If you don't want to modify sources of icecast which is non trivial I would have recommended writing a script that fetches list of clients periodically over icecast admin API and kills these that utilize too many connections. If they would have keep reconnecting you should implement more advanced solution - with total blocking on firewall or within icecast. If you need further support, please PM me at marcin at radiokit.org M. 01.07.2016 12:53 PM "Yaniv Sharon" <yaniv.sharon at gmail.com> napisał(a):> I didn't pick up the data from the access file, just from the error file... > > About players, I can't control what the "radio index" sites are doing with > my icecast streaming address, > But as far as I know from my experience, the players when they getting > "crazy" causing between 3-5 multiple connections for less than a 2 minutes. > Not a big issue. > > The situation that I'm describing is very different, 20-30 (and once even > almost 40) "listeners" from the same IP, for a long time. Each "listener" > using true bandwidth. > The IP source is from Vietnam, Korea...i really think that abusing its what > I'm talking about. > ( What a mobile device will handle 30 instances for 20 minutes? ) > > Any idea to handle situation like that one? > > > -----Original Message----- > From: Philipp Schafft [mailto:phschafft at de.loewenfelsen.net] > Sent: Friday, July 01, 2016 11:36 AM > To: Yaniv Sharon > Cc: icecast-dev at xiph.org > Subject: Re: [Icecast-dev] multiple connection > > Good morning, > > On Fri, 2016-07-01 at 11:22 +0200, Yaniv Sharon wrote: > > Hi all, > > > From time to time my server getting multiple connection from a same > > listener. > > I don’t know if it’s a bug of the player, or a case of abusing. > > > The situation is "flooding" of the server, the same listener connected > > to ICE in multiple instances, and using "real" bandwidth (e.g 128K x > > 30)! > > Please have a look at the access.log. Is it a user of a mobile device? > Maybe you can give us the User Agent string. > > Some of them seem to be horribly buggy. For whatever reason. > > Have a nice day! > > > -- > Löwenfelsen UG (haftungsbeschränkt) > Bickinger Straße 21 > D-04916 Herzberg (Elster) > Registergericht: Cottbus, HRB 12308 > Geschäftsführer: Philipp Schafft > Telephon : +49.3535 490 17 92 > IBAN : DE51 1805 1000 0201 0193 88 > BIC : WELADED1EES (Sparkasse Elbe-Elster) > > _______________________________________________ > Icecast-dev mailing list > Icecast-dev at xiph.org > http://lists.xiph.org/mailman/listinfo/icecast-dev >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.xiph.org/pipermail/icecast-dev/attachments/20160701/7677ff77/attachment-0001.html>
I didn't pick up the data from the access file, just from the error file... About players, I can't control what the "radio index" sites are doing with my icecast streaming address, But as far as I know from my experience, the players when they getting "crazy" causing between 3-5 multiple connections for less than a 2 minutes. Not a big issue. The situation that I'm describing is very different, 20-30 (and once even almost 40) "listeners" from the same IP, for a long time. Each "listener" using true bandwidth. The IP source is from Vietnam, Korea...i really think that abusing its what I'm talking about. ( What a mobile device will handle 30 instances for 20 minutes? ) Any idea to handle situation like that one? -----Original Message----- From: Philipp Schafft [mailto:phschafft at de.loewenfelsen.net] Sent: Friday, July 01, 2016 11:36 AM To: Yaniv Sharon Cc: icecast-dev at xiph.org Subject: Re: [Icecast-dev] multiple connection Good morning, On Fri, 2016-07-01 at 11:22 +0200, Yaniv Sharon wrote:> Hi all,> From time to time my server getting multiple connection from a same > listener. > I dont know if its a bug of the player, or a case of abusing.> The situation is "flooding" of the server, the same listener connected > to ICE in multiple instances, and using "real" bandwidth (e.g 128K x > 30)!Please have a look at the access.log. Is it a user of a mobile device? Maybe you can give us the User Agent string. Some of them seem to be horribly buggy. For whatever reason. Have a nice day! -- Löwenfelsen UG (haftungsbeschränkt) Bickinger Straße 21 D-04916 Herzberg (Elster) Registergericht: Cottbus, HRB 12308 Geschäftsführer: Philipp Schafft Telephon : +49.3535 490 17 92 IBAN : DE51 1805 1000 0201 0193 88 BIC : WELADED1EES (Sparkasse Elbe-Elster)
It is possible to ask the development team of icecast to implement a solution for that? Something like – "if the same IP pulling the stream over X instances for X time" to kick him? I believe im not the only one that having that issue from time to time… From: marcin at saepia.net [mailto:marcin at saepia.net] Sent: Friday, July 01, 2016 2:05 PM To: Yaniv Sharon Cc: icecast-dev at xiph.org; Philipp Schafft Subject: Re: [Icecast-dev] multiple connection If you don't want to modify sources of icecast which is non trivial I would have recommended writing a script that fetches list of clients periodically over icecast admin API and kills these that utilize too many connections. If they would have keep reconnecting you should implement more advanced solution - with total blocking on firewall or within icecast. If you need further support, please PM me at marcin at radiokit.org M. 01.07.2016 12:53 PM "Yaniv Sharon" <yaniv.sharon at gmail.com> napisał(a): I didn't pick up the data from the access file, just from the error file... About players, I can't control what the "radio index" sites are doing with my icecast streaming address, But as far as I know from my experience, the players when they getting "crazy" causing between 3-5 multiple connections for less than a 2 minutes. Not a big issue. The situation that I'm describing is very different, 20-30 (and once even almost 40) "listeners" from the same IP, for a long time. Each "listener" using true bandwidth. The IP source is from Vietnam, Korea...i really think that abusing its what I'm talking about. ( What a mobile device will handle 30 instances for 20 minutes? ) Any idea to handle situation like that one? -----Original Message----- From: Philipp Schafft [mailto:phschafft at de.loewenfelsen.net] Sent: Friday, July 01, 2016 11:36 AM To: Yaniv Sharon Cc: icecast-dev at xiph.org Subject: Re: [Icecast-dev] multiple connection Good morning, On Fri, 2016-07-01 at 11:22 +0200, Yaniv Sharon wrote:> Hi all,> From time to time my server getting multiple connection from a same > listener. > I don’t know if it’s a bug of the player, or a case of abusing.> The situation is "flooding" of the server, the same listener connected > to ICE in multiple instances, and using "real" bandwidth (e.g 128K x > 30)!Please have a look at the access.log. Is it a user of a mobile device? Maybe you can give us the User Agent string. Some of them seem to be horribly buggy. For whatever reason. Have a nice day! -- Löwenfelsen UG (haftungsbeschränkt) Bickinger Straße 21 D-04916 Herzberg (Elster) Registergericht: Cottbus, HRB 12308 Geschäftsführer: Philipp Schafft Telephon : +49.3535 490 17 92 <tel:%2B49.3535%20490%2017%2092> IBAN : DE51 1805 1000 0201 0193 88 BIC : WELADED1EES (Sparkasse Elbe-Elster) _______________________________________________ Icecast-dev mailing list Icecast-dev at xiph.org http://lists.xiph.org/mailman/listinfo/icecast-dev -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.xiph.org/pipermail/icecast-dev/attachments/20160701/7b14c632/attachment.html>
Christoph Zimmermann
2016-Jul-01 21:31 UTC
[Icecast-dev] multiple connection (be careful with carrier-grade NAT)
Hi all> I didn't pick up the data from the access file, just from the error > file...I would have a look at them. My guess is (I explain below why) that you will see different agents for your multiple connections.> The situation that I'm describing is very different, 20-30 (and once > even almost 40) "listeners" from the same IP, for a long time. Each > "listener" using true bandwidth. > The IP source is from Vietnam, Korea...i really think that abusing > its what I'm talking about. > ( What a mobile device will handle 30 instances for 20 minutes? )The short answer is: Carrier-grade NAT https://en.wikipedia.org/wiki/Carrier-grade_NAT Longer story: Back in 2011 the available IPv4 addresses ran out. All of them. As you know, you need a public IP address to be able to receive Data from a server. But in the meantime several hundred million mobile phones got connected to the Internet. An ugly way to handle this bad situation is to use Carrier-grade NAT, means that thousands of mobile phones share the same public IP address. The clean solution would be to use IPv6. Icecast is IPv6 ready. I'm quite sure that it explains your situation, especially because you get this connections from Korea and Vietnam. The Asian region has much fewer IPv4 addresses to use compared to earlier connected regions (USA, EU), so Carrier-grade NAT is way more common in Asian mobile networks. I was searching for a good explanation and a list or so of networks known to use Carrier-grade NAT. But I didn't found a list. This presentation is somewhat OK for what I explained: https://www.apnic.net/__data/assets/pdf_file/0007/53890/8-sp-ipv4-ipv6-coexistence.pdf> Any idea to handle situation like that one?Be happy and celebrate that you have so many listeners from this countries. All the best, Christoph
Yaniv Sharon
2016-Jul-05 11:39 UTC
[Icecast-dev] multiple connection (be careful with carrier-grade NAT)
Hi, Yes I aware to the NAT possibility, But let's assume that this is the issue, there is no reason that 30 listeners>From the same country will connect and disconnect at the same time range...I'm pretty sure that its individual listener/IP. I deleted the Access log files, but in the next time that I will catch similar situation again, I will complete the investigation. Nobody from you folks get into situation like mine before? -----Original Message----- From: Icecast-dev [mailto:icecast-dev-bounces at xiph.org] On Behalf Of Christoph Zimmermann Sent: Saturday, July 02, 2016 12:32 AM To: icecast-dev at xiph.org Subject: Re: [Icecast-dev] multiple connection (be careful with carrier-grade NAT) Hi all> I didn't pick up the data from the access file, just from the error > file...I would have a look at them. My guess is (I explain below why) that you will see different agents for your multiple connections.> The situation that I'm describing is very different, 20-30 (and once > even almost 40) "listeners" from the same IP, for a long time. Each > "listener" using true bandwidth. > The IP source is from Vietnam, Korea...i really think that abusing its > what I'm talking about. > ( What a mobile device will handle 30 instances for 20 minutes? )The short answer is: Carrier-grade NAT https://en.wikipedia.org/wiki/Carrier-grade_NAT Longer story: Back in 2011 the available IPv4 addresses ran out. All of them. As you know, you need a public IP address to be able to receive Data from a server. But in the meantime several hundred million mobile phones got connected to the Internet. An ugly way to handle this bad situation is to use Carrier-grade NAT, means that thousands of mobile phones share the same public IP address. The clean solution would be to use IPv6. Icecast is IPv6 ready. I'm quite sure that it explains your situation, especially because you get this connections from Korea and Vietnam. The Asian region has much fewer IPv4 addresses to use compared to earlier connected regions (USA, EU), so Carrier-grade NAT is way more common in Asian mobile networks. I was searching for a good explanation and a list or so of networks known to use Carrier-grade NAT. But I didn't found a list. This presentation is somewhat OK for what I explained: https://www.apnic.net/__data/assets/pdf_file/0007/53890/8-sp-ipv4-ipv6-coexistence.pdf> Any idea to handle situation like that one?Be happy and celebrate that you have so many listeners from this countries. All the best, Christoph _______________________________________________ Icecast-dev mailing list Icecast-dev at xiph.org http://lists.xiph.org/mailman/listinfo/icecast-dev