lemmy999 wrote:
Peter;163189 Wrote:
Configure IP filters on your router and only allow certain IP addresses
in. That's perfectly secure and fairly easy to set up, provided your
'clients' have static ip's.
I have had 3 different routers (Linksys, Netgear and now a US Robotics)
and I
Peter;163189 Wrote:
Configure IP filters on your router and only allow certain IP addresses
in. That's perfectly secure and fairly easy to set up, provided your
'clients' have static ip's.
Regards,
Peter
I have had 3 different routers (Linksys, Netgear and now a US Robotics)
and I
jonheal;164307 Wrote:
I sort of hijacked another thread with this topic, so I'm moving back to
my own...
Well, I'm at a bit of a loss with the whole Reverse Proxy thing. It
definitely is prohibiting play (but allowing everything else) at this
point. I reckon I've got a http header
I sort of hijacked another thread with this topic, so I'm moving back to
my own...
I'm working on the Reverse Proxy approach right now. I'm far from a
networking expert, so it's all pretty much Greek to me, but I
downloaded a free reverse proxy server for Windows called at32 Reverse
Proxy.
no, no, jonheal,
come back to my thread!;-))
--
shadowboxer
shadowboxer's Profile: http://forums.slimdevices.com/member.php?userid=8302
View this thread: http://forums.slimdevices.com/showthread.php?t=30564
Opening a port on your firewall is like unlocking a door on your house.
The security implications depend on who or what is waiting behind that
door. As long as the software that answers the door is robust and
can't be duped there is no problem.
Unfortunately it is very difficult to write
renaissanceboy wrote:
as someone who is not a networking expert, i don't know enough about
forwarding procedures to say for sure, but if i have the option to use
any sort of security, i will (obviously) take it. perhaps you can
offer some advice on setting this up?
The best thing to handle
thank you very much. this has been very helpful.
it looks like the best thing for me to do is to create a separate user
account for slimserver, with read-only access to my music, and keep the
password protection on.
again, thanks a lot everyone.
--
renaissanceboy
this is part of the reason I uninstalled slimserver from my normal user
account (not an administrator, but plenty of personal information), and
reinstalled it under a dedicated slimserver user account. I then gave
the new slimserver user read-only access to my music library and
read-write to the
hi there, i'm a new member of slimserver (i do not have a squeezebox),
and i'm working on accessing my music library over the internet using
softsqueeze.
i've been corresponding with a few people in the beginners forum on the
non-static ip thread, but i still have a few unanswered questions, and
renaissanceboy;163114 Wrote:
first of all: if i forward ports 9000 and 3843 (or whatever they are),
what real-life security risks does that pose?
Anyone and their dog can access your SlimServer. I think to find these
in Google you do this:
so if i don't have any slim devices hardware (which i don't) the only
security risk is that someone could listen to/download my music? i'm
all right with that risk as long as there's no (or no significant)
danger of my files or network in general being accessed.
--
renaissanceboy
renaissanceboy;163118 Wrote:
so if i don't have any slim devices hardware (which i don't) the only
security risk is that someone could listen to/download my music?
They could still delete your player preferences or crash your
SlimServer.
i'm all right with that risk as long as there's no
renaissanceboy wrote:
first of all: if i forward ports 9000 and 3843 (or whatever they are),
what real-life security risks does that pose?
second: if i use slimserver's password protection (which i do), does
that offer a significant amount of protection?
third: is it a good idea, as i saw
as someone who is not a networking expert, i don't know enough about
forwarding procedures to say for sure, but if i have the option to use
any sort of security, i will (obviously) take it. perhaps you can
offer some advice on setting this up?
i'm running mac os x 10.4.8, so by separate user
jonheal wrote:
Pale Blue Ego;162253 Wrote:
Why would these ports be open to the world in the first place? You can
limit the address range.
Not practical, in this case. I plan on taking the SB to my
mother-in-law's for Christmas. She has Verizon DSL, but gets a dynamic
IP just like
At first I thought it didn't need to be, but it appears that port 9000
must also be open to play remotely with SoftSqueeze. You can browse
your collection in SoftSqueeze with 9000 closed but hit the play
button, and it makey no sound.
Drag. :-(
--
jonheal
Jon Heal says:
Have a nice day!
Pale Blue Ego;162253 Wrote:
Why would these ports be open to the world in the first place? You can
limit the address range.
Not practical, in this case. I plan on taking the SB to my
mother-in-law's for Christmas. She has Verizon DSL, but gets a dynamic
IP just like 99% of everybody with
Mark Lanctot wrote:
Peter;162026 Wrote:
Mark Lanctot wrote:
Plus an open port puts up a red flag to all the bots out there
looking
for interesting IPs. A hacker may come back and do some further
investigation - finding other things that may be much more dangerous
and
Jon,
You are right most providers give out dynamic IP addresses rather than
static. But it is very likely you will maintain the same IP address
time after time, unless you turn off your Broadband connection for a
long period.
Even if the IP address changes you could still only allow the IP
If there's one lesson to take away from this thread it's that
IP-location mapping services are largely useless :) They're based
primarily on ARIN lookups, and the ISP which owns theheals.net is based
on Las Vegas - whilst they obviously provide service all over the
country/world.
--
radish
Agree with Peter go with a VPN it possible. If not then limit the source
address range that you are opening the port to on your firewall. You can
always look at your firewall log to see what IP address you came in on
at what time.
As for buffer overflows it seems to be the easiest method to find
radish;162091 Wrote:
If there's one lesson to take away from this thread it's that
IP-location mapping services are largely useless :) They're based
primarily on ARIN lookups, and the ISP which owns theheals.net is based
on Las Vegas - whilst they obviously provide service all over the
Mark Lanctot wrote:
P.S. the hacker wannabe in me likes to try to bring up the router admin
pages in the hotels he connects. You'd be surprised what he finds.
Interesting link: http://www.phenoelit.de/dpl/dpl.html I also managed
to do this for an unsecured wireless network viewable from my
jonheal;162118 Wrote:
Well, I own the domain name, but no-ip.com is doing the dynamic dns for
me and they're based in Las Vegas, so that's where that comes from.
Sure - I meant they own the IP currently assigned to it rather than the
domain...but you knew that :)
--
radish
Peter;162026 Wrote:
Mark Lanctot wrote:
Plus an open port puts up a red flag to all the bots out there
looking
for interesting IPs. A hacker may come back and do some further
investigation - finding other things that may be much more dangerous
and that he can exploit immediately
This
Why would these ports be open to the world in the first place? You can
limit the address range.
--
Pale Blue Ego
Pale Blue Ego's Profile: http://forums.slimdevices.com/member.php?userid=110
View this thread:
The risk is that someone finds a weakness in the way SlimServer is
implemented that they can use to comandeer it for purposes nefarious.
--
byKnight
Really, it was like that when I got here.
byKnight's Profile:
Gregory Hamilton;161929 Wrote:
They can control your squeezboxes. Think of sudden loud music in the
middle
of the night!
They can download music from your server. There is a download link for
each
song.
They can display text messages on your Squeezeboxes.
But not if 9000 is closed,
SlimServer was not really designed for high security. With its ports
wide open, who knows what a determined hacker can do with it?
Plus an open port puts up a red flag to all the bots out there looking
for interesting IPs. A hacker may come back and do some further
investigation - finding
My take on this has always been that opening a port is not the issue its
the confidence you have in the software thats listening on that
port
The questions should really be:
- 'how resilient is Slimserver' to attacks (e.g. Buffer Overruns)
I guess thats one for the developers to answer.
-
Mark Lanctot;161935 Wrote:
SlimServer was not really designed for high security. With its ports
wide open, who knows what a determined hacker can do with it?
Plus an open port puts up a red flag to all the bots out there looking
for interesting IPs. A hacker may come back and do some
From what I understand, something has to be listening on a port in order for
there to be a security vulnerability. So I think in this case, yes,
SlimServer is the only possible security hole. AFAIK.
On 12/12/06, jonheal [EMAIL PROTECTED]
wrote:
Mark Lanctot;161935 Wrote:
SlimServer was
jonheal;161938 Wrote:
Now, here's where my lack of networking expertise comes into play ... if
a port is open, but nothing's listening on it, or in this case, only
SlimServer, is the only way into the network through that port, THROUGH
Slimserver?
Ports are opened to allow access to the
jonheal;161938 Wrote:
Now, here's where my lack of networking expertise comes into play ... if
a port is open, but nothing's listening on it, or in this case, only
SlimServer, is the only way into the network through that port, THROUGH
Slimserver?
Perhaps I typed out of turn here as I can't
Well, I closed 9000 because it's just plain unecessary. I also disabled
3483 on the router for the time being, mostly because I was afraid that
one of the guardian angels posting on this thread might decide to teach
me a lesson somehow!
;-)
Although now that I think about it, come on in ... if
jonheal;161952 Wrote:
Well, I closed 9000 because it's just plain unecessary. I also disabled
3483 on the router for the time being, mostly because I was afraid that
one of the guardian angels posting on this thread might decide to teach
me a lesson somehow!
;-)
Although now that I
Mark Lanctot;161959 Wrote:
But I'm not sure if I really belong in your basement! :-D Love the
guard dog...
You obviously have a web server running - suffice it to say that's more
complex than 99% of home users out there. It suggests your network is
well secured - you probably know your
jonheal;161960 Wrote:
Mark,
I thought it might have been you that was visiting as I reverse DNSed
one of the IPs in the web server log and it pointed to a particular
cable company in a particular country somewhat to the north of me,
which is where I think you reside. :-)
I'm in
What I'd worry about: SlimServer is the single easiest application to
crash that I've ever seen. Transpose a single letter in the query
string and it's history.
Try this link from a browswer running on your server:
http://localhost:9000/browsedb.html?hierarchy=album,tracc
I suppose someone
Mark Lanctot;161965 Wrote:
The reverse DNS lookup by location shows you're in Las Vegas. LOL!
Ah, but my rdns is more amusing: depending on how the roundrobin record
works, I move around from OR to WA or MN... methinks comcast is very
confused.
NET-24-20-0-0-1 is very odd. This isnt my
JJZolx;161967 Wrote:
What I'd worry about: SlimServer is the single easiest application to
crash that I've ever seen. Transpose a single letter in the query
string and it's history.
Try this link from a browswer running on your server:
Mark Lanctot wrote:
Plus an open port puts up a red flag to all the bots out there looking
for interesting IPs. A hacker may come back and do some further
investigation - finding other things that may be much more dangerous
and that he can exploit immediately
This makes no sense IMHO.
MrC wrote:
jonheal;161938 Wrote:
Now, here's where my lack of networking expertise comes into play ... if
a port is open, but nothing's listening on it, or in this case, only
SlimServer, is the only way into the network through that port, THROUGH
Slimserver?
Ports are opened to allow
jonheal wrote:
Well, I closed 9000 because it's just plain unecessary. I also disabled
3483 on the router for the time being, mostly because I was afraid that
one of the guardian angels posting on this thread might decide to teach
me a lesson somehow!
;-)
Although now that I think about it,
45 matches
Mail list logo
