Security Basics mailing list archives
Re: Application backdoor suspect
From: Gene <gyoo () attbi com>
Date: Mon, 16 Dec 2002 12:55:12 -0800
http://www.sysinternals.com/ntw2k/source/tcpview.shtml i think this would help you gather the information... /gene skp () sargam com wrote:
We have a very unusual situation. We have a client that uses a software to connect to a vendor for information. This software connects and than says synchronizing. Here is where we have issues with the client. If a computer connecting has been once used by a employee who is not with the company anymore than the sync process errors out. Although no username is asked until after the synch the software still sends info to the main server during the synch process. It apparently sends info of the employee that used the computer before. If the software connects from a newly installed OS than no issues it sync's and than ask for a username password. We tried uninstalling the software getting rid of any registry key that references the software and than reinstalled. Still error if connecting from a machine used by a ex-employee. The vendor says since the account has been disabled that's why the error. Issue is that the software should not look for a username password at the synch process. My question is there a way to see what files the application is calling on during the synch process. I want to see what other info it is sending. Its troubling to know that the app is sending info that is not relevant to its starting up. SKP
-- Gene Yoo, gyoo () attbi com
Current thread:
- Application backdoor suspect skp (Dec 13)
- Re: Application backdoor suspect Catfish (Dec 16)
- Re: Application backdoor suspect Gene (Dec 17)
- <Possible follow-ups>
- RE: Application backdoor suspect Tony Fondo (Dec 17)
- Re: Application backdoor suspect nick84 (Dec 17)
- Re: Application backdoor suspect H C (Dec 18)