1

I am trying to find an explanation of why some websites are reported on a Wifi log but have not been clicked on by the user. I have done some research into the area of DNS poisoning, which might offer a possible explanation. Can anyone offer any experience/knowledge of this kind of behaviour?

4 Spice ups
(Rod-IT) 2

Can you clarify, are you asking why some sites say they are blocked?

It’s usually the public IP has been doing something spurious, not the Wi-Fi or clients themselves, but most clients in a business share the public IP, so it may have been another rogue user

2 Spice ups
3

It is a company Wifi log and I am trying to find out why I have been reported as accessing sites that I have not clicked on. Yes, these sites that I have allegedly accessed were blocked by the firewall (as they were prohibited) but the fact is that I did not access them.

1 Spice up
4

So we’re back to your old topic, but you’re trying a different tactic to validate you’re not actually going to this site.

If this is still your personal device, please stop using company Wi-Fi on your own device.

Firewall activity log issue - Security - Spiceworks Community

2 Spice ups
5

You are conflating clicking with accessing. They are not the same thing.

Absent some fanciful explanation (which you now appear to be fishing for) - if the access logs say your device tried to access something prohibited - your device did. However, that also does not mean it was a deliberate action you took.

Apps on your phone access stuff in the back-ground when they detect a network connection without you taking any action - ALL the time. None of that activity is generated by the user but will be seen and logged by network monitoring.

3 Spice ups
6

Thanks, phildrew. The question is, is there any way I can prove that it was not deliberate? I have a copy of the logs with all the sites that were accessed (including the blocked ones) but I do not know if they are any use in isolation. Is there kind of technical analysis that could be used to show user intent or otherwise?

7

There are several possibilities for such situations.
1- A compromised device, a malware or a browser extension generating this traffic.
2- A misconfigured applications making those calls.
3- Network level compromise such as man in the middle attacks
Suggested Solutions:
1- Install and update anti-malware software
2- Fresh installation of the OS or factory reset the mobile device
3- Network troubleshooting and traffic analysis.

If nothing was found, and if the situation kept happening, it’s hard to justify the access of such websites.

(phildrew) 8

Unless you have a screen recording of your device at the time, or something else that shows all user activity, then you have no way to prove what user activity occurred on your phone vs what is background activity.

Nobody else, with only external monitoring (like a firewall log), can sufficiently prove this either - accurately distinguishing background vs user activity from a device.

2 Spice ups
9

But your topic doesn’t suggest this, it suggests you’re looking to blame something, other than apologising and avoiding putting your own device on a company network in future. Regardless of how it happened, it did.

Clearly you’ve not been let go, so why is this still an issue. You’ve explained you didn’t visit these sites at least not intentionally. Warning given. As I said above and on your other topic, the whole debacle can be mitigated by not using your companies Wi-Fi on a personal device.

You’ve probably opened emails or something where ads have been down the side based on your previous searches, history or other sites you’ve been on, on your personal device, what has brought this up is, you put your personal device on a corporate Wi-Fi, lesson learned.

Is there any legal action being taken against you or are you at risk of being made redundant, if not, park it and move on. Avoid using personal devices on corporate networks, period.

2 Spice ups
10

What do the logs show out of curiosity - your IP at the time or your device name, make and model?

1 Spice up
11

I have been made redundant because of this and am now trying to prove that this was wrong. The company simply saw the logs and used that as justification. The logs simply show the websites that were accessed on my account.

12

With respect then, would you want to work for this company?

I would make the assumption if they’ve let someone go for visiting a site (known or unknown) that was blocked anyway, there is more to it and for that reason I wouldn’t want to go back here.

We don’t know how you handled things your side when you was advised of this, we don;t know if they have evidence it was you, or an IP you had previously used, we don’t know a lot of things.

What we do know if you put your personal device on the company network - I’d move on and see this company as not right, for you.

2 Spice ups
13

I would think it depends on who you are proving it to ?

I give you an example where we had a HR VP (she was rather strict and IT ignorant). She came across some grapevine “news” that one of the IT supervisor level staff had “distasteful” websites displayed on his screen as other staff walked past.
She then requested logs from the staff’s browser history from the IT manager and promptly issued a dismissal letter (literally within 15 minutes).

We (IT VP & IT manager) immediately did the explaining on the staff behalf as his role was to test our firewall appliance, some of our corporate websites and certain firewall policies etc. Furthermore that was a “pop-up” (worse was from our eHR site) that was a local vendor and had their sites compromised…the staff was testing as staff feedback that they had such “weird” pop-ups when acessing eHR from home.

3 Spice ups
14

Your profile says you’re in the UK - so assuming that is the case then you’ve got specific protections.
If you feel you have a valid complaint you need contact an employment lawyer - or https://www.acas.org.uk/advice

AFAIK, you can’t be made redundant for infringing a company rule - you can only be made redundant if the company no longer needs the services you provide (Make sure your redundancy is genuine - Citizens Advice)
you may have been dismissed - then you may have a case for unfair dismissal, that will depend on how the company has gone about the dismissal and how long you’ve been there for.
your best bet is an employment lawyer - they’ll be in a position to give you the right advice regarding your employment and I wouldn’t worry about the logs - just don’t connect your personal phone to corporate network.

1 Spice up
15

You’re hellbent on finding a cause for this, instead of admitting it was by accident and moving on.

Iphone compromised - Apple iOS

iPhone compromised | MacRumors Forums iPhone compromised | MacRumors Forums

Here you admit you wasn’t working;

Followed by the same advice I gave you here

“If you were using your personal phone, it would be a good idea to stay off the company WiFi (for many reasons).”

You never mentioned that here, but if it was and I mean this very lightly, something in an email, even you can work out that showing them should be validation enough.

Wifi logging the wrong websites - help needed - Web Browsing/Email and Other Internet Applications

Not strictly true, while you may not have purposefully, been to these sites intentionally, your device did. You have, based on your own admission elsewhere, used your personal phone on works network for emails, which you said, may have had adult content on them - if that is true, I am not sure what you need from us, your evidence in there, in your email.

FYI, 50 hits on a website doesn’t mean 50 visits, it could all be to the same site, but include subdomains with 50 images.

I also doubt from the above link that you are using certificates here. It’s your personal phone, so you’re probably on the guest network, which you shouldn’t be. Certificates are used to secure the companies own machines - I also doubt you have access to the certificate.

When I posted this I didn’t realise how many other forums you’ve asked this question on, and you’ve tried other tactics too, including querying IPs (which are Microsoft’s).

The biggest takeaway from this and the replies on the other forums is not to use your personal device on company Wi-Fi. I’d not want to see you post again in 3-6 months with the same issue from another company because you’ve not taken the advice given.

If you believe you have been unfairly dismissed, @Andrew_F has provided you places to reach out to.

2 Spice ups
16

Which country are you from ?
Most nations have employee protection and would need at least issue a warning to the staff unless there is a strong case for dismal with prejudice like staff actions involve physical violence, verbal abuse, racism, terrorism or political engagement or other very serious crimes.

17

I am going to take this advice one step further.. Work and Personal should be kept separate.

  • Work devices for work networks and work purposed only.
  • Personal devices for personal use only and don’t connect them to work networks (or any free public wifi really)

I have seen to many cases of people getting in trouble for mixing work and personal. From people losing data because they stored heaps of personal items on a work computer to people getting in trouble with their employer for doing private personal activities on work devices. Its basic risk management.

2 Spice ups
18

UK taken from their profile and posted by another response.

19

THIS! All day and every day.

The only minor exception I’d make is if a company provides “guest” WiFi access. If so, it could be acceptable to connect personal devices to such a network. However, one should still generally abstain from active use of personal devices while at work nonetheless (even on breaks to a large degree). Use of such personal devices during work hours should optimally be limited to personal communications of a time-sensitive nature (e.g., urgent personal matters).

For example, I actually have all wireless access points (and wireless routers used as wireless access points) at our main location separated out onto an isolated VLAN that’s in its own zone on our firewall and we allow employees to connect their mobile phones to this network as well as provide access to potential future employees which visit our employment center. We do the same content filtering on that network as we do on for corporate network. Despite providing this access, it’s still going to be expected that employees don’t use their personal devices for, say, checking their friends’ Facebook pages while on the clock in the same manner that using a company-owned system should not be used in such a way either.

20

From your account? Or rather, from your IP address, LAN port, PC, or company login? Was there any sharing of your network connection from your workstation?

Not that any of this will do much good. There are now too many reasons for the company to not hire you back, just because they were wrong.

  • This was just the justification they used;
  • They won’t admit they were wrong, even in the face of evidence;
  • They don’t want an employee with a fresh and valid chip on his/her shoulder around the office.

I’m sorry for your troubles. But the truth is there are more ways to prove you are guilty than there are to prove you’re innocent.

1 Spice up