Re: [Opensim-dev] User Authentication

Wed, 25 Feb 2009 07:57:17 -0800

The check ping packets are for detecting spoofing. The malicious man-in-the-middle already has all the info from Charles simply because Charles went to his region: UUID, sessionID, secureSessionID, Viewer EndPoint... everything that we send around to regions. Note that the info wasn't sniffed, it was given, as we always do. Yeah, what I'm talking about does not involve sophisticated equipment... So it can easily launch an agent at WP pretending to be Charles, spoofing the UDP EndPoint. What it *can't* do is to *receive* the UDP PingCheck packets that WP sends to that EndPoint. The best it can do is to send a reply guessing what the seq number might be. 

Frisby, Adam wrote:



I think the 3 ping check is technically invalid. Anyone capable of 
capturing a packet and sniffing a session/securesession ID out of it, 
is quite capable of injecting our check packets in too.



 


Adam


 

*From:* [email protected] 
[mailto:[email protected]] *On Behalf Of *Diva Canto

*Sent:* Tuesday, 24 February 2009 9:03 PM
*To:* [email protected]
*Subject:* Re: [Opensim-dev] User Authentication


 


Mike Mazur wrote:

Hi,

 
On Tue, 24 Feb 2009 19:54:16 -0800

Diva Canto <[email protected]> <mailto:[email protected]> wrote:

 
  


    * Within a few days: write a simple [optional]

    UserAuthenticationModule along the lines of option a) that does the

    following: upon a NewUserConnection, regions will check with the

    incoming user's User server that the declared user exists and is

    logged into the system.


        

 
In a grid a region can be told (via a configuration option) which user

server to check. What about HG regions? How does an HG region know
which user server to ping? Is this information supplied by the
connecting client? If so, what's to prevent a malicious client from
supplying a user server that will always reply favorably?

  

The HG region sends that information along when the user moves away 
from the home UGAIM. The user carries along the collection of URLs of 
all of the servers it uses. It's ok if the given User Server @ 
foobar.com always says yes -- that's not the problem. The problem we 
need to detect is the user claiming to be from Intel.com or 
OSGrid.org, when, in fact, isn't.



    Furthermore, upon AddNewClient (which happens

    shortly after), regions will challenge the incoming client with 3 UDP

    Ping messages having random seq numbers, to which the incoming client

    must respond correctly


        

 
How does the client know the correct response?
  

In fiddling with the client after talking to Teravus, I discovered a 
pair of response-reply packets that can be initiated from the server. 
They are StartPingCheck / CompletePingCheck. They take a byte as 
argument. The server sends StartPingCheck(33), the client responds 
with CompletePingCheck(33). Handy.


------------------------------------------------------------------------

_______________________________________________
Opensim-dev mailing list
[email protected]
https://lists.berlios.de/mailman/listinfo/opensim-dev

  



_______________________________________________
Opensim-dev mailing list
[email protected]
https://lists.berlios.de/mailman/listinfo/opensim-dev



























					Reply via email to