Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 35

Thread: Mystery Machine Invades Network?

  1. #21
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Originally posted here by AngelicKnight
    So, mystery solved! Turns out it's a laptop that belongs to one of our employees. He changed the name of his machine to that weird name above, thus throwing me off all morning long. All it took was kicking that MAC off the AP for me to get the "I lost my connection!" phone call.
    So the question that remains is why does he have "gnutella p2p networking" loaded on his laptop? Do you allow P2P apps. on your company systems?

    Cheers:
    DjM

  2. #22
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    Busted...
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  3. #23
    Senior Member
    Join Date
    Jul 2004
    Posts
    469
    Originally posted here by AngelicKnight
    That laptop that the MAC belongs to is turned off, sitting safely in a cabinet right now.
    Thats the part that confuses me. Was that laptop indeed off at the time your were querying it?

  4. #24
    Doesn't need P2P. P2P should go away methinks.

    Thats the part that confuses me. Was that laptop indeed off at the time your were querying it?
    Sorry 'bout that, look back a few posts up where I was talking about the new firmware jumbling up the correlation of MAC addresses and system names...that's the culprit for that. I'm now going back in and fixing it all.

  5. #25
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    Hmmm, I user who changes his PC name, and has open p2p ports. He/She would now be on my official "****" list.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  6. #26
    He kinda has a habit on staying on everyone's list actually...

  7. #27
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Can anyone add machines to your network???

    Change the name??

    Usually that is restricted...even in w2k??

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  8. #28
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    I think he did more than change the name, if he was able to connect to your network and bypass your domain log in.
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  9. #29
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    So... now that you've had this problem... its time to look into ways to prevent this from happening again.

    REMOVE local admin rights from the users. Doesn't look like you have a domain... or they unjoined/formatted/reloaded their box. If you are on a domain... start using group policies. Restrict people from installing software, etc.

    Firewalls: You must be allowing outbound traffic for that p2p app... you need to lock down your gateway's outgoing ports. Arrainge your hosts in groups of IP addresses and filter outgoing based on those groups. group1 only needs outbound 53, 80 and 443. group 2 needs 20,21,22,25,53,80 and 443. Etc.

    You should have your wifi and wired clients on different subnets with a firewall between. This doesn't have to be expensive... an old PII or PIII with IPCOP loaded would fit nicely. And it'd provide you a lot more security (iptables, transparent proxy with filtering (dansguardian), etc.) and services than your standard AP. Only allow access from the wifi boxes to what they NEED. You can do this on an IP basis if you want to. If they only need access to the gateway and server x... restrict them from everything else.

    WIFI: You don't HAVE to use VPN or a Radius server for authenticaion... but it is recommened for a corp network. Ditch WEP and implement WPA (with our without Radius).

    I'm sure I'm leaving out a lot... but I'm in a hurry. Time to take my last final!
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  10. #30
    I configured his laptop to access the network. In fact, he purchased that laptop for use at home and here, letting us totally get rid of the desktop that was in that office. However, that certainly wasn't the name I gave the system, so that's what he changed.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •