-
March 14th, 2003, 04:32 AM
#31
Agreed.
LOF. That sounds so familure; the whole, I help you, I get screwed over for doing something I shouldn't be doing. I too was looked at after a computer would die, it even got to the point where I got blamed for someones start menu being messed up, or icons rearranged on someones desktop. Like common, the movies out today, are making people thing hacking/cracking is just a guy at a computer w\ a 3d console ie: Hackers. That was the funniest movie I've possibly ever seen. Anyhow, the whole SubSeven thing will go around for a while. Try doing mass scans on 10.*.*.* for nodes listening on port 27374, or whichever port they set it up to listen on. Assuming they're not skilled "crackers", you can just research the raw commands which operate SubSeven, write a drone to log IP addresses and timestamp all commands issued.
However, If you cannot catch them in the act, forensics would be leet0 to have. Setup all the infected computers to log keystrokes, the removal of the trojans would be stupid. You want them to feel safe, and secure -- as you go in for the kill. Additionally, constant monitoring of all the computers infected would be prime. They're obviously gonna be cool, and connect to them. Make sure you get screenshots of that stuf. The outcome of this can be funny.
-
March 14th, 2003, 06:21 AM
#32
Member
might i suggest you (i dont know if you're a programmer?) write some code to listen to whichever ports they're binding to, and, if they're doing this from within the premises, something like Beep(3700, 1000) might help you to discover who it is? I know this is a stupid solution, but if this way you could catch them immediately without having to pore over logs until you actually have some suspects.
Hey there, chaps! Being mexican-american, I don\'t really think I have the racial background to say that...Oh well, visit our site at www.evilcorp.tk
Don\'t expect any content...for a few weeks!
-
March 14th, 2003, 06:49 AM
#33
Senior Member
Well, I know who is doing it, and I see when they are doing it, but i want evidence showing that they are doing it.
The only four things i need are food, water, a computer, and the internet.
-
March 14th, 2003, 08:03 AM
#34
Member
Is this just computers in a classroom or an open lab?
If your on classroom computers, you could try talking to your teacher to see if you can implement a "security system" on the computers. You may wanna check into just using the registry for security. I know it sounds stupid, but it can detour anyone who doesn't actually know what they are doing.
Clean the server off the computers.
Go to town on the registry.
You can disable almost anything you want in the registry so they can't put the server back on it. If internet isn't needed, disable it. Disable any feature that you can possible get away with. As long as it isn't needed for any of the classes that are in that room you should be fine.
Some things that come to mind is disabling the run command, hiding the c drive, make it to where the only thing on the harddrive that they see is a "user folder" with shortcuts to the programs they need.
Had a friend who did this while we were in high school and it worked really well. I know of a couple of ways around it, but for the most part it should work.
www.regedit.com <---should be able to search the site for anything you can think of.
The only limit a person has, is the limit they give themselves.
Cogito ergo sum. - Descartes
-
March 14th, 2003, 04:01 PM
#35
Seen as time and skills seem to be in short supply on this one you have two options:
OPTION 1
Download a 30 day trial of RealSecure and System Scanner from www.iss.net that’ll give you evidence of any trojan / installation attempts
And also times IP addresses and recognised ‘grey list’ software (sub7, backorifice etc).
OPTION 2
Go Postal on them Madseel!! Kick there teeth out cut their fingers off and batter the hell out of them, or feed a live supply to the PC chasis and watch them fry!
Hope this helps. No Neg AP’s please its Friday. Im allowed to be a bit mad.
V$DS
I remember when Nihil was ickle. Does that mean I'm old?
-
March 14th, 2003, 04:01 PM
#36
Seen as time and skills seem to be in short supply on this one you have two options:
OPTION 1
Download a 30 day trial of RealSecure and System Scanner from www.iss.net that’ll give you evidence of any trojan / installation attempts
And also times IP addresses and recognised ‘grey list’ software (sub7, backorifice etc).
OPTION 2
Go Postal on them Madseel!! Kick there teeth out cut their fingers off and batter the hell out of them, or feed a live supply to the PC chasis and watch them fry!
Hope this helps. No Neg AP’s please its Friday. Im allowed to be a bit mad.
V$DS
I remember when Nihil was ickle. Does that mean I'm old?
-
March 14th, 2003, 05:06 PM
#37
Another idea is assign static IP's to the PC's that are problem causing and make students sign a piece of paper on what PC they are going to use. You would need a teacher to keep track of this, or make them login to the PC's. Then you can gather the evidence of who's launching sub7 and catch them.
You have barely any security there that is your problem. At my school we were all issued ID's and when we either had an assigned PC, or in the library you had to sign a piece of paper on what PC you were using, show your student ID, then they gave you the password for that PC. They were pretty strict, but we didn't have these kind of problems.
We also had a deep freeze variant on our PC's so when they reset there went anything you installed.
You\'re either a 0 or a 1, alive or dead
-
March 14th, 2003, 05:06 PM
#38
Another idea is assign static IP's to the PC's that are problem causing and make students sign a piece of paper on what PC they are going to use. You would need a teacher to keep track of this, or make them login to the PC's. Then you can gather the evidence of who's launching sub7 and catch them.
You have barely any security there that is your problem. At my school we were all issued ID's and when we either had an assigned PC, or in the library you had to sign a piece of paper on what PC you were using, show your student ID, then they gave you the password for that PC. They were pretty strict, but we didn't have these kind of problems.
We also had a deep freeze variant on our PC's so when they reset there went anything you installed.
You\'re either a 0 or a 1, alive or dead
-
March 14th, 2003, 06:04 PM
#39
Junior Member
My school uses programs that tell anyone who requests, who was on the computer at what time, and everything that they opened, installed, and used, ill try to find out what programs they use
-
March 14th, 2003, 06:04 PM
#40
Junior Member
My school uses programs that tell anyone who requests, who was on the computer at what time, and everything that they opened, installed, and used, ill try to find out what programs they use
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|