Idea for a ban system

[rasz_pl]

http://groups.google.com/group/gnu.gcc.help/browse_frm/thread/bfd688b59988567c

[bsel]

Thanks for information, rasz_pl.

But if I use -static-libgcc I get this error on my second system:

relocation error: ./uidcreator: symbol _dl_catch_error, version GLIBC_PRIVATE not defined in file ld-linux.so.2 with link time reference.

I think this is the reason:

There are several situations in which an application should use the shared libgcc instead of the static version. The most common of these is when the application wishes to throw and catch exceptions across different shared libraries. In that case, each of the libraries as well as the application itself should use the shared libgcc.

Sometime I will solve the problem

UPDATE: Just packed it with libstdc++.so.5 and libgcc_s.so.1 and created a shell script to start. The new package at the old place.

[Gimp]

if this game became pay to play it would remove the reason why most people originally decided to play it, which was because it was free. even if it was only a small amount of money it would remove the novelty of the game, that its a cool game for a freebie and that it was not created by one of those mega big game companies.

[Taiyo.uk]

How about ban by MAC address? I know that MACs are easily spoofable (e.g. in Linux it can be spoofed using ifconfig). Is it possible for trem to query the hardware for the real MAC rather than the spoofed one? Bad MACs could be distributed in a banlist.

...and we can look foward to n00bs complaining about not being able to play after buying a second hand NIC with a banned MAC.

Cheers!
-Taiyo

[ascii]

Ban system is useless in a free game. Look at Enemy Territory, it's become the most cheated game. And they have PunkBuster.

How about ban by MAC address?

Even in Windows there is many free soft/howto for change your mac address, http://www.google.fr/search?q=windows+change+mac+address&ie=UTF-8&oe=UTF-8.
Btw what about ppl using USB modem ? They don't have mac address.

[bsel]

Ban system is useless in a free game. Look at Enemy Territory, it's become the most cheated game. And they have PunkBuster.

I think you never played CS 1.5 after take down of WON servers.
And Enemy Territory is not a free game. It's free of fee but the game still is proprietary.

[ascii]

I think you never played CS 1.5 after take down of WON servers.

I don't have windows.

In fact the only way for a good banning system for a free game is IP range ban.

Btw, about uidcreator, strip/static binary is the fisrt think u need todo. I say it's useless but for learning purpose, it's good
Protocol:

Code: [Select]

HELLO REQUEST
CLIENT HELLO
SERVER HELLO
CERTIFICATE
SERVER KEY EXCHANGE
CERTIFICATE REQUEST
SERVER HELLO DONE
CERTIFICATE VERIFY
CLIENT KEY EXCHANGE
FINISHED

I hope u check size for command receive from client to avoid exploit.

[bsel]

I am not using Win either, but this does not stop me playing CS 1.5 here.

I don't check the command size of the TLS commands, if you meaning this.

[ascii]

After read this http://www.tremulous.net/phpBB2/viewtopic.php?t=1052 a new idea come to me.

A master UID database server is need, I call it MUDS. Each UID is associate with a 'kill count' value.

Each new player create an UID and send it to the server. This UID is register/check on the MUDS by the server.
The server count how many kill the player got in game. After player disconnected, the server send to the MUDS the kill count.

To avoid ppl using their own server for upgrade their UID easily on MUDS, each server need to be register on MUDS as an official server. MUDS logs can be parse to avoid fast UID upgrade. Kill count is upgrade only if there is many ppl on it (like American's Army).

This system can works only if 50% max of official servers have this ban system, because players need to play on an official server without ban system to upgrade their UID 'kill count'.
This system need to be fully integrate in game to works.
UID must be based on an private/public key to avoid ppl stealing UID.

So, you can't play on an official server with ban system if you have a 'low kill count' on MUDS. And deconner/cheater/idiot can't instant reconnect on an official server.
The only bad thing is that, not all servers can have this ban system.

Btw after that, all kinds of ideas are possible. (But we talk about ban system only here)
- Create players levels based on 'kill count'.
- Server with skilled/newbie players only.
- Newbie can't deconstruct/vote.
- Skilled ppl can have some admin right.
- Stats for players.
- Register names for an UID.
- [...]

Btw PunkBuster use a similar way, a server can block players with a too young UID. But you can easily bypass this if you register many UID at the same time some days ago. It's why i use a 'kill count'.

Maybe i forget some security hole in this system. Well, it's just an idea.
Btw english isn't my native langage.

[PierreF]

Make a UID system that ensure player can create multiple UID seem imposible with open-source game. You can patch the game to send faked UID, if the generator is closed-source, you only need to fake information used to generate the UID. Yes a solution could be to pay for a UID... but tremulous is free and I hope it will stay free.

But do you think that player that are banned will do all that work to fake/recreate a new UID ? I'm not sure.

I think a simple UID that can be created for free, is a the best idea. But this UID should be signed to avoid UID stealing.
From this, I see a solution against player that ruin the game is to limit action that a player can do just after registering is UID. eg can't deconstruct few minute after registering a UID.

I think the limitation time should be short, because a good player maybe playing on an other comptuer and don't have is UID key. For a banned player, if he need to wait, say, 5 or 10 min before re-deconstruct base he won't do this more than 1 or 2 times.

[ascii]

Make a UID system that ensure player can create multiple UID seem imposible with open-source game.

Well, my english is poor. Maybe it's why you don't understand me. And my idea isn't simple too.
Create a new UID don't help banned ppl. Because they need a amount of kill before reconnect to an official server with ban system.

A simple UID isn't effective. Look at Enemy Territory, you just need to delete your etkey file to reconnect to the same server (sometimes you need to change your ip too).

But do you think that player that are banned will do all that work to fake/recreate a new UID ? I'm not sure.

Yeah good point I work for a security compagny, it's why i sometimes too much paranoid.
But i prefer the idea of a simple UID based on some hardware parts. So ppl can't just delete a file to create a new UID.

[zeta]

good idea that newbs cant decon!!!


that is grade A shit right there

so ya we need a ranking system like AA(even tho i hate AA)

but in this system if u get reportedly killing your own teamates u wont loose rep but a person will check u out and ban u from all MUD servers


im thinking like a 1-5 rank

rank 5 being the best and 1 being a complete noob


100 kills for rank 2, at rank 2 u get the ability to pick builder
then 400 kills for 3, at rank 3 u get the ability to decon
then 800 kills for rank 4, and the ability to start votes
then 1000 kills for rank 5, and the ability to kick players, and ure vote counts as 3 people, and ability to start votes to ban



EDIT: also what would be cool is the ability to change your human and alien characters apearence,

humans could have different clothing, differnt color skin, different face!

aliens would get like armor(but it wouldnt do anything) maybe different colors



EDIT: when someone looses there MUD acount they can creat a new one but they are back to rank 1 and they cant do shit to bug people!

[Karvajalka]

100 kills for rank 2, at rank 2 u get the ability to pick builder
then 400 kills for 3, at rank 3 u get the ability to decon
then 800 kills for rank 4, and the ability to start votes
then 1000 kills for rank 5, and the ability to kick players, and ure vote counts as 3 people, and ability to start votes to ban

hmm...what about if there is a game with only noobs in one team? Then they couldn't build bases, or atleast decon some parts of it. And I don't think deconning newbies are a problem, atleast I didn't know how to decon when I was a noob (or maybe I still am :roll:) If rank 4 can only start votes, how can they change the map, even if they all want it.

And besides, who ever said that someone with hunreds of kills is a nice players. They can be as evil as anyone else  :roll: . For example some could play with one nickname and get kills and then change to another nickname and be like little devils...

[zeta]

good point but that would leave both bases to normal while everyone goes and kills everyone to get kills and be able to get builder

[bsel]

I hope u check size for command receive from client to avoid exploit.

ascii, which size do you mean? I don't want to write exploitable programs if I can avoid this.
Would be great if you could explain it to me

PS: I don't like ideas like class choicing by number of kills. I would not touch the game type of Tremulous in such a drastic way, I like it how it is. Just those base destroyers border me.

[CoD]

I don't like ideas like class choicing by number of kills. I would not touch the game type of Tremulous in such a drastic way, I like it how it is. Just those base destroyers border me.

Quote!

Every player has the right to play any role, to mistake.. die.. and learn.
But base decon: they must be stopped

[ascii]

I hope u check size for command receive from client to avoid exploit.

ascii, which size do you mean? I don't want to write exploitable programs if I can avoid this.
Would be great if you could explain it to me

I mean buffer overflow http://en.wikipedia.org/wiki/Buffer_overflow.
The good question is: how do you store string receive from client ? If u store it in a 'char cmd[30]' and a client send a string with a len greater than 30, you got a segfault. And segfault are often exploitable to send shellcode to your server.
But i see you use c++ and maybe strings classes which are generally safe.

Btw a more secure way for you is to use a one byte protocol. You can use a 'typedef enum' for that. i mean "HELLO REQUEST"=0, "CLIENT HELLO"=1, etc. So server can reject all client command without a len of 1.

Last q3 engine exploit use this way http://www.milw0rm.com/exploits/1750.

[BunnyFooFoo]

I think the rank system is a good idea.  There is one further thing that needs to be done--entry level servers with fewer restrictions on abilities.  A training ground as it were.  That way, newbies would have a chance to learn good habits before they move on to the 'big servers'.

Sure, an experienced player can start doing bad things, but they risk getting banned and losing that UID and all of the work they put into creating it.  Will Griefers do all that work for *one* shot at messing up a game?  Doesn't seem likely.

Of course, with the way some admins behave, the system might break down when they keep the system from applying to themselves or their friends.

[bsel]

Btw a more secure way for you is to use a one byte protocol. You can use a 'typedef enum' for that. i mean "HELLO REQUEST"=0, "CLIENT HELLO"=1, etc. So server can reject all client command without a len of 1.

I use GnuTLS so I have not to worry about the TLS protocol, so I need not to mask the commands.

The good question is: how do you store string receive from client ?

If you look into the manpage of recv you see a length parameter for the buffer. If I have set this correctly there should be no possibility of a buffer overflow. arr  :wink:

[ascii]

I use GnuTLS so I have not to worry about the TLS protocol, so I need not to mask the commands.

I don't say that to mask commands.

If you look into the manpage of recv you see a length parameter for the buffer. If I have set this correctly there should be no possibility of a buffer overflow. arr  :wink:

Depend on how you code 'client command detection'. If you do all the job in the same buffer, it's should be safe.
Btw do you use threaded server or no-blocking socket ?

Can i try crash it (only crash no shellcode) ? if yes, do you use wathdog ?

[bsel]

Depend on how you code 'client command detection'. If you do all the job in the same buffer, it's should be safe.
Btw do you use threaded server or no-blocking socket ?

Can i try crash it (only crash no shellcode) ? if yes, do you use wathdog ?

It's just a test server program without threads and without much security. If you want to crash it, it will likely do.
It just receives the data and sends the signed UID, not more not less.

The final server should:
 - have a database of UIDs in background
 - check for flooding.
 - use some type of exeption handling.

In the beginning I thought of thread support. But I decided it is not need, because there are only 2 transmissions per client (receive data, send signed UID). It takes less than 2 seconds and it is not necessary to handle clients in parallel. It would be overdosed... but a good training for me

Edit: If you really like to test your skills, ascii, we could do some testing on Sunday but please wait for me

[bsel2]

I have finally implemented the system in revision 920: here the patch //edit: forgot the Makefile-patch
You need at least GnuTLS 1.4.0 for this to work, and the static libs to build the dedicated server.

I also have started the uidserver again so you can create a signed UID for your system using the uidcreator.


As I was thinking about this solution I found out that it is an insecure solution: A manipulated server can steal the UID and the signature.
To solve the issue a central server can be used to verify the clients identity. The Tremulous server then only needs the UID but not the signature.

[holyknight]

if you are thiking about ranking, then, no.
I like how you don't have to register your account.
And I really hated the AA system where you are rank 20 and others are rank 100 and all those crap.
I was sad when I was rank 10 and everyone else were rank 20
they called me noob and stuff
but later i got to rank 21!
and I stopped playing
and I tried to play again
but I had to restart
so I said "F**K IT"

wait... what are we talking about?

[bsel2]

if you are thiking about ranking, then, no.
I like how you don't have to register your account.
And I really hated the AA system where you are rank 20 and others are rank 100 and all those crap.
I was sad when I was rank 10 and everyone else were rank 20
they called me noob and stuff
but later i got to rank 21!
and I stopped playing
and I tried to play again
but I had to restart
so I said "F**K IT"

wait... what are we talking about?

lol you're funny. It's a system to identify a player based on his system information. Maybe you should read the whole post frist  :wink:

[n00b pl0x]

The best way to actually ban someone, is not to have it ban based off of crap that can be recreated, but to be banned based off of Volume Id and MachID. Volume ID is the ID of your harddrive, and although it can be changed, with the backup of MachID, it is practically fail safe. The only way for the person to bypass the ban, is to essentially get a new Nic Card, and change there Volume ID. Which is a lot of trouble...and if they do it again, ban them again...eventually they will give up. It becomes too costly.

this sounds like the best idea out of what ive read...but i wouldnt like it as i wouldnt be able to evade my bans

[Stof]

The best way to actually ban someone, is not to have it ban based off of crap that can be recreated, but to be banned based off of Volume Id and MachID. Volume ID is the ID of your harddrive, and although it can be changed, with the backup of MachID, it is practically fail safe. The only way for the person to bypass the ban, is to essentially get a new Nic Card, and change there Volume ID. Which is a lot of trouble...and if they do it again, ban them again...eventually they will give up. It becomes too costly.

this sounds like the best idea out of what ive read...but i wouldnt like it as i wouldnt be able to evade my bans

No, this is a stupid idea. Who sends the server the Volume ID or the easily changed MAC address? The client software. The one who can be easily changed to send a random Volume ID and MAC address by placing a few calls to rand in carefuly chosen and easy to find locations in the source code.

This won't work.

[bsel2]

If someone is testing the uidcreator it would be nice if he/she would send me the UID as P.M. so I can check if it really works.
Unfortunately it's only available for GNU/Linux (maybe it runs on other *nix-Derivates too) at the moment.

[Paradox]

Way to necro.

[holyknight]

Way to necro.

way to make three words of awesome cliche.

[n00b pl0x]

way to not notice until 2938 posts have been made since the necro. and stof why cant we just make it harder to find in the source code? we can make a bunch of ascii drawrings of tyrants around it and then no1 could touch it