26 replies to this topic

[Link149]

Quote

You can spoof an ID, quite easily. (I think, unless 1.6 removed that?) But even so, adding the necessary security to check would be extensive and unnecessary on both the API and the Client.

Quote

CC 1.6 didn't change that and it's unlikely it'll ever change.

The idea is that what the RedNet API calls an "ID" is actually a modem channel, and users can send / receive using pretty much whatever channel they like by accessing the modem API directly. This means that anyone on your wired network, or in range of your wireless network, can intercept and read a copy of any messages they like (regardless as to where you wanted to send them), and they can send messages out as though they owned a computer with any ID they like (regardless as to whether the computers they have access to have those IDs).

While it IS possible to spoof an id, Computercraft 1.6 added hostnames and protocols. They could be used in some way that prevents a computer from receiving a message from a potentially harmful computer, as you can find which computer id is bound to a specific hostname and as a hostname can only be used ONCE on the same protocol. You could subscribe your computer(s) to a protocol and encourage your friends to do the same. That way, you will always know you're receiving messages to them. Sending private messages is going to be a more diffult task though, I fear.

[applesauce10189]

Link149, on 06 May 2014 - 01:58 AM, said:

--Cut out text stuffs.

Your profile picture...... It's Link... Wearing a headset.... Something about that is just overwhelmingly awesome to me.

[MKlegoman357]

Link149, on 06 May 2014 - 01:58 AM, said:

While it IS possible to spoof an id, Computercraft 1.6 added hostnames and protocols. They could be used in some way that prevents a computer from receiving a message from a potentially harmful computer, as you can find which computer id is bound to a specific hostname and as a hostname can only be used ONCE on the same protocol. You could subscribe your computer(s) to a protocol and encourage your friends to do the same. That way, you will always know you're receiving messages to them. Sending private messages is going to be a more diffult task though, I fear.

But it is still possible to spoof hostnames and protocols. They were added to the Rednet itself, not to the modem. It means that you can still get messages with hostnames and protocols and 'hack' those or pretend to be a certain hostname, etc...

[apemanzilla]

MKlegoman357, on 07 May 2014 - 04:51 PM, said:

Link149, on 06 May 2014 - 01:58 AM, said:

While it IS possible to spoof an id, Computercraft 1.6 added hostnames and protocols. They could be used in some way that prevents a computer from receiving a message from a potentially harmful computer, as you can find which computer id is bound to a specific hostname and as a hostname can only be used ONCE on the same protocol. You could subscribe your computer(s) to a protocol and encourage your friends to do the same. That way, you will always know you're receiving messages to them. Sending private messages is going to be a more diffult task though, I fear.

But it is still possible to spoof hostnames and protocols. They were added to the Rednet itself, not to the modem. It means that you can still get messages with hostnames and protocols and 'hack' those or pretend to be a certain hostname, etc...

Overall, rednet is never going to be 100% secure and reliable. Because of how open lua is, you will always be able to change the functions to do whatever you want.

[applesauce10189]

I absolutely love how this thread has derailed from it's original topic to the security of rednet.

[CodingWithClass]

applesauce10189, on 12 May 2014 - 06:51 AM, said:

I absolutely love how this thread has derailed from it's original topic to the security of rednet.

This is the Internet...

[applesauce10189]

CodingWithClass, on 25 May 2014 - 10:39 PM, said:

This is the Internet...

True. Very true.