EVE Search - Regarding the recent account security upgrade...

All Channels

EVE General Discussion

Regarding the recent account security upgrade...

» Click here to find additional results for this topic using Google

Monitor this thread via RSS [?]

Author	Thread Statistics \| Show CCP posts - 1 post(s)
DeODokktor Caldari Dark Templars The Fonz Presidium	Posted - 2010.06.23 00:15:00 - [1] Originally by: Dabljuh Edited by: Dabljuh on 03/05/2010 15:59:14 Originally by: Kolatha For those who keep going on an on about "all you have to do is block ip/mac addresses" please refer to the following two documents. IP Spoofing MAC Spoofing Basically it is no effort at all to have each brute force attempt use a new randomly generated address. From my understanding and experience this is how some brute force attacks already operate. I know that DOS attacks use this as well. I'm sorry, but that's not how IP spoofing works. Or rather: You can't combine brute forcing and IP spoofing. IP spoofing works for dumb SYNflood/bandwidth DOS attacks, but password cracking attacks require a valid IP. There's no excuse other than gross negligence for failing to prevent brute force attacks aggressively. Besides, mac spoofing is to my knowledge irrelevant on the internet. (that is to say, outside a LAN/WAN) Owners of dynamic internet connections can sometimes use mac spoofing to receive new IP adresses from their ISP, if said ISP is (mis)configured that way. Originally by: Kolatha See my comments above about IP/MAC address spoofing and the recent issue I had to deal with. One disgruntled attacker with a small botnet can pretty much lock out the entire eve community if you implement this level of automated IP blocking. Needless to say, there is no point in blocking the attacking IPs in a simple flood attack, as they are going to be spoofed anyways. However this is very different from a password attack, where IP-level blocking is both effective and desirable. I guess either your security setup is even more screwed up than CCPs, or you do not understand the fundamental differences in requirements on the IP layer between a flood/DOS and a password cracking attack. /Signed/... The thing is, that too many people think that spoofing is so easy that you should ignore IP filtering, the truth is, if they put IP filtering into place it would just mean more work, and that's why it's not happening... It's much easier to just close accounts after they get hacked, and wait for the account holder to verify sign up details that they used years ago before they switched to ETCs..... Puns aside, They should put in IP filters.. For those people who say IP Spoofing is still possible, the simple answe ris, no it's not... Not for this!... You can test this, simple mechanics.... Buy yourself a new QFHD 50" TV, use your credit card, but here's the fun part, SPOOF the Delivery Address, that's right, use some guys addy who lives in another state, just pick it at random!!!.... When your TV doesnt get delivered to your house, you can try and decide why IP Spoofing for password cracking doesnt work well ;). ----------- Never Forget the joy of finding a main to link to a scammer alt. N-y-p-h-u-r ! !

COPYRIGHT NOTICE
EVE Online, the EVE logo, EVE and all associated logos and designs are the intellectual property of CCP hf. All artwork, screenshots, characters, vehicles, storylines, world facts or other recognizable features of the intellectual property relating to these trademarks are likewise the intellectual property of CCP hf. EVE Online and the EVE logo are the registered trademarks of CCP hf. All rights are reserved worldwide. All other trademarks are the property of their respective owners. CCP hf. has granted permission to EVE-Search.com to use EVE Online and all associated logos and designs for promotional and information purposes on its website but does not endorse, and is not in any way affiliated with, EVE-Search.com. CCP is in no way responsible for the content on or functioning of this website, nor can it be liable for any damage arising from the use of this website.