Security Basics mailing list archives

Re: help with forensics on a desktop computer

From: music2myear <tech.list () gmail com>
Date: Fri, 12 Nov 2004 16:14:37 -0600

I'm sure there are loggers and such that could run on the box, but an
even less detectable method of checking would be to run a packet
scanner (on Windows systems, Ethereal or similar) on a second box
attached to the same network.  Make note of the IP address of the
person that's supposed to be connecting to the box and then  look for
connection attempts on the remote connection protocol from IP's
besides the expected one.


On Thu, 11 Nov 2004 11:33:07 -0600, Undisclosed <private () somewhere com> wrote:

[reply address not given due to client's instance on confidentiality]

Ok heres the skinny:
an XP box (home edition) the client feels that it has been compromised from
remote.
The evidence for this they have gathered from Norton Tools (I am unfamilar
with any
logging feature though I do not use Norton Tools). I disabled remote desktop
support
in services and they called me and said again there is evidence of access
from remote.
Now, the location of the computer in their house is in a small secured room
(access
doesnt happen  from anyone except the client from there [that they know
of!]. Yes others
live in the house.

Question is there any effective free or inexpensive (under $100) that
monitors access
both local and from remote. Something that can be installed via
administrative account
and not detected by anyone else using the computer? Or tell me if I am
dreaming but can be
run from a floppy or a CDROM rather than installed? If I am on the right
track maybe
something that puts a log on the A: drive.

Also, Is there any software which anyone might have put on it to compromise
it from remote?
I am aware of PCAnywhere and remote assistance (now disabled).

Treat me like I'm six years old. All comments and answers appreciated.

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.792 / Virus Database: 536 - Release Date: 11/9/04

Current thread:

help with forensics on a desktop computer Undisclosed (Nov 12)
- Re: help with forensics on a desktop computer music2myear (Nov 15)
- RE: help with forensics on a desktop computer dave kleiman (Nov 15)
- Re: help with forensics on a desktop computer xyberpix (Nov 15)
- Re: help with forensics on a desktop computer Anthony J. Cogan (Nov 15)
- <Possible follow-ups>
- RE: help with forensics on a desktop computer Beauford, Jason (Nov 15)
- RE: help with forensics on a desktop computer adisegna (Nov 15)
- RE: help with forensics on a desktop computer Jeff Gercken (Nov 15)
- RE: help with forensics on a desktop computer Horn Michael (Nov 16)
  - Re: help with forensics on a desktop computer Josh Nerius (Nov 16)
- Re: help with forensics on a desktop computer H Carvey (Nov 16)