[Opensim-users] Banning "bad" viewers was Re: Can this be done?

Karen Palen karen_palen at yahoo.com
Sat Jan 16 06:24:46 UTC 2010 

The MAC address is certainly better than banning based on an ID string which must be changed by the person you want to exclude, however it too is far from foolproof.

See: http://www.irongeek.com/i.php?page=security/changemac

This is a discussion of the approach and a tool to change the MAC address on any computer dynamically. The author also supplies free software which automatically generates a new MAC address on every reboot.

The next level of course is to ban based on IP address, this is an improvement over the MAC address since the IP address is not generally under the control of the user. 

However many users have an IP address which changes regularly due to their ISP's policy or network requirements. In the US one of the largest ISPs, Cox, does this on a random basis for residential users as a way to discourage "business" use by these users.

Both approaches provide some degree of security, but they are easily overcome.

You comments on Seamonky illustrate some of the "collateral damage" that any such blanket bans can cause. 

No matter what the actual reason you are unable to access the grid it is natural to assume that you are banned merely for being a little "different". 

This is often a common assumption among non-Microsoft users and members of minority groups in the larger world. 

Unfortunately this assumption is correct often enough to make it credible, but the assumption can be a significant stumbling block to people who are trying to fix the situation both in the "virtual world" and in the real world.

For example, Microsoft is expending significant effort towards replacing the obsolete and incompatible Internet Explorer 6. The problem is that use of this obsolete browser is built into many web sites and institutional IT structures. Even switching your web site users to IE 7 or IE 8 requires essentially a completely new support structure.

I hope the developing OpenSim community can avoid making similar costly mistakes!

Karen

--- On Thu, 1/14/10, Bill <billnickels at cableone.net> wrote:

> From: Bill <billnickels at cableone.net>
> Subject: Re: [Opensim-users] Banning "bad" viewers was Re: Can this be done?
> To: opensim-users at lists.berlios.de
> Date: Thursday, January 14, 2010, 10:37 PM
> *Sorry for the double. My first post
> and just hit reply the first time.*
> 
> I have read most all of the comments concerning this issue.
> IMO viewer 
> identification will just be a hassle to the user. Earlier
> today I used a 
> Seamonkey browser and was prevented from transacting
> business because of 
> using it. My desire to use a particular browser, Seamonkey,
> was denied. 
> I certainly didn't want to harm the company that owned or
> hosted the 
> website. I guess since Seamonkey is used by more Linux/Unix
> users that 
> all Seamonkey users are up to no good and deserve to be
> banned. My point 
> is to ban based to ID strings that are true or false is
> guilt by 
> association just as it is in the above analogy for
> Seamonkey users.
> 
> I know the points taken in this very long discussion thread
> are towards 
> trying to come up with a proactive approach to Opensim
> security. I don't 
> think there is a proactive approach that will work well. I
> think it must 
> be a reactive approach. If someone offends, ban. But,
> automation can 
> certainly help with identification and culling bad doers.
> I propose that the ID of the offensive party be based on
> the MAC address 
> that I think is part of the HTTP header, if not, there are
> trace back 
> procedures that will reveal it. Then, maybe a database of
> offending 
> MAC's could be established and keyed inversely with number
> of bans 
> across Opensims.
> The worst offenders are on top of the stack.
> 
> Representatives from several OS organizations could form a
> group to 
> maintain the database and  it could be built into OS.
> Then all of 
> opensim would be doing the same thing. The database could
> be replicated 
> has a background process so that all have close the same
> data at some 
> point. This approach uses a hardware/frimware address that
> can only be 
> changed with a great deal of work or by going to another
> computer. This 
> is not guilt by association but identification of hardware
> from wince 
> bad deeds have come. I suppose someone with low level
> knowledge could 
> send the header through a buffer and change the MAC address
> on the way 
> out but, I don't think it would be successful as most ISP's
> use it to 
> identify authorized equipment attached to their network.
> 
> Thanks for reading.
> 
> Bill
> _______________________________________________
> Opensim-users mailing list
> Opensim-users at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-users
>

More information about the Opensim-users mailing list