00:00 <@matricks> Kirbs: irc might be the wrong place to hunt 00:01 < Kirbs> heh 01:05 < Edible> craigslist? 01:06 <@matricks> your moms bedroom? 01:08 < Kirbs> new york? 01:17 <@matricks> she is omnislut, she is everywhere at once 01:18 <@matricks> :P 01:18 <@matricks> don't listen to me 13:21 < Stitch626> there is someone faking our server, the fake-ip is 31.186.250.187, port 8303, the original server is hosted by wolfalex. is there a way for a masterserver ban? 13:45 < Stitch626> -- status update -- server is offline.. 14:21 < Flutterbat> Stitch626: how do they fake a server without having access to the ip? 14:21 < Flutterbat> or do you mean they are tainting your "brand"? :D 14:26 < Stitch626> tainting? faking is faking, whats unclear? 14:52 <@heinrich5991> Flutterbat: reverse proxying 14:53 <@heinrich5991> i.e. make a server that forwards everything to the real server, but saves all the data sent 14:53 <@heinrich5991> latter part is optional 14:55 < Flutterbat> so just a mirror that doesnt mirror but forward. is that a major problem in teeworlds? 14:55 < Flutterbat> i can see how it could become one if exploids exist in the client 14:56 < Flutterbat> but there are no weakspots, right heinrich5991 ? :> 14:56 <@heinrich5991> passwords mostly 14:56 < Flutterbat> passwords? 14:57 <@heinrich5991> rcon password, server password or some account password for a mod 14:57 < Flutterbat> ahh you mean if the admin logs in 14:57 <@heinrich5991> yes 14:57 < Flutterbat> i see 14:57 < k00mi> passwords are sent plaintext to the server? 14:58 < Flutterbat> even if they arent you can grab them i guess 14:59 < koomi> not necessarily, no 14:59 < Flutterbat> eh? 14:59 < Flutterbat> client <---> proxy <---> server 14:59 < koomi> you can send a hash 14:59 < koomi> hm, no 14:59 < Flutterbat> ah thats what you mean 14:59 < Flutterbat> i was thinking encryption 15:00 < koomi> actually, you need a challenge-response mechanism 15:00 < koomi> but it's certainly possible 15:01 <@heinrich5991> I think what you can't do without public key cryptography is preventing the man in the middle from inserting or dropping rcon commands 15:01 < nheir> how do you trust the host ? knows public key ? 15:01 <@heinrich5991> and this means once an admin logs in the proxy can just keep this session open 15:01 < nheir> *known 15:01 < nheir> heinrich5991: +1 15:02 <@matricks> heinrich5991: or you have to challane each command 15:02 <@heinrich5991> ok, but this still allows the attacker to drop packets 15:02 <@heinrich5991> not as bad, but can still have interesting side-effects 15:03 <@matricks> remote rcon, let ssh deal with that shit 15:03 <@heinrich5991> and if oyu change the rcon password while logged in, the attacker also has it 15:03 <@heinrich5991> see econ :) 15:03 < Stitch626> heinrich, don't forget my solution of the problem with rcon passwords.. 15:03 < koomi> so are passwords sent plaintext to the server? 15:03 <@matricks> I mean, you are basicly doing a new ssh 15:03 <@matricks> don't do that 15:03 <@heinrich5991> koomi: yes 15:04 < nheir> ssh server 'telnet localhost port' ♥ 15:05 < Flutterbat> i found that teeworlds servers are a splendid way to find new homes for teamspeak nomads 15:05 <@matricks> heinrich5991: dunno how econ works 15:08 <@matricks> whole rcon is just the path of least resistance, and it kinda gotten left in there