[Opensim-dev] User Authentication
Justin Clark-Casey
jjustincc at googlemail.com
Thu Feb 26 16:49:25 UTC 2009
Diva Canto wrote:
> Justin Clark-Casey wrote:
>> I must admit, I'm surprised that the spoofer can receive the packet at all if it's being sent to the IP given (the
>> spoofed one). But I shall bow to those with superior raw sockets knowledge than myself
>
> The spoofer can't receive the packet sent from the server, and that's
> the main point. But it can send a reply packet anyways. It can send it
> blindly, trying to guess what the number might be. It could send 128 of
> them, each with a different number.
Ah, I get it. Thanks :)
>
>> Actually, without (1) [a user server IP check by the region], isn't the current situation still a problem for closed
>> grids? It's possible to make a region connection without any interaction/login with the user server if one knows what
>> to do and has the right information.
>
> Yes. It's just that walled-gardens tend to be more private, so for example you may not know the IP address of the region as easily as in open systems; and it will be much harder to find the user's identifiers. Security through obscurity -- which is always a fragile situation, but at least it's a cloth that open systems don't have.
--
justincc
Justin Clark-Casey
http://justincc.wordpress.com
More information about the Opensim-dev
mailing list