|
-
Mar 20th, 2011, 05:52 AM
#1
sniffing to remote computer
Hi all.
I know I can sniff my local network but Is it possible to sniff to remote computer ip from my machine and watch the data its receiving ?
the reason I'm asking this question is because someone successfully upload file to our website server and tried to hack it.
the only way I can think of is that someone sniffing our ftp port and grabs the ftp password when I'm deploying our website to the server.
* Rate It  If you Like it
__________________________________________________________________________________________
" Programming is like sex: one mistake and you’re providing support for a lifetime."
Get last SQL insert ID 
-
Mar 20th, 2011, 06:33 AM
#2
Re: sniffing to remote computer
First, you should get some better security software.
Second, if you're encrypting the password as it's sent, you'll drastically reduce the chances of someone picking it up.
CodeBank contributions: Process Manager, Temp File Cleaner
 Originally Posted by SJWhiteley
"game trainer" is the same as calling the act of robbing a bank "wealth redistribution"....
-
Mar 21st, 2011, 07:50 AM
#3
Re: sniffing to remote computer
Can be social enginering too. How many people knows the password etc?
-
Mar 21st, 2011, 08:17 AM
#4
Re: sniffing to remote computer
Only I know the passwords, It seems that it is not possible to listen to IP from outside so my options are that someone somehow success putting key logger or sniffer in my system which is hard for me to believe since I have good antivirus, firewall and using windows 7 (windows 7 UAC make it harder to install sniffers)
but everything is possible ...
there is also the option that the hacker didn't hijack my password through the FTP but exploit some windows server 2003 backdoor to upload the file to our server.
@weirddemon: as far as i know you can't encrypt the ftp password with visual studio (can you?)
* Rate It  If you Like it
__________________________________________________________________________________________
" Programming is like sex: one mistake and you’re providing support for a lifetime."
Get last SQL insert ID 
-
Mar 21st, 2011, 08:34 AM
#5
Re: sniffing to remote computer
And how many people do have access to the server via 1 way or the other (not only via remote connections). I think indeed its on the serverside instead of you.
-
Mar 21st, 2011, 09:20 AM
#6
Re: sniffing to remote computer
Don't suppose your password is "password" but a strong password? Hackers/script kiddies often just mash through lists of words to get in.
Last edited by Grimfort; Mar 21st, 2011 at 09:25 AM.
-
Mar 21st, 2011, 09:34 AM
#7
Re: sniffing to remote computer
@namrekka: the hacker don't has access to the server cause if he did then he wouldn't upload a file to that directory, he would simply do whatever he want through the server itself.
@Grimfort the password is not simple like 123456 etc... my passwords usually combined by things that are only meaningful to myself.
* Rate It  If you Like it
__________________________________________________________________________________________
" Programming is like sex: one mistake and you’re providing support for a lifetime."
Get last SQL insert ID 
-
Mar 21st, 2011, 09:52 AM
#8
Re: sniffing to remote computer
What kind of FTP software is it? You can turn on logging in nearly all of them to track down where the requests/connections are coming from. 5 gets you 10 its just a security setting that you have accidently set, or a password that has been compromised. Change all your password to be sure anyway.
-
Mar 21st, 2011, 09:54 AM
#9
Re: sniffing to remote computer
Also, keep in mind that if someone has physical access to your computer it's not your computer any more. There are hardware keyloggers, for example. Also a cell phone placed strategically near your keyboard can record a video of you typing the password.
-
Mar 21st, 2011, 10:08 AM
#10
Re: sniffing to remote computer
@Grimfort: the ftp is windows serve -> iis ftp server, I set a user with read/write permissions in our server O/S and then created ftp site in IIS.. I believe there is already logging enabled, I will check it since i know the exact time of the attack by watching the date of the file the hacker uploaded to our site. we already changed all the passwords of course.
@cicatrix: I'm aware to that fact... but what is the best way to check if my computer already has some Trojan software installed ?
* Rate It  If you Like it
__________________________________________________________________________________________
" Programming is like sex: one mistake and you’re providing support for a lifetime."
Get last SQL insert ID 
-
Mar 21st, 2011, 10:15 AM
#11
Re: sniffing to remote computer
Ok, thanks for the ftp logging tip, I now knows that the file was NOT uploaded by our FTP. which only leaves me with some windows server 2003 or .NET 4.0 backdoor ?
* Rate It  If you Like it
__________________________________________________________________________________________
" Programming is like sex: one mistake and you’re providing support for a lifetime."
Get last SQL insert ID 
-
Mar 21st, 2011, 10:40 AM
#12
Re: sniffing to remote computer
Not a .net question anymore, but hey . You can turn on windows auditing on that directory to see which users are accessing it, you can check the file contents to see if anyone else has had that same file dropped on them which might give you a clue as to where it came from. Sure its not a 3rd party control log file or somesuch? We have had an application that wrote a log file to the current directory, which when you opened windows explorer you would have a trace of every folder you had opened that day!
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|