[MUD-Dev] Distributed Objects

Justin Rogers digitec at spawn2000.com
Mon Feb 14 21:13:06 CET 2000 

> [JC Lawrence]
> > I'd also note that EverQuest demonstrated the same problem in a
> > different manner via ShowEQ.  They (reputedly) reverse engineered
> > the EQ protocols and data structures via packet sniffing and
thereby
> > wrote their only rather omniscient client (taking advantages of
> > glaring weaknesses in the EQ protocol design).
> >
> > To quote (without checking) a certain document:
> >
> >   The client is in the hands of the enemy.  Never ever forget
that.
> >
> > Obviously we need to expands the definition of "client" to not
only
> > enclude the actual program itself, but all traffic that the system
> > sees (which in both OU's and EQ's case was a significant oversight
> > apparently).

[Here I am quoting myself because I didn't perform the proper
quote the first time and now I have to reforward the message
back to the group.  Quote a la Justin Rogers]
> As we move through the discussion of distributed objects we can
> possibly run into the realm of encryption technologies.  If you
> are in charge of the remote client then you are also in charge of
> any sort of obfuscation done at either end.
>
> On a Windows NT network with proper authentication, encryption,
> and protocol use it is nearly impossible to take advantage of the
> system.  The possibility of using secure connections to ensure the
> client can't packet sniff or at least by doing some form of low
> end encryption you can pretty much ensure the users ability to
> modify structures can be kept to a minimum.  Timestamping and
> the renegotiation o certificates and keys can be used to avoid the
> "I've found a good set of packets, lets send it a million times
now".
> And by downloading small amounts of code that perform object
> manipulation for the user that never get saved to disk you can also
> prevent them from writing cracks that allow them to overcome the
> object manipulation/assured key approach of a mediator.
>
> The above are many jumbled concepts, misnomers, invalid statements,
> and possibly totally incorrect blurbs from myself.  I do think,
> however,
> that amidst the mess may be some insight and possible solution to at
> one of the miniscule parts of the problem at hand.
>
>     - Justin Rogers, CEO DigiTec Web Consultants
>
>

    - Justin Rogers, CEO DigiTec Web Consultants





_______________________________________________
MUD-Dev maillist  -  MUD-Dev at kanga.nu
http://www.kanga.nu/lists/listinfo/mud-dev

More information about the mud-dev-archive mailing list