donahoo/NIUNet/hijack.html. It would be a good first stop for reading.

Neb