[SOLVED] Minidlna vulnerability?

Tony0945 · Last edited by Tony0945 on Wed Feb 27, 2019 2:23 am; edited 1 time in total

I have been having problems with my ISP claiming that I'm illegally downloading movies which I am not and don't even have an interest in the movies they claim I downloaded. I have been pursuing this on the DSLreports forum. today I got this private message on the forum from a user with the same ISP.

mikexx · n00b Joined: 24 Aug 2018 Posts: 53

Hi,

why do you think that minidlna is the problem? Is minidlna reachable from the internet?
Has somebody else access to your network? Do you use Wifi? If so, what's about your wifi password, is it complex?

Best
mike

Tony0945 · Posted: Tue Jan 15, 2019 10:56 pm Post subject:

Anon-E-moose · Posted: Tue Jan 15, 2019 11:53 pm Post subject:

I would have the ISP tell you WHEN the supposed download was happening.

And I would ask if they see the traffic on your IP or if they're simply relying on someone else who's saying it's your IP addy downloading.
_________________
PRIME x570-pro, 3700x, 6.1 zen kernel
gcc 13, profile 17.0 (custom bare multilib), openrc, wayland

Jaglover · Posted: Wed Jan 16, 2019 12:19 am Post subject:

Anybody on your LAN using Kodi? There are plugins for Kodi which allow pirate viewing of copyrighted content. There are probably other media applications which allow for pirating.
_________________
My Gentoo installation notes.
Please learn how to denote units correctly!

Tony0945 · Posted: Wed Jan 16, 2019 12:23 am Post subject:

Tony0945 · Posted: Wed Jan 16, 2019 12:29 am Post subject:

Jaglover · Posted: Wed Jan 16, 2019 12:36 am Post subject:

Yes I believe when a new movie gets "uploaded" then copyright holders set up honeypots to register everybody who shares, then they contact ISP and ISP looks up who was assigned the IP address at the time.

I think it is very unlikely someone is spoofing IP address.

(You can buy the cable box, it will pay back real soon.)
_________________
My Gentoo installation notes.
Please learn how to denote units correctly!

Tony0945 · Posted: Wed Jan 16, 2019 12:45 am Post subject:

Jaglover, I'm not even interested in those movies, I'm sure. They told me that one was a new Disney movie released last year. I forget the title but I wasn't in the least interested. I haven't watched anything Disney since my Grandkids grew up.

Jaglover · Posted: Wed Jan 16, 2019 12:50 am Post subject:

I believe you. Now you have to figure out how they matched your IP address to this illegal download. There must be a mistake somewhere. Not sure about Roku, never used it.
OTOH, if there is no mistake then you need to figure out how they did it. Is your router vulnerable? UPnP enabled?
_________________
My Gentoo installation notes.
Please learn how to denote units correctly!

Hu · Moderator Joined: 06 Mar 2007 Posts: 21602

Spoofing an IP address in a way that lets them actually transfer anything of consequence would be almost impossible without help from the ISP (whether knowing or through a compromised router). My top bet would be sloppy accounting, in one of several forms:

Your ISP does not assign you a stable IP address across a long period of time. At time T1, the IP address was assigned to someone who downloaded the movie. At time T2, the IP address was assigned to you. Your ISP screwed up, whether through incompetence or negligence, and looked at the audit trail for time T2 when they should have looked at the trail for time T1, so they blamed you instead of the person who had it at the time of the download.
The ISP looked up the wrong customer account when processing the complaint. You've never had the offending address.
The rightsholder submitted an incorrect report. I don't know if their accuracy has improved, but a few years ago, they were infamous for making bizarre and impossible accusations. They're still infamous for submitting incorrect DMCA complaints (but that's for a different type of infringement), like sending takedowns for articles that talk about the movie, even though the article isn't at all useful to someone looking to download the movie (no links to it, no advice how to find infringing distributors).

In your letter, push them for a full copy of the original complaint, and a written explanation of why you should care. Are they threatening to cut off service if you don't "fix" this? Are they threatening to send your contact information to the alleged rightsholder for a civil suit? Usually, these scams are built on sending out large volumes of shakedown letters, then "settling" for a few hundred dollars in exchange for them not trying to take you to court. Those usually accuse you of something embarrassing though, like a recent pornographic film (usually with a salacious title, but that nobody's ever heard of otherwise). Disney's a bit of an odd choice for such a scam. Often, if the accused fights back, the rightsholder will try to abandon the suit as fast as possible, because they rarely have enough real evidence to avoid getting laughed out of court and ordered to pay your attorney fees.

Jaglover · Posted: Wed Jan 16, 2019 2:10 am Post subject:

I was thinking the same, sloppy accounting. However, it seems there is more than one encounter, which makes sloppy accounting less probable.
_________________
My Gentoo installation notes.
Please learn how to denote units correctly!

Tony0945 · Posted: Thu Jan 17, 2019 4:08 am Post subject:

Half an hour ago, I was trying to verify that the Samsung Smart TV is disconnected. I decided to tell it to connect to a bogus SSID.
I saw that the list of networks included "HP Wireless Direct" which had been shut off on the printer menu. So there is a vector. Attacker connects to printer with HP Wireless Direct. HP Printer connects to the LAN with it's other MAC address and starts downloading. I was aware that the printer had two MAC addresses because my router keeps rejecting the second. I told it to do that because no one at HP could tell me why there are two MAC addresses and some "techs" denied that there were two. Printer was in sleep mode. To verify, I physically pulled the plug on the printer and went back to the Samsung TV. The HP Wireless Direct entry was gone. Tomorrow I'm going to buy a USB cable to connect it to the adjacent PC. According to the internet google responses, when the printer senses the USB cable it will disconnect wifi. I'll use the Samsung TV to verify. Sadly, I will no longer have a network printer. For the past ten years I've had a wired ethernet HP printer, but I can't buy ink anymore. I tried an aftermarket refilled cartridge but the printer rejects it as empty. I'll also have the problem of maybe wifi coming back on if I power down the computer unless there is enough trickle power with the button off, but the AC connected.

If the wifi is still on when I connect the USB, I'll have to junk the year old printer and buy another brand. Or figure out how to disable it with a pair of wire cutters.

The ROKU is also shown as a network. But the menu has an option to disable wireless. We'll see.

Tony0945 · Posted: Wed Feb 27, 2019 2:23 am Post subject:

My ISP finally responded in writing with incident reports. NONE of the ip addresses were mine or ever were. I informed them in writing, suggesting strongly that they clean up their database.