Home page logo
/

basics logo Security Basics mailing list archives

Re[2]: Detection tool?
From: Alexander Lukyanenko <sashman () ua fm>
Date: Sat, 3 Apr 2004 13:15:22 +0300

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Bénoni,

Friday, April 2, 2004, 11:02:43 AM, you wrote:

BM> Well, I do not think it is possible to know what a machine is
BM> doing locally, cracking a password or just using Word! :)

BM> The only "weakness" you can exploit is if the machine is
BM> running in promiscuous mode to sniff around all the
BM> login/passwords on the network (such Cain & Abel, LC4, ...), then
BM> you can look for cards in promiscuous mode (tools as NFR NIDS,
BM> Antisniff, PromiScan, ...) perform this. Knowing what a box is
BM> doing offline seems to be more...intrusive!
You can check the CPU usage of a given box (using WMI, or some WSH
scripting), i.e. if it stays 100% most of the time (especially when no
users are supposed to be logged on), then either it is used to do some
CPU-intensive task (aka brute-forcing a hash) or is mis-configured. In
both cases, it needs checking.

Regards
* * * * * * * * * * * * * * *
* Alexander V. Lukyanenko   *
* ma1lt0: sashman ua fm     *
* ICQ#  : 86195208          *
* Phone : +380 44 458 07 23 *
* OpenPGP key ID: 75EC057C  *
* NIC   : SASH4-UANIC       *
* * * * * * * * * * * * * * *
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)

iD8DBQFAbo7Alz+8e3XsBXwRAuwMAJ96kbKmwhf5VBCKvUb+tKqnjL5UxACcDSnT
10vXVyaZ21RZ1co0jh+ZoGU=
=/dfd
-----END PGP SIGNATURE-----


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]