On Wed, Jun 06, 2001 at 11:03:12AM +1200, David McNab wrote: > From: "Ian Clarke" <ian at hawk.freenetproject.org> > > >> ClientTerminateNode > >> EndMessage > > >Yep, it would also make it easy to remotely shut down someone elses > >node, just spoof IP packets from 127.0.0.1 and Bobs your uncle, no more > >node. Very convenient (for those who don't like Freenet ;). > >There are some simple precautions we could take to prevent this such as > >ensuring that there is some 2-way communication in the process. > > > >Ian. > > OK - fair cop. > > What about then having a requirement that the client listen on a port for an > ACK from the node, then reply to that. > Client can choose a random port - attempting binds on different ports till > it finds a free one. > > For instance: <blabla> > That way, any IP address spoofing will fail.
Unless you are authenticating the connection somehow, this sort of thing will always fail at some level. And anyways, who is to say that you have to grant everyone on your local host full access to your Freenet node? It seems like this place needs a good flamethrower purging of Windows thinkers lately. The most basic way of doing this is simply to place a password in the config file and require that. The client that is sent the shutdown command could even read the users config file itself, making it automatic. It's not great security, but it's good enough. Fred 0.4 will support FNP over the STS encrypted sessions used for FNP as well as plaintext, so the RIGHT way to do it would be to only accept the shutdown command over encrypted connections with a recognized peer PK. -- 'DeCSS would be fine. Where is it?' 'Here,' Montag touched his head. 'Ah,' Granger smiled and nodded. Oskar Sandberg oskar at freenetproject.org _______________________________________________ Devl mailing list Devl at freenetproject.org http://lists.freenetproject.org/mailman/listinfo/devl
