Under supervision ... "or Vs Admin (LAN version)

Regardless of where you "get off" on the Internet, you can be monitored if you are a building, this can work with the help of Trojans (programs like "Trojan horse") in order to find out your passwords, if in Internet cafes, in a computer class, at work etc. You can watch the system rulers, they are people who look after local networks, usually their stay is invisible, but sometimes they just get impudent, they think that if they admins then they can do everything, what blah blah can the admin do? When we were still in the first year, we often hung up in the computer class, just chatted, but there was one problem, we have "It's forbidden to chat also play", but what else is there to do? :) After a few inconclusive :) Requests of administrators to close the chat, something strange began: the mouse itself began to move itself to close the windows, sometimes even in the form of text input in the chat typed text "All the freaks" was also sent to the chat, then the computer just turned off Smile happy We just fucked up, no doubt everyone realized that these admins "joke" but could not do anything ... In this article we'll write how to find out whether you are being watched or not, the IP address of this "smart guy" -So on the local network (LAN-Local Area Network) came to you on the hard drive.

What can Sis Admin do ?
For example, to see a copy of your screen, completely intercept computer control, ie even shut down :) Also to that bla bla to find out all the passwords you entered ... the latter is allowed to be made unnoticeable from the user :) All this is done with the help of special programs for remote administration, for example: Remote Administrator (Radmin), etc., Trojans also belong to remote control programs, and everything written below goes well with them . The data of the program is working according to the principle of "Client-server". The client share of the program is installed by the one who manages, and the server quietly works with the person who is controlled. Usually the server is registered in startup also starts together with Windows. At boot, the server starts "Play" a specific port, i.e. It waits for a connection on this port, but the one with whom the client connects the IP address to the port (the one the servic listens) then connects the "Connect" to connect to the "victim" ... In order to find out which ports are open, you can Just look at all the active connections using Internet Maniac for example, in the "SNMP"> "Active connections" menu, the Remote Administrator's server looks like this (by default) it hangs up connections on the 4899 port, the settings allow changing the port: This " LISTENING "

You can use the standard Windows utilities, in the "Programs" menu, run "MS-DOS Seanas" also enter "netstat -a" without quotes;) Format of the output: " name of your computer: port name of the remote computer: port connection status " If It is necessary to see all established connections in numerical form, but in any way not as names, then enter netstat -n.

If the customer connected to the server (installed by me), it will look like this:

As you can see, a user with an IP address of XXX.168.1.25 connected to my computer (the connection status is set to ESTABLISHED- association)

Note : At the time of verification, all network programs should be closed: Internet explorer, ICQ, email programs ...

Determine the moment of connection
If you want to know when you will be connected, the IP address is also the name of the computer on the network, use the Attacker program, it monitors the specified ports, and, if the connection is dragged, alienates the know :) For example, if, among active connections, you see that the application "Listens" port 4899 (Radmin), then you need to take the Attacker prog plus add this port (in TCP) to track it, the connection will be notified to you by the connection (connection It is not installed at all). On the skin you can see that at 13:51:17 from the IP address: XXX.168.1.177 there was an attempt to connect to port 4899, the name of the remote computer on the network: YURI.

If someone from the local network users "climbed" to you on the hard drive, then among the connections will be on the 139th port ( nbsession ). On the skin, you can see that the user with the IP address XXX.168.1.25 connected to my computer through the network environment :) The program Internet Maniac instead of the port number can illustrate the name of the service assigned to this port, in this case it is nbsession-port 139.

Scanning a remote computer
When some network services are running on the computer, they open the ports, i.e. Having scanned the ports on the remote computer, it is allowed to see which ones are open, the result of scanning the computer on which the Radmin program server is installed (port default: 4899) is displayed on the skin. Those. If you saw the open port 80 on scanning, it means that there is a web server installed, if 3218, 8080 or 80 then this is most likely a proxy server ...

How to determine the installed prog, or not
If you have open ports (LISTEN or ESTABLISHED status), no network programs are running, then it's possible that this is a remote management server, try to see all the programs that are running (CTRL-ALT-DELETE) if you do not have anything Found (often the programs are specially made so that they could not be seen at all), then it is allowed to use any task manager that will show all running applications such as Process Wiewer, Task Meneger ... now it is allowed to unload any prog, If the union was installed, it would burst .

How to recognize passwords
In order to learn the passwords administrators can use several methods, the simplest is also the most common is the use of Keyloggers, i.e. Programs that record all keystrokes, the most famous of them is hookdump95, usually such programs are caught by antiviruses, but who will prevent you from writing your own?

PS: While I was making screenshots to the article, the admin cleaned my floppy disk, which was at that time in the drive, but on it someone else's semester was ... also who he later this ???