Complete.Org: Mailing Lists: Archives: freeciv-dev: May 2004:
[Freeciv-Dev] Re: (PR#8839) pingtime is insecure
Home

[Freeciv-Dev] Re: (PR#8839) pingtime is insecure

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: jdorje@xxxxxxxxxxxxxxxxxxxxx
Subject: [Freeciv-Dev] Re: (PR#8839) pingtime is insecure
From: "Raimar Falke" <i-freeciv-lists@xxxxxxxxxxxxx>
Date: Fri, 28 May 2004 06:15:34 -0700
Reply-to: rt@xxxxxxxxxxx

<URL: http://rt.freeciv.org/Ticket/Display.html?id=8839 >

On Tue, May 25, 2004 at 05:44:06PM -0700, Jason Short wrote:
> 
> <URL: http://rt.freeciv.org/Ticket/Display.html?id=8839 >
> 
> The current pingtimeout can be easily fooled by the client:
> 
> - He can make it seem higher than it is by waiting before sending the pong.

Yes I know about this.

> - He can make it seem lower than it is by pre-emptively sending the pong.
> 
> The former is unavoidable, but doesn't give much advantage to the 
> player.  The latter is easily avoidable.  All we have to do is send a 
> signature with each ping and compare it against the reply.

YES. Lets cryptographically sign all ping packets.

Sorry couldn't resist.

        Raimar

-- 
 email: rf13@xxxxxxxxxxxxxxxxx
 "Just because you put a flag on the moon doesn't make it yours, it just
  puts a hole in the moon."




[Prev in Thread] Current Thread [Next in Thread]