[icecast] unwanted oper login

Steve Smith steve.smith at isay.com.au
Tue Apr 10 04:57:12 UTC 2001



> I'm trying to figure out how this was done, so I can decide whether
> we should consider the whole system compromised, or if perhaps there
> is another machine on the LAN that's been compromised and used to
> sniff us out.

You should never send cleartext passwords across the network.
Unfortunately, icecast encourages this behaviour.  A much safer way to
administer the box you should ssh into it and telnet to localhost.  To
encourage this you should restrict admin logins to the localhost by
putting the following in your /etc/hosts.deny.

  icecast_admin: ALL EXCEPT 127.0.0.1

Using crypt passwords may help if you need to telnet remotely, but
cracking crypt is fairly trivial unless you use MD5 passwords.
Ideally it would be good if icecast supported challenge/response
logins, possibly through SASL.  I've been pondering this recently, but
I don't know enough about icecast yet to see how it would fit in.

Cheers,
Steve

--- >8 ----
List archives:  http://www.xiph.org/archives/
icecast project homepage: http://www.icecast.org/
To unsubscribe from this list, send a message to 'icecast-request at xiph.org'
containing only the word 'unsubscribe' in the body.  No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.



More information about the Icecast mailing list