aMule Forum

English => aMule Help => Topic started by: Dante_ on October 04, 2011, 09:22:45 PM

Title: Is aMule EC protocol secure for WAN use?
Post by: Dante_ on October 04, 2011, 09:22:45 PM

I want to use aMule Remote GUI over WAN.
Is the password hash transmitted in a way that can be captured and reused with packet sniffers, or is there encryption?

I realize the password hash itself is a form of encryption, but if someone captures the hash as is, I guess they cannot get the password but they can  use the hash to get authenticated in aMuled?

Title: Re: Is aMule EC protocol secure for WAN use?
Post by: Kry on October 04, 2011, 10:17:12 PM

Passwords are salted with a random 64bits salt.

Title: Re: Is aMule EC protocol secure for WAN use?
Post by: Stu Redman on October 04, 2011, 10:41:02 PM

Transmission isn't encrypted though, so if anybody is listening in he can see everything you are doing. And he could probably stage a man-in-the-middle attack and take full control after you've logged in for him.

Title: Re: Is aMule EC protocol secure for WAN use?
Post by: Kry on October 04, 2011, 11:14:33 PM

First part, sure. Anyway can see what you're doing.

But a MITM attack would literally require the attacker in this case to be able to modify the data stream while it's being transferred, or inject packets, and once someone has that kind of control over what you're doing, well...

Title: Re: Is aMule EC protocol secure for WAN use?
Post by: Dante_ on October 04, 2011, 11:18:44 PM

I guess it is safe enough  for my needs.

If anyone wants to see what I am downloading and what files I have, they can see it using the ed2k network itself.

Title: Re: Is aMule EC protocol secure for WAN use?
Post by: btkaos on October 05, 2011, 07:20:45 AM

Quote from: Dante_ on October 04, 2011, 11:18:44 PM

I guess it is safe enough  for my needs.

If anyone wants to see what I am downloading and what files I have, they can see it using the ed2k network itself.

If you need additional security just use ssh to establish a tunnel.

Title: Re: Is aMule EC protocol secure for WAN use?
Post by: Stu Redman on October 05, 2011, 07:32:36 PM

Quote from: Kry on October 04, 2011, 11:14:33 PM

But a MITM attack would literally require the attacker in this case to be able to modify the data stream while it's being transferred, or inject packets

Well, what is required to listen in in the first place? Access to a router somewhere in between I imagine.
Once the ec client has logged in, just disconnect it, take over its IP and play its part.

I've been thinking about an option to make EC protocol encrypted. Just deposit a pubkey on the ec server and be done with login prompts. Not everybody knows how to set up a ssh tunnel right away.

Title: Re: Is aMule EC protocol secure for WAN use?
Post by: Kry on October 05, 2011, 11:47:19 PM

Listening can be done just by sniffing WIFI packets, without access to any router internals. If the WIFI is not encrypted, you don't even need to connect to it.

Disconnecting a client like you mention would be pretty hard, unless you're planning on hijacking its TCP connection to send a RST or a close to the client at some point, but continue transferring to the server over the same connection. Basically you would need control over OSI Layer 3 to hijack Layer 4 and beyond, and that's not just something you can do by connecting to a router - you'd have to be able to control the flow of traffic inside the router.

Now if were using UDP, that'd be a different matter.

Anwyay, encripted EC sounds good.