View previous topic :: View next topic |
Author |
Message |
whitethorn n00b
Joined: 02 Sep 2009 Posts: 28
|
Posted: Mon Nov 30, 2009 12:51 pm Post subject: How to detect a keylogger |
|
|
Hi,
I've just been told by my boss that they think someone might have installed a keylogger on our internal network. I'm supposed to look and see if I can find anything and if I find anything remove it. Unfortunately I'm not quite sure how to look for one of these things. I've been doing some googling and found a ton of threads of people looking for keyloggers and one about a guy trying to circumvent one. I also found out that the only really good software keyloggers use evdev. Is there a way to check and see if there's something recording or decoding the output from it? We have two computers with a fixed IP for external access (ssh), if I find anything it would probably be on one of them luckily root loggins are not allowed. |
|
Back to top |
|
|
krinn Watchman
Joined: 02 May 2003 Posts: 7470
|
Posted: Mon Nov 30, 2009 1:56 pm Post subject: Re: How to detect a keylogger |
|
|
main purpose of a keyloggers is: log key presssed and transmit that info so you can see what was pressed.
so i suppose even if i have no idea how to find the keylogger, i suppose i could just watch and look for the "transmit info" phase. You "may force" it to transmit by pushing keys many times (i suppose a keylogger transmit a buffer and not key by key).
wireshark is your friend.
whitethorn wrote: |
luckily root loggins are not allowed. |
yeah, and you're enough lucky to have no users in the wheel group ? |
|
Back to top |
|
|
d2_racing Bodhisattva
Joined: 25 Apr 2005 Posts: 13047 Location: Ste-Foy,Canada
|
Posted: Mon Nov 30, 2009 5:13 pm Post subject: |
|
|
In fact, plug wireshark in a mirror port switch or in a hub and you will see all the trafic. |
|
Back to top |
|
|
|