Beaten by security - that's a good thing - really !
«Previous Post
Well, perhaps an opportune time to have started this Blog.
One of my workmates asked if I'd go with him to a friend's workplace and have a look at a small peer-to-peer network they were having a problem with. Always up for a new challenge, I agreed to the visit.
Two and a half hours later I was still stumped by ... security... !
The situation seems SO simple.
A very small office with a four-port D-Link wireless ADSL modem /router/print-server serving DHCP addresses (the router itself) upward
One desktop PC hardwired to the hub with as it's leased address
BRAZILIAN as its computername within the MSHOME workgroup
Windows XP with Windows Firewall loaded
Serving three hidden shares to the workgroup
Can see (net view) and PING both BRAZILLINK1 and STUDENT
Uses printer served by the hub
Browses the internet
One laptop hardwired to the hub with 10.1.1.4 as it's leased address
BRAZILLLINK1 as it's name and MSHOME as the workgroup
Attaches successfully to BRAZILIAN shares and printer
Can see (net view) and PING both BRAZILIAN and STUDENT
Browses the internet
A second desktop connected by wireless from the D-link
(can't remember what it's IP address was)
STUDENT as it's name and MSHOME as the workgroup
Attaches successfully to BRAZILIAN shares and printer
Can see (net view) and PING both BRAZILIAN and BRAZILLINK1
Browses the internet
Now comes the twist !
A new Compaq Laptop is introduced to the network on a hardwired connection
It connects fine, gets served address of 10.1.1.3 and it can easily browse the internet
BUT
That's all
"Oh this will be easy, one of several possibilities here."
First things first we check all the network settings and they all look exactly as you'd expect them to. Picking up DHCP from the router etc.
Computer name JUAN with leased IP address 10.1.1.3
Just to be sure we compare them with the other hardwired laptop (very convenient having the second one on the site to compare with !!) Everything looks great.
OK next we ping the gateway router - yep - that works (besides we can trawl the internet anyhow)
Can we ping one of the other PC's - yes both the laptop and the "server" desktop.
Can they ping us - yes BRAZILIAN can
So to the workgroup.
Ah ... here we have a problem, it doesn't even know about an MSHOME workgroup so we go through the process of changing it's workgroup to MSHOME, reboot and ... DANG !
It still doesn't want to play !
But now at-least BRAZILIAN can see (net view) JUAN which it couldn't before
Let's eliminate the router issue. Run up a browser from JUAN and hit
Username . . . . . . . anyone know the username/password for the router ??? Nope !
The default of most routers is "admin" "blank", ... Or ... "admin" "password", ... Or ... "blank" "blank"
Lots of good ideas later we're still stymied by the router security
Just on a flash of inspiration I think "admin" "admin" ! YEEE-HA ! We're in !
(wish I'd thought of that sooner !)
Having got into the config of the router, as usual with most of these small radio hubs, everything locked-down tight . . . NOT ! It's W-I-D-E open ! Nothing's being blocked apart form the out-of-the-box SPI stuff and thinks like SYN attacks etc.
Hmmm. What next
We study the laptop (JUAN) some more but there's no firewall on that.
We start checking out the security settings on the BRAZILIAN machine
It's using simple sharing and it has the Windows ICF
Oh yes - I forgot - they're all windows XP machines
Apart from being hidden the shares have no special restrictions on them
The ICF has no special filtering set
In all, there is no apparent reason why this thing won't talk.
Now maybe its a netbios name resolution thing that's not happening so we check out all the services but they're all started too.
JUAN cannot resolve BRAZILIAN but it can ping it
BRAZILLINK1 (the other laptop) can both ping and resolve BRAZILIAN
BRAZILIAN can (now) see JUAN but can no longer ping it - HUH ????
When we try and browse the MSHOME network it comes up with errors
We ran out of time so admitted temporary defeat
I've just finished doing a swag of Google searches and there are HEAPS of cries for help all around this same issue.
Those few that go right through to resolution on-line often seem to wind up with uninstalled firewalls!
Maybe we need to try disabling the ICF on the "server" machine and see what happens
We'll I'm going to sleep on it tonight and see what we can come up with tomorrow - if we have time for another visit.
I guess in summary of today's post though . . . security is working really REALLY well for them in that it's NOT letting unknown machines access their data very easily.
BUT !
It's also making a legitimate and what should be an easy addition of a new PC a total pain !
Well, perhaps an opportune time to have started this Blog.
One of my workmates asked if I'd go with him to a friend's workplace and have a look at a small peer-to-peer network they were having a problem with. Always up for a new challenge, I agreed to the visit.
Two and a half hours later I was still stumped by ... security... !
The situation seems SO simple.
A very small office with a four-port D-Link wireless ADSL modem /router/print-server serving DHCP addresses (the router itself) upward
One desktop PC hardwired to the hub with as it's leased address
BRAZILIAN as its computername within the MSHOME workgroup
Windows XP with Windows Firewall loaded
Serving three hidden shares to the workgroup
Can see (net view) and PING both BRAZILLINK1 and STUDENT
Uses printer served by the hub
Browses the internet
One laptop hardwired to the hub with 10.1.1.4 as it's leased address
BRAZILLLINK1 as it's name and MSHOME as the workgroup
Attaches successfully to BRAZILIAN shares and printer
Can see (net view) and PING both BRAZILIAN and STUDENT
Browses the internet
A second desktop connected by wireless from the D-link
(can't remember what it's IP address was)
STUDENT as it's name and MSHOME as the workgroup
Attaches successfully to BRAZILIAN shares and printer
Can see (net view) and PING both BRAZILIAN and BRAZILLINK1
Browses the internet
Now comes the twist !
A new Compaq Laptop is introduced to the network on a hardwired connection
It connects fine, gets served address of 10.1.1.3 and it can easily browse the internet
BUT
That's all
"Oh this will be easy, one of several possibilities here."
- Not part of the workgroup
- Being wireless, the router may be configured to block unknown MAC addresses
- Incorrect share permissions
- Firewall may be blocking access
First things first we check all the network settings and they all look exactly as you'd expect them to. Picking up DHCP from the router etc.
Computer name JUAN with leased IP address 10.1.1.3
Just to be sure we compare them with the other hardwired laptop (very convenient having the second one on the site to compare with !!) Everything looks great.
OK next we ping the gateway router - yep - that works (besides we can trawl the internet anyhow)
Can we ping one of the other PC's - yes both the laptop and the "server" desktop.
Can they ping us - yes BRAZILIAN can
So to the workgroup.
Ah ... here we have a problem, it doesn't even know about an MSHOME workgroup so we go through the process of changing it's workgroup to MSHOME, reboot and ... DANG !
It still doesn't want to play !
But now at-least BRAZILIAN can see (net view) JUAN which it couldn't before
Let's eliminate the router issue. Run up a browser from JUAN and hit
Username . . . . . . . anyone know the username/password for the router ??? Nope !
The default of most routers is "admin" "blank", ... Or ... "admin" "password", ... Or ... "blank" "blank"
Lots of good ideas later we're still stymied by the router security
Just on a flash of inspiration I think "admin" "admin" ! YEEE-HA ! We're in !
(wish I'd thought of that sooner !)
Having got into the config of the router, as usual with most of these small radio hubs, everything locked-down tight . . . NOT ! It's W-I-D-E open ! Nothing's being blocked apart form the out-of-the-box SPI stuff and thinks like SYN attacks etc.
Hmmm. What next
We study the laptop (JUAN) some more but there's no firewall on that.
We start checking out the security settings on the BRAZILIAN machine
It's using simple sharing and it has the Windows ICF
Oh yes - I forgot - they're all windows XP machines
Apart from being hidden the shares have no special restrictions on them
The ICF has no special filtering set
In all, there is no apparent reason why this thing won't talk.
Now maybe its a netbios name resolution thing that's not happening so we check out all the services but they're all started too.
JUAN cannot resolve BRAZILIAN but it can ping it
BRAZILLINK1 (the other laptop) can both ping and resolve BRAZILIAN
BRAZILIAN can (now) see JUAN but can no longer ping it - HUH ????
When we try and browse the MSHOME network it comes up with errors
We ran out of time so admitted temporary defeat
I've just finished doing a swag of Google searches and there are HEAPS of cries for help all around this same issue.
Those few that go right through to resolution on-line often seem to wind up with uninstalled firewalls!
Maybe we need to try disabling the ICF on the "server" machine and see what happens
We'll I'm going to sleep on it tonight and see what we can come up with tomorrow - if we have time for another visit.
I guess in summary of today's post though . . . security is working really REALLY well for them in that it's NOT letting unknown machines access their data very easily.
BUT !
It's also making a legitimate and what should be an easy addition of a new PC a total pain !
posted by Col. Sanders | 3:51 AM
|
0 comments
