Welcome,
Guest
. Please
login
or
register
.
September 20, 2024, 11:37:35 AM
News:
tastyspleen.net has a new discord server:
http://discord.tastyspleen.net
Home
Forum
Help
TinyPortal
Search
Calendar
Login
Register
tastyspleen::quake 2 community
»
Forum
»
Off-Topic Zone
»
/dev/random
»
Ethics Based Server?
« previous
next »
Print
Pages:
1
2
3
4
5
6
[
7
]
Go Down
Author
Topic: Ethics Based Server? (Read 28159 times)
console
Brobdingnagian Member
Posts: 4518
"Man, this is the way to travel," said my attorney
Rated:
Re: Ethics Based Server?
«
Reply #90 on:
March 06, 2007, 10:55:13 PM »
Well, as the crypto gurus might say, What's Your Threat Model
What's Your Threat Model
?
I know roughly jack about crypto. But for us, since the advent of r1q2 and the exploits r1ch fixed, we've never had anyone hack our rcon password that I'm aware of.
But it also probably helps that we don't give out the rcon password either... we use an admin system where each admin has their own login and password. The rcon password is never transmitted over the network to the client.
So in our case, it might be nice to be able to simply ignore all rcon requests not originating from the IP of the system running our admin scripts.
For that, I could see making rcon a stateful transaction:
client q2 server
--------------------------------------------------------------------------
rcon xpasswordx status
<- "verify 1055d3e698d289f2af8663725127bd4b"
rcon 1055d3e698d289f2af8663725127bd4b status
<- "status info...."
...or something similar. The client tries a normal rcon command, but the server responds with a verify code based on a random number. The client then re-issues the rcon command using the verify code as the password.
Still using UDP, still the same packet structure, so it would technically work with existing clients (even though no human would want to type the verify string by hand.)
This would be trivial to implement, but would presumably be sufficient to allow workable IP-based whitelists for hosts allowed to issue rcon commands.
But again, it gets back to WYTM? The simple system described above is vulnerable to man-in-the-middle attacks, of course; but are we worried about those? I'm not, personally, but again that's probably because there's only one host that knows our rcon passwords--and I don't forsee the liklihood of some employee of some internet backbone sniffing our network packets...
Oh well, fun to talk about anyway...
Regards,
«
Last Edit: March 06, 2007, 10:57:46 PM by console
»
Logged
{TNP}Dukie
Carpal Tunnel Member
Posts: 1570
Rated:
Re: Ethics Based Server?
«
Reply #91 on:
March 07, 2007, 05:18:34 AM »
WTF are you guys talkin about?
Krypto was superboy's dog!
Logged
"To see me, you must download my skin!"
"To see me, you must download my skin!"
[img]http://banners.wunderground.com/weathersticker/gizmotimetemp_both/language/
Dafremen>FAS>
Newbie
Posts: 17
God/Tao/Great Spirit - The First Tro0 Skiller
Rated:
Re: Ethics Based Server?
«
Reply #92 on:
March 07, 2007, 07:55:51 AM »
That looks alot like what I had in mind, but even more secure with the server authentication step. As for the threat model, I think it's obvious: skript kiddies with a grudge, curious hackers who want bragging rights or less likely, but more lethal: ex admins with a grudge and with contacts on the inside or currently active accounts.
That pretty much covers the threat model... It would be fun to mess with it anyway.
Logged
When you play cheaply..you inspire others to do so..and the quality of the game declines.
Fragz Ain't Skillz
74.54.186.236 "goto BTFFFA" Everything u need to work on improving your game.
reaper
Opulent Member
Posts: 2872
Nice night for a walk, eh? - Nice night for a walk
Rated:
Re: Ethics Based Server?
«
Reply #93 on:
March 07, 2007, 12:51:34 PM »
http://iang.org/ssl/wytm.html
WYTM.
interesting read, the internet is so strange!
«
Last Edit: March 07, 2007, 12:54:03 PM by reaper
»
Logged
VaeVictus "reaper is a lying sack of shit and ragequit then had, probably slugs, come alias and beat me, wasnt even the same person playing OBVIOUSLY, accuracies basicly doubled, and strategy
Print
Pages:
1
2
3
4
5
6
[
7
]
Go Up
« previous
next »
tastyspleen::quake 2 community
»
Forum
»
Off-Topic Zone
»
/dev/random
»
Ethics Based Server?
El Box de Shoutamente
Last 10 Shouts:
RyU
September 03, 2024, 05:15:49 PM
And wow Derrick is still playing lol
RyU
September 03, 2024, 05:15:15 PM
Just know yesterday is gone and soon tomorrow will be gone too
Lejionator
August 08, 2024, 07:28:01 PM
It's tiem to QuakeCon!!!
https://www.youtube.com/watch?v=ThQd_UJaTys
ImperiusDamian
July 26, 2024, 09:34:53 PM
In nomine Quake II et Id Software et Spiritus John Carmack, Amen.
QuakeDuke
July 26, 2024, 05:10:30 PM
Hey, shout, summertime blues
Jump up and down in you blue suede shoes
Hey, did you rock and roll? Rock on!! ...QD
Yotematoi
July 24, 2024, 01:31:20 PM
Ayer me mato 5 veces para robarme en la vida real hará lo mismo? [img]<iframe src="https://www.facebook.com/plugins/post.php?href=https%3A%2F%2Fwww.facebook.com%2Fzoloyoze.torito%2Fposts%2Fpfbid0wXU2VgS7atesBcSoMz5BWMJCJajeZFVT6GzSU6TtpJGddN9kLTvWNgcZaskkbKFQl&show_text=true&width=500
https://www.facebook.com/plugins/post.php?href=https%3A%2F%2Fwww.facebook.com%2Fzoloyoze.torito%2Fposts%2Fpfbid0wXU2VgS7atesBcSoMz5BWMJCJajeZFVT6GzSU6TtpJGddN9kLTvWNgcZaskkbKFQl&show_text=true&width=500
" width="500"
Yotematoi
July 24, 2024, 01:25:59 PM
hi ya está la basura de Martin, se cambió el nombre es un ladron estupido, asi llegó a 10000[img]<iframe src="https://www.facebook.com/plugins/post.php?href=https%3A%2F%2Fwww.facebook.com%2Fzoloyoze.torito%2Fposts%2Fpfbid03hZrkDUBJPZKCuFgy5hRUy831ekKJYVRzC7ajXaKQbJ6xcPgKftLukUDfovFyEq3l&show_text
https://www.facebook.com/plugins/post.php?href=https%3A%2F%2Fwww.facebook.com%2Fzoloyoze.torito%2Fposts%2Fpfbid03hZrkDUBJPZKCuFgy5hRUy831ekKJYVRzC7ajXaKQbJ6xcPgKftLukUDfovFyEq3l&show_text
Yotematoi
July 24, 2024, 01:25:59 PM
hi ya está la basura de Martin, se cambió el nombre es un ladron estupido, asi llegó a 10000[img]<iframe src="https://www.facebook.com/plugins/post.php?href=https%3A%2F%2Fwww.facebook.com%2Fzoloyoze.torito%2Fposts%2Fpfbid03hZrkDUBJPZKCuFgy5hRUy831ekKJYVRzC7ajXaKQbJ6xcPgKftLukUDfovFyEq3l&show_text
https://www.facebook.com/plugins/post.php?href=https%3A%2F%2Fwww.facebook.com%2Fzoloyoze.torito%2Fposts%2Fpfbid03hZrkDUBJPZKCuFgy5hRUy831ekKJYVRzC7ajXaKQbJ6xcPgKftLukUDfovFyEq3l&show_text
[BTF]Jehar
July 19, 2024, 04:28:08 PM
http://forum.tastyspleen.net/quake/index.php?topic=23579.msg238738#msg238738
ts500 comin!
-Unh0ly-
July 05, 2024, 05:20:36 AM
https://unh0lyquakeii.godaddysites.com/
[/i]
Show 50 latest
User
Welcome,
Guest
. Please
login
or
register
.
September 20, 2024, 11:37:35 AM
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
Search
Advanced search