Intermittent Linux Icon appears in Windows, from Router?

Hello, I have a D-Link 624-M router I bought last month that seems to be
working fine. ...?? I have my Windows ME wired to it, and an XP that
finds it wirelessly. I have not succeeded in LAN-ing them together,
although I have not tried very hard. I mainly wanted to give the XP
internet access.

I have never run Linux.

A few days after I got the router (which had already given me several
days of internet access on both computers), a momentary icon appeared in
the taskbar of the ME machine saying "New Hardware Detected", and then
in "My Network Places" an icon labeled "Linux Internet Gateway Device"
appeared. Since it came out of nowhere, and I ain't got no Linux, I
assumed it was a break-in attempt and cycled the DSL modem off and on
and rebooted, and drew myself another IP address. The LIGD icon did not
appear again for over a week, and when it did, I did the same thing.
Then this past weekend, it was much more persistant, and I reached the
point where I left the ME machine shut off, and only got online through
the XP machine, which I'm told has better security. During that
session, I got a firewall alert for attempted inbound traffic coming
from 192.168.0.1, which I know from the documentation is my own router.
It did not mention Linux. I put the firewall shields up and forgot
about it. It did not affect my internet access.

On Monday & Tuesday & Wednesday, the LIGD icon did not appear on the ME.
However on Tuesday night, I got a firewall alert on the XP for attempted
inbound traffic from "Linux Internet Gateway Device". Hmmmmm... The ME
was turned on at that time, and I was beginning to think it was simply
router software polling its clients, or whatever. Yesterday, Thursday,
the LIGD icon hung around most of the day on the ME machine.

Today it is gone from the ME.

I reeeeally don't know what is going on here.

I've done alot of searching online, and found one small reference
somewhere of someone with a router and an ME that somehow used LIGD (or
something it mis-identified as LIGD) to talk to each other. It was all
so vague. Then I found a page on SourceForge
http://linux-igd.sourceforge.net/ that suggests to me that "Linux
Internet Gateway Device" is some open source code that allows someone
running Linux to run MSN Messenger. (I do not have MSN Messenger
installed on either machine.)

My router seems to work just fine whether I see that icon or not. I
just can't put my finger on whether this is normal for my router to
randomly do, or if I have a real human being trying to break in to my
computer(s). I do know one person who is a Linux guru, however we are
not on speaking terms and I have reason to believe he does have a grudge
against me. To accuse him of cybercrime seems like a huge leap, but I
do NOT understand what is going on with this. I hate to think myself
paranoid or neurotic. But I like computers and like to think of them
as reasonably consistant. An intermittent Linux labeled icon does not
fit my preconceived notion of how two Windows machines and a router
should work. But I've been wrong before.

I'd love to hear from someone who might have a better idea of what's
goning on here.

Thanks a lot!

Suzanne.

Suzanne. wrote:

> Hello, I have a D-Link 624-M router I bought last month that seems to
> be working fine. ...??

<snip>

> I'd love to hear from someone who might have a better idea of what's
> goning on here.

Change the default password on the router NOW!!, somebody somewhere is
using it to gain access to both of your systems. Windows XP firewall is
also known to be broken. It would be best to remove both systems from
the router and check/clean and maybe re-install the Operating Systems.
It also would be a good idea to configure your router only to accept
the wireless hardware you own.


--
Contained within the Microsoft EULA;
This Limited Warranty is void if failure of the Product has resulted
from accident, abuse, misapplication, abnormal use or a virus.

Suzanne. wrote:
> Hello, I have a D-Link 624-M router I bought last month that seems to be
> working fine. ...?? I have my Windows ME wired to it, and an XP that
> finds it wirelessly. I have not succeeded in LAN-ing them together,
> although I have not tried very hard. I mainly wanted to give the XP
> internet access.
>
> I have never run Linux.
>
> A few days after I got the router (which had already given me several
> days of internet access on both computers), a momentary icon appeared in
> the taskbar of the ME machine saying "New Hardware Detected", and then
> in "My Network Places" an icon labeled "Linux Internet Gateway Device"
> appeared. Since it came out of nowhere, and I ain't got no Linux, I
> assumed it was a break-in attempt and cycled the DSL modem off and on
> and rebooted, and drew myself another IP address. The LIGD icon did not
> appear again for over a week, and when it did, I did the same thing.
> Then this past weekend, it was much more persistant, and I reached the
> point where I left the ME machine shut off, and only got online through
> the XP machine, which I'm told has better security. During that
> session, I got a firewall alert for attempted inbound traffic coming
> from 192.168.0.1, which I know from the documentation is my own router.
> It did not mention Linux. I put the firewall shields up and forgot
> about it. It did not affect my internet access.
>
> On Monday & Tuesday & Wednesday, the LIGD icon did not appear on the ME.
> However on Tuesday night, I got a firewall alert on the XP for attempted
> inbound traffic from "Linux Internet Gateway Device". Hmmmmm... The ME
> was turned on at that time, and I was beginning to think it was simply
> router software polling its clients, or whatever. Yesterday, Thursday,
> the LIGD icon hung around most of the day on the ME machine.
>
> Today it is gone from the ME.
>
> I reeeeally don't know what is going on here.
>
> I've done alot of searching online, and found one small reference
> somewhere of someone with a router and an ME that somehow used LIGD (or
> something it mis-identified as LIGD) to talk to each other. It was all
> so vague. Then I found a page on SourceForge
> http://linux-igd.sourceforge.net/ that suggests to me that "Linux
> Internet Gateway Device" is some open source code that allows someone
> running Linux to run MSN Messenger. (I do not have MSN Messenger
> installed on either machine.)
>
> My router seems to work just fine whether I see that icon or not. I
> just can't put my finger on whether this is normal for my router to
> randomly do, or if I have a real human being trying to break in to my
> computer(s). I do know one person who is a Linux guru, however we are
> not on speaking terms and I have reason to believe he does have a grudge
> against me. To accuse him of cybercrime seems like a huge leap, but I
> do NOT understand what is going on with this. I hate to think myself
> paranoid or neurotic. But I like computers and like to think of them
> as reasonably consistant. An intermittent Linux labeled icon does not
> fit my preconceived notion of how two Windows machines and a router
> should work. But I've been wrong before.
>
> I'd love to hear from someone who might have a better idea of what's
> goning on here.
>
> Thanks a lot!
>
> Suzanne.

Did you turn the encription on?
I think it is off by default.
No encription means it is open to any one using wireless.
It doesn't mean someone is neccesarily trying to get into your system.
It could be that your router saw their also unencrypted system and added
then to your table.


--
Leo in Canada:
A computer without Microsoft is like a chocolate cake without mustard.
< running Slackware 10.1 Linux >

Lenard wrote:
>
> Change the default password on the router NOW!!,

Holy Cow, I was afraid I was being paranoid, but thank you for
confirming my suspicions!

Ok, I have changed the router password. I'd done it once before but
lost all the settings in a reset. So now I've done it again, and was
playing around with it for a while trying to view/change various
settings, when it suddenly locked up and wouldn't take either the new
password or the original one. I had to reset the router yet again.
But I'm back to the new password configuration now.


> somebody somewhere is
> using it to gain access to both of your systems. Windows XP firewall is
> also known to be broken. It would be best to remove both systems from
> the router and check/clean and maybe re-install the Operating Systems.
> It also would be a good idea to configure your router only to accept
> the wireless hardware you own.

OK, I've run a bunch of spyware/virus detection and removal programs,
and they don't seem to find anything. I must say I am too nervous to
re-install the operating systems right away. Things seem to be running
ok, so I am not detecting that damage has been done yet. Perhaps that's
because I generally run multiple spyware blockers and registry
watchdogs. So perhaps if somebody did try to do something to me, they
didn't succeed.

What I'd like to know (if this icon named Linux Internet Gateway Device
shows up again), is whether it's a local attempted intrusion within
broadcast range of my router, or if it's somebody coming in over the
internet. The router is set to disable any LAN access from the internet
side. These houses are fairly far apart but it's not entirely
impossible. Perhaps I merely picked up a stray signal from a neighbor
turning on their wireless laptop.

I have figured out now how to view and save the router log. With any
luck, I will narrow this down further.

Thank you again, and thanks for helping me trust my original instincts.

Suzanne.

Leo Bing Whiteway wrote:

> Did you turn the encription on?
> I think it is off by default.

I have not found the setting for it yet. I will continue looking for it.


> No encription means it is open to any one using wireless.
> It doesn't mean someone is neccesarily trying to get into your system.
> It could be that your router saw their also unencrypted system and added
> then to your table.

I will keep searching for this and reviewing the router log file. I've
been wondering if it was something innocuous like that. The houses here
are pretty far apart, but it's not 100% impossible that that is what's
going on. I have not seen the "Linux Internet Gateway Device" icon in
about a day now. If/when I do see it again, I would dearly love to
determine if it's somebody coming over the airwaves, or somebody coming
over the internet. If it's somebody over the internet, then I sure as
heck want his IP address for the police report.

So I will be carefully watching the log file.

Thank you,

Suzanne.

Suzanne. wrote:

> Lenard wrote:
>>
>> Change the default password on the router NOW!!,
>
> Holy Cow, I was afraid I was being paranoid, but thank you for
> confirming my suspicions!
>
> Ok, I have changed the router password. I'd done it once before but
> lost all the settings in a reset. So now I've done it again, and was
> playing around with it for a while trying to view/change various
> settings, when it suddenly locked up and wouldn't take either the new
> password or the original one. I had to reset the router yet again.
> But I'm back to the new password configuration now.
>
>
> > somebody somewhere is
>> using it to gain access to both of your systems. Windows XP firewall
>> is also known to be broken. It would be best to remove both systems
>> from the router and check/clean and maybe re-install the Operating
>> Systems. It also would be a good idea to configure your router only
>> to accept the wireless hardware you own.
>
> OK, I've run a bunch of spyware/virus detection and removal programs,
> and they don't seem to find anything. I must say I am too nervous to
> re-install the operating systems right away. Things seem to be
> running
> ok, so I am not detecting that damage has been done yet. Perhaps
> that's because I generally run multiple spyware blockers and registry
> watchdogs. So perhaps if somebody did try to do something to me, they
> didn't succeed.

No damage is really needed, and some 'hacker' tools will not detected
nor will they show up in the registry. They are not known (or are known
but older) as spyware and/or as a virus. Some of these tools can
circumvent the detection tools available.

Also consider how much personal information you have on your systems
like credit card info, passwords and such. Just because you detected no
system damage does not mean your were not invaded.


> What I'd like to know (if this icon named Linux Internet Gateway
> Device shows up again), is whether it's a local attempted intrusion
> within broadcast range of my router, or if it's somebody coming in
> over the
> internet. The router is set to disable any LAN access from the
> internet
> side. These houses are fairly far apart but it's not entirely
> impossible. Perhaps I merely picked up a stray signal from a neighbor
> turning on their wireless laptop.

Could be a 'war-driver', many have hardware that's capable of 'sniffing
out' a wireless setup over a mile away. Some can monitor your wireless
and configure their hardware to match your hardware settings, the MAC
address of your wireless card for example. Encryption is pretty much
useless, I've seen reports where it has been cracked in under a minute.
The bottom line is as long as you persent a wireless signal someone
will find a way in to your system(s).


> I have figured out now how to view and save the router log. With any
> luck, I will narrow this down further.
>
> Thank you again, and thanks for helping me trust my original
> instincts.

Your welcome, glad to help. Just remember to wear your tinfoil hat


--
Contained within the Microsoft EULA;
This Limited Warranty is void if failure of the Product has resulted
from accident, abuse, misapplication, abnormal use or a virus.