[slim] Re: Password protecting the server ...
How can you limit access to mac addresses in slimserver? If you set this up, does it eliminate the ability to connect remotely with software players for receiving hostipaddress:9000/stream.mp3? -- rme rme's Profile: http://forums.slimdevices.com/member.php?userid=1551 View this thread: http://forums.slimdevices.com/showthread.php?t=22424 ___ Discuss mailing list Discuss@lists.slimdevices.com http://lists.slimdevices.com/lists/listinfo/discuss
[slim] Re: Password protecting the server ...
mherger Wrote: > > And of course, there should be a robots.txt at the top of the server > > Hackers _love_ robots.txt. They really give them the necessary hints > where > to look for interesting information. > They _can_ be. However: User-Agent: * Disallow: / isn't too useful to the punks and kiddies. -- MrC MrC's Profile: http://forums.slimdevices.com/member.php?userid=468 View this thread: http://forums.slimdevices.com/showthread.php?t=22424 ___ Discuss mailing list Discuss@lists.slimdevices.com http://lists.slimdevices.com/lists/listinfo/discuss
Re: [slim] Re: Password protecting the server ...
And of course, there should be a robots.txt at the top of the server Hackers _love_ robots.txt. They really give them the necessary hints where to look for interesting information. -- Michael --- Help translate SlimServer by using the StringEditor Plugin (http://www.herger.net/slim/) ___ Discuss mailing list Discuss@lists.slimdevices.com http://lists.slimdevices.com/lists/listinfo/discuss
[slim] Re: Password protecting the server ...
jmhayes Wrote: > I know Perl. And I also know a dumb feature when I see one :) I didn't > come here to pick a fight, and I don't think I read anywhere that the > device was "designed for a firewalled local network" -- a lot of the > features are all about streams. Streams happen, ya know? There's a > password feature on the server; how does the device get around it? I agree with you, the security of slimserver should be more complete. And Open Source just means a user *can* contribute, it's not a publisher's abdication of responsibility. The idea that a product *requires* a firewall is bad design. "Border Security" is a dubious concept in computer security and is not a substitute for essential host-level security. My Slimserver is in a commercial datacenter, I access it from home and from work via a VPN. I find this works very well. The Squeezebox sends its MAC address in-protocol so the Slimserver is aware of a player's MAC address even when they're not on the same local network. Modify the server to use player MAC address rather than the source IP address and you should be in business since the SB MAC address won't change even if its source IP address does. The MAC address effectively becomes the password and it's already sending that so there's no need to modify the SB itself. -- rudholm rudholm's Profile: http://forums.slimdevices.com/member.php?userid=2980 View this thread: http://forums.slimdevices.com/showthread.php?t=22424 ___ Discuss mailing list Discuss@lists.slimdevices.com http://lists.slimdevices.com/lists/listinfo/discuss
[slim] Re: Password protecting the server ...
jmhayes Wrote: > I know Perl. And I also know a dumb feature when I see one :) I didn't > come here to pick a fight, and I don't think I read anywhere that the > device was "designed for a firewalled local network" -- a lot of the > features are all about streams. Streams happen, ya know? There's a > password feature on the server; how does the device get around it? OK, I take back my earlier comments then. As you can see, support for Internet streaming is not all that advanced yet. Yes, there's no mention that it's designed for a firewalled LAN...but there's no mention it supports Internet streaming either. In fact, the RIAA may have a word or two to say about that. But all the discussion is surrounding how SlimServer controls *your* players, so a LAN is certainly implied. In fact the diagram 'here' (http://www.slimdevices.com/images/connectiondiagram.gif) pretty clearly shows it on the LAN - there isn't even a WAN connection drawn. If you are proficient in Perl, certainly, your assistance would be appreciated. I'm trying to learn it so I can contribute in some way, however small. Most people who have the knowledge to do so use SSH to stream remotely with SlimServer. That makes it impossible for even permitted remote hardware players to connect though. Software players only. BTW I don't know if you tried any of the streams Google found, but none of them work in my Squeezebox3. ;-) I realize that's not because of some hidden security feature but probably due to bandwidth restrictions. -- Mark Lanctot Mark Lanctot's Profile: http://forums.slimdevices.com/member.php?userid=2071 View this thread: http://forums.slimdevices.com/showthread.php?t=22424 ___ Discuss mailing list Discuss@lists.slimdevices.com http://lists.slimdevices.com/lists/listinfo/discuss
[slim] Re: Password protecting the server ...
kdf Wrote: > You can alter the server to accept ONLY players with a given MAC, for > instance. That's an interesting direction. Thanks. -- jmhayes jmhayes's Profile: http://forums.slimdevices.com/member.php?userid=3151 View this thread: http://forums.slimdevices.com/showthread.php?t=22424 ___ Discuss mailing list Discuss@lists.slimdevices.com http://lists.slimdevices.com/lists/listinfo/discuss
Re: [slim] Re: Password protecting the server ...
jmhayes wrote: > Robin Bowes Wrote: > >>What has the firmware got to do with this? > > > If there was a password required for the player, you'd have to have a > way to tell the player what the password was. But there isn't, so you don't. :) Submit an enhancement request at http://bugs.slimdevices.com and it may get added in the future. R. ___ Discuss mailing list Discuss@lists.slimdevices.com http://lists.slimdevices.com/lists/listinfo/discuss
[slim] Re: Password protecting the server ...
Robin Bowes Wrote: > What has the firmware got to do with this? If there was a password required for the player, you'd have to have a way to tell the player what the password was. -- jmhayes jmhayes's Profile: http://forums.slimdevices.com/member.php?userid=3151 View this thread: http://forums.slimdevices.com/showthread.php?t=22424 ___ Discuss mailing list Discuss@lists.slimdevices.com http://lists.slimdevices.com/lists/listinfo/discuss
Re: [slim] Re: Password protecting the server ...
jmhayes wrote: >>Slimserver is open source. > > > It's not the server that's the problem, it's the hardware device. > Where can I download the firmware? What has the firmware got to do with this? R. ___ Discuss mailing list Discuss@lists.slimdevices.com http://lists.slimdevices.com/lists/listinfo/discuss
Re: [slim] Re: Password protecting the server ...
jmhayes wrote: Mark Lanctot Wrote: So either start learning Perl or be a little more constructive and considerate please. I know Perl. And I also know a dumb feature when I see one :) I didn't come here to pick a fight, and I don't think I read anywhere that the device was "designed for a firewalled local network" -- a lot of the features are all about streams. Streams happen, ya know? There's a password feature on the server; how does the device get around it? That password only affects access to the web interface; the device doesn't use the web interface. QED. -- Jack at Monkeynoodle dot Org: It's a Scientific Venture... Riding the Emergency Third Rail Power Trip Since 1996 ___ Discuss mailing list Discuss@lists.slimdevices.com http://lists.slimdevices.com/lists/listinfo/discuss
[slim] Re: Password protecting the server ...
Mark Lanctot Wrote: > So either start learning Perl or be a little more constructive and > considerate please. I know Perl. And I also know a dumb feature when I see one :) I didn't come here to pick a fight, and I don't think I read anywhere that the device was "designed for a firewalled local network" -- a lot of the features are all about streams. Streams happen, ya know? There's a password feature on the server; how does the device get around it? -- jmhayes jmhayes's Profile: http://forums.slimdevices.com/member.php?userid=3151 View this thread: http://forums.slimdevices.com/showthread.php?t=22424 ___ Discuss mailing list Discuss@lists.slimdevices.com http://lists.slimdevices.com/lists/listinfo/discuss
Re: [slim] Re: Password protecting the server ...
On 26-Mar-06, at 2:59 PM, jmhayes wrote: Slimserver is open source. It's not the server that's the problem, it's the hardware device. Where can I download the firmware? I fail to see how firmware has anything to do with this. The player is a client. you don't need to stop anyone on the internet from getting to your player. You can alter the server to accept ONLY players with a given MAC, for instance. That should be 'fairly simple' since the server identifies each hardware player by it's mac address. Look in Slimproto, and it might be as simple as bouncing any player with a non matching MAC. -k ___ Discuss mailing list Discuss@lists.slimdevices.com http://lists.slimdevices.com/lists/listinfo/discuss
[slim] Re: Password protecting the server ...
> Slimserver is open source. It's not the server that's the problem, it's the hardware device. Where can I download the firmware? -- jmhayes jmhayes's Profile: http://forums.slimdevices.com/member.php?userid=3151 View this thread: http://forums.slimdevices.com/showthread.php?t=22424 ___ Discuss mailing list Discuss@lists.slimdevices.com http://lists.slimdevices.com/lists/listinfo/discuss
[slim] Re: Password protecting the server ...
jmhayes Wrote: > That's dumb. C'mon now. That's what the software is intended for, and 95% of users do it that way. The software is NOT intended for streaming over the Internet and the fact that it can do so at all is pure dumb luck. This function is unsupported. If you wish to change it...patches are welcome. This is an open-source project and it's possible to change it if you have the knowledge or if others agree with you. With your attitude so far in your 4 posts, getting others on board will be hard. So either start learning Perl or be a little more constructive and considerate please. -- Mark Lanctot Mark Lanctot's Profile: http://forums.slimdevices.com/member.php?userid=2071 View this thread: http://forums.slimdevices.com/showthread.php?t=22424 ___ Discuss mailing list Discuss@lists.slimdevices.com http://lists.slimdevices.com/lists/listinfo/discuss
Re: [slim] Re: Password protecting the server ...
jmhayes wrote: > mherger Wrote: > >>SlimServer is meant to feed players inhouse. > > > That's dumb. No, that's a design criterion. > I bought an extra player for my shop, which is on one of > those DSL lines that changes IP addresses all the time, so a firewall > with limitation by IP address is gonna get old quickly. Weird that > they put in the ability to set a WEP key but not some kind of password > on the player itself. Also: I'd like to let friends who have players > use my server too, but not just any old bloke who has Google :-) Slimserver is open source. Patches are welcome. R. ___ Discuss mailing list Discuss@lists.slimdevices.com http://lists.slimdevices.com/lists/listinfo/discuss
[slim] Re: Password protecting the server ...
mherger Wrote: > Still there are people who do it: > http://www.google.com/search?q=intitle%3A%22welcome.to.squeezebox%22+ And of course, there should be a robots.txt at the top of the server ... -- jmhayes jmhayes's Profile: http://forums.slimdevices.com/member.php?userid=3151 View this thread: http://forums.slimdevices.com/showthread.php?t=22424 ___ Discuss mailing list Discuss@lists.slimdevices.com http://lists.slimdevices.com/lists/listinfo/discuss
[slim] Re: Password protecting the server ...
mherger Wrote: > SlimServer is meant to feed players inhouse. That's dumb. I bought an extra player for my shop, which is on one of those DSL lines that changes IP addresses all the time, so a firewall with limitation by IP address is gonna get old quickly. Weird that they put in the ability to set a WEP key but not some kind of password on the player itself. Also: I'd like to let friends who have players use my server too, but not just any old bloke who has Google :-) -- jmhayes jmhayes's Profile: http://forums.slimdevices.com/member.php?userid=3151 View this thread: http://forums.slimdevices.com/showthread.php?t=22424 ___ Discuss mailing list Discuss@lists.slimdevices.com http://lists.slimdevices.com/lists/listinfo/discuss
[slim] Re: Password protecting the server ...
I agree that the password protection is curiously incomplete since it only controls access to Slimserver's web interface. There is, in fact, no way to completely restrict access to a slimserver within the slimserver application itself. However, slimserver's IP address restriction blocks all port 9000 traffic. With IP address restriction enabled, any Squeezebox could browse your collection but only authorized Squeezeboxes could actually play any music. This is probably sufficient. If you want to completely restrict access to your slimserver, you must use a firewall of some sort. For Linux, there is IPTables, which works quite well. Alternatively, you could set up some kind of access control on your router. -- rudholm rudholm's Profile: http://forums.slimdevices.com/member.php?userid=2980 View this thread: http://forums.slimdevices.com/showthread.php?t=22424 ___ Discuss mailing list Discuss@lists.slimdevices.com http://lists.slimdevices.com/lists/listinfo/discuss
[slim] Re: Password protecting the server ...
Well, at least we can turn on password protection (and change the default port). -- JSonnabend JSonnabend's Profile: http://forums.slimdevices.com/member.php?userid=760 View this thread: http://forums.slimdevices.com/showthread.php?t=22424 ___ Discuss mailing list Discuss@lists.slimdevices.com http://lists.slimdevices.com/lists/listinfo/discuss
[slim] Re: Password protecting the server ...
Ohhh free music ... LOL -- stevieweevie stevieweevie's Profile: http://forums.slimdevices.com/member.php?userid=4338 View this thread: http://forums.slimdevices.com/showthread.php?t=22424 ___ Discuss mailing list Discuss@lists.slimdevices.com http://lists.slimdevices.com/lists/listinfo/discuss
Re: [slim] Re: Password protecting the server ...
Does that mean that once I've opened my server to the outside world, anyone with a Squeeze Box can connect to my server? If so, that's pretty sad. SlimServer is meant to feed players inhouse. There's very little security, nobody knows about vulnerabilities. It's really not meant to be opened to the world. If you have another computer or (good) router on the player's side you could build some kind of VPN or SSH tunnel to protect your server. Or install a real firewall which can limit access to the server to certain IP addresses. Still there are people who do it: http://www.google.com/search?q=intitle%3A%22welcome.to.squeezebox%22+ -- Michael --- Help translate SlimServer by using the StringEditor Plugin (http://www.herger.net/slim/) ___ Discuss mailing list Discuss@lists.slimdevices.com http://lists.slimdevices.com/lists/listinfo/discuss
[slim] Re: Password protecting the server ...
mherger Wrote: > You can't. Only the http stream and CLI interface can be protected. > Don't have those players on _your_ network :-) Does that mean that once I've opened my server to the outside world, anyone with a Squeeze Box can connect to my server? If so, that's pretty sad. - Jeff -- JSonnabend JSonnabend's Profile: http://forums.slimdevices.com/member.php?userid=760 View this thread: http://forums.slimdevices.com/showthread.php?t=22424 ___ Discuss mailing list Discuss@lists.slimdevices.com http://lists.slimdevices.com/lists/listinfo/discuss
[slim] Re: Password protecting the server ...
Do you mean that the password protection on the server doesn't work? I haven't tried it, so I can't confirm this. Note you can also block connections from all IP addresses except for a whitelist you specify. Also, normally your SlimServer will be running on your LAN, which is behind your router, so it'll be as protected as any other device on your LAN. -- Mark Lanctot Mark Lanctot's Profile: http://forums.slimdevices.com/member.php?userid=2071 View this thread: http://forums.slimdevices.com/showthread.php?t=22424 ___ Discuss mailing list Discuss@lists.slimdevices.com http://lists.slimdevices.com/lists/listinfo/discuss