finding packets - Page 3
Page 3 of 5 FirstFirst 12345 LastLast
Results 21 to 30 of 43

Thread: finding packets

  1. #21
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    TH - you mentioned you *never* trust tools on the suspected host... and I understand that if a rootkit was installed that it can intercept system calls and other processes so the application or tool running may return false results. What are your opinions of programs like Sysinternal's RootkitRevealer and F-Secures Blacklight?
    I have mixed views of such tools. The differentiator being that the effectiveness is decided by the hands of the analyst they're put in.

    That said, the kit has to be running before it can do anything. In most cases, a nice forensic CD is sufficient to handle the problem. SLueth comes to mind as well as Helix.

    Of course I have to be special and have my own custom tools along with the ultimate in forensics - ENCASE.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  2. #22
    Junior Member
    Join Date
    Apr 2006
    Posts
    17
    I seemed to have caused some intense conversation, none of which I understand. Anyway.... back on the packets, what if the packet sniffer is no longer on the computer? Is there any way to find the packets then?

  3. #23
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,178
    Well, even I can answer that one

    what if the packet sniffer is no longer on the computer? Is there any way to find the packets then?

    No, the odds would be 1000:1 against and that is generous. If someone loaded such a tool and subsequently removed it, you can very, very reasonably assume that most of its traces have been removed as well.

    If you had the resources and the inclination you might try loading your periodic back ups onto another machine and analysing them on the off chance that you may have caught them.

    Why are you interested in the packets anyway, what do you hope that they will tell you?............isn't it your data anyway?

    Mind you, I am talking about a normal corporate/professional investigation.................if it is Federally funded and resourced, we are potentially talking a different ball game.

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  4. #24
    Junior Member
    Join Date
    Apr 2006
    Posts
    17
    Haha, yes, it is my data, but I'm not the user of the infected computer, I'm just on his network. I'm just really paranoid and I don't want HIM seeing my data.

  5. #25
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    Chances are that an end user has no clue how to use or even read a true packet capture.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  6. #26
    Senior Member
    Join Date
    Feb 2002
    Posts
    856
    Ok, this is starting to make more sense now. I thought you suspected a sniffer on your own computer or a computer you controlled or had access to.

    back on the packets, what if the packet sniffer is no longer on the computer? Is there any way to find the packets then?
    Are you saying that you suspect someone else is sniffing the network you're on, and you are wondering if there is a way to find out if any of your personal information is on his/her computer?

    But that brings up another question. What makes you think there is a sniffer involved? Please don't take offense, but if the previous posts were not understandable to you, how would you have the knowledge to be aware of such a threat?
    For the wages of sin is death, but the free gift of God is eternal life in Christ Jesus our Lord.
    (Romans 6:23, WEB)

  7. #27
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,178
    OK, that really begs the questions:

    1. Who owns the network I mean legally, and administers it?
    2. Who owns the computer that you use............legally?
    3. Is this supposedly infected machine a laptop, desktop or server? Who owns it?
    4. What makes you think that this computer is infected?
    5. What is it about "packets" from your machine that are so secret?
    6. Why didn't you encrypt the data.
    7. If you don't want "him" to see your data, maybe he knows that, and his machine is not infected...........maybe he brought the software in deliberately?
    8. Is your computer completely physically secure or do others share it/have access to it?
    9. How many others share this network? Why should you be so special?

    I will suggest one thing to you, if there is money involved, change your passwords and account details and learn how to do such things securely first.

    If you were being monitored and all of a sudden it stops it generally means that whoever it was has got what they want and something nasty is about to happen
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  8. #28
    Junior Member
    Join Date
    Apr 2006
    Posts
    17
    Wow, okay.... First of all, let me say that I PROMISE that I am not some creepy stalker person trying to learn how to do this. I'm not, I swear.

    Anyway, I guess I better give a lot more background information. Again, I'd like to state that I really know nothing about computers.

    Okay, my "network" is not really a network, its just what my friend was calling it. Its just a bunch of guys sharing a hub connected to the internet.

    Okay, so my friend came over and was looking at my other friends computer. He claims to know something about computers, although it could be less than he originally thinks. Anyway, after looking at my friends computer, he started talking about how he thought it might be infected with a trojan and a packet sniffer. He then started telling me about how, since we were connected to a hub, everything I and everyone else connected to the hub do is also sent to the infected computer. Then he stared telling us how the packets it picked up were stored, and how, if my other friend found them, could have access to all of our browsing history, passwords, etc.

    I dunno, he just made me really paranoid, so I did a little research, which made me even more paranoid, so I came here to ask. Thank you everyone who is helping me, I'm sorry I'm so dumb.

  9. #29
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242
    ...the idea of incorporating a network packet sniffer into a trojan is an interesting idea.
    Whew, a trojan like that would be...a pig. Sniffing sucks up a lot of system resources generally, doesn't it? The capture files would be rather large too unless heavily filtered, yes?

    So what would be the point? A keylogger trojan is be a much better tool for lifting a user's data. A nice little log file compared to a packet capture.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  10. #30
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242
    kurokage, sounds like you could use a router. I've seen hubs hooked up directly to cable modems, which is less than ideal from a security viewpoint. With a setup like that, you're probably pulling your IP directly from your ISP, with your computer fully exposed to the internet (which is ok, but not the best).

    Make sure you've got a good firewall in place on your PC. Scan everything on your PC for virii and spyware. Run all your Windows updates.

    You're probably ok, most spyware does not spread in the manner described by your friend's friend. Sounds like the guy's blowin' you some smoke...IMHO.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides