Ethics Based Server?

[console]

Well, as the crypto gurus might say, What's Your Threat Model
What's Your Threat Model?

I know roughly jack about crypto.  But for us, since the advent of r1q2 and the exploits r1ch fixed, we've never had anyone hack our rcon password that I'm aware of.

But it also probably helps that we don't give out the rcon password either... we use an admin system where each admin has their own login and password. The rcon password is never transmitted over the network to the client.

So in our case, it might be nice to be able to simply ignore all rcon requests not originating from the IP of the system running our admin scripts.

For that, I could see making rcon a stateful transaction:

  client                                                 q2 server
--------------------------------------------------------------------------
  rcon xpasswordx status

                                                           <- "verify 1055d3e698d289f2af8663725127bd4b"
 
  rcon 1055d3e698d289f2af8663725127bd4b status

                                                           <- "status info...."

...or something similar.  The client tries a normal rcon command, but the server responds with a verify code based on a random number. The client then re-issues the rcon command using the verify code as the password.

Still using UDP, still the same packet structure, so it would technically work with existing clients  (even though no human would want to type the verify string by hand.)

This would be trivial to implement, but would presumably be sufficient to allow workable IP-based whitelists for hosts allowed to issue rcon commands.

But again, it gets back to WYTM?  The simple system described above is vulnerable to man-in-the-middle attacks, of course; but are we worried about those?  I'm not, personally, but again that's probably because there's only one host that knows our rcon passwords--and I don't forsee the liklihood of some employee of some internet backbone sniffing our network packets...

Oh well, fun to talk about anyway...


Regards,

[{TNP}Dukie]

WTF are you guys talkin about?
Krypto was superboy's dog!

[Dafremen>FAS>]

That looks alot like what I had in mind, but even more secure with the server authentication step. As for the threat model, I think it's obvious: skript kiddies with a grudge, curious hackers who want bragging rights or less likely, but more lethal: ex admins with a grudge and with contacts on the inside or currently active accounts.

That pretty much covers the threat model... It would be fun to mess with it anyway.

[reaper]

http://iang.org/ssl/wytm.html WYTM.

interesting read, the internet is so strange!