However, the underlying idea is correct - look for suspicious traffic and investigate further. I personally label this the "Wireshark Syndrome". People often say "Look at your network traffic", and then they go buy a tap, have a look in Wireshark and see lots of network traffic to various domains and IP addresses they cannot explain and then end up believing they must have been compromised. Keep in mind that these techniques require some level of expertise. However, you can detect certain remote access kits through a variety of techniques. It's like saying "How can I prove that nobody owns a key to my apartment?" - you simply can't. Proving a negative is basically impossible.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |