Hi all,
I have played a bit with the networking side of the dbox2 now, and I must say am a little bit concerned.
The scenario is as follows:
Dbox2 connected to RJ45 cat5 port on wall. This is fed back to my main switch. The switch is connected to the internal network card on my internal firewall. The external card of this internal firewall is then connected to my main perimeter firewall which is an industry standard firewall (- FW1 for those particularly interested). The external card of this main Firewall is then connected to my N*L modem via ethernet. Effectively I am as secure as I can be. I am very paraniod about this sort of thing, as setting up firewalls is one of my job roles. Im not too bothered about devices tallking to the dbox (although the fact that the password for the user who logs onto the machine for streaming is in clear text is a bit bad).
The problem:
I have noticed that one of my internal machines that runs XP pro, and that does the VLC video streaming to and from the dbox is getting a lot of ICMP and netbios packets sent to it...but get this...they are from addresses other than my LAN or DBOX....but they are not public IP's- but standard non routable private address'es....and there are an awful lot of different IP's coming along..and I have configured my firewalls to drop all the different types of ICMP packets originating from the external interface...and definitely netbios packets are a big no no...so my conclusion:
Connecting the dbox to the internal network is effectivley bypassing my firewalls..its not coming through the modem.therefore data must be coming through the cable feed....data from what though?....like I said the addresses are standard non routable IP's which suggests that it can only be devices that participate in the CC's network- be that other machines/users/routers.....but it is definitely worrying to the point that for the time being I have unplugged the box from my internal LAN whilst I do more investigating. Any one else seen this behavoiur?
Thanks for reading so far!
Oops.. the title should say compromised
I have played a bit with the networking side of the dbox2 now, and I must say am a little bit concerned.
The scenario is as follows:
Dbox2 connected to RJ45 cat5 port on wall. This is fed back to my main switch. The switch is connected to the internal network card on my internal firewall. The external card of this internal firewall is then connected to my main perimeter firewall which is an industry standard firewall (- FW1 for those particularly interested). The external card of this main Firewall is then connected to my N*L modem via ethernet. Effectively I am as secure as I can be. I am very paraniod about this sort of thing, as setting up firewalls is one of my job roles. Im not too bothered about devices tallking to the dbox (although the fact that the password for the user who logs onto the machine for streaming is in clear text is a bit bad).
The problem:
I have noticed that one of my internal machines that runs XP pro, and that does the VLC video streaming to and from the dbox is getting a lot of ICMP and netbios packets sent to it...but get this...they are from addresses other than my LAN or DBOX....but they are not public IP's- but standard non routable private address'es....and there are an awful lot of different IP's coming along..and I have configured my firewalls to drop all the different types of ICMP packets originating from the external interface...and definitely netbios packets are a big no no...so my conclusion:
Connecting the dbox to the internal network is effectivley bypassing my firewalls..its not coming through the modem.therefore data must be coming through the cable feed....data from what though?....like I said the addresses are standard non routable IP's which suggests that it can only be devices that participate in the CC's network- be that other machines/users/routers.....but it is definitely worrying to the point that for the time being I have unplugged the box from my internal LAN whilst I do more investigating. Any one else seen this behavoiur?
Thanks for reading so far!
Oops.. the title should say compromised
