Why not add mac adress address support? #1734
Comments
|
Mac addresses can very easily be changed, and nothing prevents a player from intercepting the packet in transit to change the mac address that is sent to the server. It is IMPOSSIBLE to truly fingerprint a user. No matter what data you collect (ie IP address, email address, user agent) it can ALWAYS be manipulated. The only way would be to require the user to send you a copy of their birth certificate (but even this can be forged). Many websites and applications use alternative means but they're not perfect either. Let's say you require a user to have a cellphone and you send them a confirmation sms... well there's services that can provide you with free phone numbers (ie magic jack, fongo, hushed). Some try to discourage bad actors by requiring a small payment (ie less than $10), so large-scale exploit would become costly, but this only deters, it doesn't prevent. Some use time as a restriction, like requiring your account is at least X days old to do action Y. This is also problematic because the player could just set up a bunch of accounts, set them aside for a month, then use them. This only slows them down. No matter what you do you will ALWAYS need to manually police your users. https://en.wikipedia.org/wiki/MAC_spoofing |
|
If it is part of the login packet from the client, it should be handled by the server. But as @mekolat says, it is impossible to truly fingerprint a user. |
|
Sirs, I believe you have misunderstood. What was said in the text above is true, but this should not be taken only to the MAC, but rather to the whole system. Every system is mocking, however good it may be, people may find it not, but they just do not know how to do it. The intention of adding the MAC, is to have one more option to 'defend' the abusers. |
|
IMO the mac address does not provide any additional protection, and opens the door to bad scripting practices that relies on user-submitted data (the packet can be forged) as a "security" measure |
|
Also gravity client does not support mac address so this should be kept as
a custom mod
…On 16 May 2017 15:00, "mekolat" ***@***.***> wrote:
IMO the mac address does not provide any additional protection, and opens
the door to bad scripting practices that relies on user-submitted data (the
packet can be forged) as a "security" measure
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#1734 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ANocx9WQOZUcR59xo36Ueav6Wu0krGT9ks5r6awIgaJpZM4Nahti>
.
|
|
One option would be to add the MAC as an additional means of protection, where it would not have to be active by default, would be at the discretion of each player to use or not if he wanted to. |
|
It offers absolutely ZERO protection |
|
@mekolat in ro world most protections works like this. they "protecting" and "obfuscating" things in client. About mac address. In hercules exists SSO like packet with mac address, but mac field here unused. And i not sure is any client can send this packet or not. |
|
@4144 The client can send the 0x0825 login packet ( |
Helianthella
added
component:core
|
status shouldn't be wontfix maybe? kRO records the MacAddress if we use kRO client to login and we don't even save the mac for 0x0825 packet |
|
I don't believe the MAC address is of any use, but okay, since the field exists there, we can accept pull requests that handle it. The reasons why I won't waste time on it unless a pull request comes are (summarized from the above):
|
MishimaHaruna
added
type:enhancement
We all know of such need in the emulator and how important that would be. Here's the question: Why not add mac adress address support?
NOTE: This was implemented here in Brazil, in an emulator that is fork of Hercules.
brAthena@d1ebe6d
The text was updated successfully, but these errors were encountered: