Complete.Org: Mailing Lists: Archives: freeciv-dev: May 2004:
[Freeciv-Dev] (PR#8839) pingtime is insecure

[Freeciv-Dev] (PR#8839) pingtime is insecure

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]

To:	undisclosed-recipients: ;
Subject:	[Freeciv-Dev] (PR#8839) pingtime is insecure
From:	"Jason Short" <jdorje@xxxxxxxxxxxxxxxxxxxxx>
Date:	Tue, 25 May 2004 17:44:06 -0700
Reply-to:	rt@xxxxxxxxxxx

<URL: http://rt.freeciv.org/Ticket/Display.html?id=8839 >

The current pingtimeout can be easily fooled by the client:

- He can make it seem higher than it is by waiting before sending the pong.

- He can make it seem lower than it is by pre-emptively sending the pong.

The former is unavoidable, but doesn't give much advantage to the 
player.  The latter is easily avoidable.  All we have to do is send a 
signature with each ping and compare it against the reply.

jason

[Prev in Thread]

Current Thread

[Next in Thread]

[Freeciv-Dev] (PR#8839) pingtime is insecure, Jason Short <=

Prev by Date: [Freeciv-Dev] (PR#8838) No Contact
Next by Date: [Freeciv-Dev] (PR#725) Order of end/new-turn activities
Previous by thread: [Freeciv-Dev] (PR#8838) No Contact
Next by thread: [Freeciv-Dev] (PR#8840) don't call ai_data_turn_done from server code
Index(es):
- Date
- Thread