Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
How to detect a keylogger
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
whitethorn
n00b
n00b


Joined: 02 Sep 2009
Posts: 28

PostPosted: Mon Nov 30, 2009 12:51 pm    Post subject: How to detect a keylogger Reply with quote

Hi,

I've just been told by my boss that they think someone might have installed a keylogger on our internal network. I'm supposed to look and see if I can find anything and if I find anything remove it. Unfortunately I'm not quite sure how to look for one of these things. I've been doing some googling and found a ton of threads of people looking for keyloggers and one about a guy trying to circumvent one. I also found out that the only really good software keyloggers use evdev. Is there a way to check and see if there's something recording or decoding the output from it? We have two computers with a fixed IP for external access (ssh), if I find anything it would probably be on one of them luckily root loggins are not allowed.
Back to top
View user's profile Send private message
krinn
Watchman
Watchman


Joined: 02 May 2003
Posts: 5981

PostPosted: Mon Nov 30, 2009 1:56 pm    Post subject: Re: How to detect a keylogger Reply with quote

main purpose of a keyloggers is: log key presssed and transmit that info so you can see what was pressed.
so i suppose even if i have no idea how to find the keylogger, i suppose i could just watch and look for the "transmit info" phase. You "may force" it to transmit by pushing keys many times (i suppose a keylogger transmit a buffer and not key by key).

wireshark is your friend.

whitethorn wrote:

luckily root loggins are not allowed.


yeah, and you're enough lucky to have no users in the wheel group ?
Back to top
View user's profile Send private message
d2_racing
Moderator
Moderator


Joined: 25 Apr 2005
Posts: 13047
Location: Ste-Foy,Canada

PostPosted: Mon Nov 30, 2009 5:13 pm    Post subject: Reply with quote

In fact, plug wireshark in a mirror port switch or in a hub and you will see all the trafic.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum