Re: Need to find Intuder Machine

From: Chuck Conlow (cconlow@earthlink.net)
Date: 11/15/02

• Next message: Piotr Gałuszkiewicz: "how to deny access to disk for the user"
• Previous message: Pete: "Re: remotely change admin password on workstations"
• In reply to: De` Baorsch: "Need to find Intuder Machine"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Chuck Conlow" <cconlow@earthlink.net>
Date: Fri, 15 Nov 2002 00:51:02 GMT

"De` Baorsch" <spam.org@spam.net@spam.com> wrote in message
news:ut6tkaol7dk317@corp.supernews.com...
> On one of sites I support I suspect someone is bringing in a laptop from
> home some times to access the net for an hour or two by plugging a patch
> cord in a live drop. The place is 24x7 and physically large with many
> buildings and drops. The machine tried to unsuccesfully join my domain
> giving the name of one of our exchange servers as name of the domain. (I
> have no roming profiles, so the exchange server name is commonly know
among
> staff) When it couldn't join it created a workgroup with the name of the
> exchange server on the laptop, got an IP from DHCP and registered in the
> WINS server. As a result email is getting pointed to the wrong Exchange
> Server (the intruder laptop) and crashes.I was able to get the MAC of the
> machine and the machine name.
> Any ideas to find the drop the person is using when they do it, or to
block
> access to that machine from NT 4.0?
>

Which drop? Mebbe... what kinda monitoring tools do you have for the
router(s)?

But - here'a a real nice one... Noted that you know the MAC, have the DHCP
server assign a specific IP of a host/subnet that has NO ACCESS TO ANYTHING,
ANYWHERE. That'll stop him for a while, but re: monitor tools for your
router(s).

Chuck

---

• Next message: Piotr Gałuszkiewicz: "how to deny access to disk for the user"
• Previous message: Pete: "Re: remotely change admin password on workstations"
• In reply to: De` Baorsch: "Need to find Intuder Machine"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages outlook/exchange & windows security ... 2002 sp-1 on my office desktop, laptop and home computer. ... have an exchange server setup to manage the mail. ... then i did an inplace reinstall of winXP to fix other problems. ... check your username and domain, ... (microsoft.public.outlook.general) Re: Roaming Profiles, Folder Redirection, .OST Files and Security ... them at all, don't use cached mode. ... I have a concern about the .OST file being on the local laptop. ... exchange server on site - it is accessed over a slow VPN WAN link. ... (microsoft.public.exchange.admin) Re: Roaming Profiles, Folder Redirection, .OST Files and Security ... I have a concern about the .OST file being on the local laptop. ... exchange server on site - it is accessed over a slow VPN WAN link. ... certificates as encryption really does work. ... (microsoft.public.exchange.admin) Need to find Intuder Machine ... On one of sites I support I suspect someone is bringing in a laptop from ... The machine tried to unsuccesfully join my domain ... so the exchange server name is commonly know among ... (comp.os.ms-windows.nt.admin.security) Re: exchange access is very sluggish ... >I am running windows xp and outlook xp on a dell inspiron laptop. ... > exchange server but that didnt seem to cure it. ... > What issues should I look at in outlook to see if my information store is ... (microsoft.public.exchange.admin)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.os.ms-windows.nt.admin.security  > 2002-11