On Sat, May 25, 2002 at 03:46:50AM -0500, Bob Tanner wrote: > What prevents a man-in-the-middle attack? Well, I thought the local IP address used to be used as part of the negotiation ... but portswap through firewall must bypass that now, because a client cannot know what it's external NAT IP would be. An in the middle attack at system call level interface is always going to be possible, with open operating systems. > What prevents a user from picking out the embedded key and using it > (writing some code) to make a borg client that masquarades as a > blessed binary? Not much. There are some tricks in place to make it more difficult, but it is not impossible. The main defence is that the protocol and data flow constrains the cheats that are possible, and so the reward for making a borg is not particularly high, when compared to other games that place more trust in their clients. It is more important that the community believe that client authentication helps to prevent cheating. That probably reduces cheat attempts more than the actual defence capability. Borg capability in Netrek is constrained to; - predicting probable location of cloakers, by data analysis, - automatic firing of weapons or activation of defensive measures, - information processing, e.g. carrier highlighting. -- James Cameron mailto:quozl at us.netrek.org http://quozl.netrek.org/