Jump to content

cagrown
 Share

Go to solution Solved by Koleckai Silvestri,

Recommended Posts

Not too worried since I don't have my MB server always running, but I received the following message from my antivirus today:

OS Attack: GNU Bash CVE-2014-6271

post-12353-0-83927700-1426547580_thumb.jpg

 

Symantec writeup:

http://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=27907

 

Any advice or remarks would be greatly appreciated. I only know enough to be dangerous, and I have little experience in GNU or Unix.

 

environment:

Windows 8.1 Pro (x64) -

post-12353-0-00711900-1426547207_thumb.jpg

MB Server 3.0.5518.7 -

post-12353-0-31346600-1426547207_thumb.jpg

Link to comment
Share on other sites

  • Solution
Koleckai Silvestri

Do you have a ported version of GNU Bash installed on your computer? This isn't normally installed with Windows. 

 

Do you have port 4826 forwarded to something on your router? If not, the worst they can do is block you from the internet. The destination IP is not a routable internet address.

 

Might think about taking your network out of the consumer space of 192.168.X.X and putting it in another LAN network space if you want some obfuscation. Close any ports you're not using via your router/gateway. Also think about using a VPN to allow outside connections to your network. You can set one up in Windows directly or use a router/gateway that supports creating a VPN. Though if your WAN IP Address changes regularly, you will probably need an outside service to stabilize that.

 

Issue doesn't seem to be related to MediaBrowser directly though.

Edited by Koleckai Silvestri
  • Like 1
Link to comment
Share on other sites

I don't believe there is any GNU Bash installation.

 

I only forward ports for a synology nas, xbox live, and media browser.  I am not using port 4826 outside my LAN from what I can tell.

 

The VPN option is a good one, but I have a friend that I share media with and would prefer not to have that additional step and credentials, especially, because I don't know what kind of traffic they'll could accidentally send through my network.

Thanks for the reply, I will keep my eye out for the culprit program.

Link to comment
Share on other sites

Hi,

 

Looking at the screen shot, your using 192.168.1.181 for the MB server IP address with the default port 8096?

 

Someone from China (22.186.34.11 port 4826) is attempting to access your MB server. This maybe a molitious attack or someone just "playing". 

 

I would change the port number you are using for port forwarding in your router and make sure all user accounts on the MB server have strong passwords in place.

 

Other things to bare in mind are that you aren't using the default password to access your router and that replies to pinging the WAN IP address are disabled. 

Edited by berrick
  • Like 1
Link to comment
Share on other sites

yeah the local ip of the media browser server is 192.168.1.181 using port 8096, with wan port forwarding from port 80.

 

good advice, I'll double check the account passwords and the router password.

 

I did have wan pinging enabled on the router.  I didn't even consider that to be a vulnerability, but i guess a ping would make sense for searching ip address ranges.

 

thanks for the advice!

Link to comment
Share on other sites

 

 

with wan port forwarding from port 80

 

That makes it pretty visible since 80 is the default http port.

  • Like 1
Link to comment
Share on other sites

I'll consider changing the wan port from 80.  I used it because it made the setup of Media Brower really easy with a dynamic dns.  I'll look into what's required by the dynamic dns to get the port forwarding away from port 80.

Edit: The dynamic dns I use has a port 80 re-direct, so I'll change the ports being forwarded by my router, Thanks!

Edited by cagrown
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...