Thread: Caught_at_work

  1. #1
    Detected
    Guest

    Thumbs down Caught_at_work

    I plugged in my laptop to the company's network and I got a net send message saying 'take your computer off the network' within 5 minutes.

    How did they detect me ?
    (i know they assigned me an ip)

    but how did they notice me from everyone else ?

    were they doing a random scan of the network and saw my netbios name or are there logs on the server (if so where ?)

  2. #2
    Registered User
    Join Date
    Sep 2002
    Posts
    1,640
    How must whe know your companys security?
    Does your laptop has different specs? (CPU,RAM etc.).
    Does it have a different network card?

    That are all things to seperate your companys pc from your
    laptop.

  3. #3
    5|-|1+|-|34|) ober's Avatar
    Join Date
    Aug 2001
    Posts
    4,429
    Are you running any kind of server daemon? FTP? HTTP server? Anything little like that can throw up flags for a sys admin.

    Better questions... is it running XP? XP pro has built in server capabilities... some of which I believe you have to shut down... they just run automatically.

    Chances are, they saw you pop on... maybe they have it setup to let them know when a new computer is added to the network.
    EntropySink. You know you have to click it.

  4. #4
    Detected
    Guest
    They are running NT4

  5. #5
    PC Fixer-Upper Waldo2k2's Avatar
    Join Date
    May 2002
    Posts
    2,001
    my guess is this:
    from what i've seen of networks and how they're administered I'm guessing they keep a record of the computers on the network, when they set them up they add to the number of computers on the network, if that number increases they will know someone else is on. From there it's easy, just compare auth'd ip's with unauth'd.

    Depending on what they use to administer their network, they could make a simple <100 line program that could do that automatically, i don't recommend trying to get online again...they might get angry and do unspeakable things to your comp
    PHP and XML
    Let's talk about SAX

  6. #6
    Redundantly Redundant RoD's Avatar
    Join Date
    Sep 2002
    Location
    Missouri
    Posts
    6,331
    our NT4 system at work will tell us when a pc that is without our admin "tag" logs on. i can't tell u wat the tag is tho, confidential stuff.

  7. #7
    Detected
    Guest
    How does that admin tag work ?

    I noticed even when i wasn't on the internet my network traffic lights on my dongle were always flashing

  8. #8
    PC Fixer-Upper Waldo2k2's Avatar
    Join Date
    May 2002
    Posts
    2,001
    just because you aren't accessing the internet, does not mean that data isn't going back and forth between your computer and the server where you work. You access the internet via the server at your work. Data goes through it first...you're always sending and receiving data from that server, however, whether you're accessing the internet as well or not.
    PHP and XML
    Let's talk about SAX

  9. #9
    cereal killer dP munky's Avatar
    Join Date
    Nov 2002
    Posts
    655
    i think its like when you plug somethin into a usb, you get the thing on your desktop "this device was dectected" im guessing your offices security's got somthin like that, anything that connects w/o being initialized by them is unauthorized
    guns dont kill people, abortion clinics kill people.

  10. #10
    gateway
    Guest
    when a new computer identity is detected the server scans that pc for certain things that are required of a pc to be on our network, we call these tags. When its not found, we are paged/emailed/and called by the server. May seem a lil excessive, but it works.

  11. #11
    Redundantly Redundant RoD's Avatar
    Join Date
    Sep 2002
    Location
    Missouri
    Posts
    6,331
    Originally posted by gateway
    when a new computer identity is detected the server scans that pc for certain things that are required of a pc to be on our network, we call these tags. When its not found, we are paged/emailed/and called by the server. May seem a lil excessive, but it works.
    If your attempting to imply that this is how gateway detects invalid computers...

    *loud buzzer*

    WRONG!

  12. #12
    Registered User Xei's Avatar
    Join Date
    May 2002
    Posts
    719
    The network probably finds new MAC ID's, anything which is not in some sort of list of MAC Addresses to allow then it sends data to the computer which likely isn't supposed to be connected to the network. So any time they add a company computer they just add the MAC Address to some sort of list. Its probably to make sure that non-personell are not given access to the network database or something... in fact often if the company is storing goods and someone wants to steal them (therefore need the location of where it is stored or where it is going) they will impersonate telephone repair, computer repair etc.. It is actually something that a company should worry about since secretarys etc.. usually do let electrical or gas related personell into the building. Where I used to work some third-party impersonated telephone repair and put an FM transmitter on one of the phone lines in the building, after that a car waited right outside the property which was likely receiving any contract information for goods to be shipped. So the company that you work for likely worries about similar kinds of security issues.
    Last edited by Xei; 02-08-2003 at 05:16 PM.

  13. #13
    Detected
    Guest
    Interesting.................

    on the server, how can you catch an "on_computer_connect" event ?

    --nb: I realize that's not an actual event (apply common sense here)

  14. #14
    Redundantly Redundant RoD's Avatar
    Join Date
    Sep 2002
    Location
    Missouri
    Posts
    6,331
    actually it kinda is an event. Windows is an event driven operating system, so when an event occurs, such as plugging in a network cable on another pc/and or connecting that pc to the network, and event has occured and the operating system is driven to take an action.

    I'm not quite sure how to take the question, i will assume you mean how do u catch and stop this before they pick you up, and in that case, i'm not sure. I would find one of the pc's with network allowance and see if you can't make the server think your laptop is that machine.

  15. #15
    Registered User
    Join Date
    Nov 2002
    Posts
    87
    Lemme see, just tried it with my laptop as a joke. Plug in, turn on, fine no probs. Downloads the logon data at 100Mb/sec. Hmmm interesting. COmputers around me start dropping like flies, slowing down, logging off, a couple turn off. Dunno whats going on. Oh, ####, got a logon message, "Welcome to the Network, your current connection speed is 100Mb/sec". Start to use the Net, check that speed, it doing a 8Mb/sec download, schools got dual lines. Tannoy goes out. "Could all users log off the network, due to technical difficulties system has to be restarted". Well that was fun. Am now going to Headmaster to explain why I went onto the network with laptop... :->
    **********************
    *==================*
    * Many Can. One Must... *
    *==================*
    **********************

Popular pages Recent additions subscribe to a feed