2

If someone uses a RAT or something of the sort to gain access to your computer and network, is it possible for them to reroute their internet access through your I.P.? This question is kinda concerning the larger majority of people who have these types of malicious programs installed on their PC without their knowledge. I'd imagine it could be extremely damaging to have a potential criminal rerouting his network through yours (for obvious reasons). If anyone could give me an answer to this is would greatly appreciated, and if anyone has any tips on how to tell if someone is 'rerouting' their internet access through yours, that would also be helpful. Thanks

JohnathEcksDee
  • 21
  • 1
  • This is absolutely possible and used to be widely done by utilising reverse proxy capabilities in commonly used RATs. Criminals sell access to those proxies under labels like "botnet proxy" or "VicSock". – René Roth Jul 09 '21 at 11:35

2 Answers2

2

Routing traffic through a computer is a very simple process that can be done even if the software implementing (it's called a proxy server, by the way) it is not running with specials privileges so the answer is yes. There are some technical complications that might prevent the use of standard software difficult but nothing that cannot be done (and, actually, that is a standard feature

However, asking such a question is similar to wondering if someone who broke into you house could make prank calls to emergency services using your phone: yes, it can be the case but it's hardly the worse of your problems.

Stephane
  • 18,557
  • 3
  • 61
  • 70
  • 1
    `it can be the case but it's hardly the worse of your problems.` Sorry, dv for that. Someone wanting to harm you, and doing something with your computer that can get 20+ years jail, is hardly a problem? lol. There are more than enough countries where a simple IP log is enough evidence. – deviantfan Apr 04 '17 at 12:06
  • That is outside the scope of both this question and this site. This isn't redit or a forum where you discuss subjects in free-form or give opinions. This is a place for questions and answers. – Stephane Apr 04 '17 at 12:24
  • Whatever you say ... stop thinking I'm new here, and (according to your own policy) move your opinionated post to Reddit (namely, the opinion that it's not an important problem). ... Btw., most people here get angry if someone downvotes with*out* leaving a reason; but I'm keeping you in mind as an exception. – deviantfan Apr 04 '17 at 12:43
  • Whatever. I'm done speaking with you. – Stephane Apr 04 '17 at 12:44
  • @deviantfan law enforcement aren't *that* stupid and a log of your IP accessing prohibited content alone isn't enough to convict you for the exact reason that a criminal could compromise your machine and tunnel their illegal traffic through that. – André Borie May 04 '17 at 08:58
  • @AndréBorie Tell that eg. Germany. While I agree that it is stupid, they do exactly that (and even much more stupid things too) – deviantfan May 04 '17 at 10:12
  • @deviantfan wouldn't the malware on the machine be evidence to prove the user's innocence? And again, opinions aside, do you know of a case where someone was convicted only because malware was tunnelling illegal traffic through their machine and nothing else? – André Borie May 04 '17 at 10:15
  • @AndréBorie It's a complicated subject that can't be answer globally. Depending on the local law, you might have to prove a number of different things at different points. It might even be that you can be found guilty of facilitating a crime simply by not having protected your system properly. It's going to be a case-by-case basis, though. – Stephane May 04 '17 at 10:17
  • @AndréBorie I know cases where someone was convicted because the provider said it was his IP address. Nobody in the court cared about "malware or not" or anything. In one of the cases, where the address belonged to a DSL connection in a house, there even was proof that that person wasn't at home. – deviantfan May 04 '17 at 10:17
-2

Sure.
With admin/root/... access to a computer, independent of local/remote, it's possible to request any internet sites from this computer, it's possible to save some child porns on it, as well as unlicensed software and/or unpaid movies, etc.etc.

Reliably detecting such things while the computer is still vulnerable is pretty much impossible. Preventing unauthorized access and malware in the first place is the only solution. And avoiding pissing of governments and other influental organizations/people.

Depending on the level of paranoia, you should avoid any hardware from major brands too (or stop using computers at all). Eg. recent CPUs from Intel have remote management stuff builtin (in the CPU itself). While in theory, you need to allow it before anyone can use it, security-relevant bugs and hidden features were found already. As it is a CPU, there is no auto-update, and it works even when the computer is turned off.

deviantfan
  • 3,854
  • 21
  • 22
  • This answer has nothing to do with the question. I'm not even sure what you're answering to. Adding references to tinfoil-hats theory about hardware doesn't help your case either. – Stephane Apr 04 '17 at 08:37
  • @Stephane Then kindly tell me what the question is in your opinion. I see OP worrying about problems due to criminal activity of other people on his computer. And intel AMT is no tinfoil-hat theory, you can even try parts of it at home. – deviantfan Apr 04 '17 at 12:03