Under the supervision ... "or Vs Admin (LAN version)
What can Sis Admin do?
For example, to see a copy of your screen, completely seize control of the computer, i.e. even turn off also to that blah blah know all the passwords you entered ... the latter is allowed to be done unnoticed by the user All this is done with the help of special programs for remote administration, for example: Remote Administrator (Radmin), etc., Trojans also belong to programs for remote control, and everything written below so blah applies to them . These programs work on the principle of "Client-server" The client share of the program is installed for the one who controls, and the server quietly works for the one who is being controlled. Typically, the server registered in startup also starts in conjunction with Windows. When loading, the server starts "Listen" to a specific port, i.e. he is waiting for a connection on this port, but the one with the client, in order to establish a connection with the “victim”, also enters the IP address of the port (the one which listens to the server) and then clicks “Connect” ... In order to find out which ports are open, you can just look at all active connections, using for example Internet Maniac, in the menu "SNMP"> "Active connections", this is the Remote Administrator server, which (by default) slows down connections on port 4899, in the settings it is allowed to change the port: Connection status when this " LISTENING "
You can use the standard Windows utilities, in the "Programs" menu, launch "MS-Dos seanas" also enter "netstat -a" without quotes;) The output format is: " name of your computer: port name of the remote computer: port connection status " If you should see all established connections in numerical form, but not in the form of names, enter netstat -n.
If the customer connected to the server (installed by me), then it will look like this:
As you can see, the user with the IP address XXX.168.1.25 is connected to my computer, (the connection status is ESTABLISHED - the association has been established)
Note : At the time of verification, all network programs should be closed: Internet explorer, ICQ, mail programs ...
Determine the moment of connection
If you want to know at what time they will connect to you, the IP address is also the name of the computer on the network, use the Attacker program, it monitors these ports and alienates you when the connection crawls For example, if among active connections it is clear that some application is “Listening” on port 4899 (Radmin), then you need to take the Attacker program plus add this port (to TCP) to monitor it, when the connection to it crawls, the program will notify you (connection it will not be installed in any way). The skin shows that at 13:51:17 from the IP address: XXX.168.1.177 there was an attempt to connect to port 4899, the name of the remote computer on the network: YURI.
If one of the users of the local network "climbed" to your hard drive, then among the connections it will become on the 139th port ( nbsession ). The skin shows that a user with the IP address XXX.168.1.25 connected to my computer through a network environment Instead of a port number, Internet Maniac can illustrate the name of the service assigned to this port, in this case nbsession port 139.
Scan Remote Computer
When some network services are running on the computer, they open ports, i.e. Having scanned the ports on the remote computer, it is allowed to see which of them are open, the skin shows the result of scanning the computer on which the Radmin program server is installed (default port: 4899). Those. if during scanning you saw the open port 80, it means that a web server is installed there, if 3218, 8080 or 80 it is most likely a proxy server ...
How to determine whether the program is installed or not
If you have open ports (LISTEN or ESTABLISHED status), and no network programs are running at all, then it is possible that this is a remote control program server, try to see all running programs (CTRL-ALT-DELETE) if you don’t have anything found (often the programs are specially made so that they weren’t visible at all), then it’s allowed to use any task manager that will show all running applications, for example Process Wiewer, Task Meneger ... now it’s allowed to unload any program, If the association was established, it will break I.
How passwords will be recognized
In order to find out passwords, admins can use several methods, the easiest and the most common is the use of Keyloggers, i.e. programs that record all keystrokes, the most famous of them is hookdump95, antiviruses usually catch such programs, but who can stop writing your own?
PS: So far I’ve taken screenshots of the article, the administrator cleaned my floppy disk, which at that time was in the drive, but it had someone else’s semester ... also who is he later than that ???