x0563511 Posted July 20, 2005 Report Share Posted July 20, 2005 is it down? Same address of the normal server, but port 2001 right? If not, what should I be connecting to with the beta? Link to comment Share on other sites More sharing options...
Kratos Posted July 20, 2005 Report Share Posted July 20, 2005 Try again If you have the wrong address...this is the correct one: lxnt.info:2001 Link to comment Share on other sites More sharing options...
x0563511 Posted July 21, 2005 Author Report Share Posted July 21, 2005 Try again If you have the wrong address...this is the correct one: lxnt.info:2001<{POST_SNAPBACK}> hmm, I copy/pasted that address into the configuration file - still no go. I have 0.7.878 - is this the right version? Link to comment Share on other sites More sharing options...
Kratos Posted July 21, 2005 Report Share Posted July 21, 2005 What exactly does the message say? Link to comment Share on other sites More sharing options...
x0563511 Posted July 21, 2005 Author Report Share Posted July 21, 2005 [server]host = lxnt.info:2001login = x0563511password = <SNIP>autologin = 0# http proxy settings (it must support CONNECT method to work)# one of the following 3 values should be set: # host:port (host name and port of http proxy)# auto (take value from http_proxy environment variable)# disabled (do not use http proxy)http_proxy = disabled thats from my INI. in case you need it. I can connect to x:2000 but not x:2001 (of course i can't play anyone in x:2000) Message: "Failed to connect" Is there a way to get verbose log output in windows? Link to comment Share on other sites More sharing options...
x0563511 Posted July 21, 2005 Author Report Share Posted July 21, 2005 ? If I use http://tor.eff.org to connect to it (the proxy settings don't work, i use the program Torcap) it connects fine (but slow, as i'm going through an anonymizing network). Without it, no beans. Serge (and/or lxnt), are you blocking my IP or subnet from that port? My ip is:71.103.125.XXX Link to comment Share on other sites More sharing options...
Kratos Posted July 21, 2005 Report Share Posted July 21, 2005 (edited) hehe, I think Serge blocked the IP. BTW: is that your password? if so, please remove it here so nobody can abuse it. Edited July 21, 2005 by Kratos Link to comment Share on other sites More sharing options...
x0563511 Posted July 21, 2005 Author Report Share Posted July 21, 2005 hehe, I think Serge blocked the IP. BTW: is that your password? if so, please remove it here so nobody can abuse it.<{POST_SNAPBACK}> Hehe, no, i replaced it with the snip. Either that IP is blocked, or theres something wrong with the netcode and torcap is correcting it as it intercepts the communication calls. What it does is it intercepts all communication calls and recodes them to socks4, and passes them to an arbitrary Tor proxy. I'd like to think it was IP blockage, because if not, that means something is borked in the beta, or my windows install needs ANOTHER wipe. Link to comment Share on other sites More sharing options...
x0563511 Posted July 26, 2005 Author Report Share Posted July 26, 2005 (edited) STILL can't connect without anonymizer. Do you want me to install Ethereal and give you a packet dump? My packets go out, and are resent every second or so. Nothing at all comes back. Edited July 26, 2005 by x0563511 Link to comment Share on other sites More sharing options...
x0563511 Posted July 26, 2005 Author Report Share Posted July 26, 2005 Hehe, triple post. Here is a packet dump of my connection attempt, in two formats.packetdumpraw.txt * is a tcpdump file. if you know what that is, you should prob ably use it. packetdumpascii.txt is a plaintext version, including all packet information and a hex dump of packets. Each packet is seperated by a form feed (or similar). These packets look like connection attempts, so my password username etc are absent (don't even try guys ) Yes, the local IP is not a valid IP for internet, but I am behind a fully functional NAT-device. * stupid "Upload failed. You are not permitted to upload a file with that file extension." - .dump and .dat won't take. Its not actually a .txt filepacketdumpraw.txtpacketdumpascii.txt Link to comment Share on other sites More sharing options...
Serge Posted July 26, 2005 Report Share Posted July 26, 2005 These packets look like connection attempts, so my password username etc are absent (don't even try guys ) Yes, the local IP is not a valid IP for internet, but I am behind a fully functional NAT-device. Well, we did not ban anyone so it seems like just a newwork configuration problem. I only suppose that your NAT can't properly handle TCP connections for port 2000 (2001 for beta). Please also check if this link works: http://lxnt.info:8888/repos/ufo2k/trunk/It requires ability to connect at 8888 port (which is nonstandard as well). Please report the results. Link to comment Share on other sites More sharing options...
x0563511 Posted July 27, 2005 Author Report Share Posted July 27, 2005 (edited) Problem found and solved. My intrusion detection system is reading the connection replies as:"BACKDOOR Trojan - active - 'Trojancow' incoming" Odd... wonder if its just a false positive with this software. Anyone else have a problem with IDS systems? (im wondering if its just this brand, or most systems) Hopefully it is just this brand. Guess I have to disable IDS when playing Edited July 27, 2005 by x0563511 Link to comment Share on other sites More sharing options...
Exo2000 Posted July 27, 2005 Report Share Posted July 27, 2005 Cue people running around like headless chickens shouting "UFO2000 has spyware, backdoors and trojans!" J/K Link to comment Share on other sites More sharing options...
Serge Posted July 28, 2005 Report Share Posted July 28, 2005 My intrusion detection system is reading the connection replies as:"BACKDOOR Trojan - active - 'Trojancow' incoming" Odd... wonder if its just a false positive with this software. Anyone else have a problem with IDS systems? (im wondering if its just this brand, or most systems)I have found the following information, it is the list of TCP ports used by different trojans: http://www.textfiles.com/uploads/trojanports.txt We were just 'lucky' to use the same ports as Der Spaeher 3, Insane Network, TransScout (port 2000) and TrojanCow, Der Spaeher 3, TransScout (port 2001) On the other hand, there are not many 'free' ports left and there is always a chance that they can be used by some other trojan as well in the future. Looks like your intrusion detection system only judges the application by the port it uses and issues that 'Trojancow' alarm. What is most interesting here, UFO2000 connects to the server, so that's OUTCOMING connection. Backdoors on the other hand are usually get installed on your computer and wait for INCOMING connection from their master, so he can control it and do some nasty things to you. Seems like this intrusion detection system is crappy and even does not see this difference, can you provide a link to its webpage? I would like to have a look at it. Security is quite popular theme now, there are lots of crappy 'products' appearing. For example, there are lots of antispyware tools which 'detect' spyware by checking only file names! Sure they are fast, but they do not protect you, a lot of spyware can have changing or random names, their names can also match the names of some real software! Now appears that we also have a intrusion detection system which is based only on a list of ports. Link to comment Share on other sites More sharing options...
x0563511 Posted July 28, 2005 Author Report Share Posted July 28, 2005 My intrusion detection system is reading the connection replies as:"BACKDOOR Trojan - active - 'Trojancow' incoming" Odd... wonder if its just a false positive with this software. Anyone else have a problem with IDS systems? (im wondering if its just this brand, or most systems)I have found the following information, it is the list of TCP ports used by different trojans: http://www.textfiles.com/uploads/trojanports.txt We were just 'lucky' to use the same ports as Der Spaeher 3, Insane Network, TransScout (port 2000) and TrojanCow, Der Spaeher 3, TransScout (port 2001) On the other hand, there are not many 'free' ports left and there is always a chance that they can be used by some other trojan as well in the future. Looks like your intrusion detection system only judges the application by the port it uses and issues that 'Trojancow' alarm. What is most interesting here, UFO2000 connects to the server, so that's OUTCOMING connection. Backdoors on the other hand are usually get installed on your computer and wait for INCOMING connection from their master, so he can control it and do some nasty things to you. Seems like this intrusion detection system is crappy and even does not see this difference, can you provide a link to its webpage? I would like to have a look at it. Security is quite popular theme now, there are lots of crappy 'products' appearing. For example, there are lots of antispyware tools which 'detect' spyware by checking only file names! Sure they are fast, but they do not protect you, a lot of spyware can have changing or random names, their names can also match the names of some real software! Now appears that we also have a intrusion detection system which is based only on a list of ports.<{POST_SNAPBACK}> Kerio Personal Firewall (www.kerio.com) Everything else about it is fairly good. It even can be set to yell at you when one process launches another one. Now that I realise how crappy the IDS is, i'm just going to use the packet filter and deny anything that I didn't explicitly allow. At least, untill I get enough cash to make/buy a passive cooled low wattage linux or bsd based firewall. So it will be a while. Link to comment Share on other sites More sharing options...
Serge Posted July 28, 2005 Report Share Posted July 28, 2005 Kerio Personal Firewall (www.kerio.com) Everything else about it is fairly good. It even can be set to yell at you when one process launches another one. Now that I realise how crappy the IDS is, i'm just going to use the packet filter and deny anything that I didn't explicitly allow. At least, untill I get enough cash to make/buy a passive cooled low wattage linux or bsd based firewall. So it will be a while. Kerio is a well known firewall (never used it though). So probably that are just some configuration issues. Maybe you have configured it to be too paranoid? All you need to do is to find how to allow outcoming connections using TCP ports 2000 and 2001 for the process ufo2000.exe, most likely your firewall can be configured this way. And disabling firewall completely while playing the game is dangerous as you can be attacked at this time (it is even more dangerous if you don't have all the needed security patches installed). A general rule is that it is better to forbid any connections coming from outside (enable only those that you really need), by the way, even built in Windows XP firewall can do that. Good professional firewalls also provide protection against malicious software running on your computer and do not allow it to establish connections to the outside world. That is a much more difficult task as malware when it has control over your computer can try to disable your firewall, inject into some other process (explorer for example) and do some other tricks. But generally it is better not to let trojans get to your computer, also antivirus can do a good job finding all the nasties that you may have installed. Do you have any antivirus installed? Also if you find any suspicious file, you can use this online service to check it: http://virusscan.jotti.org/This service uses many antivirus engines, some of them are using powerful heuristics to detect even new versions of trojans. Link to comment Share on other sites More sharing options...
Blood Angel Posted July 28, 2005 Report Share Posted July 28, 2005 Cue people running around like headless chickens shouting "UFO2000 has spyware, backdoors and trojans!" J/K <{POST_SNAPBACK}> ! UFO2000 HAS SPYWARE, BACKDOORS AND TROJANS! Link to comment Share on other sites More sharing options...
Sporb Posted July 28, 2005 Report Share Posted July 28, 2005 (edited) Ufo beta frigs around with my firewall so for now it can go to hel. It tries to connect to lxnt.info:2001 even when not running. I got SPF and it's never let me down Edited July 28, 2005 by Sporb Link to comment Share on other sites More sharing options...
Recommended Posts