[MUD-Dev] Re: Quick question re: SSL
Sean Middleditch
elanthis at awesomeplay.com
Sat Feb 28 02:43:09 CET 2004
On Feb 17, 2004, at 3:28 AM, sziisoft wrote:
> From: "ceo" <ceo at grexengine.com>
>> PS caches seem to fairly consistently use the extended
>> (i.e. non-standard) HTTP headers to indicate the IP address they
>> are routing on behalf of; I haven't checked *every* ISP of every
>> player, but I may be able to use these extended headers to infer
>> the same IP address for a client, no matter which proxy/cache
>> they come via.
> Hardware address. Guaranteed unique per card unless someone
> overrides it(which is very rare.) You can set it up in the SSL as
that's a myth. mac addresses are definitely reproduced; i've seen a
number of cards in large deployments with this situation. vendors
don't have a big list of every mac id they've used before to avoid
duplication, they random seed runs of cards. mac address is only
guaranteed to be unique on a local link (and that's because if
they're not, they won't work, so you have to swap cards or manually
change the mac addr).
> the auth, then possibly allow that hwaddress(MAC address) in
> conjunction with the rest of the security mechanism. SSL keeps it
> from being sniffed, but you run into the possibility of
> memory-watchers/decompilation/etc on the client seeing that you're
> using the hw address for handshake/auth. ARP table lookups might
> be another implementation.
> Security through obsfucation, to a point.
Which works for about 3 seconds...
_______________________________________________
MUD-Dev mailing list
MUD-Dev at kanga.nu
https://www.kanga.nu/lists/listinfo/mud-dev
More information about the mud-dev-archive
mailing list