Go Back   Computer Forums > General Computing > Cyber Safety and Computer Security
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 05-23-2005, 12:51 AM   #1
Baseband Member
 
stlpnazi's Avatar
 
Join Date: Jan 2005
Posts: 32
Send a message via AIM to stlpnazi
Default Anonymous net send

I apologize for cross-posting, but I recieved no replies from the networking forum. I figured somebody here may be able to help me out.

A friend told me about a program that can send anonymous net send messages. I will soon be in charge of a computer conference in which high school students and teachers are all a part of a large network. We have had problems with net send messages at past conferences. Are there any sniffers or anything that may tell me the original source (preferably an IP) of a net send even if they use an anonymous sender?
__________________

stlpnazi is offline   Reply With Quote
Old 05-24-2005, 08:52 AM   #2
Site Team
 
root's Avatar
 
Join Date: Mar 2004
Posts: 8,006
Default Re: Anonymous net send

ethereal will record all network traffic, you can analyse find and chastise culprits accordingly after the event...

but better than this I suggest you just disable the messenger service that allows you to send and recieve messeges.
__________________

root is offline   Reply With Quote
Old 05-24-2005, 04:56 PM   #3
Baseband Member
 
stlpnazi's Avatar
 
Join Date: Jan 2005
Posts: 32
Send a message via AIM to stlpnazi
Default

The only problem with that is that we don't have control over all the computers on the network. Some machines are brought in by the people attending the conference, and they may have Windows 98 (as sad as it is...) or 2000 or XP with no SP2. The computers we supply weren't equipped with SP2 this past year, but next year they definitely will be.

Can you help me out with any specifics on how a net send will show up in Ethereal? Which protocol is it?

Thanks for your response, I was afraid nobody had any answers.
stlpnazi is offline   Reply With Quote
Old 05-24-2005, 06:56 PM   #4
Site Team
 
root's Avatar
 
Join Date: Mar 2004
Posts: 8,006
Default Re: Anonymous net send

now here is the problem... the protocol is TCP/IPand the port is 139 (RPC) so it's pretty standard traffic you are looking for...

once I get to work I'll record some traffic for you and post what net messenger traffic looks like
root is offline   Reply With Quote
Old 05-24-2005, 08:30 PM   #5
Baseband Member
 
stlpnazi's Avatar
 
Join Date: Jan 2005
Posts: 32
Send a message via AIM to stlpnazi
Default

It's really better than nothing. I'd be glad to look at a giant list of numbers if it meant I would be able to find the person. Thank you so much!

If you don't have time to get an example of the traffic, don't worry about it. I think I can probably get it. Thanks again.
stlpnazi is offline   Reply With Quote
Old 05-25-2005, 09:24 AM   #6
Site Team
 
root's Avatar
 
Join Date: Mar 2004
Posts: 8,006
Default Re: Anonymous net send

it's actually a lot easier to follow the log than I had remembered...


but the best way to do it is to put the scanner in promiscuous mode and use the filter prot 135 (thats the port messeges come on...

then you'll only recieve this traffic, you'll only get IP addresses and will have to use NBTSTAT -A to get usernames...
__________________

root is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 11:07 PM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0