Miscellaneous > Programming & Networking

Monitoring Suite

<< < (3/3)

Orethrius:
That would be precisely the reason why I'm looking at taking some open source and meshing it together into a closed-group one-off (of sorts), so that only somebody with prior knowledge of the ports in use would know where to hack when.  Even the VNC source port can be changed at the server program level.  This is the kind of person that I have no doubt would disconnect his box from the Internet for security's sake, in which case I'm out of a job.  I understand security issues as much as the next guy, but when it comes to somebody who wants to stay connected at the cost of some security, my bottom line is affected.  It's my job to make these guys feel secure (as if he's not running Mandrake already  ;) ), not to write my own revisionist history of their stupid moves.  Now please stop telling me how I'm doing my job wrong and at least try to help me, not the guy that's beyond all help. ;)

flap:
I don't really understand how VNC comes into this at all. What does that have to do with (and for that matter what's the point of) keylogging? Depending on how a cracker breaks into a system that's unlikely to record anything. If anything he probably just wants an intrusion detection system.

Orethrius:

quote:Originally posted by flap:
I don't really understand how VNC comes into this at all. What does that have to do with (and for that matter what's the point of) keylogging? Depending on how a cracker breaks into a system that's unlikely to record anything. If anything he probably just wants an intrusion detection system.
--- End quote ---


Okay, I'll answer this in three points.
(1)  VNC is not the program here, but a mainstream code concept that will likely be the framework for a later monitoring system.
(2)  I chose VNC for its (as of the current version, improperly implemented) ability to prevent users on the server from noticing that they're being monitored through "connection sharing" and the option to prevent the server from receiving mouse and/or keyboard events from the remote client.
(3)  I'm not looking at keylogging in the traditional "let's take a sampling from the keyboard" method.  I'm talking about something that logs the local box at the system level, so that ANY keys entered into it through any vaild terminal at any point in time will be recorded.  If this makes it more along the lines of a more conventional IDS, then so be it.  That's what I'm gunning for anyways.      :cool:  

EDIT:  I suppose it would help somewhat if I said that he trusts firewalls to prevent DoS attacks, but precious little else.   :rolleyes:  

[ July 06, 2004: Message edited by: Midnight Candidate ]

flap:
The point is that logging "keys" would only work if his machine was being accessed via some kind of remote control software, such as VNC, that (presumably) generates keyboard/mouse events. If he's not even running anything like VNC in the first place then there's no way that approach could work. Is he specifically concerned about someone using only that kind of software to access his computer?

 
quote:EDIT: I suppose it would help somewhat if I said that he trusts firewalls to prevent DoS attacks, but precious little else.
--- End quote ---


...which, considering firewalls don't prevent DoS attacks, suggests he is actually an idiot. If I were you I'd give him a placebo solution, like installing Winamp and telling him that it definitely logs/prevents all intrusion attempts. Or you could just install an ids.

[ July 06, 2004: Message edited by: flap ]

Navigation

[0] Message Index

[*] Previous page

Go to full version