[crossfire] new metaserver
Brendan Lally
B.T.Lally at warwick.ac.uk
Thu Jun 9 20:59:43 CDT 2005
>>>
mwedel at sonic.net
06/09/05 06:08 AM >>>
>
seems to me that making the CMS ip secret is just security through obscurity.
>
Once someone discovers that IP through whatever method, you lose that benefit
>
- this means the CMS has to be secure on its own.
Yeah, what I have had in mind all along is that the metametaserver/CMS wouldn't just be a secret, but that it would be firewalled off from /all/ incoming requests except from the SMS's
Knowing the IP adress wouldn't do an attacker any good unless they had a SMS being the attacker, and it is pretty hard to launch an attack when there are only a score of ip adresses to attack from and get replies.
That isn't security through obscurity, it is security through dropping packets...
More information about the crossfire
mailing list