Running a netbus without users knowing?

Status
Not open for further replies.

QuakeCon

Gawd
Joined
Jun 17, 2002
Messages
595
I'm looking to run a netbus on the computers at work for security purposes and was wondering what steps I would have to go through to completely hide them. Any pointers? Also, what are some good netbus applications?
 
Uhm Netbus is realy not a security thing its more like high jack thing and hack.
 
QuakeCon said:
I'm looking to run a netbus on the computers at work for security purposes and was wondering what steps I would have to go through to completely hide them. Any pointers? Also, what are some good netbus applications?

What kinda excuse is that?

Are you in the IT / security field at work? If you are, you should know better than to call it "netbus applications".
 
I am the security at work. It's a small telemarketing firm and I'm new to the field. I apologize for phrasing the term, what is the correct term?

Thanks!
 
QuakeCon said:
I am the security at work. It's a small telemarketing firm and I'm new to the field. I apologize for phrasing the term, what is the correct term?

Thanks!
First and formost...you work for spammers. I don't know if you know that, but that's what telemarketers do. They spam, over the telephone ( although, surprisingly, there is a use for them. When I've had a rough day at work and need to yell at someone, I just go home and wait for one of these slime balls to call me. Most of them can't hang up the phone, so they have to listen and take it. You have no idea how theraputic that is. ).

Second. netbus is not something you want sitting on your network. There are no legitimate uses for it ( well, debatable, but anyway ). Try vnc

Third. If you are the network guy, then who cares what the users know is running. I put vnc on all my systems, so I have remote access as I need it. That little vnc thing hangs out in the system tray. No biggie.
 
QuakeCon said:
I'm looking to run a netbus on the computers at work for security purposes and was wondering what steps I would have to go through to completely hide them. Any pointers? Also, what are some good netbus applications?

Somehow I cannot fathom what could be a valid "security purpose" for running any type of netbus application? If you can't minimally trust the users or lockdown the workstations then they shouldn't have access to a computer in the first place or your in the wrong job.

If you were in the security field, you would already know of ways and have access to monitor users for whatever reasons.
 
I was thinking about using VNC to monitor what they are doing. To see whether they are actually working or not, to see if they are breaking any rules. Is there any way to have it run on startup without that little system tray icon showing?
 
You're missing the point here.

Part of what makes employees follow the rules is that they know they're being held accountable for their actions. They need to see that icon, they need to know you're watching them.

What you need is an Acceptable Use Policy for your computer equipment and networks. Google for them, and I think SANS has an example one. Let the employees know they're going to be monitored, and the acceptable use policy should state the measures that will be taken if they break the rules in the AUP (which should include trying to circumvent any monitoring). Then, if they disable VNC or try to go around anything else you put in place, have their supervisors write them up. If they keep it up, fire 'em.

If you're the network administrator, you need to make it known that you are not to be screwed with. Otherwise they will walk all over you. This is not an easy business. You aren't there to be their friend, you're there to keep up the computers and the infrastructure they use to get business done. Sometimes making sure they use it to get business done means pissing off a few people along the way.
 
Boscoh said:
You're missing the point here.

Part of what makes employees follow the rules is that they know they're being held accountable for their actions. They need to see that icon, they need to know you're watching them.
Actually, it's more accurate to say they need fear. The very same fear that keeps them from misusing office equipment. Fear of being fired, or in some cases, fear of others finding out what they did with the office equipment ( see: blackmail ).
boscoh said:
What you need is an Acceptable Use Policy for your computer equipment and networks. Google for them, and I think SANS has an example one. Let the employees know they're going to be monitored, and the acceptable use policy should state the measures that will be taken if they break the rules in the AUP (which should include trying to circumvent any monitoring). Then, if they disable VNC or try to go around anything else you put in place, have their supervisors write them up. If they keep it up, fire 'em.
The best idea. Never try with technology that can be done with policy. First of all; you aren't there to baby sit anybody. They should be all adults, or close enough that it doesn't matter. Treat them as such.
boscoh said:
If you're the network administrator, you need to make it known that you are not to be screwed with. Otherwise they will walk all over you. This is not an easy business. You aren't there to be their friend, you're there to keep up the computers and the infrastructure they use to get business done. Sometimes making sure they use it to get business done means pissing off a few people along the way.
Shit, these are just many of the perks of my job. ;)

[edit]Granted, all this is likely lost on the OP. Chances are he/she is just trying to be a nuisence on someone else's network. And if I'm wrong, I'm wrong, but the signs are all there.
 
lol...
you want to run "a netbus"

haaahahaaaha...
this board should have a humor section =)
 
Wouldn't you have to pay for VNC to use it in a business type situaition? I haven't read the EULA but I'd think you would. I think I'm going to comment in this thread with a 10 foot pole.
 
Surrea| said:
lol...
you want to run "a netbus"
god damn it. I missed a chance at an obvious joke.

That just tears me up.

"a netbus"? Is that anything like a short bus? telemarketers? must be
 
Boscoh said:
If you're the network administrator, you need to make it known that you are not to be screwed with. Otherwise they will walk all over you. This is not an easy business. You aren't there to be their friend, you're there to keep up the computers and the infrastructure they use to get business done. Sometimes making sure they use it to get business done means pissing off a few people along the way.

You see, you guys here know the deal and the industry.

I love this board.

My fiancee thinks i'm a prick and asshole, when I tell her how I have to deal with people at work... She doesn't understand that "that's the way it is sometimes"
She also despises her IT guys at work, because "they are mean, short-spoken and obtuse"


The best request ever today: "Hey Karl, can i get a port outside the firewall so I can use BitTorrent?"
 
i think instead of running a netbus, you should try driving a shortbus.
 
Yeah, there are the users who mess around with the system, that's why we have a computing security department. My job is not so much network as systems admin on an isolated network. I work with the network folks when there are issues with connectivity. I work with the computing security folks when policy/laws may have been broken. My direction is to enable my customers to get their jobs done, and if they want to surf the web so be it. (guess where I'm posting this from?)

quote:

"The best idea. Never try with technology that can be done with policy. First of all; you aren't there to baby sit anybody. They should be all adults, or close enough that it doesn't matter. Treat them as such."

Amen, The more trust I have with my customers the more I can become an integral part of their business plan. I'm not a cop, I can give a "word to the wise" though, and that usually fixes any issues that come up without the need to instill fear. By having trust with me, the endusers feel comfortable coming to me with their tech issues which I can suggest solutions to. Some people get off on power, I get off on seeing my ideas put in place and profitablilty resulting from them.
 
RagingSamster said:
Amen, The more trust I have with my customers the more I can become an integral part of their business plan. I'm not a cop, I can give a "word to the wise" though, and that usually fixes any issues that come up without the need to instill fear.

That usually doesn't fix many issues here. We've got too many arrogant people in our company that think they know how to fool the IT guys. It amazes me how many people will sign an AUP and either dont read it, or read it and know what they're doing could get them fired but do it anyway.

I find it funny that when I'm away from the office for a period of time, the logs show that a lot of people attempt to do things on the Internet that they shouldnt. As soon as I'm back in the office, the logs show that pattern almost goes away completely. I guess they think I dont have the ability to check historical logs, only real-time stuff. I've even seen some people going to search engines and searching for ways around the various blocking measures that we use.

Some people are in dire need of a beating with a clue stick.

By having trust with me, the endusers feel comfortable coming to me with their tech issues which I can suggest solutions to. Some people get off on power, I get off on seeing my ideas put in place and profitablilty resulting from them.

I'm one of those people that treats you how you treat me. I've got a lot of users that I'm very good friends with and they understand that what I do is my job, not any personal thing against them and as a result they trust me a lot. I've also got users who hate me because I took away Kazaa and WinMX and Shoutcast. Then there's the people that only buddy up to me when they need something done, and in those cases I typically dont know the solution to whatever problem they're having.

It's not so much about power. If people want to surf the web every now and then during their workday, that's fine with me. I'm not a network nazi. But when 30 people are all listening to Internet Radio, or watching the newest Harry Potter trailer in full-screen, that tends to bog down the network connection for things that are much more important. Such as the head sales guy emailing a customer that does half a billion dollars worth of business with us in 6 months. Or the central anti-virus servers going out to the web to update to the newest pattern which catches the newest Phatbot/Agobot variant that Susie downloaded in what she thought was Justin Timberlake's newest MP3.

Whether you do enforcement via "words of wisdom", QOS, web filtering applications, local domain policies, or programs like VNC, most companies out there need to monitor their employees. The ones that dont are lucky, and are the exception to the rule in most cases I've seen.

As for your ideas making money...more often than not, the amount of effort you put into making sure your employees are doing their job is proportionate to the amount of money an employee will produce. If people can screw off all day and get paid for it, they usually will.
 
Those that surf all day are referred to as "Dead Weight" or "Layoff Fodder" Sure we know what they are doing. The monitoring in place at my company is quite heavy - but we've lost about 40% of our workforce over the past couple of years, management did a pretty good job of clearing "dead wood" and the folks that are left are too busy, so my environment is somewhat different. I myself have been politely reminded by security that IRC is not a good thing ( 2Xs D'OH!) but I've also assisted them with some rather touchy investigations. I think overall the network admins job is to make the network productive and secure. This involves informing management of the negative behaviors of their employees, which I have done in excessive cases. I have told customers that file sharing cannot happen on our network, I tell them why, and usually they go home and tick off their kids by removing the clients there too. No management involvement was needed, but in cases of "misuse of company resources" judgement on when to inform management and when to talk to the enduser can become muddy - I've done both, I prefer to have a talk with the enduser because ignorance knows no bounds. But the office hackers who will not comply get referred to management for "training"
 
First off, I really don't appreciate the reaction that I got here. I thought you guys would be mature enough to just give me advice and leave the shit-talking out of it. I guess I was wrong.

The reason that I want it hidden is that we hire a lot of teenagers. We have suspicions of a few of them not working as much as they need to be and if they don't know they are being watched, they won't do the bad things that they are currently.

I just wanted an honest answer from the people who know more about the subject than I, and all I got was spit in the face.
 
QuakeCon said:
First off, I really don't appreciate the reaction that I got here. I thought you guys would be mature enough to just give me advice and leave the shit-talking out of it. I guess I was wrong.

The reason that I want it hidden is that we hire a lot of teenagers. We have suspicions of a few of them not working as much as they need to be and if they don't know they are being watched, they won't do the bad things that they are currently.

I just wanted an honest answer from the people who know more about the subject than I, and all I got was spit in the face.

The problem is that your company is losing productivity due to users goofing off while at the computer.
You want to monitor what they are doing, so if they ARE goofing off, you can tell their managers, an in turn they will say "Hey, cut the shit out"

Basically, what *you* want to do is the wrong way to go about this.

1) You *NEED* an AUP in place, and have it signed at the time of hire. If the employee (or former employee as the case may be) wanted to be an Ass about things, s/he could say "Hey, they never said we couldn't browse Orkut!" Then they could try and sue the company. Without an AUP, your company is basically screwed.

2) The fact that users KNOW they are being monitored, their e-mails scanned and web sessions logged WILL keep them in line. Hidden monitoring will only allow you to catch that ONE person goofing off when YOU connect to them. What about the people that you miss? They are still goofing off and wasting company time.

3) NetBus is not the means to go about this, hidden or not.

There's also a sort of legal grey area in terms of what companies can do to monitor. Some people think it's could be an invasion of privacy, etc. but we won't get into that.

Believe it or not middle-aged people goof off more than teenagers.


My father-in-law is a Detective. You know what he says? 90% of crime fighting is about PREVENTING it from happening, the other 10% is catching the people in the act of doing it.
You do the math.
 
Rather than calling it "netbus" or something along those lines - try "Remote Admin Tool" (RAT). There are legitimate RATs like VNC, PC Anywhere, Remote Desktop and the ilk.

I don't think this thread is the time or the place to denounce telemarketing because a network admin would certainly want the ability to monitor the users on their network.
 
QuakeCon said:
The reason that I want it hidden is that we hire a lot of teenagers. We have suspicions of a few of them not working as much as they need to be and if they don't know they are being watched, they won't do the bad things that they are currently.
Which is more important to the company? Catching people doing something wrong, or working on getting productivity up?
QuakeCon said:
I just wanted an honest answer from the people who know more about the subject than I, and all I got was spit in the face.
You got an honest answer. Then you got a spit in the face.

Take the good with the bad.

pointdexterish said:
I don't think this thread is the time or the place to denounce telemarketing because a network admin would certainly want the ability to monitor the users on their network.
It's ALWAYS the time and place to denounce that bussiness.
 
If it's telemarketing, why are they using PCs in the first place? There's not a whole lot of fun to be had on a properly set up thin client / terminal and there's a lot less redundant hardware.

Along similar lines, you could lock down Windows (if it's NT based) on one machine to the point where there's no fun to be had, image it, and slap the image on all the other machines.

Of course, none of that matters if you don't have a means of catching people who are slacking and not using their computer as part of it. I was under the impression that major telemarketing operations log various metrics and get rid of people who don't measure up. That'd be a better way of ensuring productivity (if legit telemarketing could be considered productive).
 
Color me crazy but a forum dedicated to "Networking and Security" is hardly the time or place to attempt to assassinate someone's character based on their profession.

I don't see a need to pontificate about your own personal issues with his job choice. "Networking and Security" isn't a venue for that.
 
KaosDG
the legality of Moniting at work is plain as black and white.

If there was a contract stating what is and can be monitored. It is perfectly legal.

If there is not. Then of course the company is shit up a creek with no paddle.

But that can always be instated at any time. Hence make it part of the condition of staying employed at the place ;)

QuakeCon
Fear doesn't make a net admin good. Trust and empathy does. But don't forget that the your job is to administer the companies network not instill fear among the employees. Fear gets you hated and instead of people ASKING you what to do/ fix or what ever. They will not making your JOB that much more harder. Also before installing ANY monitoring software. Talk with company legal (all telemarketers have a couple on staff) about the legality of monitoring without the user being advised of such practice.


Keep your friend close. But keep your enemies the closest. - Unknown
 
QuakeCon said:
I just wanted an honest answer from the people who know more about the subject than I, and all I got was spit in the face.

Sometimes the right answer is a spit in the face. Just about everyone who's been in the security business for any length of time will tell you that they've had that happen to them. Probably more than once.


If you cant handle this, dont ever go get a PhD. ;)
 
pointdexterish said:
Color me crazy but a forum dedicated to "Networking and Security" is hardly the time or place to attempt to assassinate someone's character based on their profession.
Which was never done. ( by me, at least )
pointdexterish said:
I don't see a need to pontificate about your own personal issues with his job choice. "Networking and Security" isn't a venue for that.
I enjoy a good sense of irony as much as everybody else. I'll explain.

You are basically saying, "No personal opinions allowed here. This is a forum for X, Y isn't allowed!". And yet, as you are not an owner or moderator, you are expressing your very own personal opinion.

So, I guess what I am saying is, I'll stop when you stop. ;)
 
We do more than just telemarketing. It's official title is a "marketing firm".
I want people to have the freedom to do what they want, within reason. I don't mind if they search the web or instant message a little, it's normal for most of the teenagers we hire. I just want to be able to monitor certain employees individually at times, because we suspect them of spending more time playing than working.
 
QuakeCon said:
We do more than just telemarketing. It's official title is a "marketing firm".
I want people to have the freedom to do what they want, within reason. I don't mind if they search the web or instant message a little, it's normal for most of the teenagers we hire. I just want to be able to monitor certain employees individually at times, because we suspect them of spending more time playing than working.

I'm not a lawyer by any means, but if that's the case then you ought have some kind of "standards" by which you are holding staff to and have documentation to back it up along with documentation for staff who are adhering to the standards.

The staff should be informed of those "standards" and that the company reserves the right to monitor their use from time to time before you go around monitoring their actions.

Maybe a better way to handle things is to have a certain level of work accomplished on a daily basis to use as a metric rather than trying to define levels of "slacking off".

My opinion is the whole situation is ripe for a lawsuit if your company is not careful.
 
Im still having a tough time believing this one sorry.

And better still... How on earth are people using the phrase "a netbus" getting net admin jobs while people like myself can't...

Things are seriously backwards...
 
Status
Not open for further replies.
Back
Top