Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Dante_]

I want to use aMule Remote GUI over WAN.
Is the password hash transmitted in a way that can be captured and reused with packet sniffers, or is there encryption?

I realize the password hash itself is a form of encryption, but if someone captures the hash as is, I guess they cannot get the password but they can  use the hash to get authenticated in aMuled?

[Kry]

Passwords are salted with a random 64bits salt.

[Stu Redman]

Transmission isn't encrypted though, so if anybody is listening in he can see everything you are doing. And he could probably stage a man-in-the-middle attack and take full control after you've logged in for him.

[Kry]

First part, sure. Anyway can see what you're doing.

But a MITM attack would literally require the attacker in this case to be able to modify the data stream while it's being transferred, or inject packets, and once someone has that kind of control over what you're doing, well...

[Dante_]

I guess it is safe enough  for my needs.

If anyone wants to see what I am downloading and what files I have, they can see it using the ed2k network itself.

[btkaos]

I guess it is safe enough  for my needs.

If anyone wants to see what I am downloading and what files I have, they can see it using the ed2k network itself.

If you need additional security just use ssh to establish a tunnel.

[Stu Redman]

But a MITM attack would literally require the attacker in this case to be able to modify the data stream while it's being transferred, or inject packets

Well, what is required to listen in in the first place? Access to a router somewhere in between I imagine.
Once the ec client has logged in, just disconnect it, take over its IP and play its part.

I've been thinking about an option to make EC protocol encrypted. Just deposit a pubkey on the ec server and be done with login prompts. Not everybody knows how to set up a ssh tunnel right away.

[Kry]

Listening can be done just by sniffing WIFI packets, without access to any router internals. If the WIFI is not encrypted, you don't even need to connect to it.

Disconnecting a client like you mention would be pretty hard, unless you're planning on hijacking its TCP connection to send a RST or a close to the client at some point, but continue transferring to the server over the same connection. Basically you would need control over OSI Layer 3 to hijack Layer 4 and beyond, and that's not just something you can do by connecting to a router - you'd have to be able to control the flow of traffic inside the router.

Now if were using UDP, that'd be a different matter.

Anwyay, encripted EC sounds good.