This page has been robot translated, sorry for typos if any. Original content here.

Under supervision ... "or Vs Admin (LAN version)

Regardless of where you "go out" on the Internet, you can be monitored if you are a building, this can work with the help of Trojans (programs such as "Trojan horse") in order to find out your passwords, if in Internet cafes, in a computer class, at work etc. you can be watched by system rulers, these are people who look after local networks, usually their stay is invisible, but sometimes they just get impudent, they think that if they are admins then all they can do is blah blah can the admin do? When we were still in the first year, we often hung up in the computer class, just chatted, but there was one problem, we have "It's forbidden to chat also play", but what else is there to do? :) After a few inconclusive :) requests of administrators to close the chat, something strange began: the mouse itself began to move also close the windows, sometimes even in the form of text input in the chat typed text "All the freaks" was also sent to the chat, then the computer just turned off Smile happy We just fucked up, no doubt everyone realized that these admins "joke" but could not do anything ... In this article we'll write how to find out whether you are being watched or not, the IP address of this "smart guy" -So on the local network (LAN-Local Area Network) came to you on the hard drive.

What can Sis Admin do?
For example, to see a copy of your screen, completely intercept the control of the computer, ie even shut down :) Also to that bla bla to find out all the passwords you entered ... the latter is allowed to be made unnoticeable from the user :) All this is done with the help of special programs for remote administration, for example: Remote Administrator (Radmin), etc., Trojans also belong to remote control programs, and everything written below goes well with them . The data of the program work on the basis of the "Client-server" principle. The client share of the program is installed by the one who manages, and the server quietly works with the person who is controlled. Usually the server is registered in startup also starts together with Windows. At boot, the server starts "Play" a specific port, i.e. it waits for a connection on this port, but the one with whom the client connects the IP-address to the port (the one the servic listens) to connect to the victim then later presses "Connect" ... To find out which ports are open, you can just look at all the active connections using Internet Maniac for example, in the "SNMP"> "Active connections" menu, the Remote Administrator's server looks like this (default), it slows connections on the 4899 port, the settings allow changing the port: this " LISTENING "

You can use the standard Windows utilities, in the "Programs" menu, run "MS-DOS Seanas" also enter "netstat -a" without quotes;) Format of the output: " name of your computer: port name of the remote computer: port connection status " If It is necessary to see all established connections in a numerical form, but in any way as names, enter netstat -n.

If the customer connected to the server (installed by me), it will look like this:

As you can see, a user with IP address XXX.168.1.25 connected to my computer (the connection status is set to ESTABLISHED- association)

Note : At the time of verification, all network programs should be closed: Internet explorer, ICQ, email programs ...

Determine the moment of connection
If you want to know when to connect to you, the IP address is also the name of the computer on the network, use the Attacker program, it monitors the specified ports, also alienates the connection when the connection is dragged :) For example, if, among active connections, you see that an application "Listens" port 4899 (Radmin), then you need to take a prog Attacker plus add this port (in TCP) to track it, with a connection to it, the program will notify you (connection while it is not installed). On the skin you can see that at 13:51:17 from IP-address: XXX.168.1.177 there was an attempt to connect to port 4899, the name of the remote computer on the network: YURI.

If someone from the local network users "climbed" to you on the hard drive, then among the connections will be on the 139th port ( nbsession ). On the skin, you can see that the user with the IP address XXX.168.1.25 connected to my computer through the network environment :) The program Internet Maniac instead of the port number can illustrate the name of the service assigned to this port, in this case it is nbsession-port 139.

Scanning a remote computer
When some network services are running on the computer, they open ports, i.e. having scanned the ports on the remote computer, it is allowed to see which ones are open, the result of scanning the computer on which the Radmin program server is installed (port default: 4899) is displayed on the skin. Those. If you saw the open port 80 on scanning, it means that there is a web server installed, if 3218, 8080 or 80 then this is most likely a proxy server ...

How to determine the installed prog, or not
If you have open ports (LISTEN or ESTABLISHED status), no network programs are running at all, then it is possible that this is a remote control server, try to look at all the running programs (CTRL-ALT-DELETE) if you do not have anything found (often the programs are specially made so that they could not be seen at all), then it is allowed to use any task manager that will show all running applications such as Process Wiewer, Task Meneger ... now it is allowed to unload any prog, If the unification was established, it would rip I.

How to recognize passwords
In order to learn the passwords administrators can use several methods, the simplest is also the most common is the use of Keyloggers, i.e. programs that record all keystrokes, the most famous of them is hookdump95, usually such programs are caught by antiviruses, but who prevents you from writing your own?

PS: While I was making screenshots to the article, the admin cleaned my floppy disk, which it was time in the drive, but on it someone else's semester was ... also who he later ??