Jump to content
XCOMUFO & Xenocide

Problems Connection to the Beta Server


x0563511

Recommended Posts

[server]

host = lxnt.info:2001

login = x0563511

password = <SNIP>

autologin = 0

# http proxy settings (it must support CONNECT method to work)

# one of the following 3 values should be set:

# host:port (host name and port of http proxy)

# auto (take value from http_proxy environment variable)

# disabled (do not use http proxy)

http_proxy = disabled

 

thats from my INI. in case you need it.

 

I can connect to x:2000 but not x:2001 (of course i can't play anyone in x:2000)

 

Message: "Failed to connect"

 

Is there a way to get verbose log output in windows?

Link to comment
Share on other sites

hehe, I think Serge blocked the IP.

 

BTW: is that your password? if so, please remove it here so nobody can abuse it.

 

 

Hehe, no, i replaced it with the snip. :D

 

Either that IP is blocked, or theres something wrong with the netcode and torcap is correcting it as it intercepts the communication calls.

 

What it does is it intercepts all communication calls and recodes them to socks4, and passes them to an arbitrary Tor proxy.

 

I'd like to think it was IP blockage, because if not, that means something is borked in the beta, or my windows install needs ANOTHER wipe. :boohoo:

Link to comment
Share on other sites

STILL can't connect without anonymizer. Do you want me to install Ethereal and give you a packet dump?

 

My packets go out, and are resent every second or so. Nothing at all comes back.

Edited by x0563511
Link to comment
Share on other sites

Hehe, triple post.

 

Here is a packet dump of my connection attempt, in two formats.

packetdumpraw.txt * is a tcpdump file. if you know what that is, you should prob ably use it.

 

packetdumpascii.txt is a plaintext version, including all packet information and a hex dump of packets. Each packet is seperated by a form feed (or similar).

 

 

These packets look like connection attempts, so my password username etc are absent (don't even try guys :D )

 

Yes, the local IP is not a valid IP for internet, but I am behind a fully functional NAT-device.

 

 

* stupid "Upload failed. You are not permitted to upload a file with that file extension." - .dump and .dat won't take. Its not actually a .txt file

packetdumpraw.txt

packetdumpascii.txt

Link to comment
Share on other sites

These packets look like connection attempts, so my password username etc are absent (don't even try guys  :D )

 

Yes, the local IP is not a valid IP for internet, but I am behind a fully functional NAT-device.

 

Well, we did not ban anyone so it seems like just a newwork configuration problem. I only suppose that your NAT can't properly handle TCP connections for port 2000 (2001 for beta).

 

Please also check if this link works: http://lxnt.info:8888/repos/ufo2k/trunk/

It requires ability to connect at 8888 port (which is nonstandard as well). Please report the results.

Link to comment
Share on other sites

Problem found and solved.

 

My intrusion detection system is reading the connection replies as:

"BACKDOOR Trojan - active - 'Trojancow' incoming"

 

Odd... wonder if its just a false positive with this software. Anyone else have a problem with IDS systems? (im wondering if its just this brand, or most systems)

 

Hopefully it is just this brand.

 

Guess I have to disable IDS when playing :)

Edited by x0563511
Link to comment
Share on other sites

My intrusion detection system is reading the connection replies as:

"BACKDOOR Trojan - active - 'Trojancow' incoming"

 

Odd... wonder if its just a false positive with this software. Anyone else have a problem with IDS systems? (im wondering if its just this brand, or most systems)

I have found the following information, it is the list of TCP ports used by different trojans: http://www.textfiles.com/uploads/trojanports.txt

 

We were just 'lucky' to use the same ports as Der Spaeher 3, Insane Network, TransScout (port 2000) and TrojanCow, Der Spaeher 3, TransScout (port 2001) :(

On the other hand, there are not many 'free' ports left and there is always a chance that they can be used by some other trojan as well in the future.

 

Looks like your intrusion detection system only judges the application by the port it uses and issues that 'Trojancow' alarm.

 

What is most interesting here, UFO2000 connects to the server, so that's OUTCOMING connection. Backdoors on the other hand are usually get installed on your computer and wait for INCOMING connection from their master, so he can control it and do some nasty things to you. Seems like this intrusion detection system is crappy and even does not see this difference, can you provide a link to its webpage? I would like to have a look at it.

 

Security is quite popular theme now, there are lots of crappy 'products' appearing. For example, there are lots of antispyware tools which 'detect' spyware by checking only file names! Sure they are fast, but they do not protect you, a lot of spyware can have changing or random names, their names can also match the names of some real software! Now appears that we also have a intrusion detection system which is based only on a list of ports.

Link to comment
Share on other sites

My intrusion detection system is reading the connection replies as:

"BACKDOOR Trojan - active - 'Trojancow' incoming"

 

Odd... wonder if its just a false positive with this software. Anyone else have a problem with IDS systems? (im wondering if its just this brand, or most systems)

I have found the following information, it is the list of TCP ports used by different trojans: http://www.textfiles.com/uploads/trojanports.txt

 

We were just 'lucky' to use the same ports as Der Spaeher 3, Insane Network, TransScout (port 2000) and TrojanCow, Der Spaeher 3, TransScout (port 2001) :(

On the other hand, there are not many 'free' ports left and there is always a chance that they can be used by some other trojan as well in the future.

 

Looks like your intrusion detection system only judges the application by the port it uses and issues that 'Trojancow' alarm.

 

What is most interesting here, UFO2000 connects to the server, so that's OUTCOMING connection. Backdoors on the other hand are usually get installed on your computer and wait for INCOMING connection from their master, so he can control it and do some nasty things to you. Seems like this intrusion detection system is crappy and even does not see this difference, can you provide a link to its webpage? I would like to have a look at it.

 

Security is quite popular theme now, there are lots of crappy 'products' appearing. For example, there are lots of antispyware tools which 'detect' spyware by checking only file names! Sure they are fast, but they do not protect you, a lot of spyware can have changing or random names, their names can also match the names of some real software! Now appears that we also have a intrusion detection system which is based only on a list of ports.

 

 

Kerio Personal Firewall (www.kerio.com)

 

Everything else about it is fairly good. It even can be set to yell at you when one process launches another one.

 

Now that I realise how crappy the IDS is, i'm just going to use the packet filter and deny anything that I didn't explicitly allow.

 

At least, untill I get enough cash to make/buy a passive cooled low wattage linux or bsd based firewall. So it will be a while.

Link to comment
Share on other sites

Kerio Personal Firewall (www.kerio.com)

 

Everything else about it is fairly good. It even can be set to yell at you when one process launches another one.

 

Now that I realise how crappy the IDS is, i'm just going to use the packet filter and deny anything that I didn't explicitly allow.

 

At least, untill I get enough cash to make/buy a passive cooled low wattage linux or bsd based firewall. So it will be a while.

 

Kerio is a well known firewall (never used it though). So probably that are just some configuration issues. Maybe you have configured it to be too paranoid?

 

All you need to do is to find how to allow outcoming connections using TCP ports 2000 and 2001 for the process ufo2000.exe, most likely your firewall can be configured this way.

 

And disabling firewall completely while playing the game is dangerous as you can be attacked at this time (it is even more dangerous if you don't have all the needed security patches installed). A general rule is that it is better to forbid any connections coming from outside (enable only those that you really need), by the way, even built in Windows XP firewall can do that.

 

Good professional firewalls also provide protection against malicious software running on your computer and do not allow it to establish connections to the outside world. That is a much more difficult task as malware when it has control over your computer can try to disable your firewall, inject into some other process (explorer for example) and do some other tricks. But generally it is better not to let trojans get to your computer, also antivirus can do a good job finding all the nasties that you may have installed. Do you have any antivirus installed?

 

Also if you find any suspicious file, you can use this online service to check it: http://virusscan.jotti.org/

This service uses many antivirus engines, some of them are using powerful heuristics to detect even new versions of trojans.

Link to comment
Share on other sites

Ufo beta frigs around with my firewall so for now it can go to hel. It tries to connect to lxnt.info:2001 even when not running.

 

I got SPF and it's never let me down

Edited by Sporb
Link to comment
Share on other sites

×
×
  • Create New...