| View previous topic :: View next topic |
| Author |
Message |
queen
Veteran
Joined: 19 Jul 2005
Posts: 1642
|
 Posted: Wed Jul 18, 2007 10:24 pm Post subject: mldonkey security bug? |
 |
|
I installed few days ago mldonkey. To my amazement i found out today in /home | Code: | | drwxr-xr-x 2 p2p root 48 Jul 17 00:37 p2p |
Is that normal? I also found in /etc/passwd
p2p:x:103:100:added by portage for mldonkey:/home/p2p:/bin/bash |
|
| Back to top |
|
 |
Rob1n
l33t
Joined: 29 Nov 2003
Posts: 714
Location: Cambridge, UK
|
| Posted: Wed Jul 18, 2007 10:36 pm Post subject: |
|
|
| Looks about right, yes - mldonkey will run in the background as a daemon process using the non-priveleged p2p account. You then connect to the daemon using one of the client interfaces (grphical client, web client, etc) from your account. This means that any security holes in the mldonkey process don't allow access to your (or any other user's) files. |
|
| Back to top |
|
|
queen
Veteran
Joined: 19 Jul 2005
Posts: 1642
|
| Posted: Wed Jul 18, 2007 11:20 pm Post subject: |
|
|
| Rob1n wrote: | | Looks about right, yes - mldonkey will run in the background as a daemon process using the non-priveleged p2p account. You then connect to the daemon using one of the client interfaces (grphical client, web client, etc) from your account. This means that any security holes in the mldonkey process don't allow access to your (or any other user's) files. |
ok, thanks.
BTW, when i tried to configure it, i couldn't see the servers, couldn't add new servers. weird. Am I doing something wrong? |
|
| Back to top |
|
|
Rob1n
l33t
Joined: 29 Nov 2003
Posts: 714
Location: Cambridge, UK
|
| Posted: Thu Jul 19, 2007 7:45 am Post subject: |
|
|
| Dunno really - I've not used mldonkey in years. Have you downloaded an updated server list? Last time I used it none of the server list sources they provided worked, so I had to search for one online. |
|
| Back to top |
|
|
wrdaniel
n00b
Joined: 30 Dec 2006
Posts: 40
|
| Posted: Thu Jul 19, 2007 11:44 am Post subject: |
|
|
| queen wrote: | | BTW, when i tried to configure it, i couldn't see the servers, couldn't add new servers. weird. Am I doing something wrong? |
you may need to forward some ports in your router?! |
|
| Back to top |
|
|
queen
Veteran
Joined: 19 Jul 2005
Posts: 1642
|
| Posted: Thu Jul 19, 2007 1:08 pm Post subject: |
|
|
| wrdaniel wrote: | | queen wrote: | | BTW, when i tried to configure it, i couldn't see the servers, couldn't add new servers. weird. Am I doing something wrong? |
you may need to forward some ports in your router?! |
I have the ports forwarded from previous amule 4662, 4672. Do I need to reconfigure them again? It didn't have any servers at all. from where i have to dl the servers list?
I want to configure it for bittorent and dc++ too so for these I will have to add the relevant ports. |
|
| Back to top |
|
|
GNUtoo
Veteran
Joined: 05 May 2005
Posts: 1919
|
| Posted: Sat Jul 21, 2007 1:03 am Post subject: |
|
|
first do you see your daemon?
can the client connect to the daemon? |
|
| Back to top |
|
|
queen
Veteran
Joined: 19 Jul 2005
Posts: 1642
|
| Posted: Sat Jul 21, 2007 7:17 pm Post subject: |
|
|
| GNUtoo wrote: | first do you see your daemon?
can the client connect to the daemon? |
I can see the daemon. | Code: | mlnet -daemon
2007/07/21 21:53:19 [cO] Starting MLDonkey 2.8.7 ...
2007/07/21 21:53:19 [cO] Language EN, locale ANSI_X3.4-1968, ulimit for open files 1024
2007/07/21 21:53:19 [cO] MLDonkey is working in .
2007/07/21 21:53:19 [Gettext] Loading language resource mlnet_strings.EN_ANSI_X3.4-1968
2007/07/21 21:53:19 [cO] loaded language resource file
2007/07/21 21:53:19 [DNS] Resolving [carin] ...
2007/07/21 21:53:19 [DNS] Resolving [www.mldonkey.org] ...
2007/07/21 21:53:19 [cO] Logging in ./mlnet.log
|
I don't know how to connect the client to the daemon. I don't see in the documentation of mldonkey something like this. When I open mldonkey I see reconnect to-> and there I have localhost:4001
Here is what I tried so far:
(because i don't have telnet)
| Code: | The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
RSA key fingerprint is 73:22:33:44:8a:c5:46:37:b1:17:bd:91:ab:77:b2:3a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '127.0.0.1' (RSA) to the list of known hosts.
Password:
|
I didn't know the passwd in this case.
I also tried | Code: | ssh 192.168.1.100 4000
The authenticity of host '192.168.1.100 (192.168.1.100)' can't be established.
RSA key fingerprint is 73:22:33:44:8a:c5:46:37:b1:17:bd:91:ab:77:b2:3a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.100' (RSA) to the list of known hosts.
Password:
|
Also here I don't know the passwd.
Please excuse me for the noob questions. I can't seem to find a decent documentation how to work with it. It's spread all over different links, and no proper step by step how to make it work. |
|
| Back to top |
|
|
GNUtoo
Veteran
Joined: 05 May 2005
Posts: 1919
|
| Posted: Sat Jul 21, 2007 7:30 pm Post subject: |
|
|
don't ssh into the machine like this...if the daemon running on the same machine as the client do the following:
it's easy:
| Code: | | ssh -L 4001:localhost:4001 youruser@yourmachine -p yourport |
yourport is the port you defined in sshd_config
if you don't know what is it only run:
| Code: | | ssh -L 4001:localhost:4001 youruser@yourmachine |
after run(in a locale console not in ssh):
telnet is another interface and you need telnet that is in portage but it's less complete...
andother interface would be the web interface... |
|
| Back to top |
|
|
queen
Veteran
Joined: 19 Jul 2005
Posts: 1642
|
| Posted: Sat Jul 21, 2007 9:22 pm Post subject: |
|
|
| GNUtoo wrote: | don't ssh into the machine like this...if the daemon running on the same machine as the client do the following:
it's easy:
| Code: | | ssh -L 4001:localhost:4001 youruser@yourmachine -p yourport |
yourport is the port you defined in sshd_config
if you don't know what is it only run:
| Code: | | ssh -L 4001:localhost:4001 youruser@yourmachine |
after run(in a locale console not in ssh):
telnet is another interface and you need telnet that is in portage but it's less complete...
andother interface would be the web interface... |
OK. I ran | Code: | | ssh -L 4001:localhost:4001 youruser@yourmachine |
and it worked.
Then I launched | Code: | mlgui
2007/07/21 23:43:39 [cO] Starting MLDonkey 2.8.7 ...
2007/07/21 23:43:39 [cO] Language EN, locale ANSI_X3.4-1968, ulimit for open files 1024
2007/07/21 23:43:39 [cO] MLDonkey is working in /home/carin/.mldonkey
2007/07/21 23:43:39 [Gettext] Loading language resource mlnet_strings.EN_ANSI_X3.4-1968
2007/07/21 23:43:39 [cO] loaded language resource file
2007/07/21 23:43:39 [DNS] Resolving [carin] ...
2007/07/21 23:43:39 Starting MLGui 2.8.7 ...
2007/07/21 23:43:39 MLGui is working in /home/carin/.mldonkey
2007/07/21 23:43:39 [Gettext] Loading language resource ./mlgui_strings.EN_ANSI_X3.4-1968
GuiConfig: Parameter type: Language
name : gtk_client_lang
value : English
GuiConfig: Parameter type: Toolbar
name : gtk_look_toolbars_style
value : both
2007/07/21 23:43:39 [DNS] Resolving [localhost] ...
GuiConfig: Parameter type: Language
name : gtk_client_lang
value : English
GuiConfig: Parameter type: Toolbar
name : gtk_look_toolbars_style
value : both
GuiConfigWindow: Help box width 477
GuiConfigWindow: Help box width 477
GuiConfigWindow: Help box width 477
GuiConfigWindow: Help box width 477
GuiConfigWindow: Help box width 477
GuiConfig: MLgui option saved
name: gtk_look_toolbars_icon_size
value: 14 |
But still, I don't see a list of servers and it doesn't connect to localhost:4001. Tries and then fails after few seconds. I opened port 4001 in the router, although I am not sure it's needed. |
|
| Back to top |
|
|
GNUtoo
Veteran
Joined: 05 May 2005
Posts: 1919
|
| Posted: Sat Jul 21, 2007 10:14 pm Post subject: |
|
|
for torrent open the following ports(/home/p2p/mldonkey/bittorrent.ini):
6881 for the connection to the others clients
6882 for the tracker
for edonkey open the following ports:(/home/p2p/mldonkey):
14935 for the connection to others clients(donkey)
13013 for the connection to others clients(overnet)
21631 for the connection to others clients(kad) |
|
| Back to top |
|
|
queen
Veteran
Joined: 19 Jul 2005
Posts: 1642
|
| Posted: Tue Jul 24, 2007 9:48 pm Post subject: |
|
|
| GNUtoo wrote: | for torrent open the following ports(/home/p2p/mldonkey/bittorrent.ini):
6881 for the connection to the others clients
6882 for the tracker
for edonkey open the following ports:(/home/p2p/mldonkey):
14935 for the connection to others clients(donkey)
13013 for the connection to others clients(overnet)
21631 for the connection to others clients(kad) |
OK. I opened the ports. The problem is that in the gui I don't see servers. I can't add servers as well. Yet the servers list appears in mldonkey directory. Is something wrong with the servers list? I tried to find an alternative server list on the web but couldn't find any server.ini.
AND the main problem it doesn't connect to the host. |
|
| Back to top |
|
|
GNUtoo
Veteran
Joined: 05 May 2005
Posts: 1919
|
| Posted: Wed Jul 25, 2007 10:57 am Post subject: |
|
|
mabe your Internet Service Provider is blocking all the p2p ports?
does it work with another client?
and what's your provider? |
|
| Back to top |
|
|
queen
Veteran
Joined: 19 Jul 2005
Posts: 1642
|
| Posted: Wed Jul 25, 2007 12:04 pm Post subject: |
|
|
| GNUtoo wrote: | mabe your Internet Service Provider is blocking all the p2p ports?
does it work with another client?
and what's your provider? |
The ISP doesn't block any ports. I checked that long time ago. I have a fixed ip to connect directly to the internet and I use my linksys wrt54gc router in which i open the ports I want. My provider is 012 from israel.
I used to have amule before that and it managed to connect and have the list of servers. I wanted to switch to mldonkey because amule was slow and it didn't have torrents and overnet in the same client. I read that mldonkey has many more features and less buggy than amule. |
|
| Back to top |
|
|
spiralvoice
Apprentice
Joined: 09 Mar 2004
Posts: 238
|
| Posted: Fri Jul 27, 2007 6:49 pm Post subject: |
|
|
Hi,
I am trying to answer your postings by providing a list of statements:
MLDonkey documentation can be found in the MLdonkey Wiki: http://mldonkey.sourceforge.net/
MLDonkey does not support SSH
it can be connected using Telnet on port 4000, HTML on port 4080 or with a GUI on port 4001
my favourite GUI is Sancho -> http://sancho-gui.sf.net
for MLDonkey setup I prefer using its HTML interface
Do not open any of the UI ports on your router, MLDonkey has no security code against
brute-force password attacks. But the default setting for MLDonkey is to accept UI connections
only from 127.0.0.1, the local machine MLDonkey works on. To change that, change option
allowed_ips. To access MLDonkey from outside your network use a SSH tunnel.
To start MLDonkey in Gentoo: /etc/init.d/mldonkey start
This will use /home/p2p as base directory for all ini files, downloads etc.
To start MLDonkey when the machine boots: rc-update add mldonkey default
After MLDonkey started, connect to it and use command "portinfo" to see which
ports MLDonkey uses and configure your firewall according to that list
Donkey ports are random, same as with eMule, so the ports GNUtoo wrote are not the same as yours
After configuring your firewall you can use MLDonkey command "porttest" to check EDK and BT ports
MLDonkey includes URLs to download an EDK serverlist automatically
In mlnet.log you will find more interesting messages from MLDonkey. |
|
| Back to top |
|
|
queen
Veteran
Joined: 19 Jul 2005
Posts: 1642
|
| Posted: Fri Jul 27, 2007 10:23 pm Post subject: |
|
|
Thank you very much. I installed sancho and it looks great. In donkey it connects just fine. At last. I changed some of the options there like adding kad network but it doesn't appear in the tab bar at the bottom. I probably miss something.
Also, I couldn't find in the preferences in which the directory the downloaded files will appear.
Right now it has only 4 servers. I tried to get a updated list but it doesn't do anything. Maybe the link is old.
The list of the portinfo I get is
| Code: |
BitTorrent| 6882|client_port TCP
BitTorrent| 6881|tracker_port TCP
Core | 4080|http_port
Core | 4000|telnet_port
Core | 4001|gui_port
Donkey | 8726|client_port TCP
Donkey | 8730|client_port UDP
Donkey | 13133|overnet_port TCP+UDP
Donkey | 16687|kademlia_port UDP |
[/code]
I don't have telnet and don't want to install. Do I need to open port 4001 in the router?
I tried to dl a torrent just t check and sancho crashed. | Code: |
/opt/bin/sancho: line 8: 9699 Aborted ./sancho-bin ${*} |
Any idea why it happened?
Thanks in advance,
Queen
| spiralvoice wrote: | Hi,
I am trying to answer your postings by providing a list of statements:
MLDonkey documentation can be found in the MLdonkey Wiki: http://mldonkey.sourceforge.net/
MLDonkey does not support SSH
it can be connected using Telnet on port 4000, HTML on port 4080 or with a GUI on port 4001
my favourite GUI is Sancho -> http://sancho-gui.sf.net
for MLDonkey setup I prefer using its HTML interface
Do not open any of the UI ports on your router, MLDonkey has no security code against
brute-force password attacks. But the default setting for MLDonkey is to accept UI connections
only from 127.0.0.1, the local machine MLDonkey works on. To change that, change option
allowed_ips. To access MLDonkey from outside your network use a SSH tunnel.
To start MLDonkey in Gentoo: /etc/init.d/mldonkey start
This will use /home/p2p as base directory for all ini files, downloads etc.
To start MLDonkey when the machine boots: rc-update add mldonkey default
After MLDonkey started, connect to it and use command "portinfo" to see which
ports MLDonkey uses and configure your firewall according to that list
Donkey ports are random, same as with eMule, so the ports GNUtoo wrote are not the same as yours
After configuring your firewall you can use MLDonkey command "porttest" to check EDK and BT ports
MLDonkey includes URLs to download an EDK serverlist automatically
In mlnet.log you will find more interesting messages from MLDonkey. |
|
|
| Back to top |
|
|
GNUtoo
Veteran
Joined: 05 May 2005
Posts: 1919
|
| Posted: Fri Jul 27, 2007 10:33 pm Post subject: |
|
|
| spiralvoice wrote: |
MLDonkey does not support SSH |
no it doesn't but ssh can do what we call port fowarding...it foward an open port of a machine to an other...and so you can connect safely your client(the GUI) to the server if the client and the server aren't located on the same computer |
|
| Back to top |
|
|
queen
Veteran
Joined: 19 Jul 2005
Posts: 1642
|
| Posted: Fri Jul 27, 2007 11:02 pm Post subject: |
|
|
| GNUtoo wrote: | | spiralvoice wrote: |
MLDonkey does not support SSH |
no it doesn't but ssh can do what we call port fowarding...it foward an open port of a machine to an other...and so you can connect safely your client(the GUI) to the server if the client and the server aren't located on the same computer |
The client and the daemon run on the same computer in my case. |
|
| Back to top |
|
|
spiralvoice
Apprentice
Joined: 09 Mar 2004
Posts: 238
|
| Posted: Sat Jul 28, 2007 8:22 am Post subject: |
|
|
| queen wrote: | | I changed some of the options there like adding kad network but it doesn't appear in the tab bar at the bottom. I probably miss something. |
Kademlia and Overnet are sub-modules of the donkey module.
You will not see them in Sancho as seperate networks, thats ok.
| queen wrote: | | Also, I couldn't find in the preferences in which the directory the downloaded files will appear. |
Connect to http://localhost:4080 - click Options, Shares and read its helptext.
| queen wrote: | The list of the portinfo I get is
... |
Not really interesting for me, did you setup your router according to the displayed values?
In the HTML interface click Help+, Porttest, then after some seconds "Refresh results".
Repeat "Refresh results" until you see them.
| queen wrote: | | I don't have telnet and don't want to install. |
Ok, its not needed for MLDonkey, you can use a GUI or the HTML interface instead.
| queen wrote: | | Do I need to open port 4001 in the router? |
No, thats the GUI port and its a bad idea to open it to the world.
| queen wrote: | I tried to dl a torrent just t check and sancho crashed. | Code: |
/opt/bin/sancho: line 8: 9699 Aborted ./sancho-bin ${*} |
Any idea why it happened? |
No, but could you tell me the exact steps you did to make Sancho crash? |
|
| Back to top |
|
|
queen
Veteran
Joined: 19 Jul 2005
Posts: 1642
|
| Posted: Sat Jul 28, 2007 10:26 am Post subject: |
|
|
OK, found it. Thanks. 
| Quote: |
Not really interesting for me, did you setup your router according to the displayed values?
In the HTML interface click Help+, Porttest, then after some seconds "Refresh results".
Repeat "Refresh results" until you see them. |
Yes, I opened. The porttest appears ok.
| Code: | FileTP Porttest not available
BitTorrent Porttest finished 1m 32s ago
Port test OK!
Donkey Porttest finished 1m 31s ago
Testing IP: some.number
Starting TCP connection test...
TCP test successful.
Now testing UDP...
Sending UDP packet...
Waiting for result...
UDP test successful.
Connection test finished. |
| Quote: | | No, but could you tell me the exact steps you did to make Sancho crash? |
I went to the web browser in sancho, clicked for the link of isohunt. Got the page. searched and when I tried to dl sancho crashed. I tried today too. and get the same crash error.
Also, I am connected now to only 4 servers. How can i force it to connect to other servers? I imported a list and it has about 59 servers now (from the web interface). In the gui and the web interface I can see that it is connected only to 4 servers and the servers.met from the link http://ocbmaurice.dyndns.org/pl/slist.pl/server.met?download/server-best.met doesn't yield anything.
Connect to more servers on the web interface doesn't help. It says only connecting.
Besides these small things, this client is really good. [/quote] |
|
| Back to top |
|
|
queen
Veteran
Joined: 19 Jul 2005
Posts: 1642
|
| Posted: Sat Jul 28, 2007 10:27 am Post subject: |
|
|
OK, found it. Thanks.
| Quote: |
Not really interesting for me, did you setup your router according to the displayed values?
In the HTML interface click Help+, Porttest, then after some seconds "Refresh results".
Repeat "Refresh results" until you see them. |
Yes, I opened. The porttest appears ok.
| Code: | FileTP Porttest not available
BitTorrent Porttest finished 1m 32s ago
Port test OK!
Donkey Porttest finished 1m 31s ago
Testing IP: some.number
Starting TCP connection test...
TCP test successful.
Now testing UDP...
Sending UDP packet...
Waiting for result...
UDP test successful.
Connection test finished. |
| Quote: | | No, but could you tell me the exact steps you did to make Sancho crash? |
I went to the web browser in sancho, clicked for the link of isohunt. Got the page. searched and when I tried to dl sancho crashed. I tried today too. and get the same crash error.
Also, I am connected now to only 4 servers. How can i force it to connect to other servers? I imported a list and it has about 59 servers now (from the web interface). In the gui and the web interface I can see that it is connected only to 4 servers and the servers.met from the link http://ocbmaurice.dyndns.org/pl/slist.pl/server.met?download/server-best.met doesn't yield anything.
Connect to more servers on the web interface doesn't help. It says only connecting.
Besides these small things, this client is really good. |
|
| Back to top |
|
|
spiralvoice
Apprentice
Joined: 09 Mar 2004
Posts: 238
|
| Posted: Sat Jul 28, 2007 10:49 am Post subject: |
|
|
| queen wrote: | | I went to the web browser in sancho, clicked for the link of isohunt. Got the page. searched and when I tried to dl sancho crashed. I tried today too. and get the same crash error. |
I will try to reproduce that.
| queen wrote: | | Also, I am connected now to only 4 servers. |
There is a hard-coded maximum of three servers plus one for server walking.
But honestly speaking, being connected to one big server is perfectly enough.
My favourite serverlist is this one: http://www.gruk.org/server.met.gz
Its known to be free of fake servers. |
|
| Back to top |
|
|
queen
Veteran
Joined: 19 Jul 2005
Posts: 1642
|
| Posted: Sat Jul 28, 2007 11:25 am Post subject: |
|
|
| spiralvoice wrote: | | queen wrote: | | I went to the web browser in sancho, clicked for the link of isohunt. Got the page. searched and when I tried to dl sancho crashed. I tried today too. and get the same crash error. |
I will try to reproduce that.
| queen wrote: | | Also, I am connected now to only 4 servers. |
There is a hard-coded maximum of three servers plus one for server walking.
But honestly speaking, being connected to one big server is perfectly enough.
My favourite serverlist is this one: http://www.gruk.org/server.met.gz
Its known to be free of fake servers. |
Got the servers list from this link and opened it. Seems scrambled. Converted from Mac format.
I am not sure how sancho treats servers.ini and server.met.
I see that now it connected to other servers. I assume it connects randomaly. I am used to amule option to connect to which server I prefer. |
|
| Back to top |
|
|
spiralvoice
Apprentice
Joined: 09 Mar 2004
Posts: 238
|
| Posted: Sat Jul 28, 2007 11:57 am Post subject: |
|
|
| queen wrote: |
Got the servers list from this link and opened it. Seems scrambled. Converted from Mac format.
I am not sure how sancho treats servers.ini and server.met. |
server.met files are always in binary format, enter this link in MLDonkey:
ed2k://|serverlist|http://www.gruk.org/server.met|/
| queen wrote: | | I see that now it connected to other servers. I assume it connects randomaly. I am used to amule option to connect to which server I prefer. |
With MLDonkey you can also set a server to status preferred,
then enable option ED2K-connect_only_preferred_server
Personally my serverlist contains only six servers, the biggest ones available.
The rest is not needed, imho. |
|
| Back to top |
|
|
queen
Veteran
Joined: 19 Jul 2005
Posts: 1642
|
| Posted: Sat Jul 28, 2007 1:01 pm Post subject: |
|
|
| Quote: |
With MLDonkey you can also set a server to status preferred,
then enable option ED2K-connect_only_preferred_server |
Done that now.
| Quote: |
Personally my serverlist contains only six servers, the biggest ones available.
The rest is not needed, imho. |
The donkey servers?
Did you managed to reproduce the error with the torrents? I tried other torrent link and it also crashed the program when i tried to download |
|
| Back to top |
|
|
|
Networking & Security
