On Feb 5, 2007, James Cameron <quozl at us.netrek.org> wrote:

> On Fri, Feb 02, 2007 at 07:57:58AM -0500, Karthik Arumugham wrote:
>> Suggestion: If a server re-solicits with the same hostname but a new
>> IP, delete the previous entry. This should prevent this type of
>> occurrence.
> Not without some surety or authenticity.  We considered that as a
> possible attack vector, which is why the code doesn't let you do it.
> Restarted metaserver on sage.real-time.com again to clear old pickled
> lines ... now only netrek.org and psychosis.net remain.  Should
> something be removed from metarc?

True. How about a protocol extension to simply send a random hash  
that each server generates on the first run? Then moves/new hostnames/ 
new IPs/etc will cause the server to clear out the old one.

I think you need to remove pickled.psychosis.net from the metarc on  
metaserver, since it appears to be static. (If it's static for some  
reason, you can make pickled.netrek.org static instead.) Sorry about  
the meta mess; been moving IPs and changing hostnames multiple times...

There's also the attack vector to consider that one could simply send  
a whole bunch of junk to the meta and fill it up (possible buffer  
overflows/out of memory issues there too.) Is there protection  
against this?