Maniaplanet Forum


https://forum.maniaplanet.com/

TM2 Stadium; curious connections from players or bots

https://forum.maniaplanet.com/viewtopic.php?t=46003

Page 1 of 1

TM2 Stadium; curious connections from players or bots

Posted: 07 Jul 2019, 14:58
by iz
I'm running a dedicated server 24/7 (RetliG), and have a couple of scripts monitoring the activity such as when players are connecting and disconnecting, from what IP and so forth.

Recently I've noticed a couple of recurring IP:s (37.235.1.174, 37.235.1.177 and 5.135.91.67, primarily in France and Austria if "whois" is to be trusted, which isn't necessarily the case) that several times a day establish connections lasting no more than 5 - 10 seconds.

Does anyone have a clue as to what this might be about? The behaviour seems very odd, and I find it hard to believe that there are actual human players behind those IP:s. Then again, I fail to see the point in having bots connecting to TM2-servers.

Re: TM2 Stadium; curious connections from players or bots

Posted: 07 Jul 2019, 16:17
by TMarc
It could be a port scan and a try to breach into your server, misunsing known vulnerabilities.

Re: TM2 Stadium; curious connections from players or bots

Posted: 07 Jul 2019, 17:01
by iz
TMarc wrote: 07 Jul 2019, 16:17 It could be a port scan and a try to breach into your server, misunsing known vulnerabilities.
You're probably right. I'll just block those IP:s in the firewall and leave it at that.

Re: TM2 Stadium; curious connections from players or bots

Posted: 18 Jul 2019, 21:19
by iz
As it turns out, the first two of those IP:s are OpenDNS IP:s called upon from my own system(!) on a regular basis. You may laugh. :roflol:

For some reason though, they briefly register as an established connection to the ports used by my TM2-server without, obviously, actually connecting to the TM2-server. This is enough to wreak havoc with my script which registers a connect and disconnect in rapid succession. The third IP, I don't know. Probably a port scanner causing the same reaction from my script for similar reasons but with malicious intent.

Now here's the interesting part; I can't seem stop any of these IP:s from at least sniffing the TM2-ports closely enough as not to upset my script. Not using firewall settings anyway. Which is annoying, and thus far lacking for an obvious explanation.

Re: TM2 Stadium; curious connections from players or bots

Posted: 19 Jul 2019, 12:45
by TMarc
That's interesting, not funny :)

Perhaps ths sniffing is just general, an alive check from your hoster, or simply due to the fact that you are running a server online.

But until now, I did not see any report of such phenomenon with any other server... very strange.
All times are UTC+01:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited