Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[SOLVED] Minidlna vulnerability?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 3148
Location: Illinois, USA

PostPosted: Tue Jan 15, 2019 7:14 pm    Post subject: [SOLVED] Minidlna vulnerability? Reply with quote

I have been having problems with my ISP claiming that I'm illegally downloading movies which I am not and don't even have an interest in the movies they claim I downloaded. I have been pursuing this on the DSLreports forum. today I got this private message on the forum from a user with the same ISP.
Quote:
Tony,
I got a call from WOW today telling me the 2 movies I supposedly illegally downloaded. I never heard of either. I never use Torrent nor download anything at all. But I suspect I know what might be causing my warnings. I have Plex server running on my computer. I read there are pirating issues with the Plex cloud and if you run Plex you're automatically connected to the Plex cloud. So I deleted Plex completely from my computer. So if you have Plex installed, you may want to look into that.


I don't run Plex as such, but I do run minidlna for home movies and broadcast TV time shifting. I'm not sure, but I think minidlna is a Plex derivative.

So, is there a possible vulnerability in minidlna? Is there a way (iptables? configuration?) from keeping minidlna from connecting to the internet and only the LAN? Perhaps only specific ip addresses?
When I playback I use the official Amazon Vimu app on an Amazon Firestick. Last Summer I was working on a program to run on a Gentoo raspberry pi to replace the Firestick, mainly because I don't like the Vimu UI , but I never got beyond the UI before moving on to other things.


Last edited by Tony0945 on Wed Feb 27, 2019 2:23 am; edited 1 time in total
Back to top
View user's profile Send private message
mikexx
n00b
n00b


Joined: 24 Aug 2018
Posts: 44

PostPosted: Tue Jan 15, 2019 8:34 pm    Post subject: Reply with quote

Hi,

why do you think that minidlna is the problem? Is minidlna reachable from the internet?
Has somebody else access to your network? Do you use Wifi? If so, what's about your wifi password, is it complex?

Best
mike
Back to top
View user's profile Send private message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 3148
Location: Illinois, USA

PostPosted: Tue Jan 15, 2019 10:56 pm    Post subject: Reply with quote

mikexx wrote:
why do you think that minidlna is the problem? Is minidlna reachable from the internet?
Has somebody else access to your network? Do you use Wifi? If so, what's about your wifi password, is it complex?

Because of the quoted suspicion about Plex.

No, I am the only user of my network. Yes, have a long (20 character) random complex password.
Occasionally I use wifi. My printer is wifi or USB only. I mostly have wifi shut off and turn it on only when needed which is a PITA.
I have blocked the MAC addresses of neighboring devices as determined by a scan using my router's advanced wifi setup section. Yes, it's WPA2.
Back to top
View user's profile Send private message
Anon-E-moose
Advocate
Advocate


Joined: 23 May 2008
Posts: 4203
Location: Dallas area

PostPosted: Tue Jan 15, 2019 11:53 pm    Post subject: Reply with quote

I would have the ISP tell you WHEN the supposed download was happening.

And I would ask if they see the traffic on your IP or if they're simply relying on someone else who's saying it's your IP addy downloading.
_________________
Asus m5a99fx, FX 8320 - nouveau, oss4, rx550 for qemu passthrough
Acer laptop E5-575, i3-7100u - i965, alsa
---both---
5.0.13 zen kernel, profile 17.1 (no-pie & modified) amd64-no-multilib
gcc 8.2.0, eudev, openrc, openbox, palemoon
Back to top
View user's profile Send private message
Jaglover
Watchman
Watchman


Joined: 29 May 2005
Posts: 7191
Location: Saint Amant, Acadiana

PostPosted: Wed Jan 16, 2019 12:19 am    Post subject: Reply with quote

Anybody on your LAN using Kodi? There are plugins for Kodi which allow pirate viewing of copyrighted content. There are probably other media applications which allow for pirating.
_________________
Please learn how to denote units correctly!
Back to top
View user's profile Send private message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 3148
Location: Illinois, USA

PostPosted: Wed Jan 16, 2019 12:23 am    Post subject: Reply with quote

Jaglover wrote:
Anybody on your LAN using Kodi? There are plugins for Kodi which allow pirate viewing of copyrighted content. There are probably other media applications which allow for pirating.

Nobody here but me and my wife and she doesn't even know how to log on.
Back to top
View user's profile Send private message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 3148
Location: Illinois, USA

PostPosted: Wed Jan 16, 2019 12:29 am    Post subject: Reply with quote

Anon-E-moose wrote:
I would have the ISP tell you WHEN the supposed download was happening.
And I would ask if they see the traffic on your IP or if they're simply relying on someone else who's saying it's your IP addy downloading.

I'm writing a letter asking for specifics but on the phone they say they rely on complaints from copyright holders.

Recently (after the complaints) I subscribed to a VPN service and use it regularly. It slows my internet to one sixth the paid for rate but that doesn't seem to matter for ordinary non-video web surfing or e-mail. I can't use it for the most critical application though, legitimately streaming video from Britbox that I paid for. Can Roku be hijacked?
Can my ip address be spoofed by a real pirate?

EDIT:
Or is this all BS to get me to re-subscribe to cable and rent their ten year old cable modem again?


Last edited by Tony0945 on Wed Jan 16, 2019 3:32 am; edited 1 time in total
Back to top
View user's profile Send private message
Jaglover
Watchman
Watchman


Joined: 29 May 2005
Posts: 7191
Location: Saint Amant, Acadiana

PostPosted: Wed Jan 16, 2019 12:36 am    Post subject: Reply with quote

Yes I believe when a new movie gets "uploaded" then copyright holders set up honeypots to register everybody who shares, then they contact ISP and ISP looks up who was assigned the IP address at the time.

I think it is very unlikely someone is spoofing IP address.

(You can buy the cable box, it will pay back real soon.)
_________________
Please learn how to denote units correctly!
Back to top
View user's profile Send private message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 3148
Location: Illinois, USA

PostPosted: Wed Jan 16, 2019 12:45 am    Post subject: Reply with quote

Jaglover, I'm not even interested in those movies, I'm sure. They told me that one was a new Disney movie released last year. I forget the title but I wasn't in the least interested. I haven't watched anything Disney since my Grandkids grew up.
Back to top
View user's profile Send private message
Jaglover
Watchman
Watchman


Joined: 29 May 2005
Posts: 7191
Location: Saint Amant, Acadiana

PostPosted: Wed Jan 16, 2019 12:50 am    Post subject: Reply with quote

I believe you. Now you have to figure out how they matched your IP address to this illegal download. There must be a mistake somewhere. Not sure about Roku, never used it.
OTOH, if there is no mistake then you need to figure out how they did it. Is your router vulnerable? UPnP enabled?
_________________
Please learn how to denote units correctly!
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 14056

PostPosted: Wed Jan 16, 2019 2:05 am    Post subject: Reply with quote

Spoofing an IP address in a way that lets them actually transfer anything of consequence would be almost impossible without help from the ISP (whether knowing or through a compromised router). My top bet would be sloppy accounting, in one of several forms:
  • Your ISP does not assign you a stable IP address across a long period of time. At time T1, the IP address was assigned to someone who downloaded the movie. At time T2, the IP address was assigned to you. Your ISP screwed up, whether through incompetence or negligence, and looked at the audit trail for time T2 when they should have looked at the trail for time T1, so they blamed you instead of the person who had it at the time of the download.
  • The ISP looked up the wrong customer account when processing the complaint. You've never had the offending address.
  • The rightsholder submitted an incorrect report. I don't know if their accuracy has improved, but a few years ago, they were infamous for making bizarre and impossible accusations. They're still infamous for submitting incorrect DMCA complaints (but that's for a different type of infringement), like sending takedowns for articles that talk about the movie, even though the article isn't at all useful to someone looking to download the movie (no links to it, no advice how to find infringing distributors).
In your letter, push them for a full copy of the original complaint, and a written explanation of why you should care. Are they threatening to cut off service if you don't "fix" this? Are they threatening to send your contact information to the alleged rightsholder for a civil suit? Usually, these scams are built on sending out large volumes of shakedown letters, then "settling" for a few hundred dollars in exchange for them not trying to take you to court. Those usually accuse you of something embarrassing though, like a recent pornographic film (usually with a salacious title, but that nobody's ever heard of otherwise). Disney's a bit of an odd choice for such a scam. Often, if the accused fights back, the rightsholder will try to abandon the suit as fast as possible, because they rarely have enough real evidence to avoid getting laughed out of court and ordered to pay your attorney fees.
Back to top
View user's profile Send private message
Jaglover
Watchman
Watchman


Joined: 29 May 2005
Posts: 7191
Location: Saint Amant, Acadiana

PostPosted: Wed Jan 16, 2019 2:10 am    Post subject: Reply with quote

I was thinking the same, sloppy accounting. However, it seems there is more than one encounter, which makes sloppy accounting less probable.
_________________
Please learn how to denote units correctly!
Back to top
View user's profile Send private message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 3148
Location: Illinois, USA

PostPosted: Thu Jan 17, 2019 4:08 am    Post subject: Reply with quote

Half an hour ago, I was trying to verify that the Samsung Smart TV is disconnected. I decided to tell it to connect to a bogus SSID.
I saw that the list of networks included "HP Wireless Direct" which had been shut off on the printer menu. So there is a vector. Attacker connects to printer with HP Wireless Direct. HP Printer connects to the LAN with it's other MAC address and starts downloading. I was aware that the printer had two MAC addresses because my router keeps rejecting the second. I told it to do that because no one at HP could tell me why there are two MAC addresses and some "techs" denied that there were two. Printer was in sleep mode. To verify, I physically pulled the plug on the printer and went back to the Samsung TV. The HP Wireless Direct entry was gone. Tomorrow I'm going to buy a USB cable to connect it to the adjacent PC. According to the internet google responses, when the printer senses the USB cable it will disconnect wifi. I'll use the Samsung TV to verify. Sadly, I will no longer have a network printer. For the past ten years I've had a wired ethernet HP printer, but I can't buy ink anymore. I tried an aftermarket refilled cartridge but the printer rejects it as empty. I'll also have the problem of maybe wifi coming back on if I power down the computer unless there is enough trickle power with the button off, but the AC connected.

If the wifi is still on when I connect the USB, I'll have to junk the year old printer and buy another brand. Or figure out how to disable it with a pair of wire cutters.

The ROKU is also shown as a network. But the menu has an option to disable wireless. We'll see.
Back to top
View user's profile Send private message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 3148
Location: Illinois, USA

PostPosted: Wed Feb 27, 2019 2:23 am    Post subject: Reply with quote

My ISP finally responded in writing with incident reports. NONE of the ip addresses were mine or ever were. I informed them in writing, suggesting strongly that they clean up their database.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum