[Icecast] running an icecast server

Edoardo Putti edoardo.putti at gmail.com
Mon Jan 18 16:32:33 UTC 2016 

Ok people, thank for your much needed info.

I will  follow up with the outcomes when the project is running

Edoardo

2016-01-17 17:24 GMT+01:00 David Saunders <abitar.com at gmail.com>:

> oops, I hit the return and it got sent.
>
> All those questions depends on the application you setting up.   if your
> worried about security, isolate the icecast server from your network.
>
> We designed a user interface on the company web site fronts the stream
> servers. The customers get a simple URL for the stream. We use several
> stream servers some on site and some off, our web server setup to server up
> a play list or a message when the http client goes to stream.company/mount.
> When you go to the company site www.comapny/mount you get information about
> the stream, and archive.company/mount will bring up archives :)
>
>  since we run multiple IPs with multiple servers and multiple connections
> to the internet we can spread the load around. We aculy have not done any
> customization of the icecast servers  they are set up on the default ports.
>
>
> only thing we have seen over the years with icecast is a attempt to DOS
> the mount point.  We would get 1000s/sec of connection with no streaming,
>  I wrote a condition in the security monitor that will block the ip and
> place it in the blacklist of icecast. And we have a short spike of
> connections now then they get blocked off. And since I keep the black list
> updated I remove any connections from that IP from then stream use report.
>
>
> What you can disable or enable on the UI I never got into, Never needed
> to. Just use strong passwords. Make separate passwords for all sources. And
> only use the master password for testing or emergency use.
>
>
>
>
> On Sun, Jan 17, 2016 at 9:36 AM, David Saunders <abitar.com at gmail.com>
> wrote:
>
>> Hey.
>>
>>       They are big questions,  I no expert with exploits of icecast so I
>> will give you what I have gain from experiences.
>>
>>
>>
>> On Sun, Jan 17, 2016 at 9:30 AM, Edoardo Putti <edoardo.putti at gmail.com>
>> wrote:
>>
>>> Hello everyone,
>>>
>>> I'm in the process of running an Icecast server and I would like to know
>>> some best pratices.
>>>
>>> 1. Should I place Icecast on port 8000 or should I change that to one
>>> more common (80, 443...)?
>>> 2. Should I place the server behind a webserver like ngingx or apache?
>>> 3.Can I disable the login interface? what can be disabled?
>>>
>>> My best guess is to run icecast behind a webserver, keeping icecast on
>>> port 8000 and refusing everything that is not a request for a legit mount,
>>> adding a custom admin url.
>>>
>>> Thanks for your input
>>>
>>> Edoardo Putti
>>>
>>> _______________________________________________
>>> Icecast mailing list
>>> Icecast at xiph.org
>>> http://lists.xiph.org/mailman/listinfo/icecast
>>>
>>>
>>
>
> _______________________________________________
> Icecast mailing list
> Icecast at xiph.org
> http://lists.xiph.org/mailman/listinfo/icecast
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xiph.org/pipermail/icecast/attachments/20160118/66e8ee92/attachment.htm>

More information about the Icecast mailing list