Results 1 to 12 of 12

Thread: sniffing to remote computer

  1. #1

    Thread Starter
    PowerPoster motil's Avatar
    Join Date
    Apr 2009
    Location
    Tel Aviv, Israel
    Posts
    2,143

    sniffing to remote computer

    Hi all.

    I know I can sniff my local network but Is it possible to sniff to remote computer ip from my machine and watch the data its receiving ?

    the reason I'm asking this question is because someone successfully upload file to our website server and tried to hack it.

    the only way I can think of is that someone sniffing our ftp port and grabs the ftp password when I'm deploying our website to the server.
    * Rate It If you Like it

    __________________________________________________________________________________________

    "Programming is like sex: one mistake and you’re providing support for a lifetime."

    Get last SQL insert ID

  2. #2
    Wait... what? weirddemon's Avatar
    Join Date
    Jan 2009
    Location
    USA
    Posts
    3,826

    Re: sniffing to remote computer

    First, you should get some better security software.

    Second, if you're encrypting the password as it's sent, you'll drastically reduce the chances of someone picking it up.
    CodeBank contributions: Process Manager, Temp File Cleaner

    Quote Originally Posted by SJWhiteley
    "game trainer" is the same as calling the act of robbing a bank "wealth redistribution"....

  3. #3
    Fanatic Member namrekka's Avatar
    Join Date
    Feb 2005
    Location
    Netherlands
    Posts
    639

    Re: sniffing to remote computer

    Can be social enginering too. How many people knows the password etc?

  4. #4

    Thread Starter
    PowerPoster motil's Avatar
    Join Date
    Apr 2009
    Location
    Tel Aviv, Israel
    Posts
    2,143

    Re: sniffing to remote computer

    Only I know the passwords, It seems that it is not possible to listen to IP from outside so my options are that someone somehow success putting key logger or sniffer in my system which is hard for me to believe since I have good antivirus, firewall and using windows 7 (windows 7 UAC make it harder to install sniffers)
    but everything is possible ...

    there is also the option that the hacker didn't hijack my password through the FTP but exploit some windows server 2003 backdoor to upload the file to our server.

    @weirddemon: as far as i know you can't encrypt the ftp password with visual studio (can you?)
    * Rate It If you Like it

    __________________________________________________________________________________________

    "Programming is like sex: one mistake and you’re providing support for a lifetime."

    Get last SQL insert ID

  5. #5
    Fanatic Member namrekka's Avatar
    Join Date
    Feb 2005
    Location
    Netherlands
    Posts
    639

    Re: sniffing to remote computer

    And how many people do have access to the server via 1 way or the other (not only via remote connections). I think indeed its on the serverside instead of you.

  6. #6
    PowerPoster
    Join Date
    Mar 2002
    Location
    UK
    Posts
    4,780

    Re: sniffing to remote computer

    Don't suppose your password is "password" but a strong password? Hackers/script kiddies often just mash through lists of words to get in.
    Last edited by Grimfort; Mar 21st, 2011 at 09:25 AM.

  7. #7

    Thread Starter
    PowerPoster motil's Avatar
    Join Date
    Apr 2009
    Location
    Tel Aviv, Israel
    Posts
    2,143

    Re: sniffing to remote computer

    @namrekka: the hacker don't has access to the server cause if he did then he wouldn't upload a file to that directory, he would simply do whatever he want through the server itself.

    @Grimfort the password is not simple like 123456 etc... my passwords usually combined by things that are only meaningful to myself.
    * Rate It If you Like it

    __________________________________________________________________________________________

    "Programming is like sex: one mistake and you’re providing support for a lifetime."

    Get last SQL insert ID

  8. #8
    PowerPoster
    Join Date
    Mar 2002
    Location
    UK
    Posts
    4,780

    Re: sniffing to remote computer

    What kind of FTP software is it? You can turn on logging in nearly all of them to track down where the requests/connections are coming from. 5 gets you 10 its just a security setting that you have accidently set, or a password that has been compromised. Change all your password to be sure anyway.

  9. #9
    PowerPoster cicatrix's Avatar
    Join Date
    Dec 2009
    Location
    Moscow, Russia
    Posts
    3,654

    Re: sniffing to remote computer

    Also, keep in mind that if someone has physical access to your computer it's not your computer any more. There are hardware keyloggers, for example. Also a cell phone placed strategically near your keyboard can record a video of you typing the password.

  10. #10

    Thread Starter
    PowerPoster motil's Avatar
    Join Date
    Apr 2009
    Location
    Tel Aviv, Israel
    Posts
    2,143

    Re: sniffing to remote computer

    @Grimfort: the ftp is windows serve -> iis ftp server, I set a user with read/write permissions in our server O/S and then created ftp site in IIS.. I believe there is already logging enabled, I will check it since i know the exact time of the attack by watching the date of the file the hacker uploaded to our site. we already changed all the passwords of course.

    @cicatrix: I'm aware to that fact... but what is the best way to check if my computer already has some Trojan software installed ?
    * Rate It If you Like it

    __________________________________________________________________________________________

    "Programming is like sex: one mistake and you’re providing support for a lifetime."

    Get last SQL insert ID

  11. #11

    Thread Starter
    PowerPoster motil's Avatar
    Join Date
    Apr 2009
    Location
    Tel Aviv, Israel
    Posts
    2,143

    Re: sniffing to remote computer

    Ok, thanks for the ftp logging tip, I now knows that the file was NOT uploaded by our FTP. which only leaves me with some windows server 2003 or .NET 4.0 backdoor ?
    * Rate It If you Like it

    __________________________________________________________________________________________

    "Programming is like sex: one mistake and you’re providing support for a lifetime."

    Get last SQL insert ID

  12. #12
    PowerPoster
    Join Date
    Mar 2002
    Location
    UK
    Posts
    4,780

    Re: sniffing to remote computer

    Not a .net question anymore, but hey . You can turn on windows auditing on that directory to see which users are accessing it, you can check the file contents to see if anyone else has had that same file dropped on them which might give you a clue as to where it came from. Sure its not a 3rd party control log file or somesuch? We have had an application that wrote a log file to the current directory, which when you opened windows explorer you would have a trace of every folder you had opened that day!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width