?
Solved

Any logs to identify someone on trusted network copying files from another computer?

Posted on 2009-02-11
7
Medium Priority
?
533 Views
Last Modified: 2013-11-30
For the past 2 days, I've been trying to get my network talking to two computers - one a desktop and the other a laptop both Vista Ultimate.  Now that I got it working I find out that my D-link wireless router was reset and that the wireless was on and unprotected.  That's when I discovered all my personal files were available to be shared and download by anyone in the neighborhood.  

Is there a way to look at a log to see if those files were copied over to their machine or even see who connected into the D-link router (DGL-4500)?  I currently also have McAfee Internet Security and was wondering if there was a way to check log files there?

My d-link log has the following.  Am I to conclude that another machine would not be able to connect to the router without WARN log item?  If so, then all I've got to figure out what computers are 000048614A68 and 001E8CD31B3D are?  E2250 is my desktop and LM140SPL is the laptop.

[WARN] Sat Jan 31 23:55:47 2004 A network computer (000048614A68) was assigned the IP address of 192.168.0.199.
[WARN] Sat Jan 31 23:55:47 2004 A network computer (001E8CD31B3D) was assigned the IP address of 192.168.0.198.
[WARN] Sat Jan 31 23:55:47 2004 A network computer (E2250) was assigned the IP address of 192.168.0.198.
[WARN] Sun Feb 01 13:26:15 2004 A network computer (LM140SPL) was assigned the IP address of 192.168.0.197.
[WARN] Sun Feb 01 14:26:37 2004 A network computer (E2250) was assigned the IP address of 192.168.0.198.
[WARN] Sun Feb 01 15:02:09 2004 A network computer (E2250) was assigned the IP address of 192.168.0.198.
[WARN] Sun Feb 01 15:14:49 2004 A network computer (LM140SPL) was assigned the IP address of 192.168.0.197.
[WARN] Sun Feb 01 15:27:48 2004 A network computer (LM140SPL) was assigned the IP address of 192.168.0.191.
[WARN] Sun Feb 01 15:30:51 2004 Above message repeated 1 times
[WARN] Sun Feb 01 15:36:52 2004 A network computer (LM140SPL) was assigned the IP address of 192.168.0.197.
[WARN] Sun Feb 01 15:47:40 2004 A network computer (LM140SPL) was assigned the IP address of 192.168.0.195.
[WARN] Sun Feb 01 15:53:37 2004 A network computer (LM140SPL) was assigned the IP address of 192.168.0.197.
0
Comment
Question by:stephenlecomptejr
  • 2
  • 2
5 Comments
 
LVL 3

Expert Comment

by:rbeckerdite
ID: 23619504
Without audit logging enabled i don't believe there is.  THe only information you would see with audit logging would be the account used to authenticate and if it is valid it will not provide any information to you because it would be one of your accounts. Your network device may have some small trivial information but having a firewall on your computer with strong passwords is the only thing that would prevent this scenario. You should search on "Defense in Depth"  as just depending on your wireless encryption is not likely to be safe  without taking further measures.  Make sure and reset the password on your wireless device as well as reseting the encryption key. Also use WPA2 when you setup your wireless.  
0
 
LVL 1

Author Comment

by:stephenlecomptejr
ID: 23619522
Where do I establish audit logging?  wireless routing?  mcafee?  admin tools?
0
 
LVL 66

Accepted Solution

by:
johnb6767 earned 2000 total points
ID: 23778964
In the DLink, se if there is an option for DHCP client table. Might list A PCName/MAc address that doesnt belong to your 2 PC's.....

Chances of this being a problem i would not think is high. Yea, you were exposed to the web/neighbors, but if you have strong passwords on your profile, then you should be ok.
0
 
LVL 1

Author Comment

by:stephenlecomptejr
ID: 23780898
Thank you very much.
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 23781281
Your welcome!
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
LinkedIn blogging is great for networking, building up an audience, and expanding your influence as well. However, if you want to achieve these results, you need to work really hard to make your post worth liking and sharing. Here are 4 tips that ca…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question