Re: Suspicious network activity advice

["Justin Lintz" <jlintz () gmail com>]

Did the date/time stamps correlate to you actually being at your desk
at the moment of the suspicious activity?  What type of connections
were they to the other machines?

On 22 Dec 2006 11:22:26 -0000, infinite_uk () hotmail com
<infinite_uk () hotmail com> wrote:
> Could anyone offer me some advice or guidance with this please.
>
> I am developer and have been suspend from work because of 'suspicious network activity'. It's a corporate network (local 
> government) predominantly running a combination Microsoft OS's across many sites.
>
> It seems that many computers on the corporate network have entries in their event logs to say that my system logged onto 
> these machines for any instant. This happens three times of the course of a single day and but second time my 
> computer's events log shows that each of these computers have logged back into my system.
> The IT audit section sent the computer away and it came back clean e.g. no viruses and their stance seems to be that they 
> don't know what has happened but they believe that I have used some kind of scanning software.
>
> I'm trying desperately to find another explanation for this, can anyone suggest what might have happened. Could using 
> something like visio or a simple file search across the network produce similar activity?
>
> They did seems to think that it was relevant that each computer was contact in alphabetical order not IP order.
> Any help would be greatly appreciated.


--
- Justin Lintz