|
»
« Return to Thread: Are SOs automatically reconnected?
Re: Are SOs automatically reconnected?
by Thomas Auge
::
Rate this Message:
> try java, c or anything else with a lil bit more power than flash and
> you can emulate also that.
I refuse to believe someone is emulating the whole protocol on a socket
level. It's a fricking chat! :-)
>> So I've started to sign the communication packets, so they could not be
>> spoofed. As a result, the person has started to just copy packets, to spam
>> things.
>
> be happy, your spamer can not code well.
Nah. He can't spoof the signature. He'd have to send at least one packet
with the correct sender address, which would give him away. ;)
> You made SO with functions? how that goes?
Uh?
so["newMessage"] = Delegate.create(this, chatMessage);
How else do you use SOs? :P
> I guess you open a new NetConnection, you should treat it as it is, a
> new connection,
> you need to clean out informations/variables and reset flags.
I do. I just did not clear the SOs, because I figured they'd die with
the connection. (Which it seems they really do.)
> may try to make good clean code for server and client side and you
> wont receive warnings.
This chat was my first flash project. Until I discovered red5 I also
avoided Java like a disease. Now the project is a serious mess with a
few thousand people using it. Can't go back and start over now. :-)
> About your Spamer, it will be a scriptkidy, no one else try´s to
> "hack" a chatsystem,
> get a layer or wait till he is sad, anything between is a waste of time.
It's two people we banned, because they are serious assholes. They are
very persistent, but shouldn't be smart enough to pull something like
that off. I guess they hired some help. ;) (Yes, they would hire someone
for this. They are ... unusual people.)
> @ Andy, nice ideas, but worthless, why should someone coding its own
> client does not fake and respond what you send him?
He'd have to use a valid hash and he will only know "his" hash. So
spoofing one would only work through brute force, which is kinda noisy. ;)
> @ Eugen MITM isen´t needed, try wireshark to sniff, read out the datas
> needed, connect with your own made client, receive datas that id´s you
> respond to them, you think to complicated.
tcpdump? ngrep? ;)
> if there is an unwished access to user accounts themself, find out if
> the problem exist in your system or on user side where the user
> (willing/knowing or not) gave the access datas away.
It has to work without accounts. That's one of the biggest concerns. I
think that chat has the most sophisticated chatroom ban system on the
internet. hehe :)
Thomas
_______________________________________________
Red5 mailing list
Red5@...
http://osflash.org/mailman/listinfo/red5_osflash.org
> you can emulate also that.
I refuse to believe someone is emulating the whole protocol on a socket
level. It's a fricking chat! :-)
>> So I've started to sign the communication packets, so they could not be
>> spoofed. As a result, the person has started to just copy packets, to spam
>> things.
>
> be happy, your spamer can not code well.
Nah. He can't spoof the signature. He'd have to send at least one packet
with the correct sender address, which would give him away. ;)
> You made SO with functions? how that goes?
Uh?
so["newMessage"] = Delegate.create(this, chatMessage);
How else do you use SOs? :P
> I guess you open a new NetConnection, you should treat it as it is, a
> new connection,
> you need to clean out informations/variables and reset flags.
I do. I just did not clear the SOs, because I figured they'd die with
the connection. (Which it seems they really do.)
> may try to make good clean code for server and client side and you
> wont receive warnings.
This chat was my first flash project. Until I discovered red5 I also
avoided Java like a disease. Now the project is a serious mess with a
few thousand people using it. Can't go back and start over now. :-)
> About your Spamer, it will be a scriptkidy, no one else try´s to
> "hack" a chatsystem,
> get a layer or wait till he is sad, anything between is a waste of time.
It's two people we banned, because they are serious assholes. They are
very persistent, but shouldn't be smart enough to pull something like
that off. I guess they hired some help. ;) (Yes, they would hire someone
for this. They are ... unusual people.)
> @ Andy, nice ideas, but worthless, why should someone coding its own
> client does not fake and respond what you send him?
He'd have to use a valid hash and he will only know "his" hash. So
spoofing one would only work through brute force, which is kinda noisy. ;)
> @ Eugen MITM isen´t needed, try wireshark to sniff, read out the datas
> needed, connect with your own made client, receive datas that id´s you
> respond to them, you think to complicated.
tcpdump? ngrep? ;)
> if there is an unwished access to user accounts themself, find out if
> the problem exist in your system or on user side where the user
> (willing/knowing or not) gave the access datas away.
It has to work without accounts. That's one of the biggest concerns. I
think that chat has the most sophisticated chatroom ban system on the
internet. hehe :)
Thomas
_______________________________________________
Red5 mailing list
Red5@...
http://osflash.org/mailman/listinfo/red5_osflash.org
« Return to Thread: Are SOs automatically reconnected?
| Free embeddable forum powered by Nabble | Forum Help |
