[Opensim-dev] User Authentication
Diva Canto
diva at metaverseink.com
Wed Feb 25 23:54:04 UTC 2009
Justin Clark-Casey wrote:
> I must admit, I'm surprised that the spoofer can receive the packet at all if it's being sent to the IP given (the
> spoofed one). But I shall bow to those with superior raw sockets knowledge than myself
The spoofer can't receive the packet sent from the server, and that's
the main point. But it can send a reply packet anyways. It can send it
blindly, trying to guess what the number might be. It could send 128 of
them, each with a different number.
> Actually, without (1) [a user server IP check by the region], isn't the current situation still a problem for closed
> grids? It's possible to make a region connection without any interaction/login with the user server if one knows what
> to do and has the right information.
Yes. It's just that walled-gardens tend to be more private, so for example you may not know the IP address of the region as easily as in open systems; and it will be much harder to find the user's identifiers. Security through obscurity -- which is always a fragile situation, but at least it's a cloth that open systems don't have.
Crista
More information about the Opensim-dev
mailing list