Security Basics mailing list archives
Windows Media Player Share access attempt by unknown PC on LAN
From: Ingeniero Arellano <arellanobmsc () gmail com>
Date: Sun, 3 Oct 2010 18:13:11 -0400
Hello, We have a simple LAN providing internet access to under 6 PCs from a DSL connection. Originally the ADSL modem plugged in to our Wifi Router, which serves DHCP and is also the LAN switch. Now this has been replaced by a Linux iptables Firewall as the uplink to ISP's DSL. The Wifi is still router/dhcp since routing can't be disabled on this device to make it only an access point, this is pending since we want DHCP and NAT to be exclusive on the Linux GW/FW. Issue came up when we received a popup message from Windows Media Player on one of the Vista PC's, asking for permission to share music/media from the library with another PC. Problem: the named PC does not exist on our LAN. (also we don't share Windows Media player even locally, this service is not being used consciously). Our hypothesis are the following: 1. some kind of false positive or obscure Windows handling of its probably insecure LAN media sharing services. maybe this unknown PC was connected to our LAN at some point - which is possible because consultants come in once in a while with their laptops. 2. Our WPA2 protected Wifi Router (also with MAC control recently introduced before the "issue") is compromised. 3. ISP is not segmenting our DSL connection correctly and we receive traffic from other DSL clients in the building. Somehow this still makes it past the iptables Firewall (at the moment nothing is allowed in, no services are published to Web/mail/nothing). Additionaly, our ISP gives us a static but PRIVATE IP address so we are really not near the Internet edge. 4. some worse security breach? I would appreciate any advice on how to tackle this issue, and also some expert opinions on whether its a problem at all, or not, is it relatively common? A couple of weeks back, before we installed the iptables Firewall, Avast Antivirus detected a rootkit/trojan on this same Vista machine, but eliminated it, supposedly. Is it possible this machine has a backdoor which is giving access to remote machines? Thanks in advance for any help. Eric ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Windows Media Player Share access attempt by unknown PC on LAN Ingeniero Arellano (Oct 05)
- RE: Windows Media Player Share access attempt by unknown PC on LAN Brad Bemis (Oct 06)
- Re: Windows Media Player Share access attempt by unknown PC on LAN TAS (Oct 07)