A Broadband and ADSL forum. BroadbanterBanter

Welcome to BroadbanterBanter.

You are currently viewing as a guest which gives you limited access to view most discussions and other FREE features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today.

Go Back   Home » BroadbanterBanter forum » Newsgroup Discussions » uk.telecom.broadband (UK broadband)
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

uk.telecom.broadband (UK broadband) (uk.telecom.broadband) Discussion of broadband services, technology and equipment as provided in the UK. Discussions of specific services based on ADSL, cable modems or other broadband technology are also on-topic. Advertising is not allowed.

How to detect remote snooping?



 
 
Thread Tools Display Modes
  #1  
Old July 25th 12, 07:54 PM posted to uk.telecom.broadband
Peter
external usenet poster
 
Posts: 330
Default How to detect remote snooping?

I have come across some things that suggest that perhaps a specific
individual has remote access to my home or office PC.

We run Kaspersky AV, are behind a NAT router, don't use M$ Outlook for
email and don't use IE for www. The email prog is Agent which doesn't
execute (or display) HTML; only plain text.

I am not talking about a standard "commercial" type virus, of the sort
one might download from an infected website. This would be done by a
very IT capable individual, who used to work for a top-level IT
company so would know all the tricks or would know somebody who does.

What would be the best way to detect that sort of thing?

I guess Ethereal (or Wireshark or whatever it is now called) can log
packets, but there would be vast numbers of them. Is there some
standard procedure for scanning for this kind of stuff?

I could just rebuild both PCs from fresh but I have loads of apps to
transfer, so this would take a number of days, and would not rule out
some back door external to the PCs.

I have remote desktop running, and PC/anywhere, but they are over VPNs
so "should be hard" to crack. All passwords are very long and random
etc.
  #2  
Old July 25th 12, 08:48 PM posted to uk.telecom.broadband
Andy Burns
external usenet poster
 
Posts: 486
Default How to detect remote snooping?

Peter wrote:

I have come across some things that suggest that perhaps a specific
individual has remote access to my home or office PC.


As you say, wireshark could tell you chapter and verse, but would give
you a large haystack to look at, start off with a "netstat -an" to see
what ports are listening on your PC(s), look for any firewall rules
redirecting external traffic on the router to those ports.

If nothing found, close all web browsers, email progs etc that could be
talking to server) look for unexplained outbound connections using
"netstat -n"



  #3  
Old July 25th 12, 09:26 PM posted to uk.telecom.broadband
The Natural Philosopher
external usenet poster
 
Posts: 2,728
Default How to detect remote snooping?

Peter wrote:
I have come across some things that suggest that perhaps a specific
individual has remote access to my home or office PC.

Ok...assuming you are not suffering from paranoid schizophrenia we will
start with that..as a reasonable assumption..

What do youu mean by 'access'

that your pc has beem used top contact other sites?
Or that data from it appears to have been copied/altered/deleted/?

We run Kaspersky AV, are behind a NAT router, don't use M$ Outlook for
email and don't use IE for www. The email prog is Agent which doesn't
execute (or display) HTML; only plain text.

I am not talking about a standard "commercial" type virus, of the sort
one might download from an infected website. This would be done by a
very IT capable individual, who used to work for a top-level IT
company so would know all the tricks or would know somebody who does.

What would be the best way to detect that sort of thing?


If it were linux the process list. There would be some program running
in the background. I don't know enough about windows but there is a way
to see what is running.

If you ARE behind a firewall then the PC, virused or not, cant accept
incoming connections so it MUST actually open up a connection to some
site if the data is going that way. So it needs a program to do that
somehow.

That you can look for with wireshark etc.

Are you using WIFI? Its not hard to crack WiFi from a car parked outside.

That is the easiest way to crack a home users PC. (apart from
physically sitting at it) especially if its got file sharing enabled.
There may be conncetion logs in the router.



I guess Ethereal (or Wireshark or whatever it is now called) can log
packets, but there would be vast numbers of them. Is there some
standard procedure for scanning for this kind of stuff?

I could just rebuild both PCs from fresh but I have loads of apps to
transfer, so this would take a number of days, and would not rule out
some back door external to the PCs.

I have remote desktop running, and PC/anywhere, but they are over VPNs
so "should be hard" to crack. All passwords are very long and random
etc.


That sounds like a security nightmare. I've seen people take over
machines with PC Anywhere. That's what it is for after all.




--
To people who know nothing, anything is possible.
To people who know too much, it is a sad fact
that they know how little is really possible -
and how hard it is to achieve it.
  #4  
Old July 25th 12, 09:42 PM posted to uk.telecom.broadband
Peter
external usenet poster
 
Posts: 330
Default How to detect remote snooping?


The Natural Philosopher wrote

Peter wrote:
I have come across some things that suggest that perhaps a specific
individual has remote access to my home or office PC.

Ok...assuming you are not suffering from paranoid schizophrenia we will
start with that..as a reasonable assumption..

What do youu mean by 'access'


Access to my emails.

that your pc has beem used top contact other sites?
Or that data from it appears to have been copied/altered/deleted/?


No evidence of that.

We run Kaspersky AV, are behind a NAT router, don't use M$ Outlook for
email and don't use IE for www. The email prog is Agent which doesn't
execute (or display) HTML; only plain text.

I am not talking about a standard "commercial" type virus, of the sort
one might download from an infected website. This would be done by a
very IT capable individual, who used to work for a top-level IT
company so would know all the tricks or would know somebody who does.

What would be the best way to detect that sort of thing?


If it were linux the process list. There would be some program running
in the background. I don't know enough about windows but there is a way
to see what is running.


There is a process list but is as long as your arm, and many of the
processes are not listed anyway. For example low level drivers are not
listed.

If you ARE behind a firewall then the PC, virused or not, cant accept
incoming connections so it MUST actually open up a connection to some
site if the data is going that way. So it needs a program to do that
somehow.


Indeed.

That you can look for with wireshark etc.

Are you using WIFI? Its not hard to crack WiFi from a car parked outside.


Yes, WPA2.

But, in theory all that will get you is access to somebody's
internal LAN. You still need the PC logins to get to the PCs.

That is the easiest way to crack a home users PC. (apart from
physically sitting at it) especially if its got file sharing enabled.
There may be conncetion logs in the router.



I guess Ethereal (or Wireshark or whatever it is now called) can log
packets, but there would be vast numbers of them. Is there some
standard procedure for scanning for this kind of stuff?

I could just rebuild both PCs from fresh but I have loads of apps to
transfer, so this would take a number of days, and would not rule out
some back door external to the PCs.

I have remote desktop running, and PC/anywhere, but they are over VPNs
so "should be hard" to crack. All passwords are very long and random
etc.


That sounds like a security nightmare. I've seen people take over
machines with PC Anywhere. That's what it is for after all.


I would suspect running PCA on an open port could be dodgy, because
anybody doing a port sniff will find the well known response on the
well known ports - or whatever port numbers you changed them to, in
seconds or less. Then all you have is PCA's own login, which could be
crap, have back doors, etc. That's why I have always run it via a VPN
- PPTP normally.

One has the same issue with RDP, except that requires the desktop
login to reach the computer, and that is on top of the VPN
credentials.
  #5  
Old July 25th 12, 11:20 PM posted to uk.telecom.broadband
The Natural Philosopher
external usenet poster
 
Posts: 2,728
Default How to detect remote snooping?

Peter wrote:
The Natural Philosopher wrote

Peter wrote:
I have come across some things that suggest that perhaps a specific
individual has remote access to my home or office PC.

Ok...assuming you are not suffering from paranoid schizophrenia we will
start with that..as a reasonable assumption..

What do youu mean by 'access'


Access to my emails.

that your pc has beem used top contact other sites?
Or that data from it appears to have been copied/altered/deleted/?


No evidence of that.

We run Kaspersky AV, are behind a NAT router, don't use M$ Outlook for
email and don't use IE for www. The email prog is Agent which doesn't
execute (or display) HTML; only plain text.

I am not talking about a standard "commercial" type virus, of the sort
one might download from an infected website. This would be done by a
very IT capable individual, who used to work for a top-level IT
company so would know all the tricks or would know somebody who does.

What would be the best way to detect that sort of thing?

If it were linux the process list. There would be some program running
in the background. I don't know enough about windows but there is a way
to see what is running.


There is a process list but is as long as your arm, and many of the
processes are not listed anyway. For example low level drivers are not
listed.

If you ARE behind a firewall then the PC, virused or not, cant accept
incoming connections so it MUST actually open up a connection to some
site if the data is going that way. So it needs a program to do that
somehow.


Indeed.

That you can look for with wireshark etc.

Are you using WIFI? Its not hard to crack WiFi from a car parked outside.


Yes, WPA2.

But, in theory all that will get you is access to somebody's
internal LAN. You still need the PC logins to get to the PCs.


watch keystrokes going over it?

That is the easiest way to crack a home users PC. (apart from
physically sitting at it) especially if its got file sharing enabled.
There may be conncetion logs in the router.



I guess Ethereal (or Wireshark or whatever it is now called) can log
packets, but there would be vast numbers of them. Is there some
standard procedure for scanning for this kind of stuff?

I could just rebuild both PCs from fresh but I have loads of apps to
transfer, so this would take a number of days, and would not rule out
some back door external to the PCs.

I have remote desktop running, and PC/anywhere, but they are over VPNs
so "should be hard" to crack. All passwords are very long and random
etc.

That sounds like a security nightmare. I've seen people take over
machines with PC Anywhere. That's what it is for after all.


I would suspect running PCA on an open port could be dodgy, because
anybody doing a port sniff will find the well known response on the
well known ports - or whatever port numbers you changed them to, in
seconds or less. Then all you have is PCA's own login, which could be
crap, have back doors, etc. That's why I have always run it via a VPN
- PPTP normally.

One has the same issue with RDP, except that requires the desktop
login to reach the computer, and that is on top of the VPN
credentials.



--
To people who know nothing, anything is possible.
To people who know too much, it is a sad fact
that they know how little is really possible -
and how hard it is to achieve it.
  #6  
Old July 25th 12, 11:41 PM posted to uk.telecom.broadband
Peter
external usenet poster
 
Posts: 330
Default How to detect remote snooping?


The Natural Philosopher wrote

But, in theory all that will get you is access to somebody's
internal LAN. You still need the PC logins to get to the PCs.


watch keystrokes going over it?


That's an interesting one. You mean watch them while somebody is
entering them over RDP or PCA?
  #7  
Old July 26th 12, 09:47 AM posted to uk.telecom.broadband
Graham J
external usenet poster
 
Posts: 620
Default How to detect remote snooping?

Peter wrote:
I have come across some things that suggest that perhaps a specific
individual has remote access to my home or office PC.

We run Kaspersky AV, are behind a NAT router, don't use M$ Outlook for
email and don't use IE for www. The email prog is Agent which doesn't
execute (or display) HTML; only plain text.

I am not talking about a standard "commercial" type virus, of the sort
one might download from an infected website. This would be done by a
very IT capable individual, who used to work for a top-level IT
company so would know all the tricks or would know somebody who does.

What would be the best way to detect that sort of thing?

I guess Ethereal (or Wireshark or whatever it is now called) can log
packets, but there would be vast numbers of them. Is there some
standard procedure for scanning for this kind of stuff?

I could just rebuild both PCs from fresh but I have loads of apps to
transfer, so this would take a number of days, and would not rule out
some back door external to the PCs.

I have remote desktop running, and PC/anywhere, but they are over VPNs
so "should be hard" to crack. All passwords are very long and random
etc.


Do you have good reason to suspect that a specific individual has
access? A commercial or domestic dispute, for example?

Has that individual ever had access to your computer in the past?

If both PCs are shut down, is there evidence that this individual still
has access to your current information - emails, web storage, and the like?

--
Graham J




  #8  
Old July 26th 12, 09:56 AM posted to uk.telecom.broadband
Peter
external usenet poster
 
Posts: 330
Default How to detect remote snooping?


Graham J [email protected] wrote

Peter wrote:
I have come across some things that suggest that perhaps a specific
individual has remote access to my home or office PC.

We run Kaspersky AV, are behind a NAT router, don't use M$ Outlook for
email and don't use IE for www. The email prog is Agent which doesn't
execute (or display) HTML; only plain text.

I am not talking about a standard "commercial" type virus, of the sort
one might download from an infected website. This would be done by a
very IT capable individual, who used to work for a top-level IT
company so would know all the tricks or would know somebody who does.

What would be the best way to detect that sort of thing?

I guess Ethereal (or Wireshark or whatever it is now called) can log
packets, but there would be vast numbers of them. Is there some
standard procedure for scanning for this kind of stuff?

I could just rebuild both PCs from fresh but I have loads of apps to
transfer, so this would take a number of days, and would not rule out
some back door external to the PCs.

I have remote desktop running, and PC/anywhere, but they are over VPNs
so "should be hard" to crack. All passwords are very long and random
etc.


Do you have good reason to suspect that a specific individual has
access? A commercial or domestic dispute, for example?


That kind of thing.

Has that individual ever had access to your computer in the past?


No.

If he had, the potential answer would be obvious

If both PCs are shut down, is there evidence that this individual still
has access to your current information - emails, web storage, and the like?


Both are up 24/7, unfortunately.

The access (if there is any) would be extremely sporadic, not regular.

What I would like to look for is the existence of software which may
be running on the machine and perhaps watching some data and emailing
it out, or just implementing some kind of remote-desktop
functionality.
  #9  
Old July 26th 12, 11:23 AM posted to uk.telecom.broadband
Graham J
external usenet poster
 
Posts: 620
Default How to detect remote snooping?

[snip]


What I would like to look for is the existence of software which may
be running on the machine and perhaps watching some data and emailing
it out, or just implementing some kind of remote-desktop
functionality.



So are you saying that you suspect that this individual has had access
to your computer(s) ???

Or simply that you suspect (s)he might want to try, so that you can see
when it does happen?

--
Graham J


  #10  
Old July 26th 12, 12:16 PM posted to uk.telecom.broadband
Peter
external usenet poster
 
Posts: 330
Default How to detect remote snooping?


Graham J [email protected] wrote

[snip]


What I would like to look for is the existence of software which may
be running on the machine and perhaps watching some data and emailing
it out, or just implementing some kind of remote-desktop
functionality.



So are you saying that you suspect that this individual has had access
to your computer(s) ???


Yes, remote access.

 




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
detect ISP from IP address Nick Hayworth uk.telecom.broadband (UK broadband) 3 January 3rd 15 03:44 PM
Sky Broadband: Phorm or some other snooping, or a coincidence? Abo uk.telecom.broadband (UK broadband) 32 November 10th 09 09:35 AM
BT, Webwise and ISP-snooping. What you need to know. Eddie R uk.telecom.broadband (UK broadband) 3 December 28th 08 08:44 AM
Detect nearest repeater (WG602v2) [email protected] uk.comp.home-networking (UK home networking) 3 June 30th 06 10:03 AM
Snooping on you all six-toes uk.telecom.broadband (UK broadband) 13 January 12th 05 11:59 PM


All times are GMT +1. The time now is 03:46 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.Content Relevant URLs by vBSEO 2.4.0
Copyright 2004-2019 BroadbanterBanter.
The comments are property of their posters.