Security (was Ports)

From: The Merciless Lord of Everything (serces@mud.dk)
Date: 09/09/00


On Fri, 8 Sep 2000, Shane Lee wrote:

> -What I meant was this: I don't intend on worrying about something a
> hacker could or couldn't do to my MUD. I mean come on, do you
> actually think they are going to take over your life just because
> they can get in and screw with your MUD for an hour or so?
No, I don't believe that, the mud itself, Hack that one for all I care,
It'll be annoying yes, but nothing that couldn't be solved. Besides, all I
had to do (in my case) was to login to the machine (not the mud), change
the password, remove all "non" known IMP's (since there's only 3 imps
that's not a big deal), do the same to all gods (Since we know who the
gods are as well), ASK EVERYONE to change their passwords. If players
don't do that, not my problem, gods just the same.

That wasn't my point, my point was that you have to differ between
security and security. There's mudsecurity, that one's low, heck one on
the same lan as you (Imagine a school) would be able to sniff your
password, using nothing more than tcpdump. Then there's the
Serversecurity, now THERE you have to be more carefull what you do, you
don't want people inside your machine you don't know, Even if it is not
your machine, you can at least contribute to the security of the Server
by not opening up a gaping hole through the mud. That is what I'm talking
about, the serversecurity not the mud-security.

Heck if they get hold of the code so? They could have downloaded a newer
version of Circle anyway as you put it. But since they have access to the
machine, they might use it as a jumphost for  hacking, portscanning,
DoS'ing, Spamming (keep filling in the blanks :) another host, that is
something to worry about.

> saying to lighten up a little - it's just a game.
Yes, it's just a game, running on a server, try asking the Admin of the
server how he/she feels about having someone spamming from his/her server
(bloddy, I think I'm going to use the $m and $e extensions :), or someone
using $s machine to Portscan another machine, hack it, Kill it or
whatever. Investigation will show that the guy FIRST got access through
your mud, my best guess is that your mud will be shut down immediatly, not
to be started on that server :).

But it's still only a game, and games do not need shell-extensions, they
need things like rocks, scissors and paper! :)

/S



Sir Alec Guinness
 - May the force be with you, Always!


     +------------------------------------------------------------+
     | Ensure that you have read the CircleMUD Mailing List FAQ:  |
     |  http://qsilver.queensu.ca/~fletchra/Circle/list-faq.html  |
     +------------------------------------------------------------+



This archive was generated by hypermail 2b30 : 04/11/01 PDT