Unauthorized access by an unknown person (how to detect at what time, on which comp)

thedramathedrama Member Posts: 291 ■□□□□□□□□□
in Off-Topic
Hi guys, an adjacent person complained about an unauthorized access from his computer. Someone unknown or unknown to him,
had browsed a couple of website without his permission which is suggestive.

The problem is, the victim doesn't know the time or place in which the unauthorized access had been performed. He demanded it to be identified.

My question is, is it possible to identify the place,the time and the modem (whether school or his home) of that access as a computer user/network technician not the ISP?(not the ISP logs)
Monster PC specs(Packard Bell VR46) : Intel Celeron Dual-Core 1.2 GHz CPU , 4096 MB DDR3 RAM, Intel Media Graphics (R) 4 Family with IntelGMA 4500 M HD graphics. :lol:

5 year-old laptop PC specs(Toshiba Satellite A210) : AMD Athlon 64 x2 1.9 GHz CPU, ATI Radeon X1200 128 MB Video Memory graphics card, 3072 MB 667 Mhz DDR2 RAM. (1 stick 2 gigabytes and 1 stick 1 gigabytes)


· Share on FacebookShare on Twitter

Comments

  • vinbuckvinbuck Member Posts: 785 ■■■■□□□□□□
    Is this on a network you are managing/working?
    Cisco was my first networking love, but my "other" router is a Mikrotik...
    · Share on FacebookShare on Twitter
  • thedramathedrama Member Posts: 291 ■□□□□□□□□□
    vinbuck wrote: »
    Is this on a network you are managing/working?

    No its not. This problem belongs to a familiar person who wanted me to solve if possible.
    Monster PC specs(Packard Bell VR46) : Intel Celeron Dual-Core 1.2 GHz CPU , 4096 MB DDR3 RAM, Intel Media Graphics (R) 4 Family with IntelGMA 4500 M HD graphics. :lol:

    5 year-old laptop PC specs(Toshiba Satellite A210) : AMD Athlon 64 x2 1.9 GHz CPU, ATI Radeon X1200 128 MB Video Memory graphics card, 3072 MB 667 Mhz DDR2 RAM. (1 stick 2 gigabytes and 1 stick 1 gigabytes)


    · Share on FacebookShare on Twitter
  • RobertKaucherRobertKaucher Member Posts: 4,299 ■■■■■■■■■■
    Unless auditing is set up before hand, it is genrally exceptionally difficult or impossible to do after the fact.
    · Share on FacebookShare on Twitter
  • forestgiantforestgiant Member Posts: 153
    There's also forensics. I$ he willing to pay$$$$$?$$ (there's a question mark in there somewhere) :)
    · Share on FacebookShare on Twitter
  • Forsaken_GAForsaken_GA Member Posts: 4,024
    black hats arent' going to compromise a box just to use it to look at ****. . The adjacent person is very likely full of it and is indeed the culprit themselves. (Or their kids, girlfriend/boyfriend, if any of those are applicable)
    · Share on FacebookShare on Twitter
  • thedramathedrama Member Posts: 291 ■□□□□□□□□□
    so, wouldn't it be possible to track the actions happened in the past as a network tech or specialist without requesting the relevant logs from ISP belonging to that specific subscription to the DSL connection?
    Monster PC specs(Packard Bell VR46) : Intel Celeron Dual-Core 1.2 GHz CPU , 4096 MB DDR3 RAM, Intel Media Graphics (R) 4 Family with IntelGMA 4500 M HD graphics. :lol:

    5 year-old laptop PC specs(Toshiba Satellite A210) : AMD Athlon 64 x2 1.9 GHz CPU, ATI Radeon X1200 128 MB Video Memory graphics card, 3072 MB 667 Mhz DDR2 RAM. (1 stick 2 gigabytes and 1 stick 1 gigabytes)


    · Share on FacebookShare on Twitter
  • RobertKaucherRobertKaucher Member Posts: 4,299 ■■■■■■■■■■
    thedrama wrote: »
    so, wouldn't it be possible to track the actions happened in the past as a network tech or specialist without requesting the relevant logs from ISP belonging to that specific subscription to the DSL connection?

    Unless you have logging set up on the systems in question, you have confused IT with this: Magic (paranormal) - Wikipedia, the free encyclopedia
    · Share on FacebookShare on Twitter
  • Forsaken_GAForsaken_GA Member Posts: 4,024
    thedrama wrote: »
    so, wouldn't it be possible to track the actions happened in the past as a network tech or specialist without requesting the relevant logs from ISP belonging to that specific subscription to the DSL connection?

    And maybe not even then, most ISP's don't log all traffic, the amount of data that flows through them makes it prohibitive storage wise. The best you're likely to get out of the ISP are netflow logs, which will just give you bare session information, nothing about what actually took place, and you likely can't get those without a court order. From the ISP's perspective, *you* are responsible for securing your CPE.
    · Share on FacebookShare on Twitter
  • thedramathedrama Member Posts: 291 ■□□□□□□□□□
    Forsaken_GA wrote: »
    And maybe not even then, most ISP's don't log all traffic, the amount of data that flows through them makes it prohibitive storage wise. The best you're likely to get out of the ISP are netflow logs, which will just give you bare session information, nothing about what actually took place, and you likely can't get those without a court order. From the ISP's perspective, *you* are responsible for securing your CPE.

    im trying to build the question more clearly. what im intended to learn here is whether i am(as a networker) capable of finding the relevant records, time and the computer (the one at school or at work) accessed from. Without informing the ISP from the situation, is it possible to do those processes above
    as a networker?
    Monster PC specs(Packard Bell VR46) : Intel Celeron Dual-Core 1.2 GHz CPU , 4096 MB DDR3 RAM, Intel Media Graphics (R) 4 Family with IntelGMA 4500 M HD graphics. :lol:

    5 year-old laptop PC specs(Toshiba Satellite A210) : AMD Athlon 64 x2 1.9 GHz CPU, ATI Radeon X1200 128 MB Video Memory graphics card, 3072 MB 667 Mhz DDR2 RAM. (1 stick 2 gigabytes and 1 stick 1 gigabytes)


    · Share on FacebookShare on Twitter
  • MAC_AddyMAC_Addy Member Posts: 1,740 ■■■■□□□□□□
    All in all the victim should have locked his computer when leaving the desk. That's what I tell everyone to do.
    2017 Certification Goals:
    CCNP R/S
    · Share on FacebookShare on Twitter
  • Forsaken_GAForsaken_GA Member Posts: 4,024
    thedrama wrote: »
    im trying to build the question more clearly. what im intended to learn here is whether i am(as a networker) capable of finding the relevant records, time and the computer (the one at school or at work) accessed from. Without informing the ISP from the situation, is it possible to do those processes above
    as a networker?

    Sure, assuming you've deployed the proper amount of monitoring and logging tools to be able to do that kind of auditing.
    · Share on FacebookShare on Twitter
  • ZartanasaurusZartanasaurus Member Posts: 2,008 ■■■■■■■■■□
    Forsaken_GA wrote: »
    The adjacent person is very likely full of it and is indeed the culprit themselves.
    This was my first thought.
    Currently reading:
    IPSec VPN Design 44%
    Mastering VMWare vSphere 5​ 42.8%
    · Share on FacebookShare on Twitter
Sign In or Register to comment.