I have a situation with a network regarding possibly unauthorised uploading from a rogue workstation.
Logs provided by the ISP indicate regular spikes in uploading traffic activity.
Its not a big network, only 15 workstations.
Initial steps taken;
- Anti-malware softwares (SEP v12.1) are all up to date and full scans performed
- AntiMalwareBytes full scans
- Changed PPPoA logon credentials
- Changed wireless password
Not likely to be an issue at ISP's end. Because spikes end when the modem-router is turned off.
The modem-router is not one which provides logging of traffic.
What has not been tried is to turn off each workstation for a few hours at a time - a rather messy and unprofessional move. There must be a more elegant way to track down the rogue workstation.
Otherwise, at a loss as to what to try next.
Any advice from the Experts would be most appreciated. Thanks