Networks

General discussion

Locked

Guests on Network...finding out more

By moviewithnotitle ·
Recently I discovered a guest on the network. They were part of a presentation/meeting going on with Mgt. Our DHCP will give addresses and allow you to get to the internet if you plug into the LAN by wire (wireless is by MAC addy only)...of course your going to have to get thru Novell and Windows before your going to get to any resources so I was not concerned there.
I attempted several connections to this machine to try and figure out who they were...but no luck.
??? - What would you have done on the inside to try and figure our more about this machine remotely? Suggestions, programs, techniques etc are appreciated.

Thx

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

How do you know

by Dr Dij In reply to Guests on Network...findi ...

they weren't tapping into the meeting as a hacker?

Seriously, tho, it could happen unless you lock down like wireless. One company said that unknown mac addr were allowed on only to get to internet, which seemed like a good compromise. This allows traveling salespeople to get to the internet (but not your daughter :)

You're now stuck with 'not knowing', perhaps even not knowing if you've been broken into taken to the extreme. I've been at plenty of companies that would likely not know if broken into network. We even found someone relaying porn spam from our mail server, only because someone (me) complained that mail server too slow.

IF an unknown PC hooks up in side your company, inside firewalls, it should be much easier for them to break in if you're that paranoid.

Collapse -

Guests on Network...finding out more

by moviewithnotitle In reply to How do you know

Well I was not Paranoid, but I understand what your refering to. I should have been more clear earlier. Normally Mgt is supposed to alert us if someone is going to plug into the LAN in one of the conference rooms. On the off chance they forget to alert us, I was curious what others might do in this situation. Do you run any scans of that IP address to find out more about the machine? Do you go to the conference room and question the person that plugged in...that sorta thing.

I knew that they were not one of the salesppl because I would have recognized the naming convention of the machine, and they would have shown up as being part of the domain...this machine did not and showed as being part of an unknown workgroup.

I am just trying to learn a little more about what others do in situations like this.

Thx

Collapse -

Sorry about your situation

by Dr Dij In reply to Guests on Network...findi ...

but I think asking them to alert you is like asking people not to click on attachments or not to visit sites with spyware. Great in theory but as you found out, doesn't work.

Instead lock it down, if someone complains they can't get on, they'll tell you who they are, and why and you let them on.

There are numerous network discovery scanners which could alert you to new mac addr.

Related Discussions

Related Forums