My intial reaction is that it seems irresponsible for them to suspend you from
work without having any idea what you're truly doing. Did they find scanning
tools on your computer? Did they find executables to perform scans? Did they
lock down the system enough that you couldn't scan using USB/CD removable
tools? They need to do some more digging and isolate what is going on.
To answer your other questions first, yes, old versions of Visio have built-in
tools to map networks. These were taken out, I believe, in Visio XP and 2003.
Also, yes, network file searching requires connections (Google
search/desktop/iTunes/P2P software...anything that searches your network for
shared files).
As far as what is going on, that is difficult to tell, though. Perhaps your
computer has turned into a Master Browser or some sort of licensing agent for
Windows. Considering you are a developer, it could be some licensing agent for
tools you might use or it could even be SQL broadcast/reply traffic. Have you
recently installed MSDE or other SQL-related tools? They tend to be very chatty
on the network, and if a ton of you developers have them installed, that can
yield back a lot of cross-chatter amongst systems.
You could also ask them to capture traffic from your system, specifically
traffic going to those other systems or at the appropriate times of day when
these connections take place. They should do at least that much diligence to
attempt to track down the rogue process/tool before affecting someone's
livelihood.
Also, take inventory of everything you have running and close everything you
don't absolutely need. This includes iTunes, Winamp, music-playing tools, IM
tools not specifically mandated by your company/organization, etc. Close them
and keep them closed.
If you have nothing to hide, definitely invite them over to do intensive
scanning and monitoring if they need to.
Let us know what happens or comes of this. I reiterate that I find it
irresponsible of them as IT audit to contribute to your suspension with just
some guess that you must have used some scanning software...
<-snip->
Could anyone offer me some advice or guidance with this please.
I am developer and have been suspend from work because of ?suspicious network
activity?. It?s a corporate network (local government) predominantly running a
combination Microsoft OS?s across many sites.
It seems that many computers on the corporate network have entries in their
event logs to say that my system logged onto these machines for any instant.
This happens three times of the course of a single day and but second time my
computer?s events log shows that each of these computers have logged back into
my system.
The IT audit section sent the computer away and it came back clean e.g. no
viruses and their stance seems to be that they don?t know what has happened but
they believe that I have used some kind of scanning software.
I?m trying desperately to find another explanation for this, can anyone suggest
what might have happened. Could using something like visio or a simple file
search across the network produce similar activity?
They did seems to think that it was relevant that each computer was contact in
alphabetical order not IP order.
Any help would be greatly appreciated.
