Page 1 of 2 12 LastLast
Results 1 to 20 of 26

Thread: Any system experts?

  1. #1

    Default Any system experts?

    Totally off topic tho.


    Are there any ways to log a particular user's activity on another system, let's say base on his IP? Any tools, or programs to help on that? Ideally will be something like this:


    Mr A login to system B, system B track all Mr A's activity on the system into a log file and send to Mr C.


    Many thanks.

  2. #2
    Moderator Clown's Avatar
    Join Date
    Mar 2003
    Location
    Singapore
    Posts
    3,779

    Default

    a packet sniffer/interceptor/monitor can help but only if you have full access to system B.

  3. #3

    Default

    Quote Originally Posted by togu
    Totally off topic tho.


    Are there any ways to log a particular user's activity on another system, let's say base on his IP? Any tools, or programs to help on that? Ideally will be something like this:


    Mr A login to system B, system B track all Mr A's activity on the system into a log file and send to Mr C.


    Many thanks.
    Totally possible. These are called sniffer programs and they are commonly found on the net. You will be amazed (and frightened) at the level of logging they can get down into. The best part is, the user will have no idea the sniffer is running in the background as they hide themselves from the task manager. They will only surface on the victim's PC using a defined combination of keystroke. Of course, they can be configured to send the information to an email address at pre-defined intervals.

    The only challenge is, how to install (or get the victim to install) the sniffer program without him knowing it. I guess this is where trojan horses come in.

    So togu, you are thinking of....

  4. #4

    Default

    Quote Originally Posted by gremlin
    ...

    So togu, you are thinking of....



    I want to keep track of what a particular user will do on another system.


    Not exactly what I wanted tho. For my case, I'm not interested in what the user will do on his workstation, rather I want to find out what the user will do when he logon to the server remotely.

  5. #5

    Default

    Well, you can have something more sophisticated than a sniffer, but probably have to pay for it ... there are remote agents that can monitor things from processes to traffic to performance metrics, and send them back to a server program. You can even program alerts or traps in, eg. if someone triggers a particular program or opens a port.

    It's been a while since I was involved in this area, but perhaps a good place to start is by doing google searches, or try one of the more well-known commercial vendors, www.bmc.com ...

    HTH ...

  6. #6

    Default

    Quote Originally Posted by togu

    I want to keep track of what a particular user will do on another system.


    Not exactly what I wanted tho. For my case, I'm not interested in what the user will do on his workstation, rather I want to find out what the user will do when he logon to the server remotely.
    hope u got big budget to do it.... it is gonna be very costly.... you can look into software like NAI McAfee Network Protection Security Forensics

    Gd Luck

  7. #7

    Default

    Tracking everything that goes on in a remote system can be quite tedious. A simpler way would be to capture and record the user's screen for the entire session of his connection to the remote system. This makes it easier as you won't have to sift through pages and pages of logs just to guess at what the user is doing.

    One such software we tried last year was called:

    "What Are You Doing"

    We had this running on our company's network to monitor the activities of Industrial Attachment Students and had on a number of occasions caught them browsing through "wildlife" photos. There's always a strong smell of urine when we pull them in to show them their "ECA".


    Quote Originally Posted by togu


    I want to keep track of what a particular user will do on another system.


    Not exactly what I wanted tho. For my case, I'm not interested in what the user will do on his workstation, rather I want to find out what the user will do when he logon to the server remotely.

  8. #8

    Default

    What O/S is your remote server running? There are lots of free logging tools available for Linux/UNIX machines.

  9. #9

    Default

    Goodie, thanks for all the help, gotta keep sourcing.

    If it's too expensive, I might as well install a CCTV behind that Mr A, and record full time.



    BTW, jeff, you still surviving?

  10. #10
    Senior Member
    Join Date
    Dec 2003
    Location
    Tampines
    Posts
    3,287

    Default

    Hi Togu. It can be quite expensive. If it is Linux or Unix then you could probably find a lot of free tools on the internet to help you achieve your goal. If it is Windows base then chances are you will have to pay for it as the freebies that I have tried just doesn't cut it. I've tried one that send me tons of information that I find an overkill. Going through it is a major task and a time consuming effort. A cheaper and simple alternative is to install a keystroke logger but it may not be what you are looking for.

  11. #11

    Default

    Is this similar to what you want?
    A log in to his computer A(ip *.*.*.2), at the same time login to the server B(ip *.*.*.5).

    You login to your computer C(ip *.*.*.8)
    Install sniff software to your computer C IP 8. Log the traffic between IP 2 - IP 5.

    Any encryption between comp A and server B?

  12. #12

    Default

    ethereal, go to yahoo or google to search.

    PM me if want more detail. Put too many stuff here skali kena banned.

  13. #13
    Member
    Join Date
    Jan 2004
    Location
    Sinagpore
    Posts
    72

    Default

    Cool...looks like you can be monitored unknowingly....hey how about r there any freeware to check whether such sniffer program is installed in my PC? (just in case my company have such program installed :-) )

  14. #14
    Member
    Join Date
    Apr 2004
    Location
    Reservoir Dude
    Posts
    534

    Default

    Quote Originally Posted by DennisLee
    Cool...looks like you can be monitored unknowingly....hey how about r there any freeware to check whether such sniffer program is installed in my PC? (just in case my company have such program installed :-) )
    yup, try freeware adware... www.adware.com

    anyway, for system monitoring of illegal changes on system, can try TripWire, must pay and is an enterprise solution, used in most banks and other enterprises...

  15. #15

    Default

    It's ok, I manage to get the hash values of all the accounts, and use some "brute force" to "de-hash" everything. Follow by installing some stealth activity monitors on my targeted pc. Everything is under control now.



    Thanks for everyone's help.



  16. #16
    Senior Member
    Join Date
    Jul 2003
    Location
    Tampines, Singapore.
    Posts
    1,899

    Default

    don't think these spyware will work if the user is running a good firewall right?

  17. #17

    Default

    Quote Originally Posted by hwchoy
    don't think these spyware will work if the user is running a good firewall right?

    Depends...

  18. #18
    Senior Member
    Join Date
    Jul 2003
    Location
    Tampines, Singapore.
    Posts
    1,899

    Default

    I using ZoneAlarm… seem to be able to block any and everything.

  19. #19

    Default

    ASK ME !! ASK ME !!

    Before you continue, I want to make this clear. ad-ware is ad-ware, ad-aware is ad-aware, they are both different thing. Ad-ware is something installed on your system without your knowledge, they usually will hijacked your homepage, add a tool-bar on your Internet Explorer, pop up a windows out of a sudden and log wat website u visited.



    Firewall like zone alarm, Anti-Virus like norton, even those with web filtering, will NOT block ad-ware(aka spyware). They can block banner, cookies and etc..only but that's not enuff.

    Ad-ware(spyware) will also installed on your system if you download screensaver, shareware or utility, it will also be downloaded if you visit porn site, warez site . Usually they are not detectable by anti-virus and firewall, coz the program itself does not contain virus!

    So, you need a dedicated ad-ware scanner. Spybot, Ad-Aware are example.

    Why they can block ad-ware but firewall or anti-virus can't? Coz ad-aware prog can monitor your registry and file structure. They can detect any changes done to your file or registry when you start your machine. This is where ad-ware get "alive", they usually start to edit your registry everytime u start your machine. virus-Scanner or firewall, don't stop program from editing the registry or file. It isn't consider a virus.
    Last edited by ninelives; 28th July 2004 at 02:12 AM.
    Objection !!!

  20. #20
    Member
    Join Date
    Jan 2004
    Location
    Sinagpore
    Posts
    72

    Default

    Quote Originally Posted by ninelives
    ASK ME !! ASK ME !!

    Before you continue, I want to make this clear. ad-ware is ad-ware, ad-aware is ad-aware, they are both different thing. Ad-ware is something installed on your system without your knowledge, they usually will hijacked your homepage, add a tool-bar on your Internet Explorer, pop up a windows out of a sudden and log wat website u visited.



    Firewall like zone alarm, Anti-Virus like norton, even those with web filtering, will NOT block ad-ware(aka spyware). They can block banner, cookies and etc..only but that's not enuff.

    Ad-ware(spyware) will also installed on your system if you download screensaver, shareware or utility, it will also be downloaded if you visit porn site, warez site . Usually they are not detectable by anti-virus and firewall, coz the program itself does not contain virus!

    So, you need a dedicated ad-ware scanner. Spybot, Ad-Aware are example.

    Why they can block ad-ware but firewall or anti-virus can't? Coz ad-aware prog can monitor your registry and file structure. They can detect any changes done to your file or registry when you start your machine. This is where ad-ware get "alive", they usually start to edit your registry everytime u start your machine. virus-Scanner or firewall, don't stop program from editing the registry or file. It isn't consider a virus.


Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •