[DGD]Problem with patching net package

Felix A. Croes felix at dworkin.nl
Wed Apr 21 16:58:29 CEST 1999


Andreas Faerber <af at lamb.ping.de> wrote:

>  I am having a problem while patching the Net Package for DGD. We are
> running a DGD 1.1.46 with various patches (Maybe i should upgrade to
> 1.1.60 sometime?) and had the problem, that someone complained about a
> hack attempt which originated from our machine. Well, either that was
> a hack attempt or just some player playing from that site, i wanted to
> patch the Net package in that way, that it only opens connections to
> other machines, if that machine has already initiated a connection to
> the Driver. (Like loggin' into the MUD).

It may not be immediately obvious to everyone what a hack attempt
has to do with the networking package.

The networking package allows you, among other things, to create
outbound TCP connections and to send UDP packets to remote hosts.
Someone who managed to break your mud's security system would be
able to rewrite basic objects and use these capabilities to
attack remote systems.  Thus, your mud might be used by a cracker
who wants to hide his origin.

At one time, most of such attacks were made by people who merely
wanted to prove that they could bypass the security system.  With
the commercialization of the internet, more and more attacks are
motivated by sabotage, theft, espionage and vandalism.

There are several things you can do to make your mud more secure:

 - Have a set of core objects that define basic behaviour and
   limitations which cannot be rewritten from within the mud,
   not even by the mud administrator.
 - Don't put the config file in the mudlib directory, since it
   could be overwritten and used to give an attacker access to
   files outside the mudlib, such as the password file on the
   host system.
 - Don't but the swapfile in the mudlib directory, since
   information which is otherwise hidden inside objects will be
   readable from it.
 - Be very, very careful when using the networking package.

Regards,
Dworkin

List config page:  http://list.imaginary.com/mailman/listinfo/dgd



More information about the DGD mailing list