Security Basics mailing list archives
Re[2]: Detection tool?
From: Alexander Lukyanenko <sashman () ua fm>
Date: Sat, 3 Apr 2004 13:15:22 +0300
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Bénoni, Friday, April 2, 2004, 11:02:43 AM, you wrote: BM> Well, I do not think it is possible to know what a machine is BM> doing locally, cracking a password or just using Word! :) BM> The only "weakness" you can exploit is if the machine is BM> running in promiscuous mode to sniff around all the BM> login/passwords on the network (such Cain & Abel, LC4, ...), then BM> you can look for cards in promiscuous mode (tools as NFR NIDS, BM> Antisniff, PromiScan, ...) perform this. Knowing what a box is BM> doing offline seems to be more...intrusive! You can check the CPU usage of a given box (using WMI, or some WSH scripting), i.e. if it stays 100% most of the time (especially when no users are supposed to be logged on), then either it is used to do some CPU-intensive task (aka brute-forcing a hash) or is mis-configured. In both cases, it needs checking. Regards * * * * * * * * * * * * * * * * Alexander V. Lukyanenko * * ma1lt0: sashman ua fm * * ICQ# : 86195208 * * Phone : +380 44 458 07 23 * * OpenPGP key ID: 75EC057C * * NIC : SASH4-UANIC * * * * * * * * * * * * * * * * -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (MingW32) iD8DBQFAbo7Alz+8e3XsBXwRAuwMAJ96kbKmwhf5VBCKvUb+tKqnjL5UxACcDSnT 10vXVyaZ21RZ1co0jh+ZoGU= =/dfd -----END PGP SIGNATURE----- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Detection tool? David E. Newberger (Apr 01)
- RE: Detection tool? Keenan Smith (Apr 02)
- <Possible follow-ups>
- RE: Detection tool? Josh Mills (Apr 02)
- RE: Detection tool? David E. Newberger (Apr 02)
- RE: Detection tool? Bénoni MARTIN (Apr 02)
- Re[2]: Detection tool? Alexander Lukyanenko (Apr 05)
- RE: Detection tool? Josh Mills (Apr 02)