I have WindowsXp pro sp2/Antivir/Kerio/Wifi wireless internet connection/
Adaware / Spybot/ Proxomitron.

REcently caught the System Administrator accessing files on my Laptop thru
the same wireless net connection. My Kerio Firewall latest version did not
show a prompt to allow or deny the connection to System Admn. My computer do
not belong to a network just internet connection through a router.

Tcpview software shows a new "System" named connection while the Admn
connected.

What is the solution for this?

Trish

"Trish" > wrote in message
...
>I have WindowsXp pro sp2/Antivir/Kerio/Wifi wireless internet connection/
> Adaware / Spybot/ Proxomitron.
>
> REcently caught the System Administrator accessing files on my Laptop thru
> the same wireless net connection.

Umm "the Administrator" is an account on YOUR computer. So just how did you
detect this "intrusion"?


My Kerio Firewall latest version did not
> show a prompt to allow or deny the connection to System Admn. My computer
> do
> not belong to a network just internet connection through a router.
>
> Tcpview software shows a new "System" named connection while the Admn
> connected.
>
> What is the solution for this?
>
> Trish
>
>
>
>

Trish wrote:
> I have WindowsXp pro sp2/Antivir/Kerio/Wifi wireless internet connection/
> Adaware / Spybot/ Proxomitron.
>
> REcently caught the System Administrator accessing files on my Laptop thru
> the same wireless net connection. My Kerio Firewall latest version did not
> show a prompt to allow or deny the connection to System Admn. My computer do
> not belong to a network just internet connection through a router.
>
> Tcpview software shows a new "System" named connection while the Admn
> connected.
>
> What is the solution for this?
>
> Trish
>
>
>
Sounds like you have smart hacker on your hands. Noting
this is a WiFi connection you may need to use the hardware
firewall in your router or modem. Read the manual to your
card to see if there is a built in firewall in your card or
modem.
Second, are you on the WiFi connection, or on a land-based
connection?
If on a land-based connection, check to see if your device
has a detachable antenna. If the antenna i detachable, i
would suggest removing it.
You may need to fire the problem over directly to MS
developers if your on the WiFi connection, for further
assistance. WiFi connections are inherently insecure and
cannot be trusted for confidential business.


--
Lester Stiefel
In Romans 1 there are qualities of Unregenerate man listed
which describe him in the last days.
Is your quality found on this list??

If what you're talking about is your company's IT administrator accessing
your files over the network, why not simply disable File & Printer Sharing?
In Network Connections, right-click your wireless adapter and then click
Properties. On the General tab, uncheck File & Printer Sharing for Microsoft
Networks.
Click OK.

--
Gary S. Terhune
MS-MVP Shell/User
www.grystmill.com

"Trish" > wrote in message
...
>I have WindowsXp pro sp2/Antivir/Kerio/Wifi wireless internet connection/
> Adaware / Spybot/ Proxomitron.
>
> REcently caught the System Administrator accessing files on my Laptop thru
> the same wireless net connection. My Kerio Firewall latest version did not
> show a prompt to allow or deny the connection to System Admn. My computer
> do
> not belong to a network just internet connection through a router.
>
> Tcpview software shows a new "System" named connection while the Admn
> connected.
>
> What is the solution for this?
>
> Trish
>
>
>

"Gary S. Terhune" <none> wrote in message
...
> If what you're talking about is your company's IT administrator accessing
> your files over the network, why not simply disable File & Printer
> Sharing? In Network Connections, right-click your wireless adapter and
> then click Properties. On the General tab, uncheck File & Printer Sharing
> for Microsoft Networks.
> Click OK.
>

If the OP is on a domain, won't the Admin be able to over-ride that?

When OP says, "My computer do not belong to a network just internet
connection through a router.", I take that to mean he isn't joining a
domain.

--
Gary S. Terhune
MS-MVP Shell/User
www.grystmill.com

"
"Gordon" > wrote in message
...
> "Gary S. Terhune" <none> wrote in message
> ...
>> If what you're talking about is your company's IT administrator accessing
>> your files over the network, why not simply disable File & Printer
>> Sharing? In Network Connections, right-click your wireless adapter and
>> then click Properties. On the General tab, uncheck File & Printer Sharing
>> for Microsoft Networks.
>> Click OK.
>>
>
> If the OP is on a domain, won't the Admin be able to over-ride that?
>

"Gary S. Terhune" <none> wrote in message
...
> When OP says, "My computer do not belong to a network just internet
> connection through a router.", I take that to mean he isn't joining a
> domain.
>

Then presumably it's a "local" Admin that's accessing the machine......

I may be wrong, but I'm fairly certain that when one connects to a LAN, it
is possible to share your files with others on the LAN without joining the
domain.

--
Gary S. Terhune
MS-MVP Shell/User
www.grystmill.com

"Gordon" > wrote in message
...
> "Gary S. Terhune" <none> wrote in message
> ...
>> When OP says, "My computer do not belong to a network just internet
>> connection through a router.", I take that to mean he isn't joining a
>> domain.
>>
>
> Then presumably it's a "local" Admin that's accessing the machine......
>

On Tue, 03 Jul 2007 14:35:12 -0400, Lester Stiefel
>Trish wrote:

>> I have WindowsXp pro sp2/Antivir/Kerio/Wifi wireless internet connection/
>> Adaware / Spybot/ Proxomitron.

>> REcently caught the System Administrator accessing files on my Laptop thru
>> the same wireless net connection. My Kerio Firewall latest version did not
>> show a prompt to allow or deny the connection to System Admn. My computer do
>> not belong to a network just internet connection through a router.

>> Tcpview software shows a new "System" named connection while the Admn
>> connected.

> Sounds like you have smart hacker on your hands.

Doesn't have to be all that smart, if your WiFi setup is insecure.

Wireless on the Internet (WAN) side of the router is OK, as you're in
public territory at that point anyway.

But wireless on the LAN side of the router is extremely bad news, as
it will bypass your Internet-facing defenses.

Do NOT allow that to happen! I avoid the whole mess by not using
WiFi, but if you must use WiFi, then:
- make sure it is encrypted
- use WPA2 or WPA, not WEP (disable WEP)
- use a fully-random key that is at the very least 8 characters long
- if using a less-random key, then I'd use 20+ characters long

Actually, I'd use a 20+ random character key, if forced to use WiFi

>Noting this is a WiFi connection you may need to use the
>hardware firewall in your router or modem.

You should at least be using NAT routing anyway, but WiFi access on
the LAN side of the router will bypass this anyway. Your attacker
would be considered "in the house" already.

>Second, are you on the WiFi connection, or on a land-based
>connection?

>If on a land-based connection, check to see if your device
>has a detachable antenna. If the antenna i detachable, i
>would suggest removing it.

>You may need to fire the problem over directly to MS
>developers if your on the WiFi connection, for further
>assistance. WiFi connections are inherently insecure and
>cannot be trusted for confidential business.

WiFi can "approach" wired safety only if you are using strong keys and
WPA or WPA2, and these keys are not tokenized (e.g. written down) or
shared. OTOH, WEP keys with 6 or less characters can be dumb-cracked
in a few minutes, which is why the "hacker" doesn't have to be smart.


Also, if you are not on a LAN, then KILL all the "network admin" stuff
that XP Pro waves around, i.e.
- either null or strong account password (i.e. not a weak password)
- kill hidden admin shares
- block File and Print Sharing (F&PS) at the Windows firewall
- block Remote Desktop and Remote Assistance

Hidden admin shares are not exposed to networking in XP Home, but will
be exposed by XP Pro if the user account password is anything other
than null (empty). Bypassing a non-null password via TweakUI etc. is
NOT the same as having a null password!

Hidden admin shares are a bloody menace, because they expose all of
every HD volume to writes, so an attacker can not only read your
stuff, but drop malware to auto-run when you start the OS.

Hidden admin shares are only "hidden" from you; they always have the
same predictable names, and are thus even easier to automate than
"normal" network shares you create with your choice of names.


If you have one PC and one Ethernet router, buy a cable and KILL the
WiFi at both the router and the PC. Ripping out the aerial isn't
enough, if your attacker is within the augmented range that can be
attained using various commonly-available "fishing" antennae.



>------------------------- ---- --- -- - - - -
I'm on a ten-year lunch break
>------------------------- ---- --- -- - - - -