From vitjam at gmail.com Fri Jun 1 21:02:01 2018 From: vitjam at gmail.com (Victor Moreno) Date: Fri, 1 Jun 2018 16:02:01 -0500 Subject: [Icecast] Attack DDos Message-ID: Hi. I have a problem with the icecast. When I activate the service I am having an exesive consumption in the ip queries. It seems like a DDOS attack. How can I mitigate this attack? Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: From vitjam at gmail.com Tue Jun 5 19:16:08 2018 From: vitjam at gmail.com (Victor Moreno) Date: Tue, 5 Jun 2018 14:16:08 -0500 Subject: [Icecast] Help attack DDOS Message-ID: Hi. I have a problem with the icecast. When I activate the service I am having an exesive consumption in the ip queries. It seems like a DDOS attack. How can I mitigate this attack? Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: From alex at mordormx.net Tue Jun 5 19:52:25 2018 From: alex at mordormx.net (Alejandro Flores) Date: Tue, 5 Jun 2018 14:52:25 -0500 Subject: [Icecast] Help attack DDOS In-Reply-To: References: Message-ID: I think you should contact to your connectivity provider, hopefully they can provide you the Anti DDOS protection. On Tue, Jun 5, 2018 at 2:16 PM, Victor Moreno wrote: > Hi. > > I have a problem with the icecast. When I activate the service I am having > an exesive consumption in the ip queries. It seems like a DDOS attack. How > can I mitigate this attack? > > Thanks. > > > _______________________________________________ > Icecast mailing list > Icecast at xiph.org > http://lists.xiph.org/mailman/listinfo/icecast > > -- Alejandro Flores L. LIA. CEH. VCP. 5513998178 -------------- next part -------------- An HTML attachment was scrubbed... URL: From vitjam at gmail.com Tue Jun 5 20:07:09 2018 From: vitjam at gmail.com (Victor Moreno) Date: Tue, 5 Jun 2018 15:07:09 -0500 Subject: [Icecast] Help attack DDOS In-Reply-To: References:

Message-ID: I ask because I only receive attacks when I activate icecast. I can not do anything at the application level ?. i used ubuntu server 16.04. thanks. 2018-06-05 14:52 GMT-05:00 Alejandro Flores : > I think you should contact to your connectivity provider, hopefully they > can provide you the Anti DDOS protection. > > > On Tue, Jun 5, 2018 at 2:16 PM, Victor Moreno wrote: > >> Hi. >> >> I have a problem with the icecast. When I activate the service I am >> having an exesive consumption in the ip queries. It seems like a DDOS >> attack. How can I mitigate this attack? >> >> Thanks. >> >> >> _______________________________________________ >> Icecast mailing list >> Icecast at xiph.org >> http://lists.xiph.org/mailman/listinfo/icecast >> >> > > > -- > Alejandro Flores L. > LIA. CEH. VCP. > 5513998178 > > _______________________________________________ > Icecast mailing list > Icecast at xiph.org > http://lists.xiph.org/mailman/listinfo/icecast > > -- Victor Moreno Ingeniero Electr?nico 3177684646 -------------- next part -------------- An HTML attachment was scrubbed... URL: From alex at mordormx.net Tue Jun 5 20:10:03 2018 From: alex at mordormx.net (Alejandro Flores) Date: Tue, 5 Jun 2018 15:10:03 -0500 Subject: [Icecast] Help attack DDOS In-Reply-To: References:

Message-ID: may be this url can help https://icecast.imux.net/viewtopic.php?p=7084&sid=6ce1e17b6ad49e0a24be0e60b526f760 " [image: Post] Posted: Mon Jan 29, 2007 12:14 pm Post subject: [image: Reply with quote] ------------------------------ These firewall rules (iptables) could help: *Code:* iptables -A INPUT -p tcp --dport 8000 -m state --state NEW -m recent -i eth0 --set --name ICECAST -j ACCEPT iptables -A INPUT -p tcp --dport 8000 -m recent -i eth0 --update --seconds 60 --hitcount 4 --rttl --name ICECAST -j LOG --log-prefix "ICECAST_too_many_connections" iptables -A INPUT -p tcp --dport 8000 -m recent -i eth0 --update --seconds 60 --hitcount 4 --rttl --name ICECAST -j DROP This allows three connections within a minute by the same IP, the forth will cause the IP to be blocked for another minute. On Tue, Jun 5, 2018 at 3:07 PM, Victor Moreno wrote: > > I ask because I only receive attacks when I activate icecast. I can not do > anything at the application level ?. i used ubuntu server 16.04. thanks. > > 2018-06-05 14:52 GMT-05:00 Alejandro Flores : > >> I think you should contact to your connectivity provider, hopefully they >> can provide you the Anti DDOS protection. >> >> >> On Tue, Jun 5, 2018 at 2:16 PM, Victor Moreno wrote: >> >>> Hi. >>> >>> I have a problem with the icecast. When I activate the service I am >>> having an exesive consumption in the ip queries. It seems like a DDOS >>> attack. How can I mitigate this attack? >>> >>> Thanks. >>> >>> >>> _______________________________________________ >>> Icecast mailing list >>> Icecast at xiph.org >>> http://lists.xiph.org/mailman/listinfo/icecast >>> >>> >> >> >> -- >> Alejandro Flores L. >> LIA. CEH. VCP. >> 5513998178 >> >> _______________________________________________ >> Icecast mailing list >> Icecast at xiph.org >> http://lists.xiph.org/mailman/listinfo/icecast >> >> > > > -- > Victor Moreno > Ingeniero Electr?nico > 3177684646 > > _______________________________________________ > Icecast mailing list > Icecast at xiph.org > http://lists.xiph.org/mailman/listinfo/icecast > > -- Alejandro Flores L. LIA. CEH. VCP. 5513998178 -------------- next part -------------- An HTML attachment was scrubbed... URL: From yahav.shasha at gmail.com Tue Jun 5 20:17:34 2018 From: yahav.shasha at gmail.com (Yahav Shasha) Date: Tue, 5 Jun 2018 23:17:34 +0300 Subject: [Icecast] Help attack DDOS In-Reply-To: References:

Message-ID: Server software firewall cannot help with ddos attacks. Basically if those are indeed ddos attacks you?ll have to look into mitigation solutions which are quite expensive. CloudFlare won?t work as well since they do not support streaming. You should consider getting a server at a data center which provide ddos mitigation, I know that OVH?s mitigation is quite good. ?????? ??? ??, 5 ????? 2018 ?-23:10 ??? Alejandro Flores : > may be this url can help > > > https://icecast.imux.net/viewtopic.php?p=7084&sid=6ce1e17b6ad49e0a24be0e60b526f760 > > > " > [image: Post] > Posted: > Mon Jan 29, 2007 12:14 pm Post subject: [image: Reply with quote] > > ------------------------------ > These firewall rules (iptables) could help: > > *Code:* > iptables -A INPUT -p tcp --dport 8000 -m state --state NEW -m recent -i > eth0 --set --name ICECAST -j ACCEPT > iptables -A INPUT -p tcp --dport 8000 -m recent -i eth0 --update --seconds > 60 --hitcount 4 --rttl --name ICECAST -j LOG --log-prefix > "ICECAST_too_many_connections" > iptables -A INPUT -p tcp --dport 8000 -m recent -i eth0 --update --seconds > 60 --hitcount 4 --rttl --name ICECAST -j DROP > > This allows three connections within a minute by the same IP, the forth > will cause the IP to be blocked for another minute. > > > On Tue, Jun 5, 2018 at 3:07 PM, Victor Moreno wrote: > >> >> I ask because I only receive attacks when I activate icecast. I can not >> do anything at the application level ?. i used ubuntu server 16.04. >> thanks. >> >> 2018-06-05 14:52 GMT-05:00 Alejandro Flores : >> >>> I think you should contact to your connectivity provider, hopefully they >>> can provide you the Anti DDOS protection. >>> >>> >>> On Tue, Jun 5, 2018 at 2:16 PM, Victor Moreno wrote: >>> >>>> Hi. >>>> >>>> I have a problem with the icecast. When I activate the service I am >>>> having an exesive consumption in the ip queries. It seems like a DDOS >>>> attack. How can I mitigate this attack? >>>> >>>> Thanks. >>>> >>>> >>>> _______________________________________________ >>>> Icecast mailing list >>>> Icecast at xiph.org >>>> http://lists.xiph.org/mailman/listinfo/icecast >>>> >>>> >>> >>> >>> -- >>> Alejandro Flores L. >>> LIA. CEH. VCP. >>> 5513998178 >>> >>> _______________________________________________ >>> Icecast mailing list >>> Icecast at xiph.org >>> http://lists.xiph.org/mailman/listinfo/icecast >>> >>> >> >> >> -- >> Victor Moreno >> Ingeniero Electr?nico >> 3177684646 >> >> _______________________________________________ >> Icecast mailing list >> Icecast at xiph.org >> http://lists.xiph.org/mailman/listinfo/icecast >> >> > > > -- > Alejandro Flores L. > LIA. CEH. VCP. > 5513998178 > _______________________________________________ > Icecast mailing list > Icecast at xiph.org > http://lists.xiph.org/mailman/listinfo/icecast > -- Yahav Shasha, Web Developer +972-(0)549214421 http://www.linkedin.com/in/yahavs -------------- next part -------------- An HTML attachment was scrubbed... URL: From romeo.r at gmail.com Wed Jun 6 06:40:39 2018 From: romeo.r at gmail.com (Roman) Date: Wed, 6 Jun 2018 09:40:39 +0300 Subject: [Icecast] Help attack DDOS In-Reply-To: References:

Message-ID: ??, 5 ???. 2018 ?., 23:17 Yahav Shasha : > Server software firewall cannot help with ddos attacks. > I wouldn't say that. If is about tcp syn or connect type of an attack, than those iptables rules + syn cookies in sysctl would help much. If it is kind of a udp flood than yes, you are right, nothing will help much, only services like cloudlare, but they are too expensive for saving online radio I guess. I would analyze, what type of an attack it is and if it is an udp flood then just move to another ip (if those are not hostname based attacks of course) -------------- next part -------------- An HTML attachment was scrubbed... URL: From yahav.shasha at gmail.com Wed Jun 6 06:57:17 2018 From: yahav.shasha at gmail.com (Yahav Shasha) Date: Wed, 6 Jun 2018 09:57:17 +0300 Subject: [Icecast] Help attack DDOS In-Reply-To: References:

Message-ID: well, on a large enough scale, it won't matter even if the server drops them, it will clog the nic way before it even gets to the server.. On Wed, Jun 6, 2018 at 9:40 AM Roman wrote: > > ??, 5 ???. 2018 ?., 23:17 Yahav Shasha : > >> Server software firewall cannot help with ddos attacks. >> > > I wouldn't say that. If is about tcp syn or connect type of an attack, > than those iptables rules + syn cookies in sysctl would help much. If it is > kind of a udp flood than yes, you are right, nothing will help much, only > services like cloudlare, but they are too expensive for saving online radio > I guess. I would analyze, what type of an attack it is and if it is an udp > flood then just move to another ip (if those are not hostname based attacks > of course) > _______________________________________________ > Icecast mailing list > Icecast at xiph.org > http://lists.xiph.org/mailman/listinfo/icecast > -- Yahav Shasha, Web Developer +972-(0)549214421 http://www.linkedin.com/in/yahavs -------------- next part -------------- An HTML attachment was scrubbed... URL: From romeo.r at gmail.com Wed Jun 6 07:11:47 2018 From: romeo.r at gmail.com (Roman) Date: Wed, 6 Jun 2018 10:11:47 +0300 Subject: [Icecast] Help attack DDOS In-Reply-To: References:

Message-ID: 2018-06-06 9:57 GMT+03:00 Yahav Shasha : > well, on a large enough scale, it won't matter even if the server drops > them, it will clog the nic way before it even gets to the server.. > > Still you are right if we speak about super mega extra large scale of tcp syn attack, but I've never actually seen them THAT big. Usually few hundreds of bots running on cheap vps with 100 mbps shared connection, which typical nowadays server might take care of on a 1 gbps port. TCP requests are not that large to hit the nic at 1 gbps connection. It might be like 1 mln or even more requests to kill it. To kill a 100 mbps port you have to generate like somehow about 210 000 syn pps. Thats a lot. And for 1 gbps its like 2 100 00 pps. This should be really large botnet all over the world, otherwise it will be kept down by and upstream provider, as they don't like ddos also. If it would be that large this guy would be blackholed on the bgp layer already. -- Best regards, Roman. -------------- next part -------------- An HTML attachment was scrubbed... URL: From geoff at QuiteLikely.com Wed Jun 6 09:36:04 2018 From: geoff at QuiteLikely.com (Geoff Shang) Date: Wed, 6 Jun 2018 12:36:04 +0300 (IDT) Subject: [Icecast] Help attack DDOS In-Reply-To: References: Message-ID: On Tue, 5 Jun 2018, Victor Moreno wrote: > I have a problem with the icecast. When I activate the service I am having > an exesive consumption in the ip queries. It seems like a DDOS attack. How > can I mitigate this attack? Why do you think it's a DDOS? What do you see? If it's an option, try running it on another port. HTH, Geoff. From vitjam at gmail.com Wed Jun 6 14:50:06 2018 From: vitjam at gmail.com (Victor Moreno) Date: Wed, 6 Jun 2018 09:50:06 -0500 Subject: [Icecast] Help attack DDOS In-Reply-To: References: Message-ID: i used this command netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n I've also changed the port and it shows a flood of ips blocking the icecast 2018-06-06 4:36 GMT-05:00 Geoff Shang : > On Tue, 5 Jun 2018, Victor Moreno wrote: > > I have a problem with the icecast. When I activate the service I am having >> an exesive consumption in the ip queries. It seems like a DDOS attack. How >> can I mitigate this attack? >> > > Why do you think it's a DDOS? What do you see? > > If it's an option, try running it on another port. > > HTH, > Geoff. > > > _______________________________________________ > Icecast mailing list > Icecast at xiph.org > http://lists.xiph.org/mailman/listinfo/icecast > -- Victor Moreno Ingeniero Electr?nico 3177684646 -------------- next part -------------- An HTML attachment was scrubbed... URL: From alex at mordormx.net Wed Jun 6 14:53:11 2018 From: alex at mordormx.net (Alejandro Flores) Date: Wed, 6 Jun 2018 09:53:11 -0500 Subject: [Icecast] Help attack DDOS In-Reply-To: References: Message-ID: What's the command output? On Wed, Jun 6, 2018, 9:50 AM Victor Moreno wrote: > i used this command > netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n > > > I've also changed the port and it shows a flood of ips blocking the icecast > > > 2018-06-06 4:36 GMT-05:00 Geoff Shang : > >> On Tue, 5 Jun 2018, Victor Moreno wrote: >> >> I have a problem with the icecast. When I activate the service I am having >>> an exesive consumption in the ip queries. It seems like a DDOS attack. >>> How >>> can I mitigate this attack? >>> >> >> Why do you think it's a DDOS? What do you see? >> >> If it's an option, try running it on another port. >> >> HTH, >> Geoff. >> >> >> _______________________________________________ >> Icecast mailing list >> Icecast at xiph.org >> http://lists.xiph.org/mailman/listinfo/icecast >> > > > > -- > Victor Moreno > Ingeniero Electr?nico > 3177684646 > _______________________________________________ > Icecast mailing list > Icecast at xiph.org > http://lists.xiph.org/mailman/listinfo/icecast > -------------- next part -------------- An HTML attachment was scrubbed... URL: From vitjam at gmail.com Wed Jun 6 15:04:07 2018 From: vitjam at gmail.com (Victor Moreno) Date: Wed, 6 Jun 2018 10:04:07 -0500 Subject: [Icecast] Help attack DDOS In-Reply-To: References: Message-ID: netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n 1 101.201.239.150 1 103.10.228.221 1 103.105.228.102 1 103.1.186.123 1 103.19.81.76 1 103.205.134.178 1 103.205.26.95 1 103.25.192.150 1 103.26.56.30 1 103.27.0.15 1 103.28.225.17 1 103.39.49.204 1 103.42.162.58 1 103.48.56.130 1 103.58.117.60 1 103.74.239.170 1 103.76.15.28 1 103.78.213.149 1 103.80.36.174 1 104.131.214.218 1 107.16.94.224 1 108.160.137.0 1 109.172.104.122 1 109.196.34.51 1 110.139.125.101 1 110.44.127.241 1 111.23.44.155 1 111.8.191.138 1 112.140.184.147 1 112.78.149.90 1 113.255.29.133 1 115.127.68.70 1 115.69.217.10 1 116.255.35.23 1 116.58.5.106 1 117.54.138.118 1 118.97.107.46 1 118.97.191.205 1 119.23.217.114 1 119.28.24.210 1 119.28.68.27 1 120.50.12.146 1 120.52.73.1 1 121.121.125.2 1 121.140.126.250 1 121.40.203.232 1 123.176.43.144 1 124.118.31.104 1 124.121.192.224 1 124.124.21.97 1 125.164.17.131 1 125.62.213.30 1 128.199.142.35 1 128.199.77.93 1 128.75.78.240 1 129.205.210.90 1 132.148.150.41 1 132.255.244.66 1 13.69.82.216 1 138.68.236.23 1 138.97.140.20 1 139.194.59.97 1 139.255.104.226 1 139.59.124.149 1 139.59.2.223 1 139.99.40.10 1 139.99.40.11 1 14.139.189.211 1 14.36.4.200 1 145.239.93.131 1 145.249.106.107 1 146.185.179.32 1 147.135.210.114 1 148.251.211.123 1 150.109.42.234 1 150.163.105.2 1 150.242.180.151 1 154.118.241.146 1 154.119.46.44 1 154.119.60.227 1 154.48.196.3 1 154.66.157.126 1 155.4.12.61 1 156.54.63.205 1 159.65.168.119 1 159.65.168.7 1 159.65.175.251 1 163.172.98.25 1 165.132.106.71 1 167.99.209.216 1 167.99.93.3 1 168.181.162.94 1 168.228.185.51 1 168.228.191.161 1 168.90.67.73 1 169.254.169.254 1 169.255.4.9 1 170.79.16.19 1 171.244.32.140 1 173.201.177.140 1 173.212.203.209 1 173.68.185.170 1 175.107.14.114 1 176.107.110.112 1 176.37.3.102 1 176.53.2.122 1 176.9.28.86 1 177.103.182.12 1 177.11.120.210 1 177.125.37.124 1 177.134.172.181 1 177.136.252.7 1 177.184.136.74 1 177.204.155.131 1 177.21.109.50 1 177.223.108.55 1 177.22.91.211 1 177.43.41.140 1 177.44.135.166 1 177.54.142.222 1 177.67.83.134 1 178.132.3.94 1 178.162.216.1 1 178.238.228.187 1 179.105.131.222 1 179.107.111.138 1 179.97.47.54 1 180.210.177.86 1 180.210.201.54 1 180.210.201.55 1 180.210.205.104 1 180.210.205.107 1 180.210.206.53 1 180.250.149.73 1 180.250.182.50 1 180.250.214.34 1 180.250.60.218 1 180.253.17.219 1 180.94.64.51 1 181.113.27.98 1 181.40.78.174 1 181.49.92.247 1 18.188.165.157 1 182.100.67.244 1 18.217.198.64 1 182.23.101.178 1 182.23.107.212 1 182.23.98.211 1 182.253.188.186 1 182.253.26.244 1 182.52.236.125 1 182.53.197.116 1 182.72.30.66 1 182.76.113.206 1 182.76.222.54 1 183.88.217.201 1 183.88.232.207 1 183.89.24.189 1 185.118.25.10 1 185.18.255.85 1 185.22.174.69 1 185.229.224.61 1 185.64.16.117 1 185.91.19.131 1 186.10.5.139 1 186.194.65.93 1 186.208.112.202 1 186.216.220.171 1 186.236.237.143 1 186.248.68.126 1 186.83.66.5 1 186.89.94.168 1 186.91.247.226 1 186.93.13.217 1 187.108.114.74 1 187.110.238.130 1 187.110.93.120 1 187.16.255.98 1 187.18.113.159 1 187.190.221.71 1 187.33.82.126 1 187.45.112.79 1 187.45.127.87 1 187.49.197.90 1 187.5.218.215 1 187.53.60.98 1 187.60.217.161 1 187.9.214.58 1 188.213.174.124 1 188.232.183.166 1 188.40.141.216 1 189.124.17.126 1 189.51.98.214 1 189.76.94.20 1 189.91.62.70 1 190.12.48.158 1 190.207.62.189 1 190.52.175.76 1 190.72.133.136 1 190.75.89.185 1 191.240.159.90 1 191.6.65.43 1 194.182.72.223 1 194.187.216.228 1 195.146.133.90 1 195.154.207.153 1 195.201.43.199 1 195.201.7.153 1 195.209.232.146 1 196.202.194.127 1 197.155.158.22 1 197.210.252.39 1 197.211.45.3 1 197.231.221.211 1 200.114.97.14 1 200.141.94.190 1 200.199.93.98 1 200.229.238.42 1 200.240.245.128 1 200.255.122.174 1 200.49.43.106 1 200.94.21.194 1 201.167.56.18 1 201.18.98.18 1 202.142.159.204 1 202.148.20.218 1 202.162.214.118 1 202.29.238.178 1 202.43.160.142 1 202.51.102.102 1 203.150.138.227 1 203.189.136.139 1 203.99.118.10 1 206.189.181.249 1 207.154.245.20 1 208.47.176.252 1 208.67.183.240 1 209.222.86.48 1 212.237.15.218 1 212.237.30.237 1 212.237.61.17 1 212.46.199.10 1 212.95.180.50 1 212.98.150.50 1 213.108.18.72 1 213.138.103.117 1 213.142.149.2 1 213.192.31.173 1 213.198.241.6 1 217.175.37.205 1 217.182.92.162 1 217.25.210.34 1 218.186.27.31 1 221.14.140.125 1 222.124.145.94 1 222.124.22.133 1 223.93.172.248 1 23.88.111.26 1 31.25.141.46 1 34.251.241.57 1 35.162.163.132 1 35.188.131.123 1 35.233.27.203 1 36.110.175.130 1 36.67.10.9 1 36.77.247.10 1 36.78.130.224 1 36.80.46.225 1 36.81.255.73 1 36.89.39.170 1 37.187.116.199 1 37.187.99.146 1 37.59.79.10 1 39.104.74.95 1 41.128.189.53 1 41.38.212.23 1 41.65.111.226 1 41.75.76.75 1 42.191.126.223 1 43.241.130.242 1 43.250.81.138 1 45.112.126.238 1 45.115.39.139 1 45.249.9.22 1 45.251.230.214 1 45.76.218.233 1 45.76.234.152 1 45.79.139.169 1 46.16.226.10 1 47.252.1.152 1 47.52.231.140 1 47.75.65.202 1 47.88.192.22 1 47.98.33.168 1 50.63.128.151 1 51.15.101.16 1 51.15.121.195 1 51.15.221.10 1 51.254.122.19 1 51.254.132.238 1 51.255.138.248 1 51.38.114.104 1 51.38.192.206 1 5.196.189.104 1 52.187.59.51 1 52.192.39.237 1 52.214.181.43 1 52.221.40.19 1 5.226.70.68 1 52.76.57.164 1 57.100.2.254 1 58.74.78.19 1 60.191.134.165 1 61.178.63.165 1 61.185.137.126 1 62.1.84.229 1 66.119.8.72 1 69.85.70.37 1 71.13.112.152 1 78.111.4.30 1 78.136.240.42 1 78.189.65.220 1 78.81.24.112 1 79.137.182.166 1 79.137.85.204 1 79.140.1.198 1 80.211.0.244 1 80.211.141.177 1 80.211.144.80 1 80.211.148.20 1 80.211.154.220 1 80.211.16.27 1 80.211.180.224 1 80.211.182.207 1 80.211.184.190 1 80.211.184.53 1 80.211.189.165 1 80.211.225.28 1 80.211.228.238 1 80.211.41.5 1 80.211.5.160 1 81.219.21.126 1 81.22.54.60 1 81.26.130.121 1 81.29.244.238 1 82.137.250.213 1 82.223.8.133 1 83.220.62.38 1 84.22.61.46 1 84.233.227.3 1 84.47.174.19 1 85.29.136.212 1 85.97.111.254 1 86.105.51.105 1 88.117.233.210 1 88.205.171.222 1 88.250.193.77 1 89.187.235.59 1 90.187.51.41 1 90.45.26.244 1 91.121.88.53 1 91.191.33.166 1 91.222.117.82 1 91.250.97.225 1 91.73.131.254 1 92.222.74.221 1 92.241.230.224 1 92.43.128.238 1 93.170.186.7 1 94.23.196.68 1 94.242.59.245 1 95.111.137.65 1 95.210.109.32 1 95.216.136.29 1 95.51.119.19 1 Address 1 servers) 2 1.0.134.163 2 103.243.81.234 2 110.136.166.198 2 112.140.184.139 2 112.74.207.50 2 114.215.192.184 2 118.97.168.202 2 120.26.110.59 2 122.166.222.186 2 134.119.223.242 2 136.243.145.143 2 145.239.77.20 2 146.52.85.22 2 153.149.171.138 2 159.65.9.66 2 167.114.250.199 2 167.99.5.127 2 171.15.22.199 2 176.31.125.111 2 182.23.31.130 2 184.82.10.112 2 185.122.202.85 2 185.187.182.25 2 185.21.77.83 2 185.238.72.12 2 185.93.3.123 2 186.103.239.190 2 186.211.96.27 2 186.91.251.215 2 187.86.6.97 2 191.248.228.70 2 191.252.1.236 2 195.201.40.120 2 198.199.127.16 2 201.183.235.193 2 201.20.98.42 2 202.21.32.148 2 212.237.36.234 2 212.72.150.51 2 213.24.60.52 2 213.6.40.142 2 217.234.140.40 2 222.124.179.123 2 35.190.133.37 2 36.67.231.3 2 36.72.230.227 2 45.55.157.204 2 46.162.197.248 2 50.203.87.49 2 51.255.235.168 2 51.38.233.169 2 52.172.35.99 2 52.224.48.30 2 54.37.156.128 2 54.38.156.250 2 61.247.58.103 2 62.80.223.139 2 66.82.144.29 2 74.208.169.201 2 74.208.217.160 2 79.143.85.36 2 80.211.148.100 2 80.211.37.110 2 81.30.181.181 2 81.82.209.76 2 85.90.208.4 2 92.195.32.88 2 92.38.47.226 2 93.85.95.152 2 94.177.216.109 2 94.177.218.60 2 94.23.81.70 3 103.82.242.239 3 118.34.212.110 3 119.28.152.208 3 128.199.188.44 3 137.74.158.246 3 144.217.105.153 3 152.92.200.66 3 167.99.70.190 3 187.32.209.40 3 189.112.72.215 3 190.82.70.109 3 193.2.40.8 3 202.171.138.193 3 212.112.122.161 3 67.149.165.136 3 80.211.6.201 3 88.19.124.26 4 117.244.15.243 4 189.85.84.186 4 200.63.129.132 5 191.32.57.18 5 50.233.136.254 5 81.162.56.154 6 101.50.1.2 6 175.98.239.87 6 178.140.57.118 6 202.183.32.6 6 47.95.33.79 6 47.95.36.86 6 62.140.252.21 7 109.74.75.61 7 121.254.214.219 7 178.162.102.173 7 195.80.140.212 7 47.89.18.87 7 47.95.36.13 7 49.51.86.151 7 60.250.79.187 7 61.136.163.245 8 138.91.96.84 8 148.153.1.78 8 188.166.165.78 8 192.168.0.4 8 37.140.192.248 8 47.89.241.103 8 52.239.154.38 8 93.95.100.18 9 101.4.136.34 9 107.0.67.153 9 118.193.26.18 9 120.27.49.85 10 192.168.0.5 10 47.52.153.167 10 47.89.10.103 12 52.239.152.10 13 103.105.50.178 15 223.19.41.6 20 168.63.129.16 40 52.239.153.36 2018-06-06 9:53 GMT-05:00 Alejandro Flores : > What's the command output? > > On Wed, Jun 6, 2018, 9:50 AM Victor Moreno wrote: > >> i used this command >> netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n >> >> >> I've also changed the port and it shows a flood of ips blocking the >> icecast >> >> >> 2018-06-06 4:36 GMT-05:00 Geoff Shang : >> >>> On Tue, 5 Jun 2018, Victor Moreno wrote: >>> >>> I have a problem with the icecast. When I activate the service I am >>>> having >>>> an exesive consumption in the ip queries. It seems like a DDOS attack. >>>> How >>>> can I mitigate this attack? >>>> >>> >>> Why do you think it's a DDOS? What do you see? >>> >>> If it's an option, try running it on another port. >>> >>> HTH, >>> Geoff. >>> >>> >>> _______________________________________________ >>> Icecast mailing list >>> Icecast at xiph.org >>> http://lists.xiph.org/mailman/listinfo/icecast >>> >> >> >> >> -- >> Victor Moreno >> Ingeniero Electr?nico >> 3177684646 >> _______________________________________________ >> Icecast mailing list >> Icecast at xiph.org >> http://lists.xiph.org/mailman/listinfo/icecast >> > > _______________________________________________ > Icecast mailing list > Icecast at xiph.org > http://lists.xiph.org/mailman/listinfo/icecast > > -- Victor Moreno Ingeniero Electr?nico 3177684646 -------------- next part -------------- An HTML attachment was scrubbed... URL: From bandfanforum at gmail.com Wed Jun 6 19:51:42 2018 From: bandfanforum at gmail.com (MPG Radio) Date: Wed, 6 Jun 2018 15:51:42 -0400 Subject: [Icecast] Refresh streams without relaunching icecast. Message-ID: How do you refresh a stream without relaunching, we would like to add new mp3 into a root folder using m3u. We get that the m3u needs to be updated but cant figure out how to use " http://172.31.145.234:8000/admin/updatemetadata.xsl?mount=/stream" For example the file would be: thisband - greatsong.mp3 as below *MPG Radio *|* BandFan | *bandfanforum at gmail.com Founded in 2012, MPGRadio is a self-supported Internet station committed to providing a venue for fans of music artists alike to share compositions of any genre. facebook | twitter | instagram | google+ | Support *24 hour commercial-free internet-only radio station* We are a listener-supported, commercial-free internet-only radio station with no advertising or annoying commercial interruptions. Our mission is to search out and expose great new music to people who otherwise may never encounter it. A tremendous amount of work is put in by volunteers on this internet radio station to develop new programming and to ensure that everyone Artist gets fair exposure support this effort . Please visit us at: MPGRadio -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image.png Type: image/png Size: 41374 bytes Desc: not available URL: From romeo.r at gmail.com Thu Jun 7 13:03:03 2018 From: romeo.r at gmail.com (Roman) Date: Thu, 7 Jun 2018 16:03:03 +0300 Subject: [Icecast] Help attack DDOS In-Reply-To: References: Message-ID: ??, 7 ???. 2018 ?., 15:02 Victor Moreno : > netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n > Google some of theese ip with keyword botnet and block them and might be their subnets in iptables. Not that much > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From wayne at cffcs.com Thu Jun 7 15:29:13 2018 From: wayne at cffcs.com (Wayne Barron) Date: Thu, 7 Jun 2018 11:29:13 -0400 Subject: [Icecast] no script found in /etc/liquidsoap Message-ID: Hello All; I have installed Icecast2 and Liquidsoap onto an ubuntu.18.04 system. Everything is going well, learning a lot, however. I have run into an issue that I am stuck at. And that is: When I run sudo systemctl status liquidsoap It returns the following liquidsoap.service - LSB: Starts the liquidsoap daemon Loaded: loaded (/etc/init.d/liquidsoap; generated) Active: active (exited) since Thu 2018-06-07 01:25:49 UTC; 13h ago Docs: man:systemd-sysv-generator(8) Tasks: 0 (limit: 1108) CGroup: /system.slice/liquidsoap.service Jun 07 01:25:48 icecast systemd[1]: Starting LSB: Starts the liquidsoap daemon... Jun 07 01:25:49 icecast liquidsoap[1346]: Starting liquidsoap channels: no script found in /etc/liquidsoap Jun 07 01:25:49 icecast systemd[1]: Started LSB: Starts the liquidsoap daemon. I have the sample radio.liq file in the location of /etc/liquidsoap But it still cannot find it. I had done the chmod 777 on the file, and I am just at a loss at the moment. Can someone please assist me in correcting this issue? Thank you Wayne From streamanalyst at internetofficer.com Fri Jun 15 08:20:01 2018 From: streamanalyst at internetofficer.com (StreamAnalyst) Date: Fri, 15 Jun 2018 10:20:01 +0200 Subject: [Icecast] pre-roll ads and log file References: EDSK2018061509575300000018 Message-ID: <20180615091335.5F3688863E@fraxinus.osuosl.org> Hi all, Are pre-roll ads supported by Icecast? If so, how? And will the log file tell me if the pre-roll ad was completely listened to? Say the pre-roll ad lasts 15 seconds. If I see a connection of 15 seconds in the log file, does it mean that the listener stopped listening immediately after the ad or that he listened to the ad and then to 15 seconds of music? And if a player disconnects because of a poor network and automatically reconnects, will the pre-roll ad be sent again? Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From phschafft at de.loewenfelsen.net Fri Jun 15 12:52:54 2018 From: phschafft at de.loewenfelsen.net (Philipp Schafft) Date: Fri, 15 Jun 2018 12:52:54 +0000 Subject: [Icecast] pre-roll ads and log file In-Reply-To: <20180615091335.5F3688863E@fraxinus.osuosl.org> References: EDSK2018061509575300000018 <20180615091335.5F3688863E@fraxinus.osuosl.org> Message-ID: <1529067174.2057.32.camel@de.loewenfelsen.net> Good afternoon, On Fri, 2018-06-15 at 10:20 +0200, StreamAnalyst wrote: > Are pre-roll ads supported by Icecast? If so, how? You can specify a into file. It is send to the listener before the listener is attached to the actual stream. > And will the log file tell me if the pre-roll ad was completely > listened to? > Say the pre-roll ad lasts 15 seconds. If I see a connection of 15 > seconds in the log file, does it mean that the listener stopped > listening immediately after the ad or that he listened to the ad and > then to 15 seconds of music? The log reports the connection time in wall clock seconds. It does not report the playback time (Icecast has for multiple reasons no idea about the playback time). For long running connections those are about the same. However for short connections they aren't. The reason for that the listener client prebuffers some amount of data before playback starts. Icecast has no control over this. Also Icecast sends a so called burst by default. That burst helps the client to fill the the buffer quickly. In an ideal world the two cancel out each other. However as Icecast has no control over the listener nor does know it's parameters there is a difference. There is also some more noise like network latency and jitter. Generally speaking I would guess that abs(error) < 20s for virtually all sane setups. > And if a player disconnects because of a poor network and > automatically reconnects, will the pre-roll ad be sent again? Yes. This is because Icecast is fully stateless. To Icecast all connections are independent. With best regards, -- Philipp Schafft (CEO/Gesch?ftsf?hrer) Telephon: +49.3535 490 17 92 L?wenfelsen UG (haftungsbeschr?nkt) Registration number: Bickinger Stra?e 21 HRB 12308 CB 04916 Herzberg (Elster) VATIN/USt-ID: Germany DE305133015 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From vitjam at gmail.com Fri Jun 15 19:43:37 2018 From: vitjam at gmail.com (Victor Moreno) Date: Fri, 15 Jun 2018 14:43:37 -0500 Subject: [Icecast] Help attack DDOS In-Reply-To: References: Message-ID: Send the command output. i installed in other server and it's the same result. 2018-06-06 9:53 GMT-05:00 Alejandro Flores : > What's the command output? > > On Wed, Jun 6, 2018, 9:50 AM Victor Moreno wrote: > >> i used this command >> netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n >> >> >> I've also changed the port and it shows a flood of ips blocking the >> icecast >> >> >> 2018-06-06 4:36 GMT-05:00 Geoff Shang : >> >>> On Tue, 5 Jun 2018, Victor Moreno wrote: >>> >>> I have a problem with the icecast. When I activate the service I am >>>> having >>>> an exesive consumption in the ip queries. It seems like a DDOS attack. >>>> How >>>> can I mitigate this attack? >>>> >>> >>> Why do you think it's a DDOS? What do you see? >>> >>> If it's an option, try running it on another port. >>> >>> HTH, >>> Geoff. >>> >>> >>> _______________________________________________ >>> Icecast mailing list >>> Icecast at xiph.org >>> http://lists.xiph.org/mailman/listinfo/icecast >>> >> >> >> >> -- >> Victor Moreno >> Ingeniero Electr?nico >> 3177684646 >> _______________________________________________ >> Icecast mailing list >> Icecast at xiph.org >> http://lists.xiph.org/mailman/listinfo/icecast >> > > _______________________________________________ > Icecast mailing list > Icecast at xiph.org > http://lists.xiph.org/mailman/listinfo/icecast > > -- Victor Moreno Ingeniero Electr?nico 3177684646 -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n 1 101.201.239.150 1 103.10.228.221 1 103.105.228.102 1 103.1.186.123 1 103.19.81.76 1 103.205.134.178 1 103.205.26.95 1 103.25.192.150 1 103.26.56.30 1 103.27.0.15 1 103.28.225.17 1 103.39.49.204 1 103.42.162.58 1 103.48.56.130 1 103.58.117.60 1 103.74.239.170 1 103.76.15.28 1 103.78.213.149 1 103.80.36.174 1 104.131.214.218 1 107.16.94.224 1 108.160.137.0 1 109.172.104.122 1 109.196.34.51 1 110.139.125.101 1 110.44.127.241 1 111.23.44.155 1 111.8.191.138 1 112.140.184.147 1 112.78.149.90 1 113.255.29.133 1 115.127.68.70 1 115.69.217.10 1 116.255.35.23 1 116.58.5.106 1 117.54.138.118 1 118.97.107.46 1 118.97.191.205 1 119.23.217.114 1 119.28.24.210 1 119.28.68.27 1 120.50.12.146 1 120.52.73.1 1 121.121.125.2 1 121.140.126.250 1 121.40.203.232 1 123.176.43.144 1 124.118.31.104 1 124.121.192.224 1 124.124.21.97 1 125.164.17.131 1 125.62.213.30 1 128.199.142.35 1 128.199.77.93 1 128.75.78.240 1 129.205.210.90 1 132.148.150.41 1 132.255.244.66 1 13.69.82.216 1 138.68.236.23 1 138.97.140.20 1 139.194.59.97 1 139.255.104.226 1 139.59.124.149 1 139.59.2.223 1 139.99.40.10 1 139.99.40.11 1 14.139.189.211 1 14.36.4.200 1 145.239.93.131 1 145.249.106.107 1 146.185.179.32 1 147.135.210.114 1 148.251.211.123 1 150.109.42.234 1 150.163.105.2 1 150.242.180.151 1 154.118.241.146 1 154.119.46.44 1 154.119.60.227 1 154.48.196.3 1 154.66.157.126 1 155.4.12.61 1 156.54.63.205 1 159.65.168.119 1 159.65.168.7 1 159.65.175.251 1 163.172.98.25 1 165.132.106.71 1 167.99.209.216 1 167.99.93.3 1 168.181.162.94 1 168.228.185.51 1 168.228.191.161 1 168.90.67.73 1 169.254.169.254 1 169.255.4.9 1 170.79.16.19 1 171.244.32.140 1 173.201.177.140 1 173.212.203.209 1 173.68.185.170 1 175.107.14.114 1 176.107.110.112 1 176.37.3.102 1 176.53.2.122 1 176.9.28.86 1 177.103.182.12 1 177.11.120.210 1 177.125.37.124 1 177.134.172.181 1 177.136.252.7 1 177.184.136.74 1 177.204.155.131 1 177.21.109.50 1 177.223.108.55 1 177.22.91.211 1 177.43.41.140 1 177.44.135.166 1 177.54.142.222 1 177.67.83.134 1 178.132.3.94 1 178.162.216.1 1 178.238.228.187 1 179.105.131.222 1 179.107.111.138 1 179.97.47.54 1 180.210.177.86 1 180.210.201.54 1 180.210.201.55 1 180.210.205.104 1 180.210.205.107 1 180.210.206.53 1 180.250.149.73 1 180.250.182.50 1 180.250.214.34 1 180.250.60.218 1 180.253.17.219 1 180.94.64.51 1 181.113.27.98 1 181.40.78.174 1 181.49.92.247 1 18.188.165.157 1 182.100.67.244 1 18.217.198.64 1 182.23.101.178 1 182.23.107.212 1 182.23.98.211 1 182.253.188.186 1 182.253.26.244 1 182.52.236.125 1 182.53.197.116 1 182.72.30.66 1 182.76.113.206 1 182.76.222.54 1 183.88.217.201 1 183.88.232.207 1 183.89.24.189 1 185.118.25.10 1 185.18.255.85 1 185.22.174.69 1 185.229.224.61 1 185.64.16.117 1 185.91.19.131 1 186.10.5.139 1 186.194.65.93 1 186.208.112.202 1 186.216.220.171 1 186.236.237.143 1 186.248.68.126 1 186.83.66.5 1 186.89.94.168 1 186.91.247.226 1 186.93.13.217 1 187.108.114.74 1 187.110.238.130 1 187.110.93.120 1 187.16.255.98 1 187.18.113.159 1 187.190.221.71 1 187.33.82.126 1 187.45.112.79 1 187.45.127.87 1 187.49.197.90 1 187.5.218.215 1 187.53.60.98 1 187.60.217.161 1 187.9.214.58 1 188.213.174.124 1 188.232.183.166 1 188.40.141.216 1 189.124.17.126 1 189.51.98.214 1 189.76.94.20 1 189.91.62.70 1 190.12.48.158 1 190.207.62.189 1 190.52.175.76 1 190.72.133.136 1 190.75.89.185 1 191.240.159.90 1 191.6.65.43 1 194.182.72.223 1 194.187.216.228 1 195.146.133.90 1 195.154.207.153 1 195.201.43.199 1 195.201.7.153 1 195.209.232.146 1 196.202.194.127 1 197.155.158.22 1 197.210.252.39 1 197.211.45.3 1 197.231.221.211 1 200.114.97.14 1 200.141.94.190 1 200.199.93.98 1 200.229.238.42 1 200.240.245.128 1 200.255.122.174 1 200.49.43.106 1 200.94.21.194 1 201.167.56.18 1 201.18.98.18 1 202.142.159.204 1 202.148.20.218 1 202.162.214.118 1 202.29.238.178 1 202.43.160.142 1 202.51.102.102 1 203.150.138.227 1 203.189.136.139 1 203.99.118.10 1 206.189.181.249 1 207.154.245.20 1 208.47.176.252 1 208.67.183.240 1 209.222.86.48 1 212.237.15.218 1 212.237.30.237 1 212.237.61.17 1 212.46.199.10 1 212.95.180.50 1 212.98.150.50 1 213.108.18.72 1 213.138.103.117 1 213.142.149.2 1 213.192.31.173 1 213.198.241.6 1 217.175.37.205 1 217.182.92.162 1 217.25.210.34 1 218.186.27.31 1 221.14.140.125 1 222.124.145.94 1 222.124.22.133 1 223.93.172.248 1 23.88.111.26 1 31.25.141.46 1 34.251.241.57 1 35.162.163.132 1 35.188.131.123 1 35.233.27.203 1 36.110.175.130 1 36.67.10.9 1 36.77.247.10 1 36.78.130.224 1 36.80.46.225 1 36.81.255.73 1 36.89.39.170 1 37.187.116.199 1 37.187.99.146 1 37.59.79.10 1 39.104.74.95 1 41.128.189.53 1 41.38.212.23 1 41.65.111.226 1 41.75.76.75 1 42.191.126.223 1 43.241.130.242 1 43.250.81.138 1 45.112.126.238 1 45.115.39.139 1 45.249.9.22 1 45.251.230.214 1 45.76.218.233 1 45.76.234.152 1 45.79.139.169 1 46.16.226.10 1 47.252.1.152 1 47.52.231.140 1 47.75.65.202 1 47.88.192.22 1 47.98.33.168 1 50.63.128.151 1 51.15.101.16 1 51.15.121.195 1 51.15.221.10 1 51.254.122.19 1 51.254.132.238 1 51.255.138.248 1 51.38.114.104 1 51.38.192.206 1 5.196.189.104 1 52.187.59.51 1 52.192.39.237 1 52.214.181.43 1 52.221.40.19 1 5.226.70.68 1 52.76.57.164 1 57.100.2.254 1 58.74.78.19 1 60.191.134.165 1 61.178.63.165 1 61.185.137.126 1 62.1.84.229 1 66.119.8.72 1 69.85.70.37 1 71.13.112.152 1 78.111.4.30 1 78.136.240.42 1 78.189.65.220 1 78.81.24.112 1 79.137.182.166 1 79.137.85.204 1 79.140.1.198 1 80.211.0.244 1 80.211.141.177 1 80.211.144.80 1 80.211.148.20 1 80.211.154.220 1 80.211.16.27 1 80.211.180.224 1 80.211.182.207 1 80.211.184.190 1 80.211.184.53 1 80.211.189.165 1 80.211.225.28 1 80.211.228.238 1 80.211.41.5 1 80.211.5.160 1 81.219.21.126 1 81.22.54.60 1 81.26.130.121 1 81.29.244.238 1 82.137.250.213 1 82.223.8.133 1 83.220.62.38 1 84.22.61.46 1 84.233.227.3 1 84.47.174.19 1 85.29.136.212 1 85.97.111.254 1 86.105.51.105 1 88.117.233.210 1 88.205.171.222 1 88.250.193.77 1 89.187.235.59 1 90.187.51.41 1 90.45.26.244 1 91.121.88.53 1 91.191.33.166 1 91.222.117.82 1 91.250.97.225 1 91.73.131.254 1 92.222.74.221 1 92.241.230.224 1 92.43.128.238 1 93.170.186.7 1 94.23.196.68 1 94.242.59.245 1 95.111.137.65 1 95.210.109.32 1 95.216.136.29 1 95.51.119.19 1 Address 1 servers) 2 1.0.134.163 2 103.243.81.234 2 110.136.166.198 2 112.140.184.139 2 112.74.207.50 2 114.215.192.184 2 118.97.168.202 2 120.26.110.59 2 122.166.222.186 2 134.119.223.242 2 136.243.145.143 2 145.239.77.20 2 146.52.85.22 2 153.149.171.138 2 159.65.9.66 2 167.114.250.199 2 167.99.5.127 2 171.15.22.199 2 176.31.125.111 2 182.23.31.130 2 184.82.10.112 2 185.122.202.85 2 185.187.182.25 2 185.21.77.83 2 185.238.72.12 2 185.93.3.123 2 186.103.239.190 2 186.211.96.27 2 186.91.251.215 2 187.86.6.97 2 191.248.228.70 2 191.252.1.236 2 195.201.40.120 2 198.199.127.16 2 201.183.235.193 2 201.20.98.42 2 202.21.32.148 2 212.237.36.234 2 212.72.150.51 2 213.24.60.52 2 213.6.40.142 2 217.234.140.40 2 222.124.179.123 2 35.190.133.37 2 36.67.231.3 2 36.72.230.227 2 45.55.157.204 2 46.162.197.248 2 50.203.87.49 2 51.255.235.168 2 51.38.233.169 2 52.172.35.99 2 52.224.48.30 2 54.37.156.128 2 54.38.156.250 2 61.247.58.103 2 62.80.223.139 2 66.82.144.29 2 74.208.169.201 2 74.208.217.160 2 79.143.85.36 2 80.211.148.100 2 80.211.37.110 2 81.30.181.181 2 81.82.209.76 2 85.90.208.4 2 92.195.32.88 2 92.38.47.226 2 93.85.95.152 2 94.177.216.109 2 94.177.218.60 2 94.23.81.70 3 103.82.242.239 3 118.34.212.110 3 119.28.152.208 3 128.199.188.44 3 137.74.158.246 3 144.217.105.153 3 152.92.200.66 3 167.99.70.190 3 187.32.209.40 3 189.112.72.215 3 190.82.70.109 3 193.2.40.8 3 202.171.138.193 3 212.112.122.161 3 67.149.165.136 3 80.211.6.201 3 88.19.124.26 4 117.244.15.243 4 189.85.84.186 4 200.63.129.132 5 191.32.57.18 5 50.233.136.254 5 81.162.56.154 6 101.50.1.2 6 175.98.239.87 6 178.140.57.118 6 202.183.32.6 6 47.95.33.79 6 47.95.36.86 6 62.140.252.21 7 109.74.75.61 7 121.254.214.219 7 178.162.102.173 7 195.80.140.212 7 47.89.18.87 7 47.95.36.13 7 49.51.86.151 7 60.250.79.187 7 61.136.163.245 8 138.91.96.84 8 148.153.1.78 8 188.166.165.78 8 192.168.0.4 8 37.140.192.248 8 47.89.241.103 8 52.239.154.38 8 93.95.100.18 9 101.4.136.34 9 107.0.67.153 9 118.193.26.18 9 120.27.49.85 10 192.168.0.5 10 47.52.153.167 10 47.89.10.103 12 52.239.152.10 13 103.105.50.178 15 223.19.41.6 20 168.63.129.16 40 52.239.153.36 From alex at mordormx.net Fri Jun 15 21:18:20 2018 From: alex at mordormx.net (Alejandro Flores) Date: Fri, 15 Jun 2018 16:18:20 -0500 Subject: [Icecast] Help attack DDOS In-Reply-To: References:

Message-ID: Certanly some ips are reported as attackers https://www.abuseipdb.com/check/202.183.32.6 i found also some cameras ips, so it looks like the segment you are living is constantly scanned When you tried another ip, was from the same segment? Regards On Fri, Jun 15, 2018 at 2:43 PM, Victor Moreno wrote: > Send the command output. i installed in other server and it's the same > result. > > 2018-06-06 9:53 GMT-05:00 Alejandro Flores : > >> What's the command output? >> >> On Wed, Jun 6, 2018, 9:50 AM Victor Moreno wrote: >> >>> i used this command >>> netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n >>> >>> >>> I've also changed the port and it shows a flood of ips blocking the >>> icecast >>> >>> >>> 2018-06-06 4:36 GMT-05:00 Geoff Shang : >>> >>>> On Tue, 5 Jun 2018, Victor Moreno wrote: >>>> >>>> I have a problem with the icecast. When I activate the service I am >>>>> having >>>>> an exesive consumption in the ip queries. It seems like a DDOS attack. >>>>> How >>>>> can I mitigate this attack? >>>>> >>>> >>>> Why do you think it's a DDOS? What do you see? >>>> >>>> If it's an option, try running it on another port. >>>> >>>> HTH, >>>> Geoff. >>>> >>>> >>>> _______________________________________________ >>>> Icecast mailing list >>>> Icecast at xiph.org >>>> http://lists.xiph.org/mailman/listinfo/icecast >>>> >>> >>> >>> >>> -- >>> Victor Moreno >>> Ingeniero Electr?nico >>> 3177684646 >>> _______________________________________________ >>> Icecast mailing list >>> Icecast at xiph.org >>> http://lists.xiph.org/mailman/listinfo/icecast >>> >> >> _______________________________________________ >> Icecast mailing list >> Icecast at xiph.org >> http://lists.xiph.org/mailman/listinfo/icecast >> >> > > > -- > Victor Moreno > Ingeniero Electr?nico > 3177684646 > > _______________________________________________ > Icecast mailing list > Icecast at xiph.org > http://lists.xiph.org/mailman/listinfo/icecast > > -- Alejandro Flores L. LIA. CEH. VCP. 5513998178 -------------- next part -------------- An HTML attachment was scrubbed... URL: From streamanalyst at internetofficer.com Sat Jun 16 08:47:30 2018 From: streamanalyst at internetofficer.com (StreamAnalyst) Date: Sat, 16 Jun 2018 10:47:30 +0200 Subject: [Icecast] pre-roll ads and log file (Philipp Schafft) References: EDSK20180616102520000000B6 Message-ID: <20180616084733.0E3E98851E@hemlock.osuosl.org> Thank you Philipp, Your answers are very clear. We understand the difference between the wall clock time (server side) and the playback time. Just one more point. You wrote that the "into file" is sent to the listener before the listener is attached to the actual stream. If the server would take 20 seconds to send the "into file" and if the listener only remains connected 5 seconds, I guess that he will not connect to the actual stream: will this appear in the log file as a 5 seconds connections or will this be invisible in the log file? In other words, do we only see the accesses to the actual stream in the log file and can we assume that all entries in the log file are from users who received the complete "into file" ? Best regards, Jean-Luc, InternetOfficer SPRL On vendredi 15 juin 2018 at 9:44 PM, icecast-request at xiph.org wrote: Date: Fri, 15 Jun 2018 12:52:54 +0000 From: Philipp Schafft To: Icecast streaming server user discussions Subject: Re: [Icecast] pre-roll ads and log file Message-ID: <1529067174.2057.32.camel at de.loewenfelsen.net> Content-Type: text/plain; charset="utf-8" Good afternoon, On Fri, 2018-06-15 at 10:20 +0200, StreamAnalyst wrote: > Are pre-roll ads supported by Icecast? If so, how? You can specify a into file. It is send to the listener before the listener is attached to the actual stream. > And will the log file tell me if the pre-roll ad was completely > listened to? > Say the pre-roll ad lasts 15 seconds. If I see a connection of 15 > seconds in the log file, does it mean that the listener stopped > listening immediately after the ad or that he listened to the ad and > then to 15 seconds of music? The log reports the connection time in wall clock seconds. It does not report the playback time (Icecast has for multiple reasons no idea about the playback time). For long running connections those are about the same. However for short connections they aren't. The reason for that the listener client prebuffers some amount of data before playback starts. Icecast has no control over this. Also Icecast sends a so called burst by default. That burst helps the client to fill the the buffer quickly. In an ideal world the two cancel out each other. However as Icecast has no control over the listener nor does know it's parameters there is a difference. There is also some more noise like network latency and jitter. Generally speaking I would guess that abs(error) < 20s for virtually all sane setups. > And if a player disconnects because of a poor network and > automatically reconnects, will the pre-roll ad be sent again? Yes. This is because Icecast is fully stateless. To Icecast all connections are independent. With best regards, -- Philipp Schafft (CEO/Gesch?ftsf?hrer) Telephon: +49.3535 490 17 92 L?wenfelsen UG (haftungsbeschr?nkt) Registration number: Bickinger Stra?e 21 HRB 12308 CB 04916 Herzberg (Elster) VATIN/USt-ID: Germany DE305133015 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: ------------------------------ -------------- next part -------------- An HTML attachment was scrubbed... URL: From phschafft at de.loewenfelsen.net Sat Jun 16 10:11:13 2018 From: phschafft at de.loewenfelsen.net (Philipp Schafft) Date: Sat, 16 Jun 2018 10:11:13 +0000 Subject: [Icecast] pre-roll ads and log file (Philipp Schafft) In-Reply-To: <20180616084733.0E3E98851E@hemlock.osuosl.org> References: EDSK20180616102520000000B6 <20180616084733.0E3E98851E@hemlock.osuosl.org> Message-ID: <1529143873.2381.3.camel@de.loewenfelsen.net> Good morning Jean-Luc, On Sat, 2018-06-16 at 10:47 +0200, StreamAnalyst wrote: > Thank you Philipp, > > Your answers are very clear. We understand the difference between the > wall clock time (server side) and the playback time. It's nice to hear my reply was helpful. > Just one more point. You wrote that the "into file" is sent to the > listener before the listener is attached to the actual stream. If the > server would take 20 seconds to send the "into file" and if the > listener only remains connected 5 seconds, I guess that he will not > connect to the actual stream: > will this appear in the log file as a 5 seconds connections or will > this be invisible in the log file? In other words, do we only see the > accesses to the actual stream in the log file and can we assume that > all entries in the log file are from users who received the complete > "into file" ? The log is written for every connection that reached the client state. That is every connection that send a full HTTP request. That is true even if the client disconnects before the server can send any reply. So in your example above you would see a connection of 5 seconds in the access log. With best regards, > On vendredi 15 juin 2018 at 9:44 PM, icecast-request at xiph.org wrote: > Date: Fri, 15 Jun 2018 12:52:54 +0000 > From: Philipp Schafft > To: Icecast streaming server user discussions > Subject: Re: [Icecast] pre-roll ads and log file > Message-ID: <1529067174.2057.32.camel at de.loewenfelsen.net> > Content-Type: text/plain; charset="utf-8" > > Good afternoon, > > On Fri, 2018-06-15 at 10:20 +0200, StreamAnalyst wrote: > > Are pre-roll ads supported by Icecast? If so, how? > > You can specify a into file. It is send to the listener before the > listener is attached to the actual stream. > > > > And will the log file tell me if the pre-roll ad was completely > > listened to? > > > Say the pre-roll ad lasts 15 seconds. If I see a connection of 15 > > seconds in the log file, does it mean that the listener stopped > > listening immediately after the ad or that he listened to the ad > and > > then to 15 seconds of music? > > The log reports the connection time in wall clock seconds. It does > not > report the playback time (Icecast has for multiple reasons no idea > about > the playback time). > > For long running connections those are about the same. However for > short > connections they aren't. The reason for that the listener client > prebuffers some amount of data before playback starts. Icecast has > no > control over this. Also Icecast sends a so called burst by default. > That > burst helps the client to fill the the buffer quickly. > > In an ideal world the two cancel out each other. However as Icecast > has > no control over the listener nor does know it's parameters there is > a > difference. > > There is also some more noise like network latency and jitter. > > Generally speaking I would guess that abs(error) < 20s for virtually > all > sane setups. > > > > And if a player disconnects because of a poor network and > > automatically reconnects, will the pre-roll ad be sent again? > > Yes. This is because Icecast is fully stateless. To Icecast all > connections are independent. -- Philipp Schafft (CEO/Gesch?ftsf?hrer) Telephon: +49.3535 490 17 92 L?wenfelsen UG (haftungsbeschr?nkt) Registration number: Bickinger Stra?e 21 HRB 12308 CB 04916 Herzberg (Elster) VATIN/USt-ID: Germany DE305133015 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From streamanalyst at internetofficer.com Sat Jun 16 16:51:02 2018 From: streamanalyst at internetofficer.com (StreamAnalyst) Date: Sat, 16 Jun 2018 18:51:02 +0200 Subject: [Icecast] pre-roll ads and log file References: EDSK201806161806450000007A Message-ID: <20180616165159.06E34866E1@hemlock.osuosl.org> Perfect! Thank you. Jean-Luc Date: Sat, 16 Jun 2018 10:11:13 +0000 From: Philipp Schafft To: Icecast streaming server user discussions Subject: Re: [Icecast] pre-roll ads and log file (Philipp Schafft) Message-ID: <1529143873.2381.3.camel at de.loewenfelsen.net> Content-Type: text/plain; charset="utf-8" Good morning Jean-Luc, On Sat, 2018-06-16 at 10:47 +0200, StreamAnalyst wrote: > Thank you Philipp, > > Your answers are very clear. We understand the difference between the > wall clock time (server side) and the playback time. It's nice to hear my reply was helpful. > Just one more point. You wrote that the "into file" is sent to the > listener before the listener is attached to the actual stream. If the > server would take 20 seconds to send the "into file" and if the > listener only remains connected 5 seconds, I guess that he will not > connect to the actual stream: > will this appear in the log file as a 5 seconds connections or will > this be invisible in the log file? In other words, do we only see the > accesses to the actual stream in the log file and can we assume that > all entries in the log file are from users who received the complete > "into file" ? The log is written for every connection that reached the client state. That is every connection that send a full HTTP request. That is true even if the client disconnects before the server can send any reply. So in your example above you would see a connection of 5 seconds in the access log. With best regards, -------------- next part -------------- An HTML attachment was scrubbed... URL: