I believe scammer was using teamviewer but I assume vulnerabilty is not unique to that software. Make sure your system and applications are up to date, there are no open firewall rules to your computer, especially port RDP and you're as safe as you're going to get. Jim Browning not his real name is a professional security expert, and in most cases, those who try to scam him and others are not very technical, so likely leave loopholes in their own network which are exploited in reverse.
A compromised machine may be infected a number of ways, links in emails, fake invoices, bad websites - there is no way to know until it's too late, which is why education is key. So in general its not much to worry about when remote accessing unfamiliar devices when I initiate the connection? Ideally when working on a compromised or potentially compromised systems I would advise using a known clean incident response system running required tools, no cached creds and minimum system level accounts required to complete your tasks.
Many EDR tools allow a reverse shell to safely pull data or triage a compromised host. If you are concerned it has been compromised , I would have it disconnect from the network until I was certain it had be cleaned. Need a bit more context but it sounds like you're not paranoid enough if theres legit cause for concern, I wouldn't be worried too much about the threat to you over teamviewer, I'd be far more concerned for the threat that device poses to the rest of users network.
What evidence is there that the device is compromised? This topic has been locked by an administrator and is no longer open for commenting. To continue this discussion, please ask a new question. I know that's very general, but I've been having a relatively hard time finding any IT related job that isn't basic help desk level one things.
I work in a fairly high level position doing mostly EDI and Salesforce maintenance. I am very willing to work h Do you guys think that the definition of "Entry Level" has been lost to these recruiters? I mean I have seen some job postings asking for crazy requirements and I was under the impression that entry-level was a job for people with little to no experience Today I get to announce the new Spiceworks virtual community, coming to our community soon.
The hallway will be lined with doors, each corresponding to the communi Your daily dose of tech news, in brief. You need to hear this. Windows 11 growth at a standstill amid stringent hardware requirements By now if you haven't upgraded to Windows 11, it's likely you may be waiting awhile.
Adoption of the new O What is a Spicy Sock Puppet? In the case of TCP-tunneling ports, local ports are simply the ones that the local user wants to use to access the web application server on the remote client. Note: As long as the listening ports do not conflict, as many tunnels as needed can be added. For example, let us say that a web application server is only accessible from within the office network or on the remote device. Now if the user wanted to access the web application server from home or while on the go, there are two methods of doing so with AnyDesk:.
If port is free on the home or mobile network used by the local device, the user can simply set the "local port" in the TCP-Tunneling setup to "". Back to home. Getting Started. Other Platforms.
Username : A custom or user account name displayed in the Accept Window when connecting to other devices. User Image : A custom or user account image displayed in various locations, including the Accept Window. If there is no account image or this option has been disabled, then the default AnyDesk user image will be shown.
Desk Preview : A screenshot or the desktop wallpaper of your device displayed in the Address Book or the list of Recent Sessions of other AnyDesk clients. This option can also be disabled whereby the preview will be replaced with a stock image. Chat Log : The path where to save the chat log. Chat logging can also be disabled from here. Alternative Screen Background: Enabling this option allows you to configure what desktop background the users see when they connect to your device.
You can upload a custom image or simply replace your desktop background with a plain color. Once all AnyDesk sessions have been disconnected from your client, your background will return to normal. Screen Frame: Enabling this feature will show an always-on-top border around your display when someone is connected to you. This will allow you to be able to tell with a single glance if someone is connected to your device.
Transmission : Transmits audio to the remote device during incoming sessions. You can choose between no transmission, your operating system's standard device, or a specific device. Output : Determines the output device during outgoing sessions. Note: Audio is unidirectional. Create an additional reverse session for bidirectional audio transmission.
If disabled, the AnyDesk session between the local and remote endpoints are routed through our servers. Please note that as AnyDesk sessions are encrypted, AnyDesk cannot and will not look into your session data. In general, direct connections are usually faster than a routed connection.
However, for some network environments, you may experience network instability due to firewall or other security solution settings. Disable direct connections in the settings to avoid unexpected session ends. For direct connections, TCP Port is used for listening by default.
This port is opened when installing AnyDesk. Authentication can be done with Basic access and Digest access. As of AnyDesk 6. Using NTLM, the usernames and passwords are encrypted and you can use your existing domain Windows credentials instead of a second set of independent credentials. One use-case for NTLM is for companies that use Windows domain-configured accounts for their devices. With NTLM authentication for their proxies, they do not need to generate a new set of login credentials for every user and can simply use the existing credentials stored in their Windows domain controller.
This has the added bonus of reducing the number of login credentials that the user needs to remember. See File Manager and File Transfer. This is also called "path traversal attack", where the malicious RDP server can drop arbitrary files in arbitrary paths on the client machine, thereby gaining total control of that computer.
To protect against these attacks, the only solution is to always use the latest and fully updated RDP client. Otherwise, disable at least the shared clipboard feature while connecting. These type of scammers look for non-tech-savy people. Software like Teamviewer detects "likely" scammer activities and warns people about scams if you get connected, for example, to an IP geofenced from say India and you are not in it:. We have taken the necessary steps to make sure that the remote IDs can no longer be used for illegal purposes and we are constantly working on new methods of finding and blocking such users.
TeamViewer will display a warning message if an incoming connection with a potential fraudulent background is detected to warn our users of the risk of a potential scam To avoid these kind of detects and warnings the scammer sometimes let the client initiate the connection bidirectionally and then take over - if you are fast you can bug the scammers PC with something that allows you access before that happens.
Sometimes scam baiters leave e. It contains a macrovirus bugging the scammer's pc and allowing remote access not by the same tool, but providing their own backdoor. There exists other ways as well - Jim Browning for example sometimes shows that he leverages WireShark to trace network connections and traffic back to the attackers. The tool he uses does not use teamviewer, but other ways of backdooring the networks of the scammers. Sign up to join this community.
The best answers are voted up and rise to the top. Stack Overflow for Teams — Collaborate and share knowledge with a private group. Create a free Team What is Teams? Learn more. How can one reverse a remote desktop connection? Ask Question.
Asked 1 year, 8 months ago. Modified 1 year, 1 month ago. Viewed 66k times. I am not trying to do what he is doing, I'm just really curious how he did it. Improve this question. Kdwk Kdwk 1 1 gold badge 3 3 silver badges 5 5 bronze badges. They're not using RDP but Screenconnect or teamviewer, software that natively supports reversing the connection.
LPChip Yes but those software certainly requires the other user to accept the remote control request. How does he do it without the scammers noticing? Add a comment. Sorted by: Reset to default. Highest score default Date modified newest first Date created oldest first. Improve this answer. Good effort on answering the question, except that you miss one detail. The scammers are not using RDP.
@harrymc Reversing the connection is supported by Teamviewer. You just need to click a button. Why would you want to manually traverse firewall. marn.copljo.info › AnyDesk › comments › anydesk_reverse_connection. So my friend wanted to show me something and he had me connect to his virtual machine via anydesk and I'm just wondering if theres any way.