[plug] schoolboys

[Gavin Tweedie]

> At a school I support we have a problem.  One or two students are behaving
> in as "inappropriate" manner by sending forged email and I want to find
> out who they are.

God I love being a school boy, and I had so much fun last year nuking or
whatever the fileserver at school, stupid NT. I have respect for our HOD
of computing now, ever since he asked me last week to rebuild his proxy
(using linux and squid) and setup "some way that he can play bridge over
the net with pretend ips" haha [masq in other words].
Speaking of which, we have a rather nice network now. 5 Dual pent II 450
w/512meg ram and ultra wide scsi drives. 400+ terminals [pentium 90 or
better] Each computer on 10meg switched ethernet, with each machine and
room individuall switched. fibre from admin lan to computing department
lan, 6 NT servers and 1 lonely Linux server.
But as a demonstration - the uptime on the NT boxes hasnt beated about 4
or 5 days, as of today the linux has been up for roughly 3months [when it
was installed]

anyway back to your question...


> They use Netscape and Hotmail to send messages so outgoing mail can not be
> monitored directly.  I suspect that Netscape encripts mail which will make
> the job almost impossible short of having a trojan at the desktop.  Is
> this correct?  If, not any ideas on how to capture text on its way out?

hotmail just uses forms, text in forms is sent in plain text or encoded
using simple encoding (NOT encryption) such as MIME. If you know who these
students are or have a fair idea then you could try just firing up sniffit
and monitor the network for traffic on outgoing web ports or the smtp
port. You can the grep through all the junk you get and find local/remote
IPs and times and dates.

I'm sure theres other ways too as other people will no doubt point out.



Gavin