Welcome,
Guest
. Please
login
or
register
.
November 22, 2024, 06:09:29 PM
News:
tastyspleen.net discord server:
http://discord.tastyspleen.net
Home
Forum
Help
TinyPortal
Search
Calendar
Login
Register
tastyspleen::quake 2 community
»
Forum
»
Off-Topic Zone
»
/dev/random
»
Ethics Based Server?
« previous
next »
Print
Pages:
1
2
3
4
5
6
[
7
]
Go Down
Author
Topic: Ethics Based Server? (Read 28662 times)
console
Brobdingnagian Member
Posts: 4518
"Man, this is the way to travel," said my attorney
Rated:
Re: Ethics Based Server?
«
Reply #90 on:
March 06, 2007, 10:55:13 PM »
Well, as the crypto gurus might say, What's Your Threat Model
What's Your Threat Model
?
I know roughly jack about crypto. But for us, since the advent of r1q2 and the exploits r1ch fixed, we've never had anyone hack our rcon password that I'm aware of.
But it also probably helps that we don't give out the rcon password either... we use an admin system where each admin has their own login and password. The rcon password is never transmitted over the network to the client.
So in our case, it might be nice to be able to simply ignore all rcon requests not originating from the IP of the system running our admin scripts.
For that, I could see making rcon a stateful transaction:
client q2 server
--------------------------------------------------------------------------
rcon xpasswordx status
<- "verify 1055d3e698d289f2af8663725127bd4b"
rcon 1055d3e698d289f2af8663725127bd4b status
<- "status info...."
...or something similar. The client tries a normal rcon command, but the server responds with a verify code based on a random number. The client then re-issues the rcon command using the verify code as the password.
Still using UDP, still the same packet structure, so it would technically work with existing clients (even though no human would want to type the verify string by hand.)
This would be trivial to implement, but would presumably be sufficient to allow workable IP-based whitelists for hosts allowed to issue rcon commands.
But again, it gets back to WYTM? The simple system described above is vulnerable to man-in-the-middle attacks, of course; but are we worried about those? I'm not, personally, but again that's probably because there's only one host that knows our rcon passwords--and I don't forsee the liklihood of some employee of some internet backbone sniffing our network packets...
Oh well, fun to talk about anyway...
Regards,
«
Last Edit: March 06, 2007, 10:57:46 PM by console
»
Logged
{TNP}Dukie
Carpal Tunnel Member
Posts: 1570
Rated:
Re: Ethics Based Server?
«
Reply #91 on:
March 07, 2007, 05:18:34 AM »
WTF are you guys talkin about?
Krypto was superboy's dog!
Logged
"To see me, you must download my skin!"
"To see me, you must download my skin!"
[img]http://banners.wunderground.com/weathersticker/gizmotimetemp_both/language/
Dafremen>FAS>
Newbie
Posts: 17
God/Tao/Great Spirit - The First Tro0 Skiller
Rated:
Re: Ethics Based Server?
«
Reply #92 on:
March 07, 2007, 07:55:51 AM »
That looks alot like what I had in mind, but even more secure with the server authentication step. As for the threat model, I think it's obvious: skript kiddies with a grudge, curious hackers who want bragging rights or less likely, but more lethal: ex admins with a grudge and with contacts on the inside or currently active accounts.
That pretty much covers the threat model... It would be fun to mess with it anyway.
Logged
When you play cheaply..you inspire others to do so..and the quality of the game declines.
Fragz Ain't Skillz
74.54.186.236 "goto BTFFFA" Everything u need to work on improving your game.
reaper
Opulent Member
Posts: 2872
Nice night for a walk, eh? - Nice night for a walk
Rated:
Re: Ethics Based Server?
«
Reply #93 on:
March 07, 2007, 12:51:34 PM »
http://iang.org/ssl/wytm.html
WYTM.
interesting read, the internet is so strange!
«
Last Edit: March 07, 2007, 12:54:03 PM by reaper
»
Logged
VaeVictus "reaper is a lying sack of shit and ragequit then had, probably slugs, come alias and beat me, wasnt even the same person playing OBVIOUSLY, accuracies basicly doubled, and strategy
Print
Pages:
1
2
3
4
5
6
[
7
]
Go Up
« previous
next »
tastyspleen::quake 2 community
»
Forum
»
Off-Topic Zone
»
/dev/random
»
Ethics Based Server?
El Box de Shoutamente
Last 10 Shouts:
Costigan_Q2
November 11, 2024, 06:41:06 AM
"Stay cozy folks.
Everything is gonna be fine."
There'll be no excuses for having TDS after January 20th, there'll be no excuses AT ALL!!!
|iR|Focalor
November 06, 2024, 03:28:50 AM
RailWolf
November 05, 2024, 03:13:44 PM
Nice
Tom Servo
November 04, 2024, 05:05:24 PM
The Joe Rogan Experience episode 223 that dropped a couple hours ago with Musk, they're talking about Quake lol.
Costigan_Q2
November 04, 2024, 03:37:55 PM
Stay cozy folks.
Everything is gonna be fine.
|iR|Focalor
October 31, 2024, 08:56:37 PM
Costigan_Q2
October 17, 2024, 06:31:53 PM
Not activated your account yet?
Activate it now! join in the fun!
Tom Servo
October 11, 2024, 03:35:36 PM
HAHAHAHAHAHA
|iR|Focalor
October 10, 2024, 12:19:41 PM
I don't worship the devil. Jesus is Lord, friend. He died for your sins. He will forgive you if you just ask.
rikwad
October 09, 2024, 07:57:21 PM
Sorry, I couldn't resist my inner asshole.
Show 50 latest
User
Welcome,
Guest
. Please
login
or
register
.
November 22, 2024, 06:09:29 PM
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
Search
Advanced search