geoffb Wrote: > Ah, I see that I misread the original suggestion, although I have to > say, I don't think this changes the security issue. Although it's > unlikely, given the relatively few SS instances running on the > internet, wouldn't it be possible to spoof a source IP and issue > commands to the SS - presuming that you didn't care about the return > packets? > This is reaching into the realm of 'unlikely, so don't bother worrying > about it', but it's still a possiblity. Since SS usually runs as a > semi-previledged process, at least on Windows, with read/write access > to the hard drive, any buffer overflows or other problems would > presumably make the server a liability. > > But I'm probably unduly biased because I enjoy being able to listen to > music in hotel rooms, while I'm travelling, via SS. This of course > precludes IP filtering, so I always considered it unsecure :) >
Yes, if the attacker were to spoof the IP address, they could just walk right in to SlimServer. And once they were in, there's an extensive set of documentation both for the web interface and the CLI / TCP/IP interface explaining just what they can do and how to do it. It's fortunate that SlimServer isn't widely known outside of the people here, but security by obscurity is not much better than no security at all. :-) I like the fact that security is built into SS but I doubt if it has been subject to intense, repeated attack to see what breaks, unlike certain other programs! I don't require any external access, have set IP address blocking, CSRF protection to High and no port forwarding. External port scans indicate these ports do not respond, just like all my other ports. If it was me, I'd go for SSH. I'm not sure if VPN surpasses SSH protection or if it can be used to supplement it. -- Mark Lanctot ------------------------------------------------------------------------ Mark Lanctot's Profile: http://forums.slimdevices.com/member.php?userid=2071 View this thread: http://forums.slimdevices.com/showthread.php?t=23132 _______________________________________________ discuss mailing list [email protected] http://lists.slimdevices.com/lists/listinfo/discuss
