+++ to secure your transactions use the Bitcoin Mixer Service +++

 

We need Your Support. Make a Donation now! or Buy Me A Coffee

Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Windows Sharing Allows Internet Tracking

From: Preston W Chang <presto () REGIONONLINE COM>
Date: Wed, 21 Mar 2001 18:12:30 -0500
Summary

Many of you are probably very familar with the constant
sharing problem that we have on the Internet today. The
default settings, logging in particular, on NT doesn't help
the problem either. Usually, many intruders will go in with
obreption and probably without anyone ever knowing without
some sort of IDS suite or logging system besides that of
NT's.

This "problem" may help somewhat. I will discuss later why
this is also a "problem" as well as an advantage.


The Advantage

When logging into a share via NetBIOS, on a NT-to-NT
connection, the user connecting will have his/her Temporary
Internet Files transferred onto the server which they have
connected to. You would find it in this type of path:
c:\winnt\profiles\Administrator\Temporary Internet Files. If
you believe that you are victim to an intruder, definitely
check this folder. I have examined many of the NT "rootkit"
techniques and suites, with none that include
cleaning out the transferred cache. You may or may not find
a definitive profile right away of your intruder, but by
common investigation, it should lead you to something. You
will find most recently visited sites, as well as cookies
from the intruding computer (turn the tables on them =) ).

        
The Problem

As long as you can monitor others, there are others that
will be able to monitor you. Here's a possible scenario: You
were given access to an NT Server via shares just to do some
tweaks or whatever. You leave in peace and go back to the
rest of your work. What you just did was leave traces of
online receipts, cookies, etc., without even knowing it.
Part of the problem is that, to my knowledge, there is no
option from stopping this from happening, so the cleansing
of the transferred cache must be done manually. One minor
setting that can contribute to defending from this problem
is to enable the "Temporary Internet Files clean on closing"
option in Internet Explorer 5x.

Conclusion

Everytime you connect, clean that cache! Everytime a
stranger connects, find that rat! Hehe. Cheesy, but a true
statement that should be followed. *ALSO: This can not be
stressed enough, but... don't leave shares open to the rest
of the internet!@!# Either filter or disable NetBIOS
completely if it isn't needed!*

        Cheers,
           Charles Chear [presto () regiononline com]
           http://presto.tpgn.net
-
This message was sent from:
http://www.regiononline.com !
Stop by and see what's going on in YOUR region NOW!
Previous By Date Next
Previous By Thread Next

Current thread: