alientrap-forum-archives

[Alien]

Default passwords, exploit scripts etc. You allready know what router the person's traffic goes through with a traceroute (also: you only need a computer on the same subnet as them, you don't need to have gained access to the router itself if one of the 100 or 200 (or more) of the other computers is an easier target). Go play with ettercap.sf.net (it's opensource) on your local subnet (or apt-get install ettercap). It's been around for a long time. You will discover that you don't need to break into someone's house to watch their traffic.

So, yea, passwords with out full encryption...

What? How are default passwords connected with encryped traffic? And what are those exploit scripts? What do they exploit in raw connection?

Whether your computer actually receives the unicasted packet from the wire and decides to ignore or do not receive at all depends on the connection type.

[mpo]

This guy is trolling you IMO. Of course plaintext passwords are insecure, but they are more secure than no password, and rcon passwords go out in the clear already too. The server join passwords are shared anyway, so it's not like you'd use your regular e-mail password for it.

[tundramagi]

Don't believe me if you don't want to, but unencrypted passworded servers are worthless. Infact passworded servers themselves are worthless: if you don't want others to play with you why play the game at all?

[[-z-]]

This guy is trolling you IMO. Of course plaintext passwords are insecure, but they are more secure than no password, and rcon passwords go out in the clear already too. The server join passwords are shared anyway, so it's not like you'd use your regular e-mail password for it.

+1

[tundramagi]

I pipe a vnc session over SSH and put commands in the nexuiz server console directly. I don't use rcon. A localhost script uses rcon, but that doesn't go over any network interface other than the loopback. Anyone using rcon over the net is begging to get hacked hacked hacked! I used an rcon password over the internet once (I pasted it somewhere ), got hacked by peace.

[[-z-]]

wtf, stupidly pasting a plaintext password (publishing your server.cfg) and sniffing a packet for a password are two different things. You're twisting it to make yourself look less dumb and peace look more evil.

But yes, it's smarter to do it through ssh, divVerent provides and rcon.pl script that allows server admins to rcon directly from the cmd line, it's very helpful and certainly less safe.


If someone is going to sniff packets for your SHARED server password, then they need a day job.

On the other side of the fence, having public passworded servers may come off as pretentious.

[tundramagi]

I did not publish my server.cfg. I published a script that randomly changes the gametype of the server (div helped me make the script: I don't know the rcon commands etc). I didn't strip out my password in that.

I never said that peace hacking my nexuiz server was bad. They didn't harm or delete anything, they just used some features. Later those features became usable without having to enable all cheats

Having a server up with a password would invite extra attepts. I know that I, for one, would try to gain access to any "you can't come in here without password hahhahahah" servers around, It would be great to anger such people who don't want to play the game with whoever they deem undesirables yet run a server everyone gets to see exists.

[[-z-]]

Yet you claim not to troll.

[ai]

Not everyone are like you mike, believe it or not, but there actually are people who completely ignores passworded servers.
Add an option to filter out passworded servers then you won't see them.

[tundramagi]

Not everyone are like you mike, believe it or not, but there actually are people who completely ignores passworded servers.
Add an option to filter out passworded servers then you won't see them.

Both LordHavok and Div (aswell as others) are against passworded servers being allowed to be listed as public, so they won't be there to annoy us to begin, which is good.

There really is no point in attempting to have a "private" server w/o full encryption however (full encryption is good regardless), some people will still get in just to spite the owner's assholeness of only wanting "his people" on his/her server. Ever been to a server where they vkick anyone not in their clique? It's good to pack those servers with your own friends afterwards just to fight those people's exclucivity opinion.

Using a plaintext password is like putting up a picketfence and hoping that will protect you from a bomb being dropped from above. It is just not secure but will have the facade of security. Does nexuiz want to pile on facades of security like other technological projects we can think of? It's just not elegant and isn't the correct way to do these things.