Icecast Streaming Media Server Forum Index Icecast Streaming Media Server
Icecast is a Xiph Foundation Project
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

possable exploit(s) in Icecast?

 
Post new topic   Reply to topic    Icecast Streaming Media Server Forum Index -> Icecast Server
View previous topic :: View next topic  
Author Message
DJ-Zath



Joined: 11 Feb 2009
Posts: 155
Location: Western Illinois - USA

PostPosted: Fri Oct 10, 2014 7:33 pm    Post subject: possable exploit(s) in Icecast? Reply with quote

hi Karl and gang!

I think there may be a possible "back door" in Icecast..

last night, I was hosting a hip-hop/house show (scheduled broadcast) that raked-in a few hundred listeners.. (a huge gig outta Chicago)

...at which point, the mounts were "reset" and the source client and studio were KICKED by "admin"...

connection "admin" came in on a spoofed IP that resolved out of Russia!

this, of course, dumped the streams off my network..

I have had this happen a few times before, too.. and I tried resetting the admin password, getting a new host, setting up new servers and all that...

it seems that as soon as I acquire a few hundred or so listeners, some other station (from the YP directory/Russia?) somehow comes into icecast and resets all the streams and knocks me off the air momentarily- enough to lose the listeners!

I have even changed host providers and got one with clean-pipe service and all.. this is NOT a simple DDoS attack...

someones logging into icecast and resetting the mounts and dumping my broadcasts!

I have another HUGE scheduled broadcast planned for Oct 31st and I would like this resolved by then, otherwise, I see another incident occurring; its quite frustrating to have this happen most EVERYtime I start gaining a public!


-DjZ-
_________________
-DjZ-
Smile Smile
Back to top
View user's profile Send private message Visit poster's website
karlH
Code Warrior
Code Warrior


Joined: 13 Jun 2005
Posts: 5476
Location: UK

PostPosted: Fri Oct 10, 2014 10:48 pm    Post subject: Reply with quote

I presume from the description that icecast is not stopping, just that some request comes in and manages to drop the streams. If so then what log information do you have?

karl.
Back to top
View user's profile Send private message Send e-mail Visit poster's website
dm8tbr



Joined: 09 Feb 2013
Posts: 45
Location: icecast.org

PostPosted: Sun Oct 19, 2014 7:19 am    Post subject: Re: possible exploit(s) in Icecast? Reply with quote

DJ-Zath wrote:
I think there may be a possible "back door" in Icecast..
Certainly not intentional. Also I closed some security issues in the past, so if you are running 2.4.0, then there is currently no known problem.

DJ-Zath wrote:

...at which point, the mounts were "reset" and the source client and studio were KICKED by "admin"...

connection "admin" came in on a spoofed IP that resolved out of Russia!

Please provide full logs, both access.log and error.log and whatever other useful information you have, for the time of the incident. If there is something exploitable in the Icecast version you are running, then everything is relevant and we need unfiltered and unmodified logs for the time of the whole streaming event. We'll also need the full Icecast config XML file.
Due to the sensitive nature of this I'd ask you to provide this by email to either webmaster@xiph.org or directly to me thomas [that sign thing] ruecker [dött] fi (there is a GPG key for that address). I'll then share this securely with the rest of the Icecast development team and also with Karl.

Cheers

Thomas
Icecast maintainer

PS: Please make sure your admin password isn't "hackme" or something trivial.
Back to top
View user's profile Send private message Visit poster's website
dm8tbr



Joined: 09 Feb 2013
Posts: 45
Location: icecast.org

PostPosted: Sun Nov 23, 2014 7:41 am    Post subject: Reply with quote

It's been about a month and we haven't heard back. I'm going to remove this from my radar.

In general, the proper contact details for Icecast security issues can be found above. Please use those or IRC, as I don't monitor this forum.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Icecast Streaming Media Server Forum Index -> Icecast Server All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2002 phpBB Group
subRebel style by ktauber