Totse.com is no longer available!
This is a static archive of what the website used to be.
Check out the new articles and visit the community at Zoklet.net

Log in

View Full Version : How could I find out if my internet activity is being monitored?


Terror Alert
2008-10-02, 00:06
I have some lets just say...interesting characters in my life....I feel that I am being watched and monitored. I have set a few of my own traps and they all indicate that someone is in fact looking and tampering with my computer from a distance.

How do I find out for sure?

oddballz194
2008-10-02, 00:09
The generic answer is a Remote Intrusion Detection System, along with a Local Intrusion Detection System in case they actually get in.

Terror Alert
2008-10-02, 00:30
The generic answer is a Remote Intrusion Detection System, along with a Local Intrusion Detection System in case they actually get in.

So what are these systems? Are they services which you buy or do you download them? I'm looking on google and it's not really showing anything of value.

oddballz194
2008-10-02, 01:01
They're software. The RIDS (or sometimes just called IDS) is a system that listens for unusual activity that could indicate an attack, then alerts you. A LIDS does the same, except it sits and waits for someone or something to try to make unusual changes to your machine.

Snort is a well known IDS system. It does both jobs, I believe, although I admit I haven't used it.

Prometheum
2008-10-02, 01:59
An IDS won't stop a tap on your line. Encrypt everything.

oddballz194
2008-10-02, 02:02
An IDS won't stop a tap on your line. Encrypt everything.

That's true. I was thinking of active intrusion (like trying to hack into one of your computers). Passive reconnaissance is much harder to prevent. Prometheum is right -- encrypt it all.

Tor and JAP are two somewhat similar systems, but don't even trust them alone if you're sending something that could put you in jail. For extreme situations, don't even use your own Internet connection -- borrow someone else's.

Prometheum
2008-10-02, 11:59
That's true. I was thinking of active intrusion (like trying to hack into one of your computers). Passive reconnaissance is much harder to prevent. Prometheum is right -- encrypt it all.

Tor and JAP are two somewhat similar systems, but don't even trust them alone if you're sending something that could put you in jail. For extreme situations, don't even use your own Internet connection -- borrow someone else's.

JAP is known to be backdoored (by the Germans) and should not be trusted.

As for Tor, you're putting a proxy you don't know or trust in between you and your endpoint: encrypt everything.

kenshiro_kid
2008-10-04, 00:09
JAP is known to be backdoored (by the Germans) and should not be trusted.

As for Tor, you're putting a proxy you don't know or trust in between you and your endpoint: encrypt everything.

in base 1024.

Terror Alert
2008-10-04, 00:31
JAP is known to be backdoored (by the Germans) and should not be trusted.

As for Tor, you're putting a proxy you don't know or trust in between you and your endpoint: encrypt everything.

I'm a n00b so I don't know how to encrypt...how can i do this?

ThunderChicken
2008-10-04, 04:28
I'm a n00b so I don't know how to encrypt...how can i do this?

SSH tunnel

http://en.wikipedia.org/wiki/Tunneling_protocol


here a good read of what i read on the first few sentences

http://www.engadget.com/2006/03/21/how-to-ssh-tunnels-for-secure-network-access/

Prometheum
2008-10-04, 17:07
I'm a n00b so I don't know how to encrypt...how can i do this?

Don't listen to the above poster. He's right for some things but that isn't a very comprehensive post.

There are two things you can have. Anonymity of origin and Anonymity of content. It is possible to have both or neither as well.

Anonymity of Origin: The monitoring party (Eve) is unable to discern in your (Alice) communication to Bob where either of you are.
Anonymity of Content: Eve can see that Alice is talking to Bob, but is unable to see what it is they're saying.

The first thing to do in any security discussion is to KNOW YOUR THREAT MODEL. This means in this case, are you concerned about people knowing that you're talking to these "interesting persons" or what you're actually saying to them?

SSH Tunneling out of Eve's network is an okay way to get anonymity of content for the portion of the communication that passes through Eve's servers. Supposing Eve runs your ISP, if you set up an ssh tunnel to a server Eve does not control or control the surrounding network of (i.e. a different ISP) then you have anonymity of both origin and content as far as Eve is concerned.

However, in that case, you do NOT have anonymity of origin or content to whoever controls the network surrounding the SSH server.

As a result, we have to modify our definitions to make them a bit more restrictive:

Anonymity of Origin: The monitoring party (Eve) and all other parties are unable to discern in your (Alice) communication to Bob where either of you are.
Anonymity of Content: Eve and any other eavesdropper can see that Alice is talking to Bob, but is unable to see what it is they're saying.

This rules out SSH tunnels for AoC, because someone can still see what you're saying, just not Eve. You might not care about this. Know your threat model. However, the most secure way to have AoC is to have end to end encryption. There are a lot of ways to have this (check out opportunistic IPSec for a really cool one) but in terms of IM and Email communication, the best things to do are to have Pidgin with the OTR (off the record) plugin for IM's, and PGP encryption with GnuPG for email.

In the case that you want AoO, the best way to do that is to use a preexisting anonymity network like Tor or I2P. Remember that while Tor might get you out of Eve's immediate range, the exit node still sees your content and thus you do not have AoC. Use caution and end-to-end crypto for anything you care about. Read the Tor docs. If you were willing to break the law, you could write a rootkit for UNIX systems (probably a Linux (kernel) module), hack a bunch of them, and create proxy chains through the rootkit (a windows botnet will work for this, they'll just have a lot less bandwidth).

Links:

Pidgin-OTR (http://cyperpunks.ca/otr)
Pidgin (http://pidgin.im)
GnuPG (http://gnupg.org)
Tor (http://torproject.org)

Remember, just because you're paranoid doesn't mean someone isn't watching you.