process id to the process in the task manager.
-Original Message-
From: JM [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 07, 2003 3:36 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: XP Box appears to be compromised
My understanding of RDP is that you establish a "new"
but it is also worth buying.
Have you tried changing the mouse?
Cheers
JM
-Original Message-
From: Gregory M. Brown [mailto:[EMAIL PROTECTED]
Sent: 06 August 2003 17:04
To: [EMAIL PROTECTED]
Subject: XP Box appears to be compromised
I've got an issue with what appears to be remote
that works well). If you find nothing
and you're sure the machine has been compromised, format.
-Original Message-
From: chris [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 06, 2003 11:40 AM
To: [EMAIL PROTECTED]
Subject: Re: XP Box appears to be compromised
In-Reply-To:
<[EMAIL PRO
Put the sniffer on it - don't take the attitude that the sniffer is the
"hard" way or too time-consuming. Slap ethereal or something similar
right on the box and capture the activity. Even if you don't look at
all the packet details you'll get source and destination addresses and
port numbers whi
ange V6.0.6249.0
>content-class: urn:content-classes:message
>Subject: XP Box appears to be compromised
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="US-ASCII"
>Content-Transfer-Encoding: quoted-printable
>Date: Wed, 6 Aug 2003 11:03:31 -0600
>Message-ID:
I've got an issue with what appears to be remote desktop management of
an XP box. It's weird...
There are deliberate mouse movements on this box. I'm assuming it's an
internal person doing this as our FW and Fortinet device will block any
remote seizing of a desktop. I've disabled all the XP re
Von: chris [mailto:[EMAIL PROTECTED]
Gesendet: Wednesday, August 06, 2003 8:40 PM
An: [EMAIL PROTECTED]
Betreff: Re: XP Box appears to be compromised
In-Reply-To:
<[EMAIL PROTECTED]>
Easiest way to do this is to open a prompt on the box and simply
type "netstat -a" if theres someone c
