remote access
Results 1 to 7 of 7

Thread: remote access

  1. #1
    Member
    Join Date
    Jan 2004
    Posts
    43

    Question remote access

    Can somebody control my computer(I mean taking data from my harddrive etc.) without trojans and other tools, if he just knows my ip and my login and password to windows( I have xp on my computer and dial-up internet). If not, what must he know?
    I know it is lamer quesion, but I AM lamer

  2. #2
    Senior Member
    Join Date
    Jul 2003
    Posts
    634
    Depends, you could they could use netbios to access your computer, using the net view and net use commands, and mapping your computer to this computer as a network drive. Can do this in linux with samba to

    but seen as your on dial-up your ip address changes each time you sign on (dynamic) so they would have to get your ip address everytime your online

    try going to dos, typing ipconfig, when your online. then disconnect and do it again and you'll see that you ip changes each time your online.

    This sort of thing, is in escense cracking but, in other ways its just knowing how to do networking and how to actually use your OS. They would still need permission to actually do it without it being illegal.

    to see if someones connected to ur computer in this manor do a netstat, thatll show all open ports and there connections and there ip address, there will probably be allot of connections depending on what yours actually running,

    hope that helped, PM me if your in an difficulties

    i2c

  3. #3
    Member
    Join Date
    Jan 2004
    Posts
    43

    thanks

    thanks for your answer

  4. #4
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003
    Posts
    792
    Yes .... No ... err ... Absolutely ... Wow, what a wide open question!

    What do you consider a tool?


    Is the dos prompt a tool?
    Is Putty a tool?
    Is Ethereal a tool?
    Is a computer a tool?

    As far as I know there has not been a computer made that can’t be hacked, cracked, rooted, and the information obtained from within, even if it has NO IP address!. We just try to make it harder so they avoid us and move to an easier target.

    This is just like car theft ... any car can be stolen, it just depends on how much security is used, how well it is used, and how knowledgeable and determined the thief is to get that particular car. The means the thief uses will depend on the situation: if the car is an 85 Honda with no added security features and is unattended and unwatched the thief could be a 12 year old kid with a screwdriver and get away with it, but if it is a 1968 Shelby GT with updated security features ( in computer lingo we use “patched” systems and proper system configurations ) and is monitored 24 hrs a day ( can anyone say updated antivirus, firewall, IDS and diligent Admin monitoring ? ) the thief had better be really good and really lucky.

    As far as Trojans go, they are simply an easy way for someone to get in. You download the trojan to your computer and open it up to the 12 year old. But if the holes in the system are there to begin with someone with enough knowledge to write the trojan ( and in some cases that is not a lot ) could break in using nothing more then a dos prompt and internet ( or wireless ) connection. The trojans were written based on what someone figured out could be done with putting together certain commands and put them together in a nice neat package. One need not have them all packaged so neatly to use those commands.

    I am not sure if I clarified or clouded the issue but I hope it helped.


    ( Note: most AO members won’t, but if you ask about the computer with no IP address just ask yourself the question of physical security: will a boot disk and reset work? How about a copy of PHLAK and pulling the plug? ) Cheers!
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hey Guys!

    Don't forget the positive side?........XP supports remote support.........I have a pal/mate in London (about 236 miles away) and he rings me up now and then and we link machines.....nothing wrong with that?............or just try to do it "long hand" over the phone!!!

    I don't have to know his password........he invites me in......I liked it better when I lived round the corner, and would pop in so he had to ply me with wine and rum and brandy.

    I think the message is that if you are running XP and do not need this...switch it off!! You can do what Colin does and turn it on when needed? then turn it OFF

    I know it is lamer quesion, but I AM lamer
    No, permission denied. "To err is human, to forgive divine............neither are Marine Corps Policy"

    Straighten up man!!!

    Cheers

  6. #6
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    If NetBIOS is avilable and you frequent IRC servers that display your IP address, or use ICQ, or anything else that sends your ICQ address to everyone you talk to, then it is rather easy. Especially if they know your username and password like you said. All they would need is a copy of psexec or a similar tool and they're ready to go, they could get netcat on your machine, open a listening port attached to the command prompt and then connect to it. It's really that simple.

    In response to IKnowNot's post. How about if I remove the CD-Rom and floppy? Change the boot order so that you cant boot of those devices and password protect boot-up and the bios? There are lots of ways you could fully lock down a computer system, so that even if you get physical access you can still not break into it.
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  7. #7
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003
    Posts
    792
    nihil didn’t know you were a fellow Marine!

    HTRegz OK, forget the serial and parallel ports, they may require a reboot. How about the USB ports? By now every company machine should have them disabled unless there is a damn good reason not to. But how many people other then AO’ers do you know lock them down ?

    And password-protect the bios? You know we’ve seen this before ( or am I senile and just think I remember it ). Just delete the password. ( OK, this would require a reboot ) But again, how many people do you know check to see if their BIOS password has been changed? Sadly, I don’t even check them that often.
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •