How to Detect Dropbox on Your Network

The University of Liverpool recently found over 3,000 individual instances of Dropbox running on their network. These unmanaged file sharing points throughout their network were causing an ever growing list...
1 min read
Last updated June 9, 2023

The University of Liverpool recently found over 3,000 individual instances of Dropbox running on their network. These unmanaged file sharing points throughout their network were causing an ever growing list of increasingly serious complaints from their users:

  • It was difficult to establish who owned which documents (an important issue when writing your dissertation).
  • It was difficult to establish cleanly defined groups that needed to collaborate (the Econ 203 Fall Semester class)
  • It was impossible to safeguard data as students, administrators and professors left the organization (potentially taking large amounts of personally identifiable information with them).

With the above in mind, we present to you the following methods that you can use to detect and block Dropbox on your own network, in order to keep your files, permissions, and collaboration secure.

Get a Free Data Risk Assessment

Null route DNS for Dropbox requests.

Depending on your DNS setup, you can set a custom record for Dropbox.com within your network that will prevent Dropbox client apps and the website from being accessible.

Use your Firewall to block IP ranges.

Dropbox operates their services from a comparatively limited number of IP addresses. If your corporate firewall has the ability to deny outbound requests to an IP address range you can add these to its ruleset.

The American Registry for Internet Numbers (ARIN) is the organization tasked with handling the allocation of IP addresses and Dropbox’s list is located at:

http://whois.arin.net/rest/org/DROPB/nets

It should be noted that the above two strategies both block Dropbox, but may or may not identify Dropbox users on your network. Most firewall applications keep a log of blocked requests which you could use to trace back to the IP address of individual workstations.

Alternatively, you could use search through your fileshares and workstations to find folders that match a certain pattern. While it’s possible to add this to your virus scanning software, we’ve found it easier to use a PowerShell script.

https://gist.github.com/mbuckbee/982a400135d5a943e97f

Scanning home folders

If you have Varonis DatAdvantage and your end users store their home folders on your file server, you can find Dropbox users in seconds. See our KB article to find out how.

Use the Force wisely

Dropbox is certainly a great individual solution — we’re not arguing otherwise. But in an enterprise environment, it does increase the risk of sensitive data leaking out of a file system.

If you understand the risks and are able to justify Dropbox in certain scenarios, more power to you. But otherwise, we strongly recommend you take the measures above to block addresses and detect users.

What should I do now?

Below are three ways you can continue your journey to reduce data risk at your company:

1

Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.

2

See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.

3

Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

anatomy-of-a-salesforce-data-breach:-stopping-user-impersonation
Anatomy of a Salesforce Data Breach: Stopping User Impersonation
How a bad actor systematically impersonates users to exfiltrate millions of Salesforce records.
why-data-centric-security-is-important-for-the-dod
Why Data-Centric Security is Important for the DoD
Learn how Varonis protects DoD environments by utilizing various approaches to secure sensitive data.
varonis-incident-response:-stopping-microsoft-365-direct-send-abuse 
Varonis Incident Response: Stopping Microsoft 365 Direct Send Abuse 
Learn how Varonis Threat Labs uncovered a critical Microsoft 365 Direct Send exploit, and how organizations leveraged Varonis Incident Response to protect themselves from attack. 
creating-custom-gpts-and-agents-that-balance-security-and-productivity
Creating Custom GPTs and Agents That Balance Security and Productivity
Custom GPTs and AI agents compound productivity, but with that comes added risk. Learn about ChatGPT's custom GPTs and how to build them with data security in mind.