I have WindowsXp pro sp2/Antivir/Kerio/Wifi wireless internet connection/

Adaware / Spybot/ Proxomitron.

 

REcently caught the System Administrator accessing files on my Laptop thru

the same wireless net connection. My Kerio Firewall latest version did not

show a prompt to allow or deny the connection to System Admn. My computer do

not belong to a network just internet connection through a router.

 

Tcpview software shows a new "System" named connection while the Admn

connected.

 

What is the solution for this?

 

Trish

"Trish" <nobodyknows@unknown.com> wrote in message

news:O60YObZvHHA.5032@TK2MSFTNGP05.phx.gbl...

>I have WindowsXp pro sp2/Antivir/Kerio/Wifi wireless internet connection/

> Adaware / Spybot/ Proxomitron.

>

> REcently caught the System Administrator accessing files on my Laptop thru

> the same wireless net connection.

 

Umm "the Administrator" is an account on YOUR computer. So just how did you

detect this "intrusion"?

 

 

My Kerio Firewall latest version did not

> show a prompt to allow or deny the connection to System Admn. My computer

> do

> not belong to a network just internet connection through a router.

>

> Tcpview software shows a new "System" named connection while the Admn

> connected.

>

> What is the solution for this?

>

> Trish

>

>

>

>

Trish wrote:

> I have WindowsXp pro sp2/Antivir/Kerio/Wifi wireless internet connection/

> Adaware / Spybot/ Proxomitron.

>

> REcently caught the System Administrator accessing files on my Laptop thru

> the same wireless net connection. My Kerio Firewall latest version did not

> show a prompt to allow or deny the connection to System Admn. My computer do

> not belong to a network just internet connection through a router.

>

> Tcpview software shows a new "System" named connection while the Admn

> connected.

>

> What is the solution for this?

>

> Trish

>

>

>

Sounds like you have smart hacker on your hands. Noting

this is a WiFi connection you may need to use the hardware

firewall in your router or modem. Read the manual to your

card to see if there is a built in firewall in your card or

modem.

Second, are you on the WiFi connection, or on a land-based

connection?

If on a land-based connection, check to see if your device

has a detachable antenna. If the antenna i detachable, i

would suggest removing it.

You may need to fire the problem over directly to MS

developers if your on the WiFi connection, for further

assistance. WiFi connections are inherently insecure and

cannot be trusted for confidential business.

 

 

--

Lester Stiefel

In Romans 1 there are qualities of Unregenerate man listed

which describe him in the last days.

Is your quality found on this list??

If what you're talking about is your company's IT administrator accessing

your files over the network, why not simply disable File & Printer Sharing?

In Network Connections, right-click your wireless adapter and then click

Properties. On the General tab, uncheck File & Printer Sharing for Microsoft

Networks.

Click OK.

 

--

Gary S. Terhune

MS-MVP Shell/User

http://www.grystmill.com

 

"Trish" <nobodyknows@unknown.com> wrote in message

news:O60YObZvHHA.5032@TK2MSFTNGP05.phx.gbl...

>I have WindowsXp pro sp2/Antivir/Kerio/Wifi wireless internet connection/

> Adaware / Spybot/ Proxomitron.

>

> REcently caught the System Administrator accessing files on my Laptop thru

> the same wireless net connection. My Kerio Firewall latest version did not

> show a prompt to allow or deny the connection to System Admn. My computer

> do

> not belong to a network just internet connection through a router.

>

> Tcpview software shows a new "System" named connection while the Admn

> connected.

>

> What is the solution for this?

>

> Trish

>

>

>

"Gary S. Terhune" <none> wrote in message

news:uBLxnLavHHA.4132@TK2MSFTNGP02.phx.gbl...

> If what you're talking about is your company's IT administrator accessing

> your files over the network, why not simply disable File & Printer

> Sharing? In Network Connections, right-click your wireless adapter and

> then click Properties. On the General tab, uncheck File & Printer Sharing

> for Microsoft Networks.

> Click OK.

>

 

If the OP is on a domain, won't the Admin be able to over-ride that?

When OP says, "My computer do not belong to a network just internet

connection through a router.", I take that to mean he isn't joining a

domain.

 

--

Gary S. Terhune

MS-MVP Shell/User

http://www.grystmill.com

 

"

"Gordon" <gbplinux@gmail.com.invalid> wrote in message

news:eh$HgZavHHA.4532@TK2MSFTNGP02.phx.gbl...

> "Gary S. Terhune" <none> wrote in message

> news:uBLxnLavHHA.4132@TK2MSFTNGP02.phx.gbl...

>> If what you're talking about is your company's IT administrator accessing

>> your files over the network, why not simply disable File & Printer

>> Sharing? In Network Connections, right-click your wireless adapter and

>> then click Properties. On the General tab, uncheck File & Printer Sharing

>> for Microsoft Networks.

>> Click OK.

>>

>

> If the OP is on a domain, won't the Admin be able to over-ride that?

>

"Gary S. Terhune" <none> wrote in message

news:%23XXaRwavHHA.3356@TK2MSFTNGP03.phx.gbl...

> When OP says, "My computer do not belong to a network just internet

> connection through a router.", I take that to mean he isn't joining a

> domain.

>

 

Then presumably it's a "local" Admin that's accessing the machine......

I may be wrong, but I'm fairly certain that when one connects to a LAN, it

is possible to share your files with others on the LAN without joining the

domain.

 

--

Gary S. Terhune

MS-MVP Shell/User

http://www.grystmill.com

 

"Gordon" <gbplinux@gmail.com.invalid> wrote in message

news:%23XViPzavHHA.3476@TK2MSFTNGP02.phx.gbl...

> "Gary S. Terhune" <none> wrote in message

> news:%23XXaRwavHHA.3356@TK2MSFTNGP03.phx.gbl...

>> When OP says, "My computer do not belong to a network just internet

>> connection through a router.", I take that to mean he isn't joining a

>> domain.

>>

>

> Then presumably it's a "local" Admin that's accessing the machine......

>

On Tue, 03 Jul 2007 14:35:12 -0400, Lester Stiefel

>Trish wrote:

>> I have WindowsXp pro sp2/Antivir/Kerio/Wifi wireless internet connection/

>> Adaware / Spybot/ Proxomitron.

>> REcently caught the System Administrator accessing files on my Laptop thru

>> the same wireless net connection. My Kerio Firewall latest version did not

>> show a prompt to allow or deny the connection to System Admn. My computer do

>> not belong to a network just internet connection through a router.

>> Tcpview software shows a new "System" named connection while the Admn

>> connected.

> Sounds like you have smart hacker on your hands.

 

Doesn't have to be all that smart, if your WiFi setup is insecure.

 

Wireless on the Internet (WAN) side of the router is OK, as you're in

public territory at that point anyway.

 

But wireless on the LAN side of the router is extremely bad news, as

it will bypass your Internet-facing defenses.

 

Do NOT allow that to happen! I avoid the whole mess by not using

WiFi, but if you must use WiFi, then:

- make sure it is encrypted

- use WPA2 or WPA, not WEP (disable WEP)

- use a fully-random key that is at the very least 8 characters long

- if using a less-random key, then I'd use 20+ characters long

 

Actually, I'd use a 20+ random character key, if forced to use WiFi

>Noting this is a WiFi connection you may need to use the

>hardware firewall in your router or modem.

 

You should at least be using NAT routing anyway, but WiFi access on

the LAN side of the router will bypass this anyway. Your attacker

would be considered "in the house" already.

>Second, are you on the WiFi connection, or on a land-based

>connection?

>If on a land-based connection, check to see if your device

>has a detachable antenna. If the antenna i detachable, i

>would suggest removing it.

>You may need to fire the problem over directly to MS

>developers if your on the WiFi connection, for further

>assistance. WiFi connections are inherently insecure and

>cannot be trusted for confidential business.

 

WiFi can "approach" wired safety only if you are using strong keys and

WPA or WPA2, and these keys are not tokenized (e.g. written down) or

shared. OTOH, WEP keys with 6 or less characters can be dumb-cracked

in a few minutes, which is why the "hacker" doesn't have to be smart.

 

 

Also, if you are not on a LAN, then KILL all the "network admin" stuff

that XP Pro waves around, i.e.

- either null or strong account password (i.e. not a weak password)

- kill hidden admin shares

- block File and Print Sharing (F&PS) at the Windows firewall

- block Remote Desktop and Remote Assistance

 

Hidden admin shares are not exposed to networking in XP Home, but will

be exposed by XP Pro if the user account password is anything other

than null (empty). Bypassing a non-null password via TweakUI etc. is

NOT the same as having a null password!

 

Hidden admin shares are a bloody menace, because they expose all of

every HD volume to writes, so an attacker can not only read your

stuff, but drop malware to auto-run when you start the OS.

 

Hidden admin shares are only "hidden" from you; they always have the

same predictable names, and are thus even easier to automate than

"normal" network shares you create with your choice of names.

 

 

If you have one PC and one Ethernet router, buy a cable and KILL the

WiFi at both the router and the PC. Ripping out the aerial isn't

enough, if your attacker is within the augmented range that can be

attained using various commonly-available "fishing" antennae.

 

 

>------------------------- ---- --- -- - - - -

I'm on a ten-year lunch break

>------------------------- ---- --- -- - - - -