Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations John Tel on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Locating a rouge Device

Status
Not open for further replies.
tjbradford

tjbradford

Technical User
Dec 14, 2007
229
GB
I am a network admin of a large network, I have noticed that i have in my network neighbourhood a group call workgroup if i enter this network theres no devices in it, this network should clear after 45 mins from what i remember as it should expire, however it remains and has done so for many days now i half suspect that a user is plugging in a device that is not part of our network but maybe not, the question is how can i locate where this workgroup network is being generated from?

is there any tools anyone can suggest?
 
Sort by date Sort by votes
You can use angry IP
or similar to see if there are any rouge computers you don't recognise the name of, won't tell you where it is exactly.

You could then find the port number accossiated with the IP if you have that sort of enterprise level switiching.

Of course you may get lucky and find something called 'Daves Laptop!!' etc.


Adrian Paris

Paris Engineering Ltd

Google search of just tech forums & articles
(very useful, honest!)
 
Upvote 0 Downvote
I find Devices have been connected when we purge our Active Directory, this is why i want to try and find what keeps the workgroup folder active as i would like to stop it, i have a vb app i have half built that will run net view /domain and compare the results with that of what we expect if there are unknown domains such as mshome or workgroup then it will mail me.

I after some proactive monitoring , ping sweeping 5000 Desktops is not really an option.

i wish everyone called there laptop by name tho :eek:) much easier.
 
Upvote 0 Downvote
Meh. Our old network admin had the great idea of naming all workstations after towns in Argentina.

We only had 40 of them, but the time it took me to find 'cordoba' or 'rosario' every time I had a problem had me cursing the day he was born.

I can't imagine the same problem on 5,000 machines. *shudder*
 
Upvote 0 Downvote
well at the moment i have a very crude script

basiclly it works like this

net view /Domain:WORKGROUP |grep -c successfully >c:\sus.txt

if c:\sus.txt contains the text 1 then do something
else
loop

if theres no other solutions then this will have to be the start of the application that i'm going to create.

so i will be looking at something to extract the domains from the net view then populate them and check which ones are expected for the ones that are not permitted it will need to run the above to see if there live.

this leads me to another question , if i'm on A-Domain and someone is on Disallowed-Domain can i net send to the Disallowed domain from my A-Domain ?

if so i could just netsend the domain that becomes active to say there breaching our security policy.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Nick Ellson
  • Locked
  • Question
Bind9 with RPZ and local forwarding zones?
Replies
1
Views
10K
Nick Ellson
Nick Ellson
KenMeans
  • Locked
  • Question
DNS Issues with wireless router behind Atlantic Broad band Business Modem
Replies
0
Views
10K
KenMeans
KenMeans
Blind Faith
  • Locked
  • Question
Bind9 master insisting on checking NS at root
Replies
5
Views
11K
YoBo7
YoBo7
alpha76
  • Locked
  • Question
Advice on DNS setup/configuration
Replies
3
Views
11K
technome
technome
tbright
  • Locked
  • Question
DNS reverse lookup errors: zone 1.168.192.in-addr.arpa/IN: has no NS records
Replies
1
Views
12K
tbright
tbright

Part and Inventory Search

Sponsor

Back
Top