How do I trace someone downloading illegalz?
polycounter lvl 14
So someone has been downloading games where I work, and now C&C3 is the latest. I am teh unofficial IT guy (not sure how this came to be) and the boss mans are getting on my case about it. ESA sent a letter to our ISP and they be pissed. They need to know if we're working to resolve this matter.
Given a recession and all they can't wait to fire the guy doing it too.
I went around to each computer after hours with the admin login and I could not find a bit torrent client installed, so whoever is doing it is covering their tracks fairly well.
Anywho, everyone within the company broadcasts the same IP address. All I know is that the protocol used was torrent of course. Just wondering if any of you smart fellas know of a tracing program or something?
Given a recession and all they can't wait to fire the guy doing it too.
I went around to each computer after hours with the admin login and I could not find a bit torrent client installed, so whoever is doing it is covering their tracks fairly well.
Anywho, everyone within the company broadcasts the same IP address. All I know is that the protocol used was torrent of course. Just wondering if any of you smart fellas know of a tracing program or something?
Replies
Use scare tactics and remind people that pirating at work will lead to dismissal. If they don't just want it to stop, but want to use it as an excuse to fire someone. Anyone. Then I'll just say "tough luck" and let someone else help you :P
You can usually log into your router or even go machine to machine to double check the mac addresses once you get it from the ISP. I'd be pretty sure they could give it to you.
I guess that is a no-go huh? I was hoping I could install some sort of spyware on everyones computer and then I could log in from a master. Then my best shot is to hope whoever is doing it tries one more time...
EDIT: Nope no MAC address was given.
The thing is, do you know for sure they are doing illegal downloads? Remind your boss of that. How do you know that they are playing the games? Even further, why to you assume they were illegally downloaded. I've taken games into work, and me and my coworkers played them during lunch.
Anyway, enough preaching. Something to keep in mind, bit torrent programs can be loaded onto a memory stick, so searching the computers probably is useless. You need to check IP traffic like gir mentioned. If you don't have access to that kind of info, tell the boss it's his problem. If it's a small network (where you only have a router, no server), then see if there is software that can be installed onto the client machines, that will track bandwidth usage.
Edit: damn, slow post. You can assign static IPs to each machine if you want. That's a big task though, if it's a big network.... who knows, maybe it's your boss doing the downloads
hehe...yep I know what a mac address is. I blocked my neighbor at home a long time ago once.
Enventis didn't provide anything except 1.7GB, protocol = torrent, & the company IP address.
I considered that. The last time we tried that we screwed with the remote desktop everyone uses and the accounting and purchasing software.
I might just have to hire someone from the outside. Was sort of hoping I could've found the culprit myself.
Just go with what East said.
Anyways I'm of no help on this issue, sorry for a very un-constructive post! :P
Edit - forgot that data as large as that could be put onto a memory stick, so yeah, it may be a long hunt with no outcome.
I know Opera has a built-in torrent client. Might want to check for that (and do a bit of searching for other apps that do the same).
In the future, you have a few options. The most effective would be to set up your server to log everything, but that can be a pain. An easier but less reliable approach would be to just install some sort of network monitor app on each machine (something like NetMeter) to record download volume. It won't tell you what's been downloaded to a machine, but it will tell you how much. If you can install a monitor on all of the machines, and check it each night or so, you'll be able to see who is pulling down huge 1.7gb files files, regardless of where they're stored. Lots of freeware apps to do this, too, but you'll need to spend time installing it...
I worked at a place that got audited and it suuuuuuuucked, you practically need a DNA sample from the salesman you bought the software from to prove you own it.
That sounds like the best I can hope for at the moment with the limited resources at my disposal. Thanks I'll give it a try. Hopefully I can catch the PC grabbing tons of data before the ISP does. Then I'll see if I can "undelete" the .torrent from said offender.
oh and if you have a wlan access in your office you may also check what the kids in the playground are doing (I used to search for open wlan spots when I was on vacation with parents back in the day)...
easy.
All you need to know is what your machine calls your network devices, so ipconfig will help here, the interface has tootips on mouseover.
for the solution of what IP is who, I'd turn on name resolution, which is view->name resolution -> network layer. so instead of seeing just IPs, you can get what they call their computer.
From here, you just look for trackers, which are pretty easy to spot by name, and it does NAT, so you'll see like dest=tracker.thepiratebay.org src=192.168.1.104 for example. Then, you can find out who uses 104 through a variety of ways, either using routing tables or nmap the MAC and compare to hardware, or just see whos network shares they are.
It won't be like "ZOMG, SOMEONE IZ TORRENTZ0r!" but you can identify where their packets are going/coming from, and its pretty easy to spot a torrent tracker, and figure out who its going to.
You should just tell everyone, "listen, I don't know who is downloading shit, but stop it. If it continues, we'll have to monitor everyone's traffic and you will probably be fired." That will solve the problem because the guy will stop downloading, and if he doesn't his friends who know about it will make him stop so they can still watch pr0n at work.
Don't get some guy fired just because he downloaded a game. You don't even know if he owned a copy & lost the disc, if he owns a copy but didn't have the CDs at work, etc.
With chalk while they lie motionless on the pavement.
C:\Documents and Settings\<name>\Application Data
uTorrent stores a copy of the downloaded torrents there, perhaps other clients as well.
I'm on board with the whole have-a-meeting about it and just let them know whatsup and to cut the shit out or else kinda deal.
I agree with sonic, if i downloaded a game at work at some punk ratted me out to the boss , id not only be pissed but things like this don't go away.
your coworkers wont trust you and everyone will make fun of how much a little snitch you are behind your back and in a worse case scenario to your face.
I would just warn everyone and don't say it like your warning them but tell them the management is saying it so you don't look like a corporate slave :P
[ame]
I would threaten to play that over the PA system every single day if the dl-ing didn't stop posthaste.
Whether the person is found and fired or not, I think your company needs to have a meeting about this so it's clearly outlined that this kind of behavior isn't tolerated.
Actually a bulletin was posted already because our ISP caught someone downloading movies before. So whoever is doing it should already know not to. The warning thing has been tried a couple times already. We either find who it is or we cut all net access for everyone.
I'm no expert on bandwidth costs since the company I was an IT guy at ran their own ISP which put a buffer between me and that stuff... BUT you guys might be able to save money by blocking bandwidth hogs like P2P software and streaming music/video.
Might want to clear it with management first, though.
im arman and i approve this message :thumbup: