Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Suspicious network activity advice

from [Justin Lintz] Network Security [Permanent Link]
Subject: Re: Suspicious network activity advice
Date: Mon, 25 Dec 2006 19:55:18 -0500 
Did the date/time stamps correlate to you actually being at your desk
at the moment of the suspicious activity?  What type of connections
were they to the other machines?

On 22 Dec 2006 11:22:26 -0000, infinite_uk@hotmail.com
<infinite_uk@hotmail.com> wrote:

Could anyone offer me some advice or guidance with this please.

I am developer and have been suspend from work because of 'suspicious network 
activity'. It's a corporate network (local government) predominantly running a 
combination Microsoft OS's across many sites.

It seems that many computers on the corporate network have entries in their 
event logs to say that my system logged onto these machines for any instant. 
This happens three times of the course of a single day and but second time my 
computer's events log shows that each of these computers have logged back into 
my system.
The IT audit section sent the computer away and it came back clean e.g. no 
viruses and their stance seems to be that they don't know what has happened but 
they believe that I have used some kind of scanning software.

I'm trying desperately to find another explanation for this, can anyone suggest 
what might have happened. Could using something like visio or a simple file 
search across the network produce similar activity?

They did seems to think that it was relevant that each computer was contact in 
alphabetical order not IP order.
Any help would be greatly appreciated.



--
- Justin Lintz

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Fwd: Print Server Log Analyzer, dave kleiman
Next by Date:  Re: Password Quality checker, Saqib Ali
Previous by Thread:  Suspicious network activity advice, infinite_uk
Next by Thread:  RE: Suspicious network activity advice, Devin Rambo
Indexes:  [Date] [Thread] [Top] [All Lists]