Re: Windows Media Player Share access attempt by unknown PC on LAN

[TAS <p0wnsauc3 () gmail com>]

Hi,

There are some lines in your email that were a bit confusing, however
the line "ISP is not segmenting our DSL connection correctly and we
receive traffic from other DSL clients in the building" If you say it
is a DSL connection how can you receive traffic from other DSL
connections? Isn't a DSL connection suppose to be dedicated?

TAS


> traffic from other DSL clients in the building

On 4 October 2010 03:43, Ingeniero Arellano <arellanobmsc () gmail com> wrote:
> Hello,
>
> We have a simple LAN providing internet access to under 6 PCs from a
> DSL connection.  Originally the ADSL modem plugged in to our Wifi
> Router, which serves DHCP and is also the LAN switch.  Now this has
> been replaced by a Linux iptables Firewall as the uplink to ISP's DSL.
>  The Wifi is still router/dhcp since routing can't be disabled on this
> device to make it only an access point, this is pending since we want
> DHCP and NAT to be exclusive on the Linux GW/FW.
>
> Issue came up when we received a popup message from Windows Media
> Player on one of the Vista PC's, asking for permission to share
> music/media from the library with another PC.  Problem:  the named PC
> does not exist on our LAN. (also we don't share Windows Media player
> even locally, this service is not being used consciously).
>
> Our hypothesis are the following:
>
> 1. some kind of false positive or obscure Windows handling of its
> probably insecure LAN media sharing services.  maybe this unknown PC
> was connected to our LAN at some point - which is possible because
> consultants come in once in a while with their laptops.
>
> 2.  Our WPA2 protected Wifi Router (also with MAC control recently
> introduced before the "issue") is compromised.
>
> 3.  ISP is not segmenting our DSL connection correctly and we receive
> traffic from other DSL clients in the building.  Somehow this still
> makes it past the iptables Firewall (at the moment nothing is allowed
> in, no services are published to Web/mail/nothing).  Additionaly, our
> ISP gives us a static but PRIVATE IP address so we are really not near
> the Internet edge.
>
> 4. some worse security breach?
>
> I would appreciate any advice on how to tackle this issue, and also
> some expert opinions on whether its a problem at all, or not, is it
> relatively common?  A couple of weeks back, before we installed the
> iptables Firewall, Avast Antivirus detected a rootkit/trojan on this
> same Vista machine, but eliminated it, supposedly.  Is it possible
> this machine has a backdoor which is giving access to remote machines?
>
> Thanks in advance for any help.
>
> Eric
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------