In summary you hookup to your TV box be it digital TV or cable. Then you can do streaming to your laptop desktop computer or even mobile/cell phone. The best thing is that not only you can stream within your home (LAN) network but also from the Internet anywhere any time! Of course you would need to setup port-forwarding on your border router to accomplish this first. Don’t be fooled and think that only geeks would enable such setups because of its difficulty. Truth is. SlingPlayer (the client) will help you automatically enable port-forwarding on your router through a easy-to-use wizard (which uses UPnP in the background to talk to your router in case you are interested). Never the less there are also instructions to.
After researching the device a bit. I learned that all you need is install the client called SlingPlayer. In order to receive the video stream a connection is established to port 5001 on the appliance and then you just authenticate with a username/password combination. As you can see it’s a very standard client-to-server setup!
Most people that setup port-forwarding on their router to their Slingbox would forward port 5001 from their router to port 5001 on the Slingbox simply because this is how the documentation available shows users how to manually setup to their Slingboxes’ video stream. SlingPlayer’s can also be used to enable port-forwarding on such port by following an automatic wizard which is perfect for non-technical users. Cutting the story short the target port to find Slingboxes on the Internet would be 5001.
Imagine someone found an authentication bypass bug. Or maybe most users leave default credentials on. There is potential for stealing TV services. This of course doesn’t only apply to this device but many others that are in charge of services such as TV streaming. VoIP telephony etc … How would a cracker come about finding these boxes on the Internet? Well from a GeoIP hacking point of view step number one would be to find the countries with Slingbox users. By browsing slingmedia com you learn that the device is available for the USA. UK. Canada and the Netherlands.
pdp a script (do sh) that downloads Maxmind’s and parses the IP ranges of all countries - sweet! The end result is a file with IP ranges using the following format which separates the start IP and end IP with a coma ( . ) :
The problem is that this notation is not compatible with nmap. Since what we want is scan countries with Slingboxes for port 5001 we need to convert the IP ranges to a notation that can be understood by nmap which can be done with the following script.
#!/bin/bash# iprange2nmaprange sh# just change the following line to match the country csv file you want to convertfor i in `cat country-XX csv`do startIP=`echo $i | cut -d ',' -f 1` endIP=`echo $i | cut -d ',' -f 2` startA=`echo $startIP | cut -d '.' -f 1` startB=`echo $startIP | cut -d '.' -f 2` startC=`echo $startIP | cut -d '.' -f 3` startD=`echo $startIP | cut -d '.' -f 4` #echo $startA $startB $startC $startD endA=`echo $endIP | cut -d '.' -f 1` endB=`echo $endIP | cut -d '.' -f 2` endC=`echo $endIP | cut -d '.' -f 3` endD=`echo $endIP | cut -d '.' -f 4` #echo $endA $endB $endC $endD if [ $startA -eq $endA ] then nmapA=$startA else nmapA="$startA-$endA" fi if [ $startB -eq $endB ] then nmapB=$startB else nmapB="$startB-$endB" fi if [ $startC -eq $endC ] then nmapC=$startC else nmapC="$startC-$endC" fi if [ $startD -eq $endD ] then nmapD=$startD else nmapD="$startD-$endD" fi echo "$nmapA.$nmapB.$nmapC.$nmapD"done
Everything is turning to TCP/IP these days. Not only consumer devices but also corporate and governmental appliances. Although this approach makes it cheaper to build products by reusing existing implementations/frameworks/APIs there is a price to pay: it makes it easier for people (including bad guys) to perform vulnerability research since TCP/IP is widely understood.
<?php//Look through the local directory for * csvforeach (glob("* csv") as $filename) { //Load the current file into the $lines array $lines = file($filename); $content = ''; foreach($lines as $line) { //Explode the start and end ip from the current line list($startIP. $endIP) = explode(','. $line); //Explode each octet of the current ip into arrays $start = explode('.'. $startIP); $end = explode('.'. $endIP); //Parse each array for the ip for($i = 0; $i<=3; $i++) { if($start[$i] == $end[$i]) { $nmap[$i] = $start[$i]; } else { $nmap[$i] = "$start[$i]-$end[$i]"; } } //Write the current namp'ified IP to the variable $content.= "$nmap[0].$nmap[1].$nmap[2].$nmap[3]\r\n"; } //replace the extension with target $newfile = str_replace('csv'. 'target'. $filename); //write the file $size = file_put_contents($newfile. $content); echo("Wrote $newfile with a size of $size<br />\r\n");}
I think that “tcp/ip is widely understood” isn’t a good argument. History has shown that “security through obscurity” doesn’t work well. If tomorrow’s technology is not tcp/ip or something else. Then it’s a matter of time before someone document this technology. For example - “Silver needle in the skype” presented at BH ‘06. And skype is thought to be one of the most “hidden” technologies out there.
Yes nmap _will_ run very slow with the provided command line. But you can speed it up quite a bit. First scanning with -P0 is dead slow because nmap has no round-trip-time information without a ping first and will default to a slow scan mode. Second nmap has a not-so-well documented fast single port scan mode. Third you can speed things up by setting less conservative timing limits
Forex Groups - Tips on Trading
Related article:
http://www.gnucitizen.org/blog/strategic-geoip-hacking-and-tv-streaming-theft
comments | Add comment | Report as Spam
|
