Tracking a user

[uthfull]

I think frm the past few days... someone has been using my account.I got an IP coflict message for the whole day. When I checked my logs, it showed activity.I asked one of my friend. He said if the person used my IP and forced my MAC ID, then theres absolutely no way to track him down.Although, he said that if the person had used something like ES1, which lets u login, but doesnt change ur IP or MAC, then it wud hve been possible to track him down.What shud i do.... opt for a new IP. But even if I do, the person can login using ES1. I still can't understand, I had logged out properly, then how did the person use my account.Please advise and tell me if there is any way by which sify can track down this creep .

 

[Tushar]

Firstly if he would use ES1 and not change his MAC/IP then you wouldn't get the IP conflict message. So he changed his MAC/IP. There is no easy and reliable way to trace him down, however he must've got your IP and MAC by doing a portscan on you and then using arp -a command. Change your Sify Account Password and you're done, coz even though he has your IP/MAC its of no use if he doesn't have your Login/Pwd

 

[avinds]

as easy as thatbut what happens is...if he does not logout properly..and shutsdownthen that guy does not hav to login again

 

[inetbum]

Until Sify kicks him out.

 

[uthfull]

Well this is nice.... he can use bloody other ppls accounts n sify will just sit there n laugh!!Also, one more thing, my friend said that he mustve got my password also through a sniffer. Now wats a sniffer and how do I avoid info being routed to it.

 

[avinds]

did u change ur password???

 

---

[Tushar]

Originally posted by uthfull@Sep 14 2005, 07:03 AM
Well this is nice.... he can use bloody other ppls accounts n sify will just sit there n laugh!!
Also, one more thing, my friend said that he mustve got my password also through a sniffer. Now wats a sniffer and how do I avoid info being routed to it.
[snapback]25053[/snapback]

[/quote]
I doubt a packet sniffer would do any good unless ofcourse u have a habit of e-mailing your password to other people or by any other means sending your password online in an unencrypted form. And regular packet sniffers do not work well when a switch is used, there are ways around it ;-), but I really doubt he could've got your password using a packet sniffer.

You should always remember to logout correctly before shutting down etc. If the SAM server or something else is down and you cannot log off call cc and ask them to log you off.

 

[uthfull]

OK I go it.... thx for the help guysBut one last thing I wanted to confirm again:This man was not using ES1, right? Otherwise that IP Conflict wudnt have been there.But if he had used ES1... was there any way to catch that sicko then (Just asking for my own info 🙂 )THx all!!EDIT:Also one more thing, Tushar you said sending data in an encrypted format. I downloaded a sniffer myself today.... used it on myself.... when I logged in to my Yahoo account... the password remained encrypted but in others... it showed.How shud I avoid this??

 

[inetbum]

Passwords aren't encrypted on Sify the last time I checked and they can be easily sniffed by well known means by anyone on your LAN. A way to discourage it is to change your password very, very often.

 

[uthfull]

ok so theres no way to protect myself frm a sniffer... wat bout a firewall??also... wat bout the other question???

 

[Tushar]

Originally posted by uthfull@Sep 14 2005, 01:40 PM
Also one more thing, Tushar you said sending data in an encrypted format. I downloaded a sniffer myself today.... used it on myself.... when I logged in to my Yahoo account... the password remained encrypted but in others... it showed.

How shud I avoid this??
[snapback]25079[/snapback]

[/quote]I was aware of that 😉, I just didn't want to panick all users here 😛 (was gonna PM you earlier), all this f**kup is due to the lame coders at Sify, they could have atleast used a damn md5hash with secret key if they didn't want to encrypt the passwords, but sadly that didn't strike them and hasn't yet. Just remember not to use the same password for Sify that you use for other important stuff 😉, I never did 🙂

I wouldn't be surprised, really!!!, if they store passwords in their db in unhashed/ unencrypted form.

A good solution for all users would be to change their password to something other than what they use for everything else, and don't panick, its no big a deal 😉, majority of the times all people in your LAN are, well ..., not so enlightened.

Promiscuous sniffing can also take place on a network using switches, there are ways to fool the switch into sending your pc data that belongs to another LAN segment. One good thing though is that Promiscuous sniffing doesn't work very well on Windows due to its limited support drivers.

Here is a pdf 'bout Detection of sniffing
http://www.securityfriday.com/promiscuous_detection_01.pdf

And heres a link to promiscan which can detect sniffing
http://www.securityfriday.com/products/promiscan.html

 

[uthfull]

Hey Tushar.... thx a lot!!

But no one cared to answer this question:
OK I go it.... thx for the help guys
But one last thing I wanted to confirm again:
This man was not using ES1, right? Otherwise that IP Conflict wudnt have been there.
But if he had used ES1... was there any way to catch that sicko then (Just asking for my own info 🙂  )

THx all!![/b]

 

[uthfull]

^^??

 

[Tushar]

No, as far as I know theres no way to catch him, with the info you have, no.

 

[uthfull]

Shit man.......... sify sucks!!How do I get hold of that b**tard.... when my ISP cant even track him!!Shit man!!But seriously this is shocking.... it cud happen to others 2..... no way to catch a thief......even if he doesnt force mac id or IP.... this is ridiculous!