On 4/21/06, Mark Lanctot wrote: > geoffb Wrote: > > PC requirements aside, presuming that you didn't put any security in > > place apart from router IP filtering at the both ends, that would still > > leave you open to whatever exploits your routers expose. For example, > > there's at least one router I read about a while back that shuts down > > and requires a hard boot if (a) IP filtering is on and (b) it detects > > more than a certain number of port scans from unauthorized IPs. Means > > that you have no music for the rest of the weekend, unless there is > > someone at home you can call to reset it. > > I believe what was referred to is IP filtering by SlimServer itself, > i.e. Server Settings - Security - Block Incoming Connections. > > I suppose IP blocking at the router would eliminate all access attempts > to the SlimServer machine, from SlimServer clients or otherwise. I'm > wondering if it would offer any additional protection though - while > the router would let traffic through SlimServer wouldn't respond to any > connection attempts. >
Ah, I see that I misread the original suggestion, although I have to say, I don't think this changes the security issue. Although it's unlikely, given the relatively few SS instances running on the internet, wouldn't it be possible to spoof a source IP and issue commands to the SS - presuming that you didn't care about the return packets? This is reaching into the realm of 'unlikely, so don't bother worrying about it', but it's still a possiblity. Since SS usually runs as a semi-previledged process, at least on Windows, with read/write access to the hard drive, any buffer overflows or other problems would presumably make the server a liability. But I'm probably unduly biased because I enjoy being able to listen to music in hotel rooms, while I'm travelling, via SS. This of course precludes IP filtering, so I always considered it unsecure :) Cheers Geoff _______________________________________________ discuss mailing list [email protected] http://lists.slimdevices.com/lists/listinfo/discuss
