From: "Ian Clarke" <[email protected]> >> ClientTerminateNode >> EndMessage
>Yep, it would also make it easy to remotely shut down someone elses >node, just spoof IP packets from 127.0.0.1 and Bobs your uncle, no more >node. Very convenient (for those who don't like Freenet ;). >There are some simple precautions we could take to prevent this such as >ensuring that there is some 2-way communication in the process. > >Ian. OK - fair cop. What about then having a requirement that the client listen on a port for an ACK from the node, then reply to that. Client can choose a random port - attempting binds on different ports till it finds a free one. For instance: .freenetrc contains a field 'AllowedAdminHosts=127.0.0.1 1) Client to Node ClientShutdownNode Address=tcp/127.0.0.1:22341 EndMessage 2) Node to Client - Node tries to connect to client at 127.0.0.1:22341. If connected successfully, sends: NodeConfirm EndMessage 3) Client to Node - Client replies on this spurious connection, sending: ConfirmOK EndMessage 4) Node does its shutdown thingy, then replies to client on original command connection Success EndMessage 4a) If client failed to accept node's confirmation connection, or timed out in replying, or sent invalid reply, node instead replies ShutdownConfirmError EndMessage ----- That way, any IP address spoofing will fail. Cheers David _______________________________________________ Devl mailing list Devl at freenetproject.org http://lists.freenetproject.org/mailman/listinfo/devl
