TM2 Stadium; curious connections from players or bots

Moderator: NADEO

Post Reply
iz
Posts: 3
Joined: 25 Feb 2018, 00:12

TM2 Stadium; curious connections from players or bots

Post by iz » 07 Jul 2019, 14:58

I'm running a dedicated server 24/7 (RetliG), and have a couple of scripts monitoring the activity such as when players are connecting and disconnecting, from what IP and so forth.

Recently I've noticed a couple of recurring IP:s (37.235.1.174, 37.235.1.177 and 5.135.91.67, primarily in France and Austria if "whois" is to be trusted, which isn't necessarily the case) that several times a day establish connections lasting no more than 5 - 10 seconds.

Does anyone have a clue as to what this might be about? The behaviour seems very odd, and I find it hard to believe that there are actual human players behind those IP:s. Then again, I fail to see the point in having bots connecting to TM2-servers.

User avatar
TMarc
Posts: 15056
Joined: 05 Apr 2011, 19:10
Location: Europe
Contact:

Re: TM2 Stadium; curious connections from players or bots

Post by TMarc » 07 Jul 2019, 16:17

It could be a port scan and a try to breach into your server, misunsing known vulnerabilities.
maniaplanet forum global moderator

Link list with FAQ, Support, Wiki, Tutorials, Community activities, and much more.

System specs: Intel i7-970 12GB RAM, nVidia RTX 2060 6GB, Creative SB X-Fi, 2xSSD 1xHDD

iz
Posts: 3
Joined: 25 Feb 2018, 00:12

Re: TM2 Stadium; curious connections from players or bots

Post by iz » 07 Jul 2019, 17:01

TMarc wrote:
07 Jul 2019, 16:17
It could be a port scan and a try to breach into your server, misunsing known vulnerabilities.
You're probably right. I'll just block those IP:s in the firewall and leave it at that.

iz
Posts: 3
Joined: 25 Feb 2018, 00:12

Re: TM2 Stadium; curious connections from players or bots

Post by iz » 18 Jul 2019, 21:19

As it turns out, the first two of those IP:s are OpenDNS IP:s called upon from my own system(!) on a regular basis. You may laugh. :roflol:

For some reason though, they briefly register as an established connection to the ports used by my TM2-server without, obviously, actually connecting to the TM2-server. This is enough to wreak havoc with my script which registers a connect and disconnect in rapid succession. The third IP, I don't know. Probably a port scanner causing the same reaction from my script for similar reasons but with malicious intent.

Now here's the interesting part; I can't seem stop any of these IP:s from at least sniffing the TM2-ports closely enough as not to upset my script. Not using firewall settings anyway. Which is annoying, and thus far lacking for an obvious explanation.

User avatar
TMarc
Posts: 15056
Joined: 05 Apr 2011, 19:10
Location: Europe
Contact:

Re: TM2 Stadium; curious connections from players or bots

Post by TMarc » 19 Jul 2019, 12:45

That's interesting, not funny :)

Perhaps ths sniffing is just general, an alive check from your hoster, or simply due to the fact that you are running a server online.

But until now, I did not see any report of such phenomenon with any other server... very strange.
maniaplanet forum global moderator

Link list with FAQ, Support, Wiki, Tutorials, Community activities, and much more.

System specs: Intel i7-970 12GB RAM, nVidia RTX 2060 6GB, Creative SB X-Fi, 2xSSD 1xHDD

Post Reply

Return to “Dedicated Server”

Who is online

Users browsing this forum: No registered users and 2 guests