School Trouble - Page 2
Page 2 of 7 FirstFirst 1234 ... LastLast
Results 11 to 20 of 61

Thread: School Trouble

  1. #11
    Senior Member
    Join Date
    Dec 2002
    Posts
    127
    Alright, thanks. So now to catch them. What are some good programs other than the one that you gave me to catch them doing what they are doing?
    The only four things i need are food, water, a computer, and the internet.

  2. #12
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    Well, how about you honeypot them:
    Remove the actual Sub7 server, and run netcat listners on port 27374 (or wichever port they're binding to) and pipe everything to a log file... There was a thread recently about exactly how to do this (ok, searched for you: http://www.antionline.com/showthread...092#post609514 ) ... This will a) collect evidence of the connections and b) might slow them prevent them from executing new servers since netcat will already have binded to that port...

    Instead of logging commands, you could also try to give them a good scare as suggested in the thread I'm refering to: send them a send back a scary message saying everything was logged & etc... You could also use that batch file to send a message to the network admin/teacher in charge with "net send computer_name message" so he/she can know when they connect...

    Ammo
    Credit travels up, blame travels down -- The Boss

  3. #13
    Senior Member
    Join Date
    Dec 2002
    Posts
    127
    Thanks. But how can you set up netcat to run when the computer restarts? The computers are restarted every day and i dont want them to know it was me catching them.
    The only four things i need are food, water, a computer, and the internet.

  4. #14
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    Script it in a batchfile which you'll launch in autoexec.bat (this is also mentionned in the liked thread)

    Ammo
    Credit travels up, blame travels down -- The Boss

  5. #15
    Senior Member
    Join Date
    Dec 2002
    Posts
    127
    ok thanks a bunch
    The only four things i need are food, water, a computer, and the internet.

  6. #16
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    No problem, hope it helps...

    Ammo
    Credit travels up, blame travels down -- The Boss

  7. #17
    Senior Member
    Join Date
    Dec 2002
    Posts
    127
    New question. Would this be enough to use as evidence, or is more needed?
    The only four things i need are food, water, a computer, and the internet.

  8. #18
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    Well, it might not reveal the identity of the culprits per-say, but, for example, by using the "-vv" switch when launching the listener (ie: nc -L -p 27374 -ebatchfile.bat -vv), it will output the ip address and hostname of the remote host when connecting, which you will log if you redirect the output to a file (nc -L ... >> logfile.log ). You didn't mention if those guys are connecting to the sub7 from the school or from home; if they connect from school, you might be able to catch them in the fact if, for example, in the batch file you send a notice (net send) to the admin, who quickly checks the logged IP and finds out what computer that is and just go get them. Otherwise, if it's an external IP, well, you'd have to deal with the ISPs of the offender(s) or maybe even get authorities involved.

    Ammo

    hum, just noticed -vv doesn't show up when using the -d (detach from console/dameon mode)...

    Ammo
    Credit travels up, blame travels down -- The Boss

  9. #19
    Senior Member
    Join Date
    Feb 2002
    Posts
    518
    best bet for monitoring them is run VNC on each box and get your screen shot remotely, then go nail them red handed. Thats what Id do.
    Remember -
    The ark was built by amatures...
    The Titanic was built by professionals.

  10. #20
    Top Gun Maverick811's Avatar
    Join Date
    Oct 2001
    Posts
    852
    Originally posted here by avenger_jcc
    best bet for monitoring them is run VNC on each box and get your screen shot remotely, then go nail them red handed. Thats what Id do.

    This is a good idea, but if you run VNC there is an icon in the system tray that changes to black from white when a remote connection has been established. If these guys are smart, they'd recognize that and be able to determine what is going on (the fact that they are being monitored).

    Now this is a great idea if you are able to hide that icon from the system tray - does anybody know if you can?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides