Author Topic: Ethics Based Server?  (Read 28662 times)

Offline console

  • Brobdingnagian Member
  • ***
  • Posts: 4518
  • "Man, this is the way to travel," said my attorney
    • View Profile
    • tastyspleen.net
  • Rated:
Re: Ethics Based Server?
« Reply #90 on: March 06, 2007, 10:55:13 PM »
Well, as the crypto gurus might say, What's Your Threat Model
What's Your Threat Model? :)

I know roughly jack about crypto.  But for us, since the advent of r1q2 and the exploits r1ch fixed, we've never had anyone hack our rcon password that I'm aware of.

But it also probably helps that we don't give out the rcon password either... we use an admin system where each admin has their own login and password. The rcon password is never transmitted over the network to the client.

So in our case, it might be nice to be able to simply ignore all rcon requests not originating from the IP of the system running our admin scripts.

For that, I could see making rcon a stateful transaction:

  client                                                 q2 server
--------------------------------------------------------------------------
  rcon xpasswordx status

                                                           <- "verify 1055d3e698d289f2af8663725127bd4b"
 
  rcon 1055d3e698d289f2af8663725127bd4b status

                                                           <- "status info...."

...or something similar.  The client tries a normal rcon command, but the server responds with a verify code based on a random number. The client then re-issues the rcon command using the verify code as the password.

Still using UDP, still the same packet structure, so it would technically work with existing clients  (even though no human would want to type the verify string by hand.)

This would be trivial to implement, but would presumably be sufficient to allow workable IP-based whitelists for hosts allowed to issue rcon commands.

But again, it gets back to WYTM?  The simple system described above is vulnerable to man-in-the-middle attacks, of course; but are we worried about those?  I'm not, personally, but again that's probably because there's only one host that knows our rcon passwords--and I don't forsee the liklihood of some employee of some internet backbone sniffing our network packets...

Oh well, fun to talk about anyway...


Regards,

:afro:
« Last Edit: March 06, 2007, 10:57:46 PM by console »
  • Insightful
    Informative
    Funny
    Nice Job / Good Work
    Rock On
    Flawless Logic
    Well-Reasoned Argument and/or Conclusion
    Demonstrates Exceptional Knowlege of the Game
    Appears Not to Comprehend Game Fundamentals
    Frag of the Week
    Frag Hall of Fame
    Jump of the Week
    Jump Hall of Fame
    Best Solution
    Wins The Internet
    Whoosh! You done missed the joke thar Cletus!
    Obvious Troll Is Obvious
    DO YOU EVEN LIFT?
    DEMO OR STFU
    Offtopic
    Flamebait
    Redundant
    Factually Challenged
    Preposterously Irrational Arguments
    Blindingly Obvious Logical Fallacies
    Absurd Misconstrual of Scientific Principles or Evidence
    Amazing Conspiracy Theory Bro
    Racist Ignoramus

Offline {TNP}Dukie

  • Carpal Tunnel Member
  • ******
  • Posts: 1570
    • View Profile
    • http://dukieskinz.homestead.com/dukiesfront.html
  • Rated:
Re: Ethics Based Server?
« Reply #91 on: March 07, 2007, 05:18:34 AM »
WTF are you guys talkin about?
Krypto was superboy's dog!
  • Insightful
    Informative
    Funny
    Nice Job / Good Work
    Rock On
    Flawless Logic
    Well-Reasoned Argument and/or Conclusion
    Demonstrates Exceptional Knowlege of the Game
    Appears Not to Comprehend Game Fundamentals
    Frag of the Week
    Frag Hall of Fame
    Jump of the Week
    Jump Hall of Fame
    Best Solution
    Wins The Internet
    Whoosh! You done missed the joke thar Cletus!
    Obvious Troll Is Obvious
    DO YOU EVEN LIFT?
    DEMO OR STFU
    Offtopic
    Flamebait
    Redundant
    Factually Challenged
    Preposterously Irrational Arguments
    Blindingly Obvious Logical Fallacies
    Absurd Misconstrual of Scientific Principles or Evidence
    Amazing Conspiracy Theory Bro
    Racist Ignoramus
&quot;To see me, you must download my skin!&quot;
"To see me, you must download my skin!"

[img]http://banners.wunderground.com/weathersticker/gizmotimetemp_both/language/

Offline Dafremen>FAS>

  • Newbie
  • *
  • Posts: 17
  • God/Tao/Great Spirit - The First Tro0 Skiller
    • View Profile
    • Daffy Times
  • Rated:
Re: Ethics Based Server?
« Reply #92 on: March 07, 2007, 07:55:51 AM »
That looks alot like what I had in mind, but even more secure with the server authentication step. As for the threat model, I think it's obvious: skript kiddies with a grudge, curious hackers who want bragging rights or less likely, but more lethal: ex admins with a grudge and with contacts on the inside or currently active accounts.

That pretty much covers the threat model... It would be fun to mess with it anyway. :biggungrin:
  • Insightful
    Informative
    Funny
    Nice Job / Good Work
    Rock On
    Flawless Logic
    Well-Reasoned Argument and/or Conclusion
    Demonstrates Exceptional Knowlege of the Game
    Appears Not to Comprehend Game Fundamentals
    Frag of the Week
    Frag Hall of Fame
    Jump of the Week
    Jump Hall of Fame
    Best Solution
    Wins The Internet
    Whoosh! You done missed the joke thar Cletus!
    Obvious Troll Is Obvious
    DO YOU EVEN LIFT?
    DEMO OR STFU
    Offtopic
    Flamebait
    Redundant
    Factually Challenged
    Preposterously Irrational Arguments
    Blindingly Obvious Logical Fallacies
    Absurd Misconstrual of Scientific Principles or Evidence
    Amazing Conspiracy Theory Bro
    Racist Ignoramus
When you play cheaply..you inspire others to do so..and the quality of the game declines.

Fragz Ain't Skillz
 74.54.186.236 "goto BTFFFA" Everything u need to work on improving your game.

Offline reaper

  • Opulent Member
  • *
  • Posts: 2872
  • Nice night for a walk, eh? - Nice night for a walk
    • View Profile
  • Rated:
Re: Ethics Based Server?
« Reply #93 on: March 07, 2007, 12:51:34 PM »
http://iang.org/ssl/wytm.html WYTM.

interesting read, the internet is so strange!
« Last Edit: March 07, 2007, 12:54:03 PM by reaper »
  • Insightful
    Informative
    Funny
    Nice Job / Good Work
    Rock On
    Flawless Logic
    Well-Reasoned Argument and/or Conclusion
    Demonstrates Exceptional Knowlege of the Game
    Appears Not to Comprehend Game Fundamentals
    Frag of the Week
    Frag Hall of Fame
    Jump of the Week
    Jump Hall of Fame
    Best Solution
    Wins The Internet
    Whoosh! You done missed the joke thar Cletus!
    Obvious Troll Is Obvious
    DO YOU EVEN LIFT?
    DEMO OR STFU
    Offtopic
    Flamebait
    Redundant
    Factually Challenged
    Preposterously Irrational Arguments
    Blindingly Obvious Logical Fallacies
    Absurd Misconstrual of Scientific Principles or Evidence
    Amazing Conspiracy Theory Bro
    Racist Ignoramus
VaeVictus "reaper is a lying sack of shit and ragequit then had, probably slugs, come alias and beat me, wasnt even the same person playing OBVIOUSLY, accuracies basicly doubled, and strategy

 

El Box de Shoutamente

Last 10 Shouts:

Costigan_Q2

November 11, 2024, 06:41:06 AM
"Stay cozy folks.

Everything is gonna be fine."

There'll be no excuses for having TDS after January 20th, there'll be no excuses AT ALL!!!
 

|iR|Focalor

November 06, 2024, 03:28:50 AM
 

RailWolf

November 05, 2024, 03:13:44 PM
Nice :)

Tom Servo

November 04, 2024, 05:05:24 PM
The Joe Rogan Experience episode 223 that dropped a couple hours ago with Musk, they're talking about Quake lol.

Costigan_Q2

November 04, 2024, 03:37:55 PM
Stay cozy folks.

Everything is gonna be fine.
 

|iR|Focalor

October 31, 2024, 08:56:37 PM

Costigan_Q2

October 17, 2024, 06:31:53 PM
Not activated your account yet?

Activate it now! join in the fun!

Tom Servo

October 11, 2024, 03:35:36 PM
HAHAHAHAHAHA
 

|iR|Focalor

October 10, 2024, 12:19:41 PM
I don't worship the devil. Jesus is Lord, friend. He died for your sins. He will forgive you if you just ask.
 

rikwad

October 09, 2024, 07:57:21 PM
Sorry, I couldn't resist my inner asshole.

Show 50 latest
Welcome, Guest. Please login or register.
November 22, 2024, 06:09:29 PM

Login with username, password and session length