iOpus Starr keylogger/spy - how to investigate this hacking? - Page 3
Page 3 of 3 FirstFirst 123
Results 21 to 22 of 22

Thread: iOpus Starr keylogger/spy - how to investigate this hacking?

  1. #21
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Phew..... So.... As I was saying......

    The laptop will do fine and so that you can use it when you want you should be able to simply disable the interface when you aren't using it and enable it for the short periods that you are to minimize the risk of it's detection. Snort should still work through the disabling of the card because WinPcap doesn't seem to care about what windows says about the card.... It still listens.

    In the snort.conf file comment out, (with a #), all the include lines for the rules and add the rule I put in my post above. Move the snort.conf file to c:\pursecure\sensor\bin for simplicity.

    The go to a DOS prompt and change to C:\pursecure\sensor\bin and type:-

    snort -W

    This lists the interfaces. Determine which interface is the active external LAN connection. Running snort -v can help if you have a bunch. The one that shows the traffic is the one to use and then type

    snort -iX -T (where X is the interface number you determined was the active above).

    If snort doesn't abend..... (quit with an error), then you are good to go. Restart the machine, go to your regular box and try to get to the web. You should see an alert on the laptop saying Traffic detected...... If all is well with that you can sit back and relax and see what little fishies we can catch..... It might take a few days..... so be patient and keep us updated...... We are especially looking for either, odd outbound connections to uncommon ports or outbound smtp, (port 25), connections that you did not initiate. We are also _very_ interested if we see any inbound connections where your box is the destination 'cos the SYN packets we are trying to capture should only be going outbound if you are properly firewalled.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  2. #22
    Junior Member
    Join Date
    Jul 2003
    Posts
    7
    Tiger, thanks a lot, I'll see if I can get it to work when I get up tomorrow - have to go out and consume some beer right now

    Really appreciate your help on this...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides