|
»
« Return to Thread: Are SOs automatically reconnected?
Re: Are SOs automatically reconnected?
by Sascha Sauren
::
Rate this Message:
Flash has no functionality to auto-RE-connect a netconnection.
you programmed the code to reconnect, you should know what it does.
> Now lately someone
> has started to inject RTMP packets (I have no clue how)
thats easy, try by yourself using a socket in flash instead of "NetConnection",
you will be able to emulate anything that doesent has access to
protocol level (check protocoll headers for example)
your client, a browser what you want.
btw, thats the way the most "illegale" "bots" or even fake-senders for
input datas (registration and stuff on forums) work.
try java, c or anything else with a lil bit more power than flash and
you can emulate also that.
> So I've started to sign the communication packets, so they could not be
> spoofed. As a result, the person has started to just copy packets, to spam
> things.
be happy, your spamer can not code well.
> Now some warnings appear for spoofed messages, which COULD be a race
> condition on reconnect. If the client reconnects. It receives the
> new connection ID from the server and should not do anything before that.
> But if SOs would be automatically reconnected some of the SO functions could fire with the old ID.
You made SO with functions? how that goes?
I guess you open a new NetConnection, you should treat it as it is, a
new connection,
you need to clean out informations/variables and reset flags.
may try to make good clean code for server and client side and you
wont receive warnings.
About your Spamer, it will be a scriptkidy, no one else try´s to
"hack" a chatsystem,
get a layer or wait till he is sad, anything between is a waste of time.
@ Andy, nice ideas, but worthless, why should someone coding its own
client does not fake and respond what you send him?
@ Eugen MITM isen´t needed, try wireshark to sniff, read out the datas
needed, connect with your own made client, receive datas that id´s you
respond to them, you think to complicated.
if there is an unwished access to user accounts themself, find out if
the problem exist in your system or on user side where the user
(willing/knowing or not) gave the access datas away.
greetz
Sascha
_______________________________________________
Red5 mailing list
Red5@...
http://osflash.org/mailman/listinfo/red5_osflash.org
you programmed the code to reconnect, you should know what it does.
> Now lately someone
> has started to inject RTMP packets (I have no clue how)
thats easy, try by yourself using a socket in flash instead of "NetConnection",
you will be able to emulate anything that doesent has access to
protocol level (check protocoll headers for example)
your client, a browser what you want.
btw, thats the way the most "illegale" "bots" or even fake-senders for
input datas (registration and stuff on forums) work.
try java, c or anything else with a lil bit more power than flash and
you can emulate also that.
> So I've started to sign the communication packets, so they could not be
> spoofed. As a result, the person has started to just copy packets, to spam
> things.
be happy, your spamer can not code well.
> Now some warnings appear for spoofed messages, which COULD be a race
> condition on reconnect. If the client reconnects. It receives the
> new connection ID from the server and should not do anything before that.
> But if SOs would be automatically reconnected some of the SO functions could fire with the old ID.
You made SO with functions? how that goes?
I guess you open a new NetConnection, you should treat it as it is, a
new connection,
you need to clean out informations/variables and reset flags.
may try to make good clean code for server and client side and you
wont receive warnings.
About your Spamer, it will be a scriptkidy, no one else try´s to
"hack" a chatsystem,
get a layer or wait till he is sad, anything between is a waste of time.
@ Andy, nice ideas, but worthless, why should someone coding its own
client does not fake and respond what you send him?
@ Eugen MITM isen´t needed, try wireshark to sniff, read out the datas
needed, connect with your own made client, receive datas that id´s you
respond to them, you think to complicated.
if there is an unwished access to user accounts themself, find out if
the problem exist in your system or on user side where the user
(willing/knowing or not) gave the access datas away.
greetz
Sascha
_______________________________________________
Red5 mailing list
Red5@...
http://osflash.org/mailman/listinfo/red5_osflash.org
« Return to Thread: Are SOs automatically reconnected?
| Free embeddable forum powered by Nabble | Forum Help |
