How to Detect Dropbox on Your Network

The University of Liverpool recently found over 3,000 individual instances of Dropbox running on their network. These unmanaged file sharing points throughout their network were causing an ever growing list...
Michael Buckbee
1 min read
Last updated June 9, 2023

The University of Liverpool recently found over 3,000 individual instances of Dropbox running on their network. These unmanaged file sharing points throughout their network were causing an ever growing list of increasingly serious complaints from their users:

  • It was difficult to establish who owned which documents (an important issue when writing your dissertation).
  • It was difficult to establish cleanly defined groups that needed to collaborate (the Econ 203 Fall Semester class)
  • It was impossible to safeguard data as students, administrators and professors left the organization (potentially taking large amounts of personally identifiable information with them).

With the above in mind, we present to you the following methods that you can use to detect and block Dropbox on your own network, in order to keep your files, permissions, and collaboration secure.

Get a Free Data Risk Assessment

Null route DNS for Dropbox requests.

Depending on your DNS setup, you can set a custom record for Dropbox.com within your network that will prevent Dropbox client apps and the website from being accessible.

Use your Firewall to block IP ranges.

Dropbox operates their services from a comparatively limited number of IP addresses. If your corporate firewall has the ability to deny outbound requests to an IP address range you can add these to its ruleset.

The American Registry for Internet Numbers (ARIN) is the organization tasked with handling the allocation of IP addresses and Dropbox’s list is located at:

http://whois.arin.net/rest/org/DROPB/nets

It should be noted that the above two strategies both block Dropbox, but may or may not identify Dropbox users on your network. Most firewall applications keep a log of blocked requests which you could use to trace back to the IP address of individual workstations.

Alternatively, you could use search through your fileshares and workstations to find folders that match a certain pattern. While it’s possible to add this to your virus scanning software, we’ve found it easier to use a PowerShell script.

https://gist.github.com/mbuckbee/982a400135d5a943e97f

Scanning home folders

If you have Varonis DatAdvantage and your end users store their home folders on your file server, you can find Dropbox users in seconds. See our KB article to find out how.

Use the Force wisely

Dropbox is certainly a great individual solution — we’re not arguing otherwise. But in an enterprise environment, it does increase the risk of sensitive data leaking out of a file system.

If you understand the risks and are able to justify Dropbox in certain scenarios, more power to you. But otherwise, we strongly recommend you take the measures above to block addresses and detect users.

What should I do now?

Below are three ways you can continue your journey to reduce data risk at your company:

1

Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.

2

See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.

3

Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

what-is-network-segmentation?
What Is Network Segmentation?
Network segmentation is the act of dividing a computer network into smaller physical or logical components in order to increase security and protect data.
arp-poisoning:-what-it-is-&-how-to-prevent-arp-spoofing-attacks
ARP Poisoning: What it is & How to Prevent ARP Spoofing Attacks
ARP Poisoning is a type of cyberattack that abuses weaknesses in the widely used Address Resolution Protocol (ARP) to disrupt, redirect, or spy on network traffic. In this piece, we’ll…
what-is-an-smb-port-+-ports-445-and-139-explained
What is an SMB Port + Ports 445 and 139 Explained
An SMB port is a network port commonly used for file sharing. IBM programmer Barry Feigenbaum developed the Server Message Blocks (SMB) protocol in the 1980s for IBM DOS. SMB continues to be the de facto standard network file sharing protocol in use today.
cifs-vs-smb:-what's-the-difference?
CIFS vs SMB: What's the Difference?
CIFS, SMB, Samba, and NFS are technolgies used to network client and server systems. Learn the difference between them and which to use when.