Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

ACC report on Sunday

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

ACC report on Sunday

L6 Presenter

Hi Guys,

 

ACC issue. Don't know what could be the reason for the URL block report to show some activities when nobody was using a network on Sunday. NTP? And also question to why all users got 2 digits in the end of their username, Is it normal?

 

Latimer issue.PNG

Thx,

Myky

1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

Network trafic being reported even when nobody is physically on site wouldn't be that weird since users could have applications on there computers that are still actively trying to communicate. The traffic going to snapchat makes things a little more suspicious because I don't think that actually has a website and makes you go through the phone which would indicate that if it's proper traffic they would have had to be within WiFi range. 

 

The source user not being anything that you recognize is a little more alarming to me; it should only be identifying users that are actually in your system, if theses users with those numbers are not even in your system you have to wonder how they got there. 

View solution in original post

6 REPLIES 6

Cyber Elite
Cyber Elite

Network trafic being reported even when nobody is physically on site wouldn't be that weird since users could have applications on there computers that are still actively trying to communicate. The traffic going to snapchat makes things a little more suspicious because I don't think that actually has a website and makes you go through the phone which would indicate that if it's proper traffic they would have had to be within WiFi range. 

 

The source user not being anything that you recognize is a little more alarming to me; it should only be identifying users that are actually in your system, if theses users with those numbers are not even in your system you have to wonder how they got there. 

Hiya,

 

Agreed with you regarding communication is still active (even on weekend). The thing is that username is correct (recognised withing the system), but only with 2 digits extension. Don't know maybe syslog read error or something?

 

Cheers,

Myky

What happens if you do a show log userid user equal 'userid' and look at the logs. Where does it show that the user was actually coming from. It could be a simple syslog error but I wouldn't expect that to add/remove anything from a user name like that. 

Further investigation showed that the users were on site on Sunday. Regarding the activities on between 2 - 4 AM suggests that they didn't log off from their machine. Thanks  as always. Activities were observed from both wired and wireless networks.

@TranceforLife did you ever find out why the numbers were added to your user ids, or is that something that was expected in your enviroment? 

No could not find out why. We might need to check that again but at this point it acceptable as all users id are correct just 2 digits added for some reasons.

@BPry What l've noticed is that your giving quite bright replies/suggestions 🙂

  • 1 accepted solution
  • 2714 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!