#1120 Disable Remove Public Internet in Mumble client

Unassigned
open
nobody
None
5
2014-07-27
2013-08-19
rwsstudios
No

I am a hardware technician at a solar panel manufacturing facility and recently set up mumble/murmur on our network for use as an intercom system. The system works great...audio quality is perfect and the "attenuate audio while you talk" feature enables the music to be cut from the production floor PA while an announcement gets made.

Unfortunately there is one major issue, and that is that there doesn't seem to be a way to disable "Public Internet" from the server list in the Mumble client. That poses a significant security risk. Right now I am looking into work-arounds. If you want to vastly improve Mumble's client base I would find a way for the user to be able to edit the "Public Internet" categories out of the "connect to server" dialogue box.

Intercoms with high quality audio are pricey. Mumble not only has superior codecs and superior sound, but allows any desktop, laptop, tablet or phone to become an intercom terminal in a network. The intercom system I have set up sounds GREAT, comparable to systems that go for $10,000 - $20,000. I don't want this security issue to top us from using your software. If you can help with a work-around it would also be vastly appreciated, please email occumonte@gmail.com if you have any suggestions. We are using Linux Lubuntu 12.10. Thanks!

-Monte

Related

Feature Requests: #1120

Discussion

  • Kissaki
    Kissaki
    2013-09-14

    How is the public server list a security issue?

    That users can connect to those servers?
    Because regardless of the list, either you are able to connect to internet servers, or you are not.

    I guess you could add a firewall rule to your network gateway to block requests to the public server list!?
    http://mumble.info/list2.cgi

     
  • rwsstudios
    rwsstudios
    2013-09-16

    That's exactly why it's a security issue. We just blocked the 2 mumble
    servers and that did the trick.

    Mumble has a great backbone, and it could be used on a much wider scale
    than for video games.

    I would love to see the option to disable mumble public servers, and maybe
    a password to protect that setting. It would also be nice if mumble's
    config files didn't get corrupted requiring a reinstall when running
    Lubuntu 12.10.

    Thanks for maintaining a great product!

    -Monte Katzenberger
    PureSolar Hardware Technician
    (360) 584-6049

    On Sat, Sep 14, 2013 at 2:01 PM, Kissaki kissaki@users.sf.net wrote:

    How is the public server list a security issue?

    That users can connect to those servers?
    Because regardless of the list, either you are able to connect to internet
    servers, or you are not.

    I guess you could add a firewall rule to your network gateway to block
    requests to the public server list!?
    http://mumble.info/list2.cgi


    Status: open
    Created: Mon Aug 19, 2013 12:03 AM UTC by rwsstudios
    Last Updated: Mon Aug 19, 2013 12:03 AM UTC
    Owner: nobody

    I am a hardware technician at a solar panel manufacturing facility and
    recently set up mumble/murmur on our network for use as an intercom system.
    The system works great...audio quality is perfect and the "attenuate audio
    while you talk" feature enables the music to be cut from the production
    floor PA while an announcement gets made.

    Unfortunately there is one major issue, and that is that there doesn't
    seem to be a way to disable "Public Internet" from the server list in the
    Mumble client. That poses a significant security risk. Right now I am
    looking into work-arounds. If you want to vastly improve Mumble's client
    base I would find a way for the user to be able to edit the "Public
    Internet" categories out of the "connect to server" dialogue box.

    Intercoms with high quality audio are pricey. Mumble not only has superior
    codecs and superior sound, but allows any desktop, laptop, tablet or phone
    to become an intercom terminal in a network. The intercom system I have set
    up sounds GREAT, comparable to systems that go for $10,000 - $20,000. I
    don't want this security issue to top us from using your software. If you
    can help with a work-around it would also be vastly appreciated, please
    email occumonte@gmail.com if you have any suggestions. We are using Linux
    Lubuntu 12.10. Thanks!

    -Monte

    Sent from sourceforge.net because you indicated interest in
    https://sourceforge.net/p/mumble/feature-requests/1120/

    To unsubscribe from further messages, please visit
    https://sourceforge.net/auth/subscriptions/

     

    Related

    Feature Requests: #1120

  • rwsstudios
    rwsstudios
    2013-09-17

    If someone accidentally clicks on one of those servers, or a new employee
    is exploring the software and doesn't know what (s)he is doing, they could
    open a connection that could allow an unknown party to eavesdrop. It seems
    unlikely that would ever pose a risk, but I do agree with the owner that it
    leaves an albeit small hole. Getting rid of the server list wasn't TOO big
    of an issue, fixed it readily enough, but I do agree with the owner that
    seeing something called, "uncle bob's fuck shack" on a list on a wall in
    our factory is rather tacky and might deter investors. But like I said,
    that wasn't a problem.

    The only real issue we are having now is both the murmur server and mumble
    terminals seem to "break" quite often. I am hoping that once we move murmur
    to our other "less used" server that will cease to be an issue.

    Thank you for responding to my inquiry, have a good day!

    -Monte

    On Mon, Sep 16, 2013 at 11:39 AM, rwsstudios rwsstudios@users.sf.netwrote:

    That's exactly why it's a security issue. We just blocked the 2 mumble
    servers and that did the trick.

    Mumble has a great backbone, and it could be used on a much wider scale
    than for video games.

    I would love to see the option to disable mumble public servers, and maybe
    a password to protect that setting. It would also be nice if mumble's
    config files didn't get corrupted requiring a reinstall when running
    Lubuntu 12.10.

    Thanks for maintaining a great product!

    -Monte Katzenberger
    PureSolar Hardware Technician
    (360) 584-6049

    On Sat, Sep 14, 2013 at 2:01 PM, Kissaki kissaki@users.sf.net wrote:

    How is the public server list a security issue?

    That users can connect to those servers?
    Because regardless of the list, either you are able to connect to internet
    servers, or you are not.

    I guess you could add a firewall rule to your network gateway to block
    requests to the public server list!?
    http://mumble.info/list2.cgi


    Status: open
    Created: Mon Aug 19, 2013 12:03 AM UTC by rwsstudios
    Last Updated: Mon Aug 19, 2013 12:03 AM UTC
    Owner: nobody

    I am a hardware technician at a solar panel manufacturing facility and
    recently set up mumble/murmur on our network for use as an intercom system.
    The system works great...audio quality is perfect and the "attenuate audio
    while you talk" feature enables the music to be cut from the production
    floor PA while an announcement gets made.

    Unfortunately there is one major issue, and that is that there doesn't
    seem to be a way to disable "Public Internet" from the server list in the
    Mumble client. That poses a significant security risk. Right now I am
    looking into work-arounds. If you want to vastly improve Mumble's client
    base I would find a way for the user to be able to edit the "Public
    Internet" categories out of the "connect to server" dialogue box.

    Intercoms with high quality audio are pricey. Mumble not only has superior
    codecs and superior sound, but allows any desktop, laptop, tablet or phone
    to become an intercom terminal in a network. The intercom system I have set
    up sounds GREAT, comparable to systems that go for $10,000 - $20,000. I
    don't want this security issue to top us from using your software. If you
    can help with a work-around it would also be vastly appreciated, please
    email occumonte@gmail.com if you have any suggestions. We are using Linux
    Lubuntu 12.10. Thanks!
    -Monte

    Sent from sourceforge.net because you indicated interest in
    https://sourceforge.net/p/mumble/feature-requests/1120/

    To unsubscribe from further messages, please visit
    https://sourceforge.net/auth/subscriptions/


    Status: open
    Created: Mon Aug 19, 2013 12:03 AM UTC by rwsstudios
    Last Updated: Sat Sep 14, 2013 09:01 PM UTC
    Owner: nobody

    I am a hardware technician at a solar panel manufacturing facility and
    recently set up mumble/murmur on our network for use as an intercom system.
    The system works great...audio quality is perfect and the "attenuate audio
    while you talk" feature enables the music to be cut from the production
    floor PA while an announcement gets made.

    Unfortunately there is one major issue, and that is that there doesn't
    seem to be a way to disable "Public Internet" from the server list in the
    Mumble client. That poses a significant security risk. Right now I am
    looking into work-arounds. If you want to vastly improve Mumble's client
    base I would find a way for the user to be able to edit the "Public
    Internet" categories out of the "connect to server" dialogue box.

    Intercoms with high quality audio are pricey. Mumble not only has superior
    codecs and superior sound, but allows any desktop, laptop, tablet or phone
    to become an intercom terminal in a network. The intercom system I have set
    up sounds GREAT, comparable to systems that go for $10,000 - $20,000. I
    don't want this security issue to top us from using your software. If you
    can help with a work-around it would also be vastly appreciated, please
    email occumonte@gmail.com if you have any suggestions. We are using Linux
    Lubuntu 12.10. Thanks!

    -Monte

    Sent from sourceforge.net because you indicated interest in
    https://sourceforge.net/p/mumble/feature-requests/1120/

    To unsubscribe from further messages, please visit
    https://sourceforge.net/auth/subscriptions/

     

    Related

    Feature Requests: #1120

  • Kyle Smith
    Kyle Smith
    2013-09-17

    So I wouldn't call it a security issue, so much as a way to OEM the software to be more purpose-driven.

    What about a single option (likely not even in the configuration dialog?) called "whitebox" that does the following:
    - Remove Public Internet section of Mumble Server Connect dialog.
    - Remove "Add New..." and "Edit..." buttons from Mumble Server Connect dialog.

     
  • Kissaki
    Kissaki
    2013-09-18

    How would the allowed servers be configured and the configuration distributed? What do you have in mind there?

    If there were a setting for disabling the pub list, would manipulating the registry be something you could use, and how?

     
  • rwsstudios
    rwsstudios
    2013-09-20

    Since we are using mumble and murmur strictly internally as an intercom
    system the murmur server shows up on all mumble terminals that are in
    house. Since we blocked the two IP addresses that populated the public
    server list none of the public murmur servers are showing up. This
    workaround to not having a radio box under "options" in mumble for "Hide
    all public servers" is acceptable. An option to password protect "options"
    and having a "Hide all public servers" under options would be helpful for
    companies like the one I work for.

    Although I am a "computer guy" my programming skills are limited to ladder
    logic and PLC programming, I don't know anything about registry
    manipulation so I am at a loss for your third question.

    The workaround we are using to hide the pub list is acceptable, but now
    there seems to be a problem that is making mumble/murmur unstable. I am in
    the middle of a major programming task these next couple of weeks, but when
    I get some time I will be installing murmur on a different server and
    reinstalling mumble on the terminals. I will let you know how that goes.
    Hopefully the instability issue was because of the way murmur was
    configured and installing it on another server will fix this issue.

    Thank you so much for providing such a great product! Our owners are big
    fans of open source as they have made open source freeware themselves. Your
    software is truly remarkable and I hope we can end up using it for our
    intercom system.

    Monte Katzenberger
    PureSolar Hardware Technician
    (360) 584-6049

    On Wed, Sep 18, 2013 at 12:39 PM, Kissaki kissaki@users.sf.net wrote:

    How would the allowed servers be configured and the configuration
    distributed? What do you have in mind there?

    If there were a setting for disabling the pub list, would manipulating the
    registry be something you could use, and how?


    Status: open
    Created: Mon Aug 19, 2013 12:03 AM UTC by rwsstudios
    Last Updated: Tue Sep 17, 2013 11:47 PM UTC
    Owner: nobody

    I am a hardware technician at a solar panel manufacturing facility and
    recently set up mumble/murmur on our network for use as an intercom system.
    The system works great...audio quality is perfect and the "attenuate audio
    while you talk" feature enables the music to be cut from the production
    floor PA while an announcement gets made.

    Unfortunately there is one major issue, and that is that there doesn't
    seem to be a way to disable "Public Internet" from the server list in the
    Mumble client. That poses a significant security risk. Right now I am
    looking into work-arounds. If you want to vastly improve Mumble's client
    base I would find a way for the user to be able to edit the "Public
    Internet" categories out of the "connect to server" dialogue box.

    Intercoms with high quality audio are pricey. Mumble not only has superior
    codecs and superior sound, but allows any desktop, laptop, tablet or phone
    to become an intercom terminal in a network. The intercom system I have set
    up sounds GREAT, comparable to systems that go for $10,000 - $20,000. I
    don't want this security issue to top us from using your software. If you
    can help with a work-around it would also be vastly appreciated, please
    email occumonte@gmail.com if you have any suggestions. We are using Linux
    Lubuntu 12.10. Thanks!

    -Monte

    Sent from sourceforge.net because you indicated interest in
    https://sourceforge.net/p/mumble/feature-requests/1120/

    To unsubscribe from further messages, please visit
    https://sourceforge.net/auth/subscriptions/

     

    Related

    Feature Requests: #1120

  • Looks like a custom build of Mumble is needed here, with hardcoded server address and without "Connect" dialog at all.

     
  • rwsstudios
    rwsstudios
    2013-11-04

    I don't think a custom build would be necessary, just have a radio button
    somewhere in preferences/options for "Hide all public servers" that gets
    rid of all servers that are not on the "exceptions" list. Make sense?
    That's what you should do if you want to increase your "market", that is.

    I have, however, found a workaround. I blocked two IP addresses and walla!
    The public server list no longer populates.

    Other users may not have the stubbornness that I do in making a great piece
    of open source work and just go with the next option, so the sooner you add
    this functionality, the sooner other businesses will start catching on.

    Thanks for providing such a great product! When we start manufacturing I am
    going to suggest to the owners they make a donation to the mumble project.

    Monte Katzenberger
    PureSolar Hardware Technician
    (360) 584-6049

    On Sun, Nov 3, 2013 at 8:33 PM, Andrew Grigorev ei-grad@users.sf.netwrote:

    Looks like a custom build of Mumble is needed here, with hardcoded server
    address and without "Connect" dialog at all.


    Status: open
    Created: Mon Aug 19, 2013 12:03 AM UTC by rwsstudios
    Last Updated: Wed Sep 18, 2013 07:39 PM UTC
    Owner: nobody

    I am a hardware technician at a solar panel manufacturing facility and
    recently set up mumble/murmur on our network for use as an intercom system.
    The system works great...audio quality is perfect and the "attenuate audio
    while you talk" feature enables the music to be cut from the production
    floor PA while an announcement gets made.

    Unfortunately there is one major issue, and that is that there doesn't
    seem to be a way to disable "Public Internet" from the server list in the
    Mumble client. That poses a significant security risk. Right now I am
    looking into work-arounds. If you want to vastly improve Mumble's client
    base I would find a way for the user to be able to edit the "Public
    Internet" categories out of the "connect to server" dialogue box.

    Intercoms with high quality audio are pricey. Mumble not only has superior
    codecs and superior sound, but allows any desktop, laptop, tablet or phone
    to become an intercom terminal in a network. The intercom system I have set
    up sounds GREAT, comparable to systems that go for $10,000 - $20,000. I
    don't want this security issue to top us from using your software. If you
    can help with a work-around it would also be vastly appreciated, please
    email occumonte@gmail.com if you have any suggestions. We are using Linux
    Lubuntu 12.10. Thanks!

    -Monte

    Sent from sourceforge.net because you indicated interest in
    https://sourceforge.net/p/mumble/feature-requests/1120/

    To unsubscribe from further messages, please visit
    https://sourceforge.net/auth/subscriptions/

     

    Related

    Feature Requests: #1120

  • Greg Malone
    Greg Malone
    2014-03-13

    I want to echo the request to give Mumble a protected option to disable the public links. I work in the K-12 education world and have wanted to use Mumble in our computer labs, but there's no way Mumble can be used because of all the crap and offensive content in the public listings. If it is the desire of the Mumble developer to make this app useable by the rest of the world, please consider allowing some control over what a deployment would contain. It's got to be trivial to provide that feature. Many thanks.

    Alternatively, if anyone can provide a patched version of Mumble that disables the public listings, or can provide instructions on how, that too would be appreciate.

     
    Last edit: Greg Malone 2014-03-13
  • Bike Helmet
    Bike Helmet
    2014-07-27

    If you've got a Tomato router or any router that lets you add IPTables rules... get the IP of the server that hosts the server list, then tell your router to drop connections to that.

    Unfortunately it may disable version/upgrade checks as well.

    ping mumble.info
    Pinging mumble.info [128.39.114.1] with 32 bytes of data:
    Control-C

    iptables -I FORWARD -d 128.39.114.1 -j DROP

    Just drop the iptables command into Scripts/Firewall for any Tomato router.

    I think a config option to set Mumble not to check for public servers, to restrict adding servers, to restrict connections to just LAN servers, and to restrict editing the settings would be good. Proper permissions set by admins could protect the config file.

    -BikeHelmet

     
    • Greg Malone
      Greg Malone
      2014-07-28

      That's a good solution. Thanks!
      On Jul 27, 2014 1:44 PM, "Bike Helmet" bikehelmet@users.sf.net wrote:

      If you've got a Tomato router or any router that lets you add IPTables
      rules... get the IP of the server that hosts the server list, then tell
      your router to drop connections to that.

      Unfortunately it may disable version/upgrade checks as well.

      ping mumble.info
      Pinging mumble.info [128.39.114.1] with 32 bytes of data:
      Control-C

      iptables -I FORWARD -d 128.39.114.1 -j DROP

      Just drop the iptables command into Scripts/Firewall for any Tomato router.

      I think a config option to set Mumble not to check for public servers, to
      restrict adding servers, to restrict connections to just LAN servers, and
      to restrict editing the settings would be good. Proper permissions set by
      admins could protect the config file.

      -BikeHelmet

      Status: open
      Group: Unassigned
      Created: Mon Aug 19, 2013 12:03 AM UTC by rwsstudios
      Last Updated: Sun Jul 27, 2014 05:51 PM UTC
      Owner: nobody

      I am a hardware technician at a solar panel manufacturing facility and
      recently set up mumble/murmur on our network for use as an intercom system.
      The system works great...audio quality is perfect and the "attenuate audio
      while you talk" feature enables the music to be cut from the production
      floor PA while an announcement gets made.

      Unfortunately there is one major issue, and that is that there doesn't
      seem to be a way to disable "Public Internet" from the server list in the
      Mumble client. That poses a significant security risk. Right now I am
      looking into work-arounds. If you want to vastly improve Mumble's client
      base I would find a way for the user to be able to edit the "Public
      Internet" categories out of the "connect to server" dialogue box.

      Intercoms with high quality audio are pricey. Mumble not only has superior
      codecs and superior sound, but allows any desktop, laptop, tablet or phone
      to become an intercom terminal in a network. The intercom system I have set
      up sounds GREAT, comparable to systems that go for $10,000 - $20,000. I
      don't want this security issue to top us from using your software. If you
      can help with a work-around it would also be vastly appreciated, please
      email occumonte@gmail.com if you have any suggestions. We are using Linux
      Lubuntu 12.10. Thanks!

      -Monte

      Sent from sourceforge.net because you indicated interest in
      https://sourceforge.net/p/mumble/feature-requests/1120/

      To unsubscribe from further messages, please visit
      https://sourceforge.net/auth/subscriptions/

       

      Related

      Feature Requests: #1120

      Attachments