Any logs to identify someone on trusted network copying files from another computer?
For the past 2 days, I've been trying to get my network talking to two computers - one a desktop and the other a laptop both Vista Ultimate. Now that I got it working I find out that my D-link wireless router was reset and that the wireless was on and unprotected. That's when I discovered all my personal files were available to be shared and download by anyone in the neighborhood.
Is there a way to look at a log to see if those files were copied over to their machine or even see who connected into the D-link router (DGL-4500)? I currently also have McAfee Internet Security and was wondering if there was a way to check log files there?
My d-link log has the following. Am I to conclude that another machine would not be able to connect to the router without WARN log item? If so, then all I've got to figure out what computers are 000048614A68 and 001E8CD31B3D are? E2250 is my desktop and LM140SPL is the laptop.
[WARN] Sat Jan 31 23:55:47 2004 A network computer (000048614A68) was assigned the IP address of 192.168.0.199.
[WARN] Sat Jan 31 23:55:47 2004 A network computer (001E8CD31B3D) was assigned the IP address of 192.168.0.198.
[WARN] Sat Jan 31 23:55:47 2004 A network computer (E2250) was assigned the IP address of 192.168.0.198.
[WARN] Sun Feb 01 13:26:15 2004 A network computer (LM140SPL) was assigned the IP address of 192.168.0.197.
[WARN] Sun Feb 01 14:26:37 2004 A network computer (E2250) was assigned the IP address of 192.168.0.198.
[WARN] Sun Feb 01 15:02:09 2004 A network computer (E2250) was assigned the IP address of 192.168.0.198.
[WARN] Sun Feb 01 15:14:49 2004 A network computer (LM140SPL) was assigned the IP address of 192.168.0.197.
[WARN] Sun Feb 01 15:27:48 2004 A network computer (LM140SPL) was assigned the IP address of 192.168.0.191.
[WARN] Sun Feb 01 15:30:51 2004 Above message repeated 1 times
[WARN] Sun Feb 01 15:36:52 2004 A network computer (LM140SPL) was assigned the IP address of 192.168.0.197.
[WARN] Sun Feb 01 15:47:40 2004 A network computer (LM140SPL) was assigned the IP address of 192.168.0.195.
[WARN] Sun Feb 01 15:53:37 2004 A network computer (LM140SPL) was assigned the IP address of 192.168.0.197.
Is there a way to look at a log to see if those files were copied over to their machine or even see who connected into the D-link router (DGL-4500)? I currently also have McAfee Internet Security and was wondering if there was a way to check log files there?
My d-link log has the following. Am I to conclude that another machine would not be able to connect to the router without WARN log item? If so, then all I've got to figure out what computers are 000048614A68 and 001E8CD31B3D are? E2250 is my desktop and LM140SPL is the laptop.
[WARN] Sat Jan 31 23:55:47 2004 A network computer (000048614A68) was assigned the IP address of 192.168.0.199.
[WARN] Sat Jan 31 23:55:47 2004 A network computer (001E8CD31B3D) was assigned the IP address of 192.168.0.198.
[WARN] Sat Jan 31 23:55:47 2004 A network computer (E2250) was assigned the IP address of 192.168.0.198.
[WARN] Sun Feb 01 13:26:15 2004 A network computer (LM140SPL) was assigned the IP address of 192.168.0.197.
[WARN] Sun Feb 01 14:26:37 2004 A network computer (E2250) was assigned the IP address of 192.168.0.198.
[WARN] Sun Feb 01 15:02:09 2004 A network computer (E2250) was assigned the IP address of 192.168.0.198.
[WARN] Sun Feb 01 15:14:49 2004 A network computer (LM140SPL) was assigned the IP address of 192.168.0.197.
[WARN] Sun Feb 01 15:27:48 2004 A network computer (LM140SPL) was assigned the IP address of 192.168.0.191.
[WARN] Sun Feb 01 15:30:51 2004 Above message repeated 1 times
[WARN] Sun Feb 01 15:36:52 2004 A network computer (LM140SPL) was assigned the IP address of 192.168.0.197.
[WARN] Sun Feb 01 15:47:40 2004 A network computer (LM140SPL) was assigned the IP address of 192.168.0.195.
[WARN] Sun Feb 01 15:53:37 2004 A network computer (LM140SPL) was assigned the IP address of 192.168.0.197.
Without audit logging enabled i don't believe there is. THe only information you would see with audit logging would be the account used to authenticate and if it is valid it will not provide any information to you because it would be one of your accounts. Your network device may have some small trivial information but having a firewall on your computer with strong passwords is the only thing that would prevent this scenario. You should search on "Defense in Depth" as just depending on your wireless encryption is not likely to be safe without taking further measures. Make sure and reset the password on your wireless device as well as reseting the encryption key. Also use WPA2 when you setup your wireless.
ASKER
Where do I establish audit logging? wireless routing? mcafee? admin tools?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you very much.
Your welcome!