Plingstore ports

Hi all. I’m new to both RISC OS and the community.

So, I just set up my Pi 3 and I’m having trouble connecting to the !Store. It starts on “Downloading program update” and then times out. (Lost connection to the server)

The most likely problem is my network. I have a default deny policy. I only open ports that I specifically need. To troubleshoot further, does anybody know the UDP and TCP ports !Store needs?

Thanks in advance,

James.

FYI: First forum post from RISC OS :D

Hi James,

Welcome to RISC OS. I joined only 3 years ago actually. I’ve dropped an e-mail to Andrew Rawnsley of R-Comp as I’d like to know too….

PlingStore was written by Alan Wrigley
http://www.alanwrigley.com/contact.html

I’ll paste port numbers into here soon.

Best Regards,

Tony.

Hi Tony and thanks.

Interestingly, I found a post on comp.sys.acorn.apps were Alan Wrigley stated 80 is the normal port (which is open assuming he means TCP)

Thinking out aloud, it does check for an update, then jumps to downloading the update were it times out. This looks like it is making a connection first, but hangs when it comes to downloading.

I worry plingstore uses FTP, which isn’t an open protocol on my network. :’(

James

Hi James,

Most likely you can source the software via the authors’ websites or via contacting them directly. E.g. Messenger Pro can be purchased directly from R-Comp.

Mike

A quick play with !SocketMgr whilst running !Store suggests that it uses port 33105.

Was wondering, couldn’t one start !Store and then enter a command (from memory netstat -a but don’t quote me on it) to see what ports it has opened?

Wow, that worked. Opened TCP 33105 outbound and plingstore now works. :)

Thanks Andrew, and everyone else.

Wow, that was quick – I was still awaiting a note back from the programmer with more extensive info. Nice work everyone.

I can’t think of any good reason NOT to use plain old HTTP on port 80 for something like !Store or PackMan. Should be changed ASAP.

PackMan worked before the changes so I’m guessing it does use something like 80 or 443.

I agree it is unusual to use any port above 10k, but it can be handy to use higher ports to avoid script kiddies.

Opened TCP 33105 outbound and plingstore now works

TCP & UDP port numbers 1024-49151 are “User ports” and are allocated by IANA.
Looking at the currently published allocations 33105 is unassigned, so it seems !Store is being a bit naughty (since the allocations were last updated 08-May-2017 and !Store predates this) and using an unofficial port number.

Nothing wrong with using an unassigned port. Using an assigned port would be a little naughty, though, unless assigned to their protocol.

Nothing wrong with using an unassigned port.

“The range of port numbers from 1024 to 49151 are the registered ports. They are assigned by IANA for specific service upon application by a requesting entity.”

Seems clear to me, don’t use a port unless it has been allocated. Rather the same story with RISC OS file types, module chunks, etc. Do you remember the early days (when RO3 was shiny and new) it was Acorn who handled allocations by post, but only if you happened to be aware of it and really really patient. As such, there were quite a number of applications all giving themselves the same type number for different things, and upcoming formats with no native handling within RISC OS at the time (JPEG and HTML come to mind) had several different file types for the same thing.
And, of course, you’re you-know-where-without-a-paddle if you’re using an unallocated anything which is then…allocated, but not to you…

Maybe one day I’ll slave my Pi through the PC and WireShark what’s going on. After all, does Store do anything that actually needs a weird port and which can’t be handled by http(s) and/or (s)ftp? Is it for user authentication or something?

It is normal practice to use an unassigned port for a new protocol. Using an assigned port for a purpose not designated is frowned upon. (i.e using http on port 22 is naughty) but since it isn’t assigned, it’s not really an issue.

Wow, that was quick – I was still awaiting a note back from the programmer with more extensive info.

I’d guess the use of the standard diagnostic: run the session through a firewall/router that actually logs the traffic and filter for traffic from your client while a !Store session is run. Pretty much the technique I used for the real requirements for Facetime as opposed to what the Aplle document says.

Maybe one day I’ll slave my Pi through the PC and WireShark what’s going on.

Plug both into a crappy old mini-hub that spews all packets to all ports, or obtain a cheap old cisco unit with “SPAN port” (port mirroring to normal people) capability.

Maybe one day I’ll slave my Pi through the PC and WireShark what’s going on. After all, does Store do anything that actually needs a weird port and which can’t be handled by http(s) and/or (s)ftp? Is it for user authentication or something?

Best guess would be security by obscurity, which in the face of nmap is slightly more juvenile than the script kiddies that would exploit any unsecure port.

run the session through a firewall/router that actually logs the traffic and filter for traffic from your client

That would have been my next step. But since I know nothing about RO, I’d have to set up a static IP, tweak PF and grep through the logs. I thought someone would have already known the ports, so decided to ask here.

Best guess would be security by obscurity, which in the face of nmap is slightly more juvenile than the script kiddies that would exploit any unsecure port.

I am not a fan of security through obscurity, but it does work (Just look at IBMs z/OS). Frankly, that’s then only real security RO seems to have going for it from what I’ve been able to discern through the docs and forum. If it didn’t have such a small install base, I would not have plugged it into a WAN facing network.

It will be rare that someone will use nmap to scan as high as 33105 unless someone had specifically targeted that server, presumably knowing what it is. nmap takes ages if the scan if the scope is too broad, and most script kiddies just use it to grab more node address to try to break into. They’ll almost never scan above 1024.

Edit: Formatted quote correctly

There’s a formatting hint under the reply box. You type "bq. " at the start of a line, and follow it immediately with what you want to quote. If you want to quote more than one paragraph I believe you can just use the HTML blockquote tags round it.

Thanks, Matthew.

James, the Tests forum is an ideal place to try things out. It’s where you can experiment without cluttering up anyone else’s thread with mistakes (which many of us have done from time to time).

Noted

I’d guess the use of the standard diagnostic: run the session through a firewall/router that actually logs the traffic and filter for traffic from your client while a !Store session is run. Pretty much the technique I used for the real requirements for Facetime as opposed to what the Aplle document says.

No need to guess, I wrote how I did it in my post.

Was wondering, couldn’t one start !Store and then enter a command (from memory netstat -a but don’t quote me on it) to see what ports it has opened?

inetstat -a is the one, that works too.

I am not a fan of security through obscurity, but it does work

It works until it gets compromised, then it’s wide open and potentially few people know what, how, or where…

Frankly, that’s then only real security RO seems to have going for it from what I’ve been able to discern through the docs and forum. If it didn’t have such a small install base, I would not have plugged it into a WAN facing network.

It would not be hard to create a little piece of code, capable of replicating by inserting itself within certain executable files, waiting for a specific trigger date – say the official date of Brexit. If it is far enough in the future and keeps itself quiet (no bugs!), it could replicate all over the place before the trigger date. I’m keeping this vague, but I bet there are some assembler level coders who are thinking “hmmm”. ;-)
Thing is, what would the payload be? In the old days, one would get a message (often political in nature), a random reset, or a trashed filesystem if the attack was evil.

But that’s not where it’s at these days.

Botnets. A hundred billion cameras, toasters, and compromised routers spamming sites off the internet. That’s the current hot thing. If the site being spammed is a major DNS server… well, we’ve already seen the weakness there.

But just as it is dead easy to get potentially malicious code running on RISC OS, it is also really easy to track down the origin of said malicious code. Hiding stuff on RISC OS is quite hard. It’s more likely to be “hiding in plain sight” (like that virus in the days of old that faked being one of the Econet modules) but once you know it is there, you can look for what started it, and get rid of it.

So, no, RISC OS is not going to try contacting covert IRC servers to pick up instructions of sites to spam. Because if you noticed your Pi behaving strangely, you’d be able to try to find out why…

It will be rare that someone will use nmap to scan as high as 33105 unless someone

…ah, but wait. If Store is running, would nmap see anything? I’ve just scanned my machine and… nothing. Because a port outbound is not the same as a port inbound.

RISC OS is not Linux/Windows. It doesn’t have a bunch of services responding to connection requests unless YOU have installed some software to provide those services. I’m running WebJames, so port 80 is open. http://heyrick.ddns.net/ will provide you with my current weather. ;-)

I believe there is a way to stiff many RISC OS machines remotely by sending special malformed packets. I don’t remember the details, and it may have been fixed (but given the age of the stack…). That said, it would take a lot more knowledge to create a more active exploit. And for what? The OS itself provides a call to drop right into supervisor mode, there’s no concept whatsoever of user permissions… it’s just not worth the effort, don’t you think? Far better to attack OSX, ’cause they less likely to know how their OS actually works and if they have Mac they probably have money…

If Store is running, would nmap see anything? I’ve just scanned my machine and… nothing. Because a port outbound is not the same as a port inbound.

I was actually considering the destination port (server)

Far better to attack OSX, ’cause they less likely to know how their OS actually works and if they have Mac they probably have money…

Well, maybe. But don’t you think it’s a case of they had money and spent more than they needed to?

But don’t you think it’s a case of they had money and spent more than they needed to?

Have you seen the price of Apple stuff? I don’t mean the tablet/phone/computer, I mean the add on paraphernalia plus you can pretty much guarantee the printed media will be an easy twice as expensive. Glossy Ubuntu magazine? €7,99. Glossy Apple mag? €16. [glossy Pi mag is €12 but contains info on numerous things to do like setting it up an a NAS box]
I saw a local supermarket was a retailer of Apple add ons, like a little media card reader. Or an official lightning cable. Prices? Bordering on silly…

Bordering on silly…

Bordering on? Other side of the border, and nowhere near it.

Says the man sitting at an Apple Mac mini (but not an Apple add-on in sight)