Home page logo
/

basics logo Security Basics mailing list archives

Windows Media Player Share access attempt by unknown PC on LAN
From: Ingeniero Arellano <arellanobmsc () gmail com>
Date: Sun, 3 Oct 2010 18:13:11 -0400

Hello,

We have a simple LAN providing internet access to under 6 PCs from a
DSL connection.  Originally the ADSL modem plugged in to our Wifi
Router, which serves DHCP and is also the LAN switch.  Now this has
been replaced by a Linux iptables Firewall as the uplink to ISP's DSL.
 The Wifi is still router/dhcp since routing can't be disabled on this
device to make it only an access point, this is pending since we want
DHCP and NAT to be exclusive on the Linux GW/FW.

Issue came up when we received a popup message from Windows Media
Player on one of the Vista PC's, asking for permission to share
music/media from the library with another PC.  Problem:  the named PC
does not exist on our LAN. (also we don't share Windows Media player
even locally, this service is not being used consciously).

Our hypothesis are the following:

1. some kind of false positive or obscure Windows handling of its
probably insecure LAN media sharing services.  maybe this unknown PC
was connected to our LAN at some point - which is possible because
consultants come in once in a while with their laptops.

2.  Our WPA2 protected Wifi Router (also with MAC control recently
introduced before the "issue") is compromised.

3.  ISP is not segmenting our DSL connection correctly and we receive
traffic from other DSL clients in the building.  Somehow this still
makes it past the iptables Firewall (at the moment nothing is allowed
in, no services are published to Web/mail/nothing).  Additionaly, our
ISP gives us a static but PRIVATE IP address so we are really not near
the Internet edge.

4. some worse security breach?

I would appreciate any advice on how to tackle this issue, and also
some expert opinions on whether its a problem at all, or not, is it
relatively common?  A couple of weeks back, before we installed the
iptables Firewall, Avast Antivirus detected a rootkit/trojan on this
same Vista machine, but eliminated it, supposedly.  Is it possible
this machine has a backdoor which is giving access to remote machines?

Thanks in advance for any help.

Eric

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]