[6688] in bugtraq
Re: Fix for Quake Servers
daemon@ATHENA.MIT.EDU (Garph)
Wed May 6 14:39:59 1998
Date: Wed, 6 May 1998 01:13:20 -0700
Reply-To: Garph <garph@LANMAN.COM>
From: Garph <garph@LANMAN.COM>
To: BUGTRAQ@NETSPACE.ORG
> check out http://www.planetquake.com/arena/rconfix/ for a patch to the
> existing known rcon password of "tms" with a random one, which contains
> a ", making the newly found backdoor unusable. However, the best way to
> fix this problem is still to filter id's subdomain(192.246.40.*) at your
> router.
>
> -dizzy
Neither randomizing the password nor putting a double-quote in it will
prevent the rcon commmand from being accepted. Just use '\042'. Random
passwords can be exhaustively searched. That'll just take a bit more
time. Using '\000' in the password seems to confound Quake's ability to
check it.
Garph
