I was playing on tigers network earlier today and received another series of 3 inbound connection attempts. (I have my firewall set to reject and log)
This time the remote address did not match the server, I cannot find a match to it in the frommaster.srv file either, the local ports attempted were:
1st: 4761 (12:26:14 GMT)
2nd: 4765 (12:26:23 GMT)
3rd: 4768 (12:26:31 GMT)
the source IP was: 207.192.219.246 (port: 4534)
I am interested in knowing if that IP belongs to a server, I cannot find any matches in my frommaster.log and I do not remember connecting to any server other than tigers network classic.
Pings and Lag, suggestions?
-
Yaza Yamagotchi
- On Lightcycle Grid
- Posts: 33
- Joined: Tue Mar 02, 2004 4:26 am
- Location: Kobe, Japan
- Contact:
bored of amagetron?
try swron or one of the other fun games @ Arcade Games Online
try swron or one of the other fun games @ Arcade Games Online
-
iceman
- Reverse Adjust Outside Corner Grinder
- Posts: 2448
- Joined: Fri Jan 09, 2004 9:54 am
- Location: Yorkshire, England. Quote: Its the fumes, they make one want to play
- Contact:
I get no attacks if I use custom connect to the server I want to play but have found that I get a whole load of attacks if I use the master server to display game servers
So now I just use custom connect and stay well away from the master server
I have mentioned this before:
I think some servers are setup just to grab IPs
(your client pings the servers in the master list I think ?)
The IPs then are passed on from their server to somewhere else for port probing
so it might be a good idea to disable the server pinging code in your client
So now I just use custom connect and stay well away from the master server
I have mentioned this before:
I think some servers are setup just to grab IPs
(your client pings the servers in the master list I think ?)
The IPs then are passed on from their server to somewhere else for port probing
so it might be a good idea to disable the server pinging code in your client
He who laughs last, probably has a back-up
sorry about the large animated gif
Thats so obvious that I indeed never thought about it before. 
Yes, the client pings all the servers.
If the packets come in only sporadically, this may well be just servers that are completely misconfigured, with really bad network connection for example. I would not know how this will have the observed effect of packets coming from completely unknown IPs, though.
AA itself gets itself a new port before it finally connects to the server, so on a good OS ( that assigns ports randomly ), even if you are running a client vulnerable to an attack ( unpatched 0.2.6.0 or 0.2.7.0 ), the attacker can't guess your port. If your OS is not sensible, a standard firewall will protect you. The only thing he can do is totally flood you and clog your modem.
Disabling the pings from you to the servers would be possible, but the load on the master would increase ( it would need to poll the servers more often and send player data to the connected clients ) and you won't get any information on the true quality of the connection from you to the server. OTOH, the speed the server list will be available to clients will increase. I'll add a feature request.
Yes, the client pings all the servers.If the packets come in only sporadically, this may well be just servers that are completely misconfigured, with really bad network connection for example. I would not know how this will have the observed effect of packets coming from completely unknown IPs, though.
AA itself gets itself a new port before it finally connects to the server, so on a good OS ( that assigns ports randomly ), even if you are running a client vulnerable to an attack ( unpatched 0.2.6.0 or 0.2.7.0 ), the attacker can't guess your port. If your OS is not sensible, a standard firewall will protect you. The only thing he can do is totally flood you and clog your modem.
Disabling the pings from you to the servers would be possible, but the load on the master would increase ( it would need to poll the servers more often and send player data to the connected clients ) and you won't get any information on the true quality of the connection from you to the server. OTOH, the speed the server list will be available to clients will increase. I'll add a feature request.
It's important to ping each game server, so you know *your* ping return time to it. There's no way the master server can tell me who I will get a good connection to. (which z-man pretty much stated already). But as this is key information, perhaps there's another way to prevent this concern.
Actually, I'm not even worried. The port is unknown. I don't see the problem. (says me, who sits behind a router that doesn't return ping requests).
Actually, I'm not even worried. The port is unknown. I don't see the problem. (says me, who sits behind a router that doesn't return ping requests).
I'm going ot have to disagree, ish, primarily because I'm paranoid and I don't want player IPs being given out to evil people. When you hit the master server, you are trusting the master server, and *every* server admin out there. While I don't know of any server admins *now* that I'd be worried about, I don't have any connection to most of the servers there.ishAdmin wrote: Actually, I'm not even worried. The port is unknown. I don't see the problem. (says me, who sits behind a router that doesn't return ping requests).
I'm afraid the solution to this problem is not technical, however. I'm not thinking of a way to solve this problem without having some sort of group of trusted server admins, or multiple groups (me and swampy can comprise a group, Tank and his people can be another group, etc) and just have the master server reveal group membership of servers and let clients ping or not ping entire groups. It's still not as simple as that, but you get the idea I'm going for.
I honestly never thought about this as a way to harvest player IPs. I had naively thought player IPs were pretty much kept secret and the only way they could be found was by luck, but *everyone* uses the master server browser (except for a few, me and iceman apparently, I use custom connect to hit swampy's and LAN connect to hit mine, and I never play anywhere else anymore).
Check out my YouTube channel: https://youtube.com/@davefancella?si=H--oCK3k_dQ1laDN
Be the devil's own, Lucifer's my name.
- Iron Maiden
Be the devil's own, Lucifer's my name.
- Iron Maiden
I didn't think of the possibility that my IP was grabbed at another server and spoofed as swampys either z-man (but I should have after all I've seen all the pinging going on in my ethereal logs when the server browser is updating).
Anyway I don't have a problem with the pinging as it's not the servers pinging you, it's you pinging the servers (yes I know they still get my IP of course), the difference is crucial for firewalling and as said can be avoided by custom connect (but if somebody thinks their IP is that precious I guess they overwrite their MAC address daily and then we're in another league hehe).
As for being worried about IP harvesting there's only one real solution to that: plugging out the network cable because real IP harvesting doesn't only happen on servers and you'll never know unless you're encrypting as well as signing communications which would both destroy the game completely.
What we can sensibly be worried about:
- compromised servers
- people poking for security holes in the program itself (the packets I received were not random poking but specifically trying to get to armagetron)
I'm not too worried about either but when I experience something that is likely to be either I tell
Question to Yaza: I read your post as the packets being attempts to communicate directly to the armagetron program just as before, was it?
If the answer to that is Yes then we have more suggestion to the effect that somebody is poking since the code has been reviewed for the behaviour and shouldn't do it. Might be a good idea to review the code for buffer overflows to defend those not using firewalls... afaik there's some good open source libraries for that.
I don't see any reason to make servers unpingable from outside the program, it's generally a bad idea to "outlaw" this for public servers and it doesn't stop DoS or DDoS as they either use spoofed (or valid for that matter) connection attempts to the server or just go for the next link in the chain. Not worth worrying about imo, at that level anyone afflicted need to drag their ISP into the picture anyway and it has become a criminal case.
Anyway I don't have a problem with the pinging as it's not the servers pinging you, it's you pinging the servers (yes I know they still get my IP of course), the difference is crucial for firewalling and as said can be avoided by custom connect (but if somebody thinks their IP is that precious I guess they overwrite their MAC address daily and then we're in another league hehe).
As for being worried about IP harvesting there's only one real solution to that: plugging out the network cable because real IP harvesting doesn't only happen on servers and you'll never know unless you're encrypting as well as signing communications which would both destroy the game completely.
What we can sensibly be worried about:
- compromised servers
- people poking for security holes in the program itself (the packets I received were not random poking but specifically trying to get to armagetron)
I'm not too worried about either but when I experience something that is likely to be either I tell
Question to Yaza: I read your post as the packets being attempts to communicate directly to the armagetron program just as before, was it?
If the answer to that is Yes then we have more suggestion to the effect that somebody is poking since the code has been reviewed for the behaviour and shouldn't do it. Might be a good idea to review the code for buffer overflows to defend those not using firewalls... afaik there's some good open source libraries for that.
I don't see any reason to make servers unpingable from outside the program, it's generally a bad idea to "outlaw" this for public servers and it doesn't stop DoS or DDoS as they either use spoofed (or valid for that matter) connection attempts to the server or just go for the next link in the chain. Not worth worrying about imo, at that level anyone afflicted need to drag their ISP into the picture anyway and it has become a criminal case.