February 2004
- Solutions for smarter NPCs (long) Robert Zubek
- TECH: newbie, mud over jabber im cr88192
- Randomness Alex Chacha
- Randomness David Kennerly
- Randomness Alex Chacha
- UI Design Adam
- MCP/GUIs (was: MUD client popularity) Bruce Mitchener
- [DGN] A comparison of adolescent and adult online computer game players Luca Girardo
- Discussion groups at the MDC Brian 'Psychochild' Green
- Different Style of Online Games Stewart Berntson
- Too much magic? Brian Hook
- Too much magic? Michael "Flury" Chui
- Too much magic? John Buehler
- Too much magic? Hans-Henrik Staerfeldt
- Too much magic? John Buehler
- Too much magic? Corey Crawford
- Too much magic? cruise
- Too much magic? Brian Hook
- Too much magic? Richard A. Bartle
- Too much magic? Brian Hook
- Too much magic? Paul Canniff
- Too much magic? cruise
- Too much magic? Daniel.Harman@barclayscapital.com
- Too much magic? Ben Hawes
- Too much magic? Miroslav Silovic
- Weather simulations Nathan Black
- Weather simulations Spot
- Weather simulations Shane P. Lee
- Weather simulations Valerio Santinelli
- How much should be offloaded to Scripting? Dan Larsen
- How much should be offloaded to Scripting? Brian Hook
- How much should be offloaded to Scripting? Koster, Raph
- How much should be offloaded to Scripting? Brian Hook
- How much should be offloaded to Scripting? Jay Carlson
- How much should be offloaded to Scripting? Damion Schubert
- How much should be offloaded to Scripting? Jim Purbrick
- How much should be offloaded to Scripting? Jim Purbrick
- How much should be offloaded to Scripting? Sean Middleditch
- How much should be offloaded to Scripting? Lars Duening
- How much should be offloaded to Scripting? Ben Garney
- How much should be offloaded to Scripting? Acius
- How much should be offloaded to Scripting? Richard A. Bartle
- How much should be offloaded to Scripting? Patrick Dughi
- How much should be offloaded to Scripting? gbtmud
- How much should be offloaded to Scripting? Kwon J. Ekstrom
- How much should be offloaded to Scripting? James Pepe
- Media: Women over 40 biggest online gamers J C Lawrence
- Media: Women over 40 biggest online gamers ext.Christer.Enfors@tietoenator.com
- Media: Women over 40 biggest online gamers Koster, Raph
- Media: Women over 40 biggest online gamers Daniel James
- Media: Women over 40 biggest online gamers Fred Snyder
- Media: Women over 40 biggest online gamers Michael Sellers
- Media: Women over 40 biggest online gamers Tom Hunter
- Media: Women over 40 biggest online gamers Luca Girardo
- Media: Women over 40 biggest online gamers Luca Girardo
- Character Restraint & Capture. Jester
- Character Restraint & Capture. rjw
- Character Restraint & Capture. Matt Mihaly
- Character Restraint & Capture. Paul Schwanz
- Character Restraint & Capture. Matt Mihaly
- Character Restraint & Capture. Paul Schwanz
- Character Restraint & Capture. Matt Mihaly
- Character Restraint & Capture. Paul Schwanz
- Character Restraint & Capture. Damion Schubert
- Character Restraint & Capture. Daniel.Harman@barclayscapital.com
- Character Restraint & Capture. Matt Mihaly
- Character Restraint & Capture. Paul Schwanz
- Character Restraint & Capture. Jester
- Character Restraint & Capture. Matt Mihaly
- Character Restraint & Capture. Matt Mihaly
- Character Restraint & Capture. Jester
- Character Restraint & Capture. Matt Mihaly
- Character Restraint & Capture. Damion Schubert
- Character Restraint & Capture. Byron Ellacott
- Character Restraint & Capture. Jester
- Character Restraint & Capture. Jester
- Character Restraint & Capture. Damion Schubert
- Character Restraint & Capture. Marian Griffith
- Character Restraint & Capture. Jester
- Character Restraint & Capture. Brian 'Psychochild' Green
- Character Restraint & Capture. cruise
- Character Restraint & Capture. Paul Schwanz
- Character Restraint & Capture. Jester
- Character Restraint & Capture. Valerio Santinelli
- Character Restraint & Capture. Craig H Fry
- Character Restraint & Capture. Jim Purbrick
- Character Restraint & Capture. Michael Sellers
- Character Restraint & Capture. Jester
- Character Restraint & Capture. cruise
- Character Restraint & Capture. Jester
- Character Restraint & Capture. Tess Snider
- Character Restraint & Capture. Eric Random
- Player generated quests wcoles@reflectionsinteractive.com
- Player generated quests cruise
- Player generated quests Artur Biesiadowski
- Player generated quests Alex Chacha
- Player generated quests Mike Shaver
- Player generated quests Talanithus Tarant
- Quick question SSL Christopher Allen
- Quick question SSL ceo
- Quick question SSL sziisoft
From: "ceo" <ceo@grexengine.com>
> IIRC this is of the "Replay" type of attack - as an attacker, you
> observe the "magic number/token" that is a valid response to a
> server challenge, and then replay the same magic number the first
> time the server challenges you. Of course this is why most
> security protocols include the sender and receiver "addresses"
> inside whatever's encrypted, but my problem here is that I don't
> seem to have a notion of a client "address" which I can actually
> know/check for all clients :(.
> PS caches seem to fairly consistently use the extended
> (i.e. non-standard) HTTP headers to indicate the IP address they
> are routing on behalf of; I haven't checked *every* ISP of every
> player, but I may be able to use these extended headers to infer
> the same IP address for a client, no matter which proxy/cache they
> come via.
Hardware address. Guaranteed unique per card unless someone
overrides it(which is very rare.) You can set it up in the SSL as
the auth, then possibly allow that hwaddress(MAC address) in
conjunction with the rest of the security mechanism. SSL keeps it
from being sniffed, but you run into the possibility of
memory-watchers/decompilation/etc on the client seeing that you're
using the hw address for handshake/auth. ARP table lookups might be
another implementation.
Security through obsfucation, to a point.
If you're worried about replay attacks, you can break most of them
but staggering/randomizing the TCP sequence number. If they've
recorded a sequence starting at 1 and your server says "for this
connection we're going to start at 12" then you'll break their
replays. (and signal all kinds of warning systems.)
Again, easy to beat/hammer through if you know it's going on.
Anyone who'll be trying that kind of attack, though, will probably
have a real-time packet analyser/modification tool and this won't
fool them.
Periodic reauth? Open up an SSL to your auth server ever "x"
minutes and randomize it. Separate thread so as not to impact game
performance. Replay attacks won't work because of the randomized
reauth.
-Mike - Quick question SSL Jo Dillon
- Quick question SSL Matthew D. Fuller
- Quick question SSL ceo
- Quick question SSL szii@sziisoft.com
- Quick question SSL Travis Casey
- Quick question SSL Tamzen Cannoy
- Quick question SSL ceo
- Quick question SSL Byron Ellacott
- Quick question SSL Alex Chacha
- Quick question SSL Sean Middleditch
- Quick question SSL sziisoft
- Mythica Cancelled.. dienw
- Mythica Cancelled.. Kerry Fraser-Robinson
- Mythica Cancelled.. David H. Loeser Jr
- Mythica Cancelled.. Vincent Archer
- Mythica Cancelled.. Vincent Archer
- Mythica Cancelled.. Michael Sellers
- Mythica Cancelled.. Scott Jennings
- Mythica Cancelled.. szii@sziisoft.com
- Mythica Cancelled.. Valerio Santinelli
- Mythica Cancelled.. Damion Schubert
- Mythica Cancelled.. Hans-Henrik Staerfeldt
- Mythica Cancelled.. Bill Slease
- Mythica Cancelled.. Freeman, Jeff
- Mythica Cancelled.. Tom "cro" Gordon
- [Design] Meta-physics Engine cruise
- RE:Character Restraint & Capture. Chris Duesing
- Economic model.. Brian Thyer
- Economic model.. Mike Lescault
- Economic model.. Robert Kovalchick
- Economic model.. Brian Thyer
- Economic model.. Matt Mihaly
- Economic model.. brian@thyer.net
- Economic model.. Matt Mihaly
- Economic model.. Matt
- Economic model.. Brian Thyer
- Economic model.. cruise
- Economic model.. brian@thyer.net
- Economic model.. cruise
- Economic model.. Thomas Clive Richards
- Economic model.. Michael Sellers
- Economic model.. Daniel.Harman@barclayscapital.com
- Economic model.. Michael Sellers
- Economic model.. Daniel.Harman@barclayscapital.com
- Economic model.. Brian Thyer
- Economic model.. Marian Griffith
- Economic model.. Brian Thyer
- Economic model.. Francisco Gutierrez
- Economic model.. Brian Thyer
- Character Restraint & Capture (bounty hunting) Jester
- Character Restraint & Capture (bounty hunting) Brian Hook
- Character Restraint & Capture (bounty hunting) Jester
- Character Restraint & Capture (bounty hunting) Roy Sutton
- Character Restraint & Capture (bounty hunting) Chris Duesing
- Character Restraint & Capture (bounty hunting) Byron Ellacott
- Character Restraint & Capture (bounty hunting) szii@sziisoft.com
- Character Restraint & Capture (bounty hunting) John Buehler
- Character Restraint & Capture (bounty hunting) Jester
- Character Restraint & Capture (bounty hunting) Byron Ellacott
- Character Restraint & Capture (bounty hunting) Jester
- Character Restraint & Capture (bounty hunting) Byron Ellacott
- Character Restraint & Capture (bounty hunting) Jester
- Economic model (long) Jester
- Announce: MUD-Dev Conference J C Lawrence