View Full Version : Any IT Folks Out There? Got A Question...

12-02-2009, 12:18 PM
So I work at a company with approximately 1,500 employees. I work primarily from a desktop PC, but often bring in my Macbook as well. The company has guest-access WiFi throughout the building accessed with a username and password - it used to be a universal user/password setup but IT has recently changed that policy. If you want to use the WiFi you need to request a username and password that will be specific to your employee email.

Long story short, I was never big of the WiFi anyways. Due to all the firewalls and security it was fairly slow and prevented you from connecting to outside FTP sites. But, I soon found that if you unplugged the ethernet cord from my desktop PC and plugged that into my Macbook it bypassed all of the firewalls and allowed access to outside FTP sites as well as the bit-torrent program I had installed on my laptop (I had a bunch of partially downloaded albums in my queue that downloaded quickly when I logged into the program.) Now I have a separate ethernet cord at my desk specifically for my laptop. The cord is run to a 5 port ethernet jack at my coworker's cube next to mine.

So my question is: is it extremely stupid of me to be illegally downloading music at work? How easily could the IT department detect the activity of my laptop through the company's internet network? I always immediately delete any files I've download once they've been copied to my iTunes folder - I never seed files. In the meantime I've ceased any downloading until I get some answers - seems like a really stupid thing to get fired for. Any insight or answers to my question would be appreciated. Much obliged.

12-02-2009, 12:20 PM
Short answer: If they have the technical shit set up, they can see everything you are doing over their network, up to and including torrents/p2p etc

12-02-2009, 12:23 PM
Thanks, Gizmo. That's what I had assumed.

12-02-2009, 12:24 PM
Hmm. Well, here's what's gonna happen:

If they notice the spike in traffic routed to the IP that 5-port switch operates on, they could conceivably come knocking looking for answers. Odds are the switch doesn't really have a utility or any kind of table they could access and get specific information about the MAC address (series of numbers and letters used to identify any network device) responsible for receiving all those packets, so they'd basically just look at where each of the cables plugged into the switch go. From there they'd likely have to just hop on each machine that appears to be plugged into it and try to find evidence of p2p sharing going on based on the applications installed.

If it's a bittorrent app you're using they might at some point review the usage statistics from the firewall and notice all the traffic traveling over those ports and protocols and get wise. It's a risk, though it's also an awful lot of hassle for them to bother hunting you down. In my experience for the most part people only get fucked with if one of two things happens: 1) there's significant network slowdown and they need to figure out where it's coming from, so they start going through the logs or 2) they get a cease and desist letter from their ISP regarding the transmission of specifics files, generally only from the MPAA. Music sharing doesn't seem to catch much of a hassle anymore but movies still turn up a few cease letters.

12-02-2009, 12:28 PM
"If they have the technical shit set up."

Yeah, not quite that simple. But whatevs.

The real problem is if they do get cause to come looking for what's routing all that traffic through that 5-port and successfully determine it's you, they might very conceivably fire the shit out of you. Also depending on what kind of a server situation they have going on, if they have Bonjour Administrator running they could possibly actually be able to track things directly to your Macbook and your Macbook might just turn over some information like the friendly name of the device, which might give you up depending on what it is.

12-02-2009, 12:36 PM
Thanks Randy. Very detailed, helpful info. Pretty much what I'd assumed. The IT Department here is pretty busy - it took them 2 days to respond to my request to have Flash installed on my PC. I sincerely doubt anyone in that department cares about my extra curricular activities on my laptop - or has time to pursue it if they did have a problem, but its good to know that there is a risk involved.

And yes, my Macbook is titled BOBERT'S MAC or something similar, so if they did detect suspicious activity from that port they wouldn't have to look far to find the owner.

Again, thanks for the response. Definitely have a much better idea of the risk involved and will proceed accordingly.

12-02-2009, 12:44 PM
Yeah, if it's an all-PC house then you don't have quite as much to worry about from that side of things. Bonjour Admin is one of the few server utilities that really allows you to pull down such detailed info automatically like that, and it only really works that way with a Mac Server and Mac clients. But if they don't really have many Macs in house odds are all the servers are Windows and Linux boxes. There might be some Linux utilities that do that but I certainly can't name any.

You might want to change that friendly name for sure, but in general even if they have call to go looking for where that spike in traffic is coming from all that they'll get is the IP of that 5-port switch. Then they'll notice that there's multiple devices registering on that IP, figure out that it's probably a 5-port switch, and even from there it's kinda hard to specifically pinpoint where that switch would be physically located, after which they'd have to go looking around for it, find it, and trace the wires from it to each machine.

Short answer: unless they get a cease and desist letter (which makes it a legal issue they might want to actually fire someone for), what they'd really do is just block the ports and the protocol. No one's going to bother going through all that fucking trouble.

12-02-2009, 12:58 PM
Cool. Computer name changed. Thanks again, Randy.

12-02-2009, 07:59 PM
I work in IT at a large organization (~5000 employees). If you use significant bandwidth, you will get noticed and you will get caught. No one really has time or the inclination to monitor for specific types of traffic, but large bandwidth spikes will definitely get you noticed. We also know exactly which IP ranges are assigned to which floors, and can pretty easily (<5 minutes) trace you machine's MAC address to a specific port in the wall if required.

Now, if you did get caught, your manager would be notified, but that's probably all that would come of it other than a talking-to.

You're probably fine downloading the odd song.