Find Public IP / Other for Intruder
Posted on 2014-01-20
Afternoon All -
My parents own a business and have had an employee working for them for about 15 years who was about my age (35) and that they treated like a son. He decided to quit a few months ago for whatever reason.
Found out this morning that he just opened a new company which does exactly what he did before that will go in direct competition with my parents. That's fine and all since competition is healty - however - he'd been trying to recruit some of my parent's current employees and was bragging about how he still remotes in and checks his email, has a copy of certain databases, as well as gets stuff from my father who gave him his password years ago. I'm pissed.
I've already tightened security and changed everything. Now gears have shifted to where I'm on the hunt.
I'm trying to find his public IP address / or may set a surprise for him the next time he logs in. The problem is that the router is a consumer brand and logging is slim to none. It's a Linksys E1500 which is connected to a Comcast Business Gateway. I saw a list of all recent Incoming attempts on the E1500, but only showed about 15 events and most were WWW.
- If a user logs into Windows via RDP, does the security log show the source public IP?
- Can I get further or more detailed logs by SSHing into router perhaps?
- Even though all is forwarded, think Comcast Gateway will have and logs?
Any ideas on what to check / look at to get this info or traps/honeypot to set?
Thanks Guys -