Hiay Jiri I have a prety serious question to you and hope you can
enlight me with a great answer.
As soon as I start HL klient this is what I get in my network seccurety log....
06/24/2002 04:06:16 Intrusion Detection System Major Unknown ICMP 200.183.66.90 192.168.0.3 2 06/24/2002 04:06:15 06/24/2002 04:06:15
06/24/2002 04:06:16 Intrusion Detection System Major Unknown ICMP 66.177.110.217 192.168.0.3 2 06/24/2002 04:06:14 06/24/2002 04:06:14
06/24/2002 04:06:16 Intrusion Detection System Major Unknown ICMP 63.162.16.154 192.168.0.3 2 06/24/2002 04:06:12 06/24/2002 04:06:12
06/24/2002 04:06:16 Intrusion Detection System Major Unknown ICMP 65.41.182.20 192.168.0.3 2 06/24/2002 04:06:09 06/24/2002 04:06:09
06/24/2002 04:06:16 Intrusion Detection System Major Unknown ICMP 203.18.77.11 192.168.0.3 2 06/24/2002 04:06:08 06/24/2002 04:06:08
this is just a 50th of the hole log... the log event is huge.
it have been going on for some time as from when I instaled 3.2.5.
I just wanted to be shore it is HL before I report this to you.
I think it's fair that you get to respond to this first.
before I go further with this.
And to you thinking of responding I got virus or trojan or any other crap in my system doing it forget it as I said only when HL start up and it stop when I shut it down again. I want a explanation of what and why this is doing so that take a lotta speed out of the connection no wonder HL is sluggish compared to before..
Please try to respond to this ASAP.
And for you wondering why I posted it not just sending it in mail to you welll answer to that is obvious.
Please post up what security programs you use as I get non of this Intrusion Detection warnings. I would like to test it out. I have tryed with 3 firewalls with no warnings of this type.
As Jiri says he will only awnser problems set out like whats in the sticky thread at the top of the tech support page.
Seeing that all the ip`s are diffrent I am suspecting they belong to other players at the hyperlobby and its alarming because they are pinging you.
A for the extra bandwith usage you are having ?
Might be your security log file working overtime.
Post up what settings you have for incoming ping echo too.
_________________ Regards, Gunny.
EAF331Archangel Post Newbie
Joined: Mar 30, 2003
Posts: 5
Location: USA
Posted:
Tue Jun 24, 2003 5:52 pm
I use Sygate Firewall and I have let HL get a clear pasage thrugh the firewall since I am a host at many times online....
So your thought is what I suspected to but then comes the question to ( I wrote this is only a 50th of the log ) I get intrusion from most user loged in to HL and I get all of there IP's logged to I tink it's very alarming yeas but all or most usesers in HL cant be doing this on purpous maby so there is one source fot his yea . .
I could retaliate back on it but that would only start a hack war in HL and my consern is to ceep it a good fun place to meet people of same interest . . .
this is indeed alarming yea as all the constant tries of cheating in games like FB what's the point flying toward others if cheating and hacking is only way to win these people should be hunted down and baned from online gamingservers as in HL
and yea it is IP's of other users in HL but they cant be Piping me not that many I think it's something else if you want my hole log list of IP's number and the rest of it is HUDGE jiri should have my mail or contact me on EAF's homepage you can contact me on HL or give me a alternative here ...
this need to be fixed cos all the cheating and this backstabing toward other users should be hunted and stoped. or it will destroy the hole point of HL eventualy.
One acurate descript of the intrusion is..
this is the intrusion...
E61001 DDOS tfn2k icmp possible communication
this is my respond so far to it...
Traffic from IP address 208.42.22.137 is blocked from 06/24/2002 19:05:20 to 06/24/2002 19:15:20.
_________________ --== EAF331 ==--
Jiri-Fojtasek Site Admin
Joined: Feb 02, 2003
Posts: 1737
Location: Slovakia
Posted:
Tue Jun 24, 2003 6:40 pm
Hl uses ICMP ping for latency calculation betwen clients. When you enter HL, use a game slot, and in ready room are 300 ppls you got 300 ICMP ping packets from everyone who are currently in the ready room. Its issue of design. Some less inteligent firewalls should mark it as a DDOS atack. ( DDOS atack is related but for it using huge packets )
_________________
EAF331Archangel Post Newbie
Joined: Mar 30, 2003
Posts: 5
Location: USA
Posted:
Tue Jun 24, 2003 11:03 pm
Thanx alot M8 my suspision was not all of then I have to set down the sensetivity litle on the firewall
Thanx for the suport as always quick and exact
View next topic View previous topic
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You cannot download files in this forum
