Re: Strange Workgroup Has shown up on browse list

From: Rich marquette (rmarket_at_dca.net)
Date: 08/04/03

• Next message: Steven Umbach: "Re: Audit *"
• Previous message: Frank C.: "Problem with user impersonation and access rights"
• In reply to: Skydiver: "Re: Strange Workgroup Has shown up on browse list"
• Next in thread: Steven L Umbach: "Re: Strange Workgroup Has shown up on browse list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sun, 03 Aug 2003 21:02:49 -0400

You probably could do it with the full blown version of Network Monitor
or some other sniffer software. But it would probably be a real pain to
set up. I'm sure that some of the network management packages would do
it but I don't know of any freeware versions.

Skydiver wrote:
> Unfortunately we have unmanaged switches in the restaurants. That is
> a thought for future upgrades and new locations. Any suggestions on
> good freeware applications that I ca run on the Windows boxes as a
> service that can monitor traffic and report back when a new mac
> appears on the network?
>
> Skydiver
>
> Rich marquette <rmarket@dca.net> wrote in message news:<3F2D152F.2010706@dca.net>...
>
>>I don't know what kind of networking equipment that you have but a lot
>>of them know have a feature that you can set the ports only to respond
>>to a specific MAC address. So if any other computer gets plugged in
>>they don't get onto the network. You could also configure DHCP to
>
>
>>reserve address for the specific Mac addresses.
>>
>>
>>
>>Skydiver wrote:
>>
>>>Thanks for the help. I finally found the culprit. One of the owners
>>>that travels out of the country frequently had changed the network
>>>settings on his laptop when he was visiting a friend in Austria to get
>>>Internet access. When he plugged in to the network back here in the
>>>states it caused the red flag to be run up the pole. The reason I
>>>couldn't detect the computer belonging to the foreign domain was
>>>because the listing of his laptop in the WINS database was expected.
>>>In the mean time I locked down the network hard, forced every password
>>>in the domain to be changed on the next logon and issued a security
>>>alert to all our restaurants. I already use ntfs, forced difficult
>>>passwords and read the audit logs religiously. The scary part is that
>>>due to a vertical market POS system that runs in each restaurant, we
>>>have credit card data flying around unencrypted on the network as well
>>>as stored on a computer in the restaurants. Hardening these computers
>>>while still making them useful workstations has been a balancing act
>>>to rival the Flying Wallendas. I have complained for over 5 years
>>>about this vulnerability to our vendor to no avail. I am especially
>>>worried now that they are promoting hand held terminals for use by the
>>>restaurants. I wouldn't go near 802.11 with a ten foot pole in the
>>>restaurant but there are POS dealers selling this stuff with no
>>>knowledge of what they are doing. I am just waiting to see someone
>>>hack into a restaurant and download 1 years worth of credit card data.
>>>
>>>Is there a way to track what computer belongs to a workgroup/domain in
>>>audit logs? This would have been most helpful in the circumstance
>>>that occurred today. I am also especially worried about is someone
>>>surreptitiously plugging into the network and pack sniffing data. The
>>>only way that I suppose I can do that is to install mac address
>>>monitoring software in each restaurant that can send me an alert when
>>>someone plugs into the network. It would be a pain to set up but I
>>>suppose it would be the best solution. Does anyone have any
>>>suggestions of some cheap (ie. FREE) software that would be able to
>>>run as a service in W2K to accomplish this task?
>>>
>>>Thanks again for the help.
>>>
>>>Skydiver
>>

---

• Next message: Steven Umbach: "Re: Audit *"
• Previous message: Frank C.: "Problem with user impersonation and access rights"
• In reply to: Skydiver: "Re: Strange Workgroup Has shown up on browse list"
• Next in thread: Steven L Umbach: "Re: Strange Workgroup Has shown up on browse list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: no mapped drive ... Network Monitor is a tool to monitor and capture network traffic. ... >perfectly on all machines except the terminal server. ... >> The DNS server was unable to open zone aa.bb.cc in the Active Directory. ... (microsoft.public.windows.terminal_services) Re: no mapped drive ... I was messing with the idea of creating a dedicated backup network using the ... an lmhosts file entry for, you guessed it, the file server. ... Network Monitor is a tool to monitor and capture network traffic. ... >>> The DNS server was unable to open zone aa.bb.cc in the Active Directory. ... (microsoft.public.windows.terminal_services) Re: no mapped drive ... I am glad to hear you have found the root cause is the lmhost entry, ... >I was messing with the idea of creating a dedicated backup network using ... >an lmhosts file entry for, you guessed it, the file server. ... Network Monitor is a tool to monitor and capture network ... (microsoft.public.windows.terminal_services) RE: HTTP file upload timeout, Error Code 10060 ... Microsoft's Network Monitor). ... > the larger the file the smaller the chance to successfully upload it. ... Network link in this case was different, ... (microsoft.public.isa.configuration) RE: Windows Server 2003 network slows ... network interface card performance log. ... Windows 2000, and Windows XP) ... you can install Network Monitor from Control Panel ... Microsoft Online Partner Support ... (microsoft.public.windows.server.general)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)