I was actually thinking this on the way home lastnight, except not so much hacking, more faking the communication between a server and the banlist server.
Now sure its not going to be easy, but it would be possible to write code that simulates a CS server using vac, and then sends the same data back to the banlist server that is sent when a user gets caught cheating and added to the list. Therefore making it possible for anyone with this piece of code, to globally ban any wonid they like. Now people are going to come along and say "Thats impossible, or cheaters are not smart enough to do that" but thats exactly the type of response that turned apache-scalp into such a big issue. Its just a thought anyway. On Thu, 2002-07-18 at 08:40, Buddha-Pest wrote: > i have a MUCH bigger concern about the global valve ban list. as with any > centralized system it could (and most likely will) be hacked. imagine myg0t > "populating" the global valve ban list with the wonid's of admins and top > players (these are easily to collect from stats pages). what is valve doing > to prevent this? as with cheater software, it's very very difficult to > validate the software someone is running if they are PURPOSELY changing it. > i'm sure it wouldn't be impossible to reverse engineer whatever protocol the > server uses to report cheaters to the central database and then... > pandemonium. > > perhaps there should be some sort of "circle of trust" that valve creates, > and their database would only accept bans from servers that are in that > circle. not sure how the circle would be created but it could start very > small, like say with homeLAN and other established isps running hlds. > > or they could start running background checks and stuff :) (now there's > where AA could get REALLY scary) > > ~jules aka BP _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
