Results 1 to 6 of 6

Thread: Open Files and Sessions Consoles Stink

  1. #1

    Open Files and Sessions Consoles Stink

    So I'm sitting at my desk yesterday and my laptop's disk activity light starts flashing like crazy. I run netstat and find that the other admin is connected to my machine and I can only assume that he's downloading a large file.

    I bring up the computer management console and look under the sessions and open files headings and find that there is nothing there. Strange... So I remove the exception for file and printer sharing in the Windows Firewall and his connections gets killed.

    Later on, I try to pull up a text file on a remove xp box and find that the console isn't showing anything there either. What gives?

    Furthermore, does anyone know what tools are available that allow me to monitor active connections to my computer (preferably showing what files are being accessed)?

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    I run netstat and find that the other admin is connected to my machine and I can only assume that he's downloading a large file.
    Is it possible that you have been compromised and that his machine was trying to upload malware to yours?

    Malware does tend to be designed to avoid casual detection does it not?

    Just a thought

  3. #3
    He wouldn't go to that extreme (as far as I know). I just think that he's being rude (no network etiquette) and downloading without asking. I ran Fsecure's blacklight on your hunch and it found nothing. My biggest problem is with the fact that the information displayed in those consoles is incorrect. I remember that there was another tool that I used to use, but I can't remember it's name so I figured that I'd post here and see if anyone else knew of something.

    Thanks for the response, nihil!

  4. #4
    Use "fport" dos base utility, it will show you the program name as well as the full path of that file (executable file) and any other connectivity which is running. its same like netstat command but it gives more information abt the connection.
    http://www.scanwith.com/download/Fport.htm
    one of the great day in my life when i found antionline.com

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi infernon are you thinking of the Sysinternals tools here:

    http://www.sysinternals.com/Utilities/Filemon.html

    There are several monitoring ones.


  6. #6
    Senior Member Spyrus's Avatar
    Join Date
    Oct 2002
    Posts
    741
    couple of options

    remove him from you security
    install a firewall
    ask him what hes doing
    Duct tape.....A whole lot of Duct Tape
    Spyware/Adaware problem click
    here

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •