Re: RAdmin detector for Win32

I agree with all the other replies to this - all valid ways of using Perl to check for this open port, but...

Why are you so concerned about RAdmin in particular? I know from experience that there are thousands of programs around that will quite happily drop a screen capture/keylogger on your machine. Of course, these all run on a myriad of different ports - not to mention the fact that if I wanted, I could change RAdmin's listening port and therefore circumvent your checks.

The other big killer on an exploited Windows box (much like *NIX) is not to trust any console tools - most backdoor writers these days are savvy enough to hide their processes by running a kernel layer filter. These are most commonly used to hide themselves from task manager, but I wouldn't put it past them to hide their network ports either.

It's not that any of these suggestions are wrong in the Perl sense, and forgive me if I'm preaching to a learned monk, but it might just lull you into a false sense of security. A good software based firewall (hell, even XP SP2's inbuilt one) are going to cover most of the bases in this area.

Comment on Re: RAdmin detector for Win32

Replies are listed 'Best First'.
Re^2: RAdmin detector for Win32 by aplonis (Pilgrim) on Aug 29, 2005 at 16:07 UTC
You are correct, of course. But RAdmin is the tool which I know is employed ubiquitously in a certain location. It is installed on all PCs there. It's useful enough for tracking PCs running equipment, as I said. I use it myself. But I suspect it's used for more than that. In fact, I'm quite sure. In one sense, I don't mind so much that folks may look over my shoulder. It's just terribly impolite to sneek about doing it. Folks are welcome to view my activities all day long. I've nothing to hide. I just think it better they do so in person. Who would not agree that to be invisible while gawking is just plain rude. In short, I'm not so concerned as to be paranoid. I don't want to counter it. I just want to know when its happening. A simple matter of courtesy, is all. Thanks to all	[reply]

Replies are listed 'Best First'.

Re^2: RAdmin detector for Win32
by aplonis (Pilgrim) on Aug 29, 2005 at 16:07 UTC

You are correct, of course. But RAdmin is the tool which I know is employed ubiquitously in a certain location. It is installed on all PCs there. It's useful enough for tracking PCs running equipment, as I said. I use it myself.

But I suspect it's used for more than that. In fact, I'm quite sure.

In one sense, I don't mind so much that folks may look over my shoulder. It's just terribly impolite to sneek about doing it. Folks are welcome to view my activities all day long. I've nothing to hide. I just think it better they do so in person. Who would not agree that to be invisible while gawking is just plain rude.

In short, I'm not so concerned as to be paranoid. I don't want to counter it. I just want to know when its happening. A simple matter of courtesy, is all.

Thanks to all

[reply]