OT- Attention Network Admin
|
Joined: Feb 2004
Posts: 791
aficionado
|
OP
aficionado
Joined: Feb 2004
Posts: 791 |
I have a strange question. I'm a network administrator myself and would like some feedback.
My question is this: Were can the log files be found or located for net send? Friday we had a joker send out a message to the entire domain that said "eat sh*t f**kers". The PC name was displayed but can't be found. The DHCP logs show the IP and Host name. Active Directory does not have a record of this PC. I'm chasing my tail, because HR wants someone’s head. I’m starting to believe that it’s a lost cause. Any ideas?
Thanks
Tom
M80's VP150 QS8's Earthquake SuperNova MKV-15 Integra DTR-7.4 Outlaw 755 Outlaw M200's Outlaw ICBM
|
|
|
Re: OT- Attention Network Admin
|
Joined: Feb 2004
Posts: 1,703
connoisseur
|
connoisseur
Joined: Feb 2004
Posts: 1,703 |
...only a guess but I'm thinkin it wouldn't be logged unless you have auditing enabled
?
|
|
|
Re: OT- Attention Network Admin
|
Joined: Feb 2004
Posts: 715
aficionado
|
aficionado
Joined: Feb 2004
Posts: 715 |
Do you keep logs of authentication? Where I work we have logs where I can do a search for computer names with the associated user ID. It shows me that a specific ID authenticated to the network via a specific computer (or exchange or whatever). You might be able to find it that way. However, if it was a personal PC (a laptop) just using your network it probably would not show up.
Also, if you don't have this configured it won't be tracked...
jr
"What can be asserted without evidence can also be dismissed without evidence." C Hitchens
|
|
|
Re: OT- Attention Network Admin
|
Joined: Apr 2003
Posts: 16,441
shareholder in the making
|
shareholder in the making
Joined: Apr 2003
Posts: 16,441 |
Is there any way you can track down the MAC address of the offending computer? If you can get the MAC, the you may be able to track it to a specific network jack in your building.
If you use Cisco switches, and the offending computer is still on the network, then you can track it down to a specific port with the show mac-address-table address xxxx.xxxx.xxxx command. You'd have to run this command on every switch until you found a match.
|
|
|
Re: OT- Attention Network Admin
|
Joined: Feb 2004
Posts: 1,703
connoisseur
|
connoisseur
Joined: Feb 2004
Posts: 1,703 |
|
|
|
Re: OT- Attention Network Admin
|
Joined: May 2003
Posts: 18,044
shareholder in the making
|
shareholder in the making
Joined: May 2003
Posts: 18,044 |
I doubt that anyone dumb enough to do a broadcast insult over a network is smart enough to spoof a MAC.
I am the Doctor, and THIS... is my SPOON!
|
|
|
Re: OT- Attention Network Admin
|
Joined: Mar 2002
Posts: 1,351
connoisseur
|
connoisseur
Joined: Mar 2002
Posts: 1,351 |
do net send messages get saved in the event log?
no wait, i don't think they do... or maybe they do...
damn, i'm out of practice!
|
|
|
Re: OT- Attention Network Admin
|
Joined: Apr 2003
Posts: 16,441
shareholder in the making
|
shareholder in the making
Joined: Apr 2003
Posts: 16,441 |
True, MACs can be spoofed, but you could still trace the spoofed address to a switch port.
|
|
|
Forums16
Topics24,949
Posts442,517
Members15,619
|
Most Online2,082 Jan 22nd, 2020
|
|
0 members (),
710
guests, and
1
robot. |
Key:
Admin,
Global Mod,
Mod
|
|
|
|