Its quite possible that this person has either been compromised by a
Trojan that will allow her pen-pal full access to her machine. Its even
more possible that she is just letting people attach to shares that she
has in place.
Being familiar with IRC, ICQ, PalTalk and other chat programs, I know
tha 99% of them have one function that is almost always set to be
enabled. Logging. Its very easy to get to someones machine. A Simple
NETSTAT will tell you where you are connected to if you look for the
right ports. After you have the IP, an even more simple NET VIEW
\\xx.xx.xx.xx <file://\\xx.xx.xx.xx> WIll tell you if they have any
shares on the machine they are using. If its an NT machine, and whoever
set it up was lazy, the Admin shares (C$, D$, IPC$, Etc) are wide open.
This practice isnt that hard, the average kid with a working knowledge
of windows networking can do it. And they will.
First things first, I would try to see if I could find a way into your
friends machine. Also, catch her online sometime and do a portscan on
it. See if there are any persistent open ports that just shouldnt be.
I am not going to list them here. There are plenty of places on the net
to find lists of ports that trojans use. But I would be on the lookout
for ports 135-139.
I very often do port scans of the machines on my network at work jsut to
see if shigns have been going on. No reason why this shouldnt apply to
a home user as well. In both places I actually have a NETSTAT -A piped
to a text file sitting on a server. Sure this takes a little more time,
but it allows me to go back and check things out every once in a while.
Chris Patterson
-----Original Message-----
From: [EMAIL PROTECTED]
Sent: Tue 6/26/2001 1:16 PM
To: [EMAIL PROTECTED]
Cc:
Subject: OT: T1 and logs
This is so off-topic and non-business related that I would
almost expect a
few flames, but I'm curious, and a friend of mine is rather
scared, so I'm
hoping a few of you might help out.
A friend of mine chats online on a service call "PalTalk".
Apparently, she's
run into a guy that, I think, is trying to intimidate her. She
doesn't know
much about computers, and where she knows I work with them, she
asked me a
question about her situation. However, I've never worked with a
T1 line, so
I can't really answer her.
Here's the deal. I guess on PalTalk, you can chat in an open
room, or you
can chat with someone in what they call a private message, or
private chat,
or something. Apparently, he's been kind of stalking her. He'll
tell her
things like he can see who she talks to and what she says in
these private
chats. He's told her that he worked for the DoD in "computer
intelligence".
For many years. She didn't believe much of this until one day he
actually
*did* repeat some stuff to her that she said in a private chat
with someone
else, so now she's scared.
Here's a snippet of her words to me about what he's told her:
"He talks about his T1 Connection as a "backbone" and "the
network". He says
that periodically, and each time it goes down and comes back
online, he is
required by government regulations to go over network activity
reports that
are generated. He says they are all to do with whatever he is
involved
with.. and if he's involved with chat rooms.. then he sees
"contacts"
between people in the room. He is supposed to "check off" on
the activity
to verify that its correct. And if he sees any irregular
activity or if
something is incorrect, he has to report it. He says that he
had to get a
$50,000 bond just to have this T1 connection."
This sounds to me like utter bologna, but before I giver her bad
information, I wanted to check with those of you that maybe do use T1
lines
and see if any of this could be true?
Thanks,
Evan
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
winmail.dat
