(12 Nov 10, 03:11PM)Brahma Wrote: I argued to flowtron we should institute a pattern: we should send the same number of octets to whois and cubelister.
wahnfred convinced flowtron that 3 octets was not a security issue... again, point your weapon to other side.
But I gave you a whole argument (when WahnFred was discussing it as well)...
and it's a perfectly valid argument...
[SELECT ALL] Code:
20:44:12 <@Brahma> jamz: once you said it was not a big issue given 3 octets in the whois command
20:44:20 -!- Shield{TyD} [[email protected]] has quit [Ping timeout]
20:44:32 <@Brahma> what can you say about 3 octets/whois and internet security?
20:45:16 <@flowtron> yeah, we're thinking of changing either the whois or the ext.ping
20:45:18 <@Drakas> changing it from 2 to 3 makes it much easier to find and identify the real user... only 255 addresses to look for, compared to 16k...
20:45:27 <@flowtron> anyway - they should be the same length.
20:45:37 <@Drakas> make both 2 octets
20:45:39 <@flowtron> Drakas: yes, that's an obvious answer
20:45:47 <@Brahma> Drakas: i know your opinion
20:45:53 <@Drakas> it's fact, not opinion
20:46:00 <@flowtron> but - even if you ping the 255 addresses - you'll still not know which of those ISP-customers is your target, will you?!?
20:46:02 <@Brahma> which is pretty paranoic, you know
20:46:11 <@Brahma> but it is acceptable
20:46:18 <@Brahma> jamz!
20:46:23 <@Drakas> uhm
20:46:25 <@jamz> Honestly Brahma, I couldn't care less. I'll work with what's available
20:46:26 <@Brahma> you work with these things
20:46:32 <@jamz> It won't affect the game
20:46:37 <@Brahma> no
20:46:43 <@Brahma> we are asking your opinion
20:46:52 <@Drakas> no, assuming the udp port is constant throughout a gaming session, it makes it much easier to find the who user is
20:47:05 <@Drakas> the outside udp port of the client that is being used for receiving :P
20:47:07 <@Drakas> and sending
20:47:18 <@jamz> Broadcast the whole IP, but in a random order
20:47:24 <@Drakas> (I'm not sure entirely, but it's possible there's a problem)
20:47:41 -!- BCFHaerkefiende [[email protected]] has quit [Ping timeout]
20:47:44 <@Brahma> the point is: ext ping gives 3 octets... and we do not want to change it, except if it is a big security hole
20:48:08 -!- DES|Bukz [[email protected]] has quit [Read error: Connection reset by peer]
20:48:14 <@Brahma> do you think it is jamz? and why do you think what you think?
20:48:16 -!- DES|Bukz [[email protected]] has joined #assaultcube
20:48:16 -!- mode/#assaultcube [+o DES|Bukz] by Q
20:48:16 <@Brahma> please
20:48:18 -!- BCFHaerkefiende [[email protected]] has joined #assaultcube
20:49:03 <@jamz> Do I think it is what? A big security hole?
20:49:06 <@jamz> No
20:49:23 <@Drakas> why make it to 3? :)
20:49:33 <@Brahma> pattern Drakas
20:49:33 <@Drakas> there's more of a privacy than security concern here
20:49:35 <@flowtron> because ext.ping is 3 ATM
20:49:41 <@flowtron> and we want to have them both the same
20:49:43 <@Brahma> ext ping info already gives 3
20:49:47 <@flowtron> so it's change either the one or the other
20:49:51 <@Drakas> yes, and that should be reduced to 2
20:49:56 <@flowtron> both have arguments in their favour and against them
20:50:06 <@Brahma> jamz: what is your job?... btw
20:50:13 <@jamz> What does the law say about revealing 3 octets?
20:50:17 <@jamz> Network Manager
20:50:24 <@Brahma> ok
20:50:32 <@Drakas> what law?
20:50:38 <@jamz> any law
20:50:40 <@jamz> anywhere
20:50:49 <@Drakas> ac isn't restricted by any law
20:50:56 <@Drakas> only ac server operators
20:51:03 <@Drakas> depending where the servers are located
20:51:03 <@jamz> No, but it makes sense to adhere to it, not go beyond it
20:51:29 <@Drakas> it makes sense to have ethic obligation to protect users' privacy
20:51:54 < pwnage-> It will still be privacy
20:52:03 <@jamz> Well, I refer you to my answer of 6 minutes ago
20:52:13 < pwnage-> :)
20:52:35 <@Drakas> you people are so foolish tbh
20:52:44 < pwnage-> thx for the compliment
20:52:46 <@Drakas> what happens when an AC server sends all info request pings ?
20:52:51 <@Drakas> it sends out YOUR IP address
20:53:03 <@Drakas> you can _easily_ link any used to any exact IP address if you give more than 2 octets
20:53:38 <@Drakas> so a person who wants to invade your privacy (ie. get your IP address) only has to run a server, find your first 3 octets (or even 2, although that makes things much harder), and then match it all up
20:53:54 <@Drakas> so getting full 4 octets is not that much a challenge, is it?
20:54:01 <@Drakas> if you make it 3, might as well make it 4
20:54:38 <@Drakas> now, you can't automatically decide whether any of the servers are being run for malicious purposes, so the 3-octet is relatively unsafe
20:55:06 <@Drakas> thx listening to my argument pwnage-
20:55:09 <@flowtron> Drakas: you have a valid argument, but a terrible way of presenting it
20:55:15 <@Drakas> not really...
20:55:26 <@Drakas> what way do you think would be better?
20:56:16 <@jamz> Drakas, does anyone other than you share you concern?
20:56:24 <@jamz> your concern*
20:56:33 <@Drakas> that's pretty much irrelevant
20:56:52 <@Drakas> how accepted an argument is does not influence its validity
20:57:23 <@flowtron> but presentation can make it easier to agree with you or easier to start a flamewar
20:57:32 <@jamz> It might be better to get someone less, er... psasionate, to put your point
20:57:38 <@Drakas> well, I'm not talking to 14-year-olds, am I?
20:57:55 <@Drakas> read over, understand what I'm saying
20:58:03 <@flowtron> it's still annoying to be talked down to.
20:58:08 <@flowtron> I understand perfectly
20:58:14 <@flowtron> and it was exactly my first response
20:58:16 <@Drakas> sorry then
20:58:25 <@flowtron> when Brahma asked about 3 octets for whois
20:58:32 <@Drakas> :F
20:58:37 <@flowtron> I actually wasn't aware the ext.ping was giving out more
20:58:38 <@Drakas> I have poor temper.. ->
20:58:45 <@flowtron> indeed. that was /my/ point
20:58:47 <@flowtron> ;(
20:58:52 <@flowtron> err. I meant ;)
20:59:53 <@flowtron> the ext.ping is something we just took from the other cubeengine games, so ..
21:00:14 <@flowtron> .. we started contemplating wether or not it was safe enough to go with 3 octets for whois too.
21:00:17 <@Drakas> well...if you're really interested in being able to get the full IP address without releaving it to malicious parties, just use a little bit of PGP
21:00:23 <@Drakas> revealing *
21:01:05 < SKB> malicious parties know how to get full ip
21:01:05 <@Drakas> so users can report full encrypted IPs, and only trusted parties can decrypt them
21:01:13 <@flowtron> uhm, isn't one use of whois to be able to post for BL-entry?
21:02:06 <@Drakas> well, an admin decrypts it, replaces it with the real IP if the entry seems sufficient
21:02:28 <@flowtron> Drakas: your speaking of the server logs here?
21:02:34 <@Drakas> this sort of thing might also let us distinguish from pointless entries
21:02:42 <@flowtron> how so?
21:03:00 <@Drakas> I'm not talking about them
21:03:29 <@Drakas> this is just an example of how you could make whois absolutely safe without releasing the sensitive info to everyone
21:03:36 <@Drakas> user does: /whois cn
21:03:51 <@Drakas> server sends: encrypt(pub_key, clients[cn]->ip)
21:04:03 <@Drakas> user gets that code, ab8231b23ubj1j23bj12jb31b (whatever..)
21:04:12 <@flowtron> yeah, I understand that bit.
21:04:14 <@Drakas> then they can post it
21:04:27 <@Drakas> but, ugh, this would be very easy to distinguish without a salt :o
21:04:43 < pwnage-> Users should post that code? ab8231b23ubj1j23bj12jb31b
21:05:02 <@Drakas> then a trusted party decodes that code, has the ip, posts it to the thread
21:05:08 <@Drakas> this is just an example case, anyway
21:05:14 <@flowtron> yeah, well, we have some "evil plans" about in-game auth .. maybe that'll help too.
21:05:16 <@Drakas> I'm still for 2-octet IPs, no more, no less
21:05:17 < Francois> when they /whois they get that code ?
21:05:36 <@flowtron> Drakas: Brahma and I have agreed on 2 octets already ;)
21:05:48 < Francois> csl already reveal 3 octets
21:06:01 <@flowtron> Francois: that was his suggestion, to further obfuscate the IP and protect the innocent but presumed guilty
21:06:07 <@flowtron> Francois: that's the issue here
21:06:13 <@flowtron> we're changing it to 3rd==0 now :-P
21:06:23 < SKB> aff
21:06:25 < Francois> :/
21:06:40 < Francois> was nice
21:07:13 < Francois> to spot some blacklisted guys on bad managed servers
21:07:13 <@flowtron> too nice for my taste and Drakas' too as it seems.
21:07:20 <@Brahma> but i would like the opinion of a network manager like jamz... :P but you know, i am paranoid too
21:07:42 <@Brahma> "finish with my woman cause she couldn't help me with my mind"
21:08:30 <@flowtron> 2 octets should still be enough for comparing to BL - and if we manage to pull in-game auth off I hope that will make gaming with "reliable people" an easier job for us all
21:08:45 < Francois> for some countries yes
21:08:54 < SKB> bah
21:08:59 < Francois> some FAI are too weird
21:08:59 < SKB> what about /report cn
21:09:05 <@jamz> The only advantage I can see for 2 octets is to distinguish between countries for geo lookups in some cases
21:09:07 < SKB> and a separate log serverside?
21:09:12 <@jamz> 3 octets* sorry
21:09:48 < IAF|Lucas> SKB you have to trust server hoster for that :p
21:10:07 < SKB> this would help administration though
21:10:08 < IAF|Lucas> isn't the encrypt solution weak ?
21:10:20 <@flowtron> any server hoster should be able to get all 4 w/o much difficulty whatever our code does
21:11:04 < pwnage-> yes. Because he is the server hoster
21:11:26 < BCFH|Ua51> hmm
21:11:35 < BCFH|Ua51> is brahma a good beer ?
21:11:43 < lipe> nah
21:11:48 < lipe> Skol is better
21:11:49 < lipe> :B
21:11:59 < BCFH|Ua51> what about budvar ? ..
21:12:01 < pwnage-> BCFH|Ua51, it is
21:12:01 < lipe> desculpa brahma, mas eh verdade :P:P::P:P
21:12:08 < BCFH|Ua51> =)
21:12:11 < BCFH|Ua51> good
21:12:18 < Francois> blue chimay
21:12:22 < pwnage-> http://brahma.com/
21:13:11 < BCFH|Ua51> ohh they sell it in ukraine in russia
21:13:13 < BCFH|Ua51> very good
21:15:09 <@Brahma> lipe: you understand of beer as much as you know about bears
21:15:51 < lipe> but i dont know nothing about bears
21:15:57 < lipe> ah
21:15:57 <@Brahma> BCFH|Ua51: Brahma is a medium quality beer around here... the same as Skol or Antactica (all from AmBev)
21:16:00 < lipe> shit..
21:16:03 < lipe> ._.
21:16:26 <@Brahma> but the taste of the beer here change too much with the region
21:16:45 < TheCrema> Brahma Extra is pretty decent
21:17:07 <@Brahma> as far Brazil is a big country, you will find people saying Brahma is pee, or Brahma is awesome
21:17:32 < lipe> brahma is good, but skol still ftw!
21:17:33 <@Brahma> Brahma Extra is one level about of those I cited... so, it is less affected by this region issue
21:17:43 <@Brahma> where do you live, lipe?
21:17:49 < lipe> Rio de janeiro
21:18:22 <@Brahma> you should say: Brahma is good, but Itaipava is better
21:18:24 <@Brahma> :P
21:18:29 < lipe> nah
21:18:30 < lipe> :P
21:18:38 <@Brahma> Itaipava is the same origin of Bohemia
21:18:42 < BCFH|Ua51> ahh ok =)
21:18:45 < TheCrema> Wanna drink a good beer, try Samuel Adams, Boston Lager or Light :P best american beer by far!!
21:18:54 <@Brahma> :D
21:19:06 < pwnage-> hi TheCrema
21:19:24 < TheCrema> pwage lad, sup?
21:20:02 <@Drakas> 21:10:08 < IAF|Lucas> isn't the encrypt solution weak ?
21:20:06 <@Drakas> not if we introduce salts
21:20:17 -!- Toca [[email protected]] has joined #assaultcube
21:20:21 -!- mode/#assaultcube [+o Toca] by Q
21:20:24 <@Brahma> hey TheCrema
21:20:26 <@Brahma> ops
21:20:30 <@Brahma> hey Toca
21:20:36 < BCFHaerkefiende> hoi Toca
21:20:37 < IAF|Lucas> hash ftw
21:20:37 < TheCrema> maluco
21:20:37 <@Brahma> deceiving TAB
21:20:38 <@Drakas> if the encrypted value isn't salted we obviously run into trouble :)
21:21:03 <@Toca> Hi Brahma BCFHaerkefiende :)
21:21:33 <@flowtron> Drakas: but then we need the post to include the server it came from, to know the salt
21:21:42 <@Drakas> no...
21:21:43 <@flowtron> Hi Toca
21:21:56 <@Toca> hey flowtron :)
21:22:03 <@Drakas> salts are random numbers only the encrypting and decrypting party will know
21:22:11 <@flowtron> I know about salts
21:22:17 <@flowtron> that's why I said
21:22:22 <@flowtron> if we don't know who encrypted it
21:22:26 <@flowtron> we won't know the salt
21:22:28 <@Drakas> we won't need to...
21:22:53 <@Drakas> ip is 122.8.10.5 -> then we simply encrypt rand(0,255).rand(0,255)......122.8.10.5.rand(0,255).rand(0,255)....
21:23:28 <@Drakas> and then when we decrypt, we know exactly what the ip is because we konw its position
21:23:34 <@Drakas> salts prevent the collision attack
21:23:46 < CIA-2> actiongame: baarreth * r5235 /trunk/ac/source/src/serverevents.h: sg gib, more restrictive (only gibs at max damage)
21:23:49 <@Brahma> ok people
21:23:56 <@Brahma> i need to test a real dm in 1.1 now
21:24:00 <@Drakas> I'm in
21:24:01 <@Brahma> only real men
21:24:12 <@Brahma> ok... you are a real man too Drakas
21:24:24 <@Brahma> connect to avenger.if.usp.br
21:24:26 <@Brahma> ftw
21:24:34 < TheCrema> okie dokey
21:25:05 < WahnFred> [22:45] <Drakas> make both 2 octets
21:25:22 <@Drakas> lemme compilleee Brahma
21:25:33 < WahnFred> Drakas: yeah, make it even harder to permban haxors ...
21:25:46 -!- Gibstick [[email protected]] has joined #assaultcube
21:25:46 <@Drakas> WahnFred: I *just* proposed a whole solution to that
21:25:59 <@Drakas> read the rest of the conversation
21:26:30 < WahnFred> 3 octects is safe and the best solution in my opinion
21:26:48 <@Drakas> and I gave a whole reasoning why 3 octets is unsafe, equivalent to 4 octets
21:27:25 -!- kick52 [[email protected]] has joined #assaultcube
21:28:45 <@Drakas> ok, almost compiled
21:30:23 < CIA-2> actiongame: flowtron * r5236 /trunk/ac/source/src/texture.cpp: whitespace fixes
21:30:36 -!- DES|Bukz [[email protected]] has quit [Read error: Connection reset by peer]
21:30:45 -!- DES|Bukz [[email protected]] has joined #assaultcube
21:30:47 -!- mode/#assaultcube [+o DES|Bukz] by Q
21:30:47 < CIA-2> actiongame: flowtron * r5237 /trunk/ac/bin_unix/ (linux_64_client linux_64_server): linux64 bins
21:31:17 < WahnFred> drakas, please give me a short summary - i don't have the time to read it all
21:31:17 <@flowtron> WahnFred: well, I've been torn here between all the available arguments
21:31:34 <@flowtron> drakas way of presenting his point isn't so nice to read IMHO
21:31:56 <@flowtron> basically he says if we give out 3 octets it's easy to poll the 254 IPs in their range
21:32:07 <@flowtron> to find out which client is listening on the AC port
21:32:28 <@flowtron> which I had as first objection against 3 octects too
21:32:48 <@flowtron> whois in AC only gives out 2 - I was actually unaware that CSL uses 3 since for ever.
21:33:13 <@flowtron> so we want them both the same, and need to decide with which variant to go.
21:33:38 < WahnFred> http://cubeengine.com/forum.php4?action=display_thread&thread_id=1
21:33:45 < WahnFred> by Aardappel on 01/05/2002 01:55 through 213.75.159.5
21:34:14 < WahnFred> full ip ...
21:34:53 <@flowtron> hm, showing me someone who's sticking their head into the barrel of a gun won't make me think better about guns
21:36:55 < WahnFred> problem: there are a lot of cheaters around in cube1/2 and the 3 octects help a lot to nearly identfiy them.
21:37:10 <@flowtron> yes, that's the big argument in favour of 3
21:37:28 <@flowtron> but, in a pinch, I prefer the more secure/private solution
21:39:29 <@flowtron> I mean, I guess the question is - would anybody that has the tools to attack a given IP be /that/ interested in the specific IP of one (or a bunch) of AC-players?
21:39:39 <@DES|Bukz> lol
21:39:44 <@DES|Bukz> i seriously doubt it
21:39:44 <@flowtron> given 2 octets or 3 wouldn't make much of diff to that kind of person
21:39:47 <@DES|Bukz> but I guess you never know
21:39:54 <@flowtron> they'd just attack the subnet and see what they get
21:40:18 < WahnFred> hmm, at first the ac community should concentrate on a master sending IP's only, not dyndns addresses :)
21:40:35 <@flowtron> which reminds me to finish that awesome CSR episode soon. totally mind-blowing. ROP - result oriented programming - I got to 0:46:00 of 2:48:00 so far.
21:40:50 -!- DES|Medusa [[email protected]] has joined #assaultcube
21:41:07 < WahnFred> heard about dns highjacking - a security issue! :p
21:41:13 <@flowtron> WahnFred: we just have a manually moderated M.S. ATM and hostnames are preferred
21:41:34 <@flowtron> s/CSR/CRE/
21:41:43 <@flowtron> CRE=ChaosRadioExpress
21:42:34 <@flowtron> WahnFred: I hear you, but one /can/ go overboard on the security concerns
21:42:35 <@Brahma> WahnFred: i agree that 3 octets will be hardly used as a security exploit, if a malicious attacker wants your ip, he will find it if the server sends 2 or 3 octets...
21:42:37 <@Brahma> but
21:42:44 <@flowtron> if any server starts violating the rules, we delete it.
21:42:58 <@Brahma> what is the purpose in getting 3 octets from the servers?
21:43:09 <@flowtron> makes rangebans more specific
21:43:22 <@flowtron> but that has ups & downs in itself
21:43:28 <@Brahma> it does not reply my question
21:43:57 <@Brahma> because people can ask the ips to the server owners
21:44:02 <@flowtron> and as someone pointed out earlier for GeoIP lookups IIRC 3 are needed for any amount of reliability
21:44:48 -!- MusicMan10 [[email protected]] has left #assaultcube []
21:44:53 <@flowtron> Brahma: you mean: post 2 octets and server and then the hoster looks up the matching IPs and hands them to RK for insertion into the BL !?!?
21:45:04 <@Brahma> yes
21:45:13 <@Brahma> but this is not my point
21:45:23 <@Brahma> why the C.L. users need the 3 octets?
21:45:33 <@Brahma> they use it for something?
21:45:40 <@flowtron> I guess for GeoIP lookups
21:45:46 < WahnFred> 2 octets say nothing about the player - it's useless at all - for geoip and at least banning a range
21:46:24 <@Brahma> if it is not really a security risk, as WahnFred and jamz pointed out, i think we should extend 3 octets to all
21:46:48 <@Brahma> but if it is really a security risk, we should reduce all to 2 octets
21:47:03 <@DES|Bukz> if someone who is experienced enough with that stuff wants to find a full IP they will get it
21:47:07 <@Brahma> imho, i do not think it is a security risk
21:47:11 <@DES|Bukz> I doubt AC is their first choice in methods of getting it
21:47:18 <@Brahma> but i am paranoid at the same time
21:47:41 <@Brahma> this is a important point Bukz
21:47:43 <@flowtron> Brahma: I just said - I don't think any1 with the capabilities to hurt a specific IP will need more than 2 octets to target anyway
21:47:52 <@Brahma> yes
21:48:35 <@Brahma> flowtron: if someone manages to hit other person attacking his ip (ping), i think he will find the victim ip by other meanings
21:48:37 <@flowtron> so, I guess the to-and-fro comes to an end: we'll make whois give 3 octets and ext.ping stays fully informative as before
21:48:41 <@Brahma> like asking the guy to enter in a server
21:48:52 <@flowtron> one he controls- exactly
21:48:54 <@Brahma> okeyWell, I was wrong about the 'accepting' part in my previous post. But sacrifising security/privacy for a display of flag... dunno