-
September 14th, 2006, 02:41 PM
#1
Open Files and Sessions Consoles Stink
So I'm sitting at my desk yesterday and my laptop's disk activity light starts flashing like crazy. I run netstat and find that the other admin is connected to my machine and I can only assume that he's downloading a large file.
I bring up the computer management console and look under the sessions and open files headings and find that there is nothing there. Strange... So I remove the exception for file and printer sharing in the Windows Firewall and his connections gets killed.
Later on, I try to pull up a text file on a remove xp box and find that the console isn't showing anything there either. What gives?
Furthermore, does anyone know what tools are available that allow me to monitor active connections to my computer (preferably showing what files are being accessed)?
-
September 14th, 2006, 04:06 PM
#2
I run netstat and find that the other admin is connected to my machine and I can only assume that he's downloading a large file.
Is it possible that you have been compromised and that his machine was trying to upload malware to yours?
Malware does tend to be designed to avoid casual detection does it not?
Just a thought
-
September 14th, 2006, 04:18 PM
#3
He wouldn't go to that extreme (as far as I know). I just think that he's being rude (no network etiquette) and downloading without asking. I ran Fsecure's blacklight on your hunch and it found nothing. My biggest problem is with the fact that the information displayed in those consoles is incorrect. I remember that there was another tool that I used to use, but I can't remember it's name so I figured that I'd post here and see if anyone else knew of something.
Thanks for the response, nihil!
-
September 14th, 2006, 04:51 PM
#4
Member
Use "fport" dos base utility, it will show you the program name as well as the full path of that file (executable file) and any other connectivity which is running. its same like netstat command but it gives more information abt the connection.
http://www.scanwith.com/download/Fport.htm
one of the great day in my life when i found antionline.com
-
September 14th, 2006, 04:57 PM
#5
Hi infernon are you thinking of the Sysinternals tools here:
http://www.sysinternals.com/Utilities/Filemon.html
There are several monitoring ones.
-
September 14th, 2006, 05:41 PM
#6
couple of options
remove him from you security
install a firewall
ask him what hes doing
Duct tape.....A whole lot of Duct Tape
Spyware/Adaware problem click
here
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|