Old 18th July 2003, 23:01   #1
veldh205
Junior Member
 
Join Date: May 2002
Location: Holland
Posts: 6
Send a message via ICQ to veldh205
Security with shoutcast stream!

I think there could be an secrurity problem if you are streaming with Shoutcast. I have an Alcatel Speedtouch 570 router with firewall but the port in use by Shoutcast is routed by the NAT. (that means that traffic will be permited) It's verry important to use a second firewall instead that no other access will be posible. But my question/problem is that i want to be sure that people cannot use this port (8000 / 8001) for other purpose than only to listen with Shoutcast. I have been hacked entirely this week. One of my former webmasters have the details of wich IP-adres and port i use for Shoutcast and problay break in to hack my entire Windows XP system. I'm pretty sure that all other ports are secured by the Alcatel router. I has to explain that at this time i had to close the software firewall due administrating reasons from remote (windows remote desktop) Down below i will give you some spes about my configuration. Maby my system can be secured even more?!

Windows XP Pro (Integrated firewall switched off)
Alcatel Speedtouch 570 with NAT

NAT configuration:

Shoutcast NAT: XX.XX.XX.XX:8000
Shoutcast NAT: XX.XX.XX.XX:8001
Remote Desktop Windows NAT: XX.XX.XX.XX:???? (don't know portnumber now...)

That are the only ports who are reachable from outside.

Further the Tiny Personal Firewall (latest version) and Mcafee Anti Virus (updated)

I use DHCP on my Router and my networkcard as well.

Is this secure enough or is it posible that i will lose my system again by an hacker?

What can i do more about it?

Do anybody have experience with this?
veldh205 is offline   Reply With Quote
Old 19th July 2003, 02:37   #2
FesterHead
Alumni
 
FesterHead's Avatar
 
Join Date: Sep 2001
Location: Maui, Hawaii
Posts: 14,108
Only open/forward services you know how to operate and understand.

When in doubt, just say no.

FesterHead is offline   Reply With Quote
Old 19th July 2003, 12:37   #3
matt2kjones
Major Dude
 
Join Date: May 2002
Location: UK
Posts: 929
Send a message via ICQ to matt2kjones Send a message via AIM to matt2kjones
lol everyone thinks routers are made to protect your system, well, unfortuently they arn't

u need to setup a firewall, a secure one, to do this find out what ports your system uses when connecting to the net

some of the default ports are:

DNS (to resolve domains to ips) 53 UDP connection
http (to allow your system to connect to web servers) 80 tcp connection
pop3 (to send mail) 110 tcp
smtp (to recieve mail) 25 tcp

once u know all the port numbers of all the software which connects from your system to the net, then open just those ports for OUTGOING connections

now, thats outgoing connections fixed up, now u need to sort incomming connections.

If you run a web server, open port 80 tcp
if you run shoutcast, open port 8000, 8001 (if those are the default ports)

note, if u know anything about firewalls then u will know that there are different rules for traffic originating from ur pc to the net, and different rules from the net to ur pc.

you should use a firewalling system which has seperate rules for incomming and outgoing connections.

a connection originating from the net, i.e connecting to ur pc, from a remote pc, to listen to your station, is an incomming connection, even though the traffic is outgoing.

a connection originating from ur pc, i.e ur pc connecting to a webserver on the internet, is an out going connection.

if u have no idea on firewalls then why broadcast LOL

dont use JUST a router to "protect" ur system, cos it wont, routers are designed to forward certain packets to certain machines.


TDD House & Trance Radio:
[ 64k Stream | Visit Site ]
matt2kjones is offline   Reply With Quote
Old 22nd July 2003, 05:17   #4
veldh205
Junior Member
 
Join Date: May 2002
Location: Holland
Posts: 6
Send a message via ICQ to veldh205
Security question

Wich Firewall software will be most effective and secure. In the Netherlands they all say: Zonneallarm 3 Pro and i use two firewalls, first of all free Tiny Personal Firewall and Second Zoneallarm 3 Pro. But there are several others like Norton Internet Security wich i think might be even a better one than Zoneallarm. But all it depends how to configure it. I use Shoutcast on the known ports... And use HTTP, POP3, ICQ (not the file transfer part) and FTP i think that i has to configure more in the software Firewalls. At least there's one good thing since i use both firewalls i can't ping myself from another computer(location) and there was one hacker who couldn't get through the system, he reported the system as 'stealht'.. (all ports seems to be closed, but i know how unsecure MS-stuff can be...
veldh205 is offline   Reply With Quote
Old 22nd July 2003, 05:33   #5
FesterHead
Alumni
 
FesterHead's Avatar
 
Join Date: Sep 2001
Location: Maui, Hawaii
Posts: 14,108
Are you Windude in disguise?

FesterHead is offline   Reply With Quote
Old 22nd July 2003, 14:01   #6
matt2kjones
Major Dude
 
Join Date: May 2002
Location: UK
Posts: 929
Send a message via ICQ to matt2kjones Send a message via AIM to matt2kjones
well, most firewalls are secure as long as they allow you to open and close ports that u choose.

port numbers are as following:

POP3: 110 (tcp connection)
SMTP: 25 (tcp connection)
DNS: 53 (udp connection)
HTTP: 80 (tcp connection)
IRC: 6667 - 6669 (tcp connection)

if u need to know more, run netstat then try to run the software which uses the port u need to find out

it will then tell u the port its trying to use and u can then open it


TDD House & Trance Radio:
[ 64k Stream | Visit Site ]
matt2kjones is offline   Reply With Quote
Old 24th July 2003, 06:06   #7
veldh205
Junior Member
 
Join Date: May 2002
Location: Holland
Posts: 6
Send a message via ICQ to veldh205
Security Shoutcast unsafe

I had an hacker in my system. I use ADSL with an Alcatel Router and need to open port 8000 in the router. But the problem is that the Firewalls like Zonealarm and Tiny Personal Firewall just alow the users to get on this port and that is understandable but unsafe. I want to know wich steps i could do to be more secured against such a hacker who know my fixed IP-adress and portnumber. Maby Shoutcast needs to change en review their security in de Server-tool?

Maby you raither have the same problem and maby you have an idea how to optain a firewall or solution what will fix this.!?
veldh205 is offline   Reply With Quote
Old 24th July 2003, 06:49   #8
FesterHead
Alumni
 
FesterHead's Avatar
 
Join Date: Sep 2001
Location: Maui, Hawaii
Posts: 14,108
It's easy:
No open/forwarded port(s), no SHOUTcast stream.

If all you have opened and forwarded is portBase and have the DNAS running (or if it's not running then you'll need no other services associated with portBase), then you're safe.

If you have other ports opened/forwarded and running services, then that could be the source of the problem. The latest DNAS has no known vulnerabilities.

Even then, the older DNASs vulnerabilities could only crash the DNAS not compromise your system.

This isn't a SHOUTcast issue.

FesterHead is offline   Reply With Quote
Old 24th July 2003, 08:06   #9
veldh205
Junior Member
 
Join Date: May 2002
Location: Holland
Posts: 6
Send a message via ICQ to veldh205
So no streaming is posible with Shoutcast!?

So if you consider to close the port you can't shoutcast, of is there still a posibility. Maby you can explain it a little more clear?
veldh205 is offline   Reply With Quote
Old 24th July 2003, 10:11   #10
Jay
Moderator Alumni
 
Jay's Avatar
 
Join Date: May 2000
Location: Next Door
Posts: 8,942
you security nuts are funny
Jay is offline   Reply With Quote
Old 24th July 2003, 11:26   #11
veldh205
Junior Member
 
Join Date: May 2002
Location: Holland
Posts: 6
Send a message via ICQ to veldh205
What do you mean

What do you mean with the last post. My mothertongue is Dutch and don't understand the meaning of your writing?

"you security nuts are funny"

I don't know what it means....
veldh205 is offline   Reply With Quote
Reply
Go Back   Winamp & Shoutcast Forums > Shoutcast > Shoutcast Technical Support

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump