What are the security risks of having the required ports always open for gamespy multiplayer of DW?

Im having a really bad internet lag all over my network now, i found an "unknown" computer accessing an IP address off my network, i changed everything to deny it access, but still my internet is dragging...oddly speed checks still show me with very high speeds(+2200 kbps).

Im trying tpo find out whats the odds that all this is connected, especially being the very next time i logged onto my system after accepting, but seemingly failed, to download a custom mission last night. Could that have been a ploy to slip something much more sinister past my firewall? is it a coincidence? am i just paranoid? could their even be a way to slip something sinister into my system bu using the DW multiplayer mechanics and UI?

I've been working on this problem for hours and its beginning to drive me nuts, this is a brand new install of XP so im surprised to be hit with something so depilatating so quickly after a re-format.

You may well be paranoic..................but if so you are not alone !!

I had similar experiences over a year ago resulting in a reinstall of XP and a change of ISP.

You may well be paranoic..................but if so you are not alone !!

I had similar experiences over a year ago resulting in a reinstall of XP and a change of ISP.

Extreme caution with limiting MP exposure has stilll resulted in Trojans finding their way into my DW folder
and linking to so called secure storage area/s.

My future participation in MP and on the internet is under review.

Your problem has to be somewhere else.
I have windows xp pro updated to the latest security patches, firewall and router configured in optimal way, all ports blocked except those few that are used in applications/games.
I use firefox, don't click on strange banners, don't download <<pirate links>>, and have yet to catch a virus, trojan, malware etc... since the last time I installed windows xp.
That is over 2 years ago :yep:

The point is be concerned about computer security but don't be paranoid and most of all don't blame windows xp for things wich arise from user doing things he shouldn't do.

I take a multi-layered approach. My ADSL/router has a hardware firewall so I can port forward the right ports to the right IP on my little LAN (saves using the DMZ 'solution'). Also, on my local PC I run a software firewall as well to detect anything inbound/outbound that shouldn't be there.

PC security is one of those areas where you can take all right steps but you'll still be vulnerable to those 0-day exploits. I always make sure to take backups of key data and configs 'just in case'. No parania needed, just sensible precautions.

-- Rip

Well I 'm not listing what I do but its thorough and broadly conforms to what the last posters
have said. I have a router with firewall, a software firewall and other security measures.

But as Rip said '' you will still be vulnerable....'' - and to some its a challenge.

I think the best security against that is as always to practice "safe file transfer" or in other words only play with trustworthy people. Aside from that, I play DW and other MP games for a hell of a long time, and the only issue with viruses was not because of a game but because of me being dumb and leaving the virusscan turned off while using emule.

Lesson learned, I keep my VirusScan on at practically all times. And the only problems I have now are because I have wrecked my system with installing too much stuff, of which only a quarter is needed, so my system is slowed down. And some uninstall routines have worked less then acceptable.

I'm not sure what some fellows do, but somehow in all of my time playing online I apparently have by chance avoided all those bad guys with trojans and whatnot.

If you use a router with a hardware firewall and then layer that with anti-virus and firewall software utilizing heuristic detection you shouldn't have a problem.

People get into trouble with computer security because they try to go cheap, misconfigure multiple pieces of software that intefer with each other, or expose themselves to high risk code without taking proper precaution.

so it possible to have something bad piggy-back on a custom mission or use DW as a way into the system?

Wow...that will make me think twice about playing custom missions now.

It is possible to imbed a virus into any file.

Using anti-virus software will greatly reduce the likelihood of this happening.

In terms of trojans specific to DW missions, this is possible but very unlikely... a security expert would probably class your average DW custom mission as a "low threat", meaning as dangerous as any other file from something other than a piece of software bought in a store.

In terms of playing DW in MP, that vulnerability is mostly related to the vulnerablities in WinXP/DirectPlay8, and you can get around that by using a software firewall/AV software that can detect trojans and intrusion signatures, preferably in combination with a hardware firewall.

To me, this stuff has nothing to do with DW in particular, but is just basic internet security. If you have the basic tools and configure them correctly, unless you do high risk activities, you will be fine 99.95%. And no, playing legitament copies of DW (third-party or user mods are considered legit for the most part, depending on whether it breaks the EULA) or other online games from reputable sources generally is not considered a high risk activity, provided you have your system protected.

Well it would be extremely naive to ignore the 'security' issues involved in and around any military sim.
''Just basic internet security'' can be easily defeated.

The problem is distinguishing 'proper' authority overseeing from other neo-criminal activity.

so if I had left the required ports on my router for MP open for a week, but left my zonealarm on at the sametime, would I be vulnerable to anything slipping in unseen, something that could attack my system while the computer was off and/or while it was on?

The reason being I havent used an anti-virus program in years, but because of my very restrictive computing habits, I havent needed one. But now with my interets in DW's MP, im getting a bit worried with all the open ports. Is playing DW multiplayer any more dangerous than playing other online games like WWIIOnline, or EVE, Ghost Recon/Rainbow SIx, etc. that dont require opening any special ports?

The ports only have to be opened if you are the one hosting.

If you are not hosting, you don't have to open any ports in your hardware.

The reason you do not have to open ports for those other games is that you are not using your computer as the ad hoc server to run the game, you are connecting as a client.

So, no, DW is no more vulnerable than any other software using DirectPlay 8.

@Bellman, I haven't heard about anyone cracking DW MP code, I think it is just general stuff about DirectPlay 8... which, is a concern, I repeat, that can be largely negated by keeping your A/V and firewall software up-to-date and running a hardware firewall.

@LW: :P I repeat hardware and software present and all 'obviously' uptodate.
Sure you dont have 'hicks' in mind ? If so - thanks a lot !

Please take your telescope off the 'blind-eye' ! It is not necessary to crack the code - just introduce
spy measures into any folder.

But why the DW folder as opposed to some other random folder?

Once someone is in your system, they could put files anywhere... surely they would put them somewhere more useful than your DW folder?

I'm really not following this conversation... anyone with the skills to crack code like this would not waste their time on a piece of software used by such a small community as DW, if only because it would be fairly evident what had happened and where it came from... I mean, there is only one mod team, four solo modders, and like 15 mission designers? :yep: ;)

The ports only have to be opened if you are the one hosting.

If you are not hosting, you don't have to open any ports in your hardware.

The reason you do not have to open ports for those other games is that you are not using your computer as the ad hoc server to run the game, you are connecting as a client.

So, no, DW is no more vulnerable than any other software using DirectPlay 8.

@Bellman, I haven't heard about anyone cracking DW MP code, I think it is just general stuff about DirectPlay 8... which, is a concern, I repeat, that can be largely negated by keeping your A/V and firewall software up-to-date and running a hardware firewall.


I thought the ports were required to be open for host and joiners. I had problems before with other games on gamespy using my router. Granted I didnt try to play with them closed this time around.

Can someone else confirm that the opening of router ports is only required for hosting.

I don't use GameSpy and I don't know much about it, and I haven't found much use for it, so I haven't had any inclination to use it any more than my Beta testing duties required.

I'm only speaking about using DW by directly connecting to your host's ip.

LW:Once someone is in your system, they could put files anywhere... surely they would put them somewhere more useful than your DW folder?

With respect if you read the posts in the thread you would ''follow this conversation,'' Egs:-
Bellman:
''Trojans finding their way into my DW folder and linking to so called secure storage area/s. '

The no-brainer reply to 'why put them there ' is because my DW folder is used a lot !!

No offense, but somehow I get the feeling that some people are kinda overreacting (due to whatever reasons they have or think to have).

It's common knowledge that especially Windows is pretty leaky even if you patch it all up and have some additional programs covering the other holes. But as I mentioned earlier in all my time of playing Online I have yet to encounter one such problem as described previously - maybe its luck, but maybe it was bad luck on behalf of the side of the guys who catched something. Either way, while caution is a good thing, it should be kept reasonable - so you guys have been burned, **** happens. But try to avoid scaring other possible not very knowledgeable customers off playing DW - MP just because you encountered a hit by a Virus/Trojan.

Just my 2cts

OS

Its a matter of personal judgement how much you 'expose' on the internet.
I dont think anyone will be scared off by a proper consideration of the risks and sensible steps to take.
You just have to accept that however careful you are and however much you spend on so called security software
- you can still get hit.

Now if you dont bank on the internet, set a credit card balance at peanuts level, and dont broadcast
personal details - you aint giving away anything worth having !

Playing DW online is about as risky as connecting your computer to the internet in the first place. So if you feel secure enough having a computer online, then you should feel secure enought to use it. :)

DW has for me been exceptionaly free from MP ''poo'' (OS) when compared with previous experience of other
MP games. Probably this is a compliment to the quality of the gamers - but neither SAS or we players
have any control over third-party 'observers'.

But nothing would prevent me from full participation in the most absorbing sim I have ever played on the internet.

:|\ :rock: :yep:

Did somebody call? :-j

The thread hasn't managed to be all that coherent, with some people starting with things not even related, so this post becomes what it is... Essentially, I've just picked some pieces I wanted to comment on, and answered.

As a related; I recommend Tiny Firewall for its wide firewalling (app-app and app-filesystem is also firewalled) but there are two reasons why I would not recommend it: Further development was pretty much abandoned as they were bought out, with some annoying bugs left, and it is meant for rather advanced users.

But first, I want to clear up a few things.

First of all, port states. People here discuss open/closed; but this becomes quite wrong.


Filtered: A request to this port won't even reach the port. This may be the router not forwarding it, or a firewall on the target pc. (I'm discussing actual state rather than perceived state, for those familiar with nmap etc.)

Closed: A port at which nothing is listening.

Open: A port at which something is listening.

When people in this discussion has said "open ports" they really mean "unfilter(ed)" ports. For some it only means partially unfiltered, even. Does it still sound that bad?


so it possible to have something bad piggy-back on a custom mission or use DW as a way into the system?

No. Other than a custom installer for a mod (graphics/sound mods require these), which is rather obvious to the "computer literate", there is no way to do this. That is known, and I see no reason why any piece should actually be vulnerable.


It is possible to imbed a virus into any file.

Aye, but so what? Unless you can also get it to execute, it doesn't matter. There have been some episodes regarding winamp and playlists, as the playlists could hold exploit code (your "virus") - though the vulnerability fixed was always something about how it was made to execute it.


The problem is distinguishing 'proper' authority overseeing from other neo-criminal activity.

For my home network, I just assume there's no "proper authority" other than myself to begin with. :lol:

Wether a packet trail etc is the result of some attacker or some desirable automated process, however, is a bit more difficult. I believe that's more along the lines of what you meant?


so if I had left the required ports on my router for MP open for a week, but left my zonealarm on at the sametime, would I be vulnerable to anything slipping in unseen, something that could attack my system while the computer was off and/or while it was on?

This is what I meant by partially unfiltered. Zonealarm would be the second filter, and you unfiltered it only in the first filter. Zonealarm is then capable of unfiltering when it turns open, so there's no real difference from closed, as far as opening for an actual attack through it goes. ("Stealthing ports" is somewhat overrated.)


Is playing DW multiplayer any more dangerous than playing other online games like WWIIOnline, or EVE, Ghost Recon/Rainbow SIx, etc. that dont require opening any special ports?

DW shouldn't require any incoming ports unfiltered in order to join, but in order to host a game, you will need to unfilter ports there too. (The MMO games are excepted as they don't have a "host mode")


It is not necessary to crack the code - just introduce spy measures into any folder.

Not sure what you're smo... err... mean here. The "crack the code", reading that as "finding a security hole", means finding the way to let that little virus or whatever, which can be embedded in a mission, actually be executed. Without that, you're talking about things that are actually unrelated to DW.


The no-brainer reply to 'why put them there ' is because my DW folder is used a lot !!

Umm... isn't that a good reason to avoid putting it there?
(Or do you need to be more specific what you mean?)


Now if you dont bank on the internet, set a credit card balance at peanuts level, and dont broadcast personal details - you aint giving away anything worth having !

Even then, they may turn your computer and its internet connection into a DoS zombie, attack relay, or use it to send spam which can then only be traced back to you.


DW has for me been exceptionaly free from MP ''poo'' (OS) when compared with previous experience of other MP games. Probably this is a compliment to the quality of the gamers - but neither SAS or we players have any control over third-party 'observers'.

Ummm... I thought this thread was about computer security and DW?


I've been working on this problem for hours and its beginning to drive me nuts, this is a brand new install of XP so im surprised to be hit with something so depilatating so quickly after a re-format.

Brand new install is when it is at its most vulnerable to attack, before you've patched security holes, etc.


but still my internet is dragging
Care to be a bit more specific? Exactly what are you seeing, that makes you say that? Is some internet-using app (e.g. webbrowser) slow to load pages? Does the entire computer slow down a lot when you're doing something on the net?

I think it would qualify as rule #1 of tech support, that you should never assume the guy who needs help knows what he's talking about. (Unless you've seen otherwise from him/her before.) Sentences like that prove it.

:D Thanks for giving these issues some time MHJ - it is appreciated.

However talking specifics I am no further on with my mysterious Starchart and replay folders which
both link to a fortunately empty so called secure file called 'Folder Lock'.

Note re 'Poo'. OS put it quite aptly - OneShot: '' so you guys have been burned, poo poo happens.

:lol:

If you are getting trojans on your computer merely from having gamespy's ports open it means your computer has those trojans before you even connect. Opening ports does not make you some kind of huge internet target. The only ports that need to be filtered at the netbios and msrpc ports (basically everything from 1 to 1064 should be filtered by your firewall, then unfilter certain ports as you deem necessary such as port 80 for web browsing, msn port, etc..)

Again, if trojans are just magically appearing on your computer then you are already infected. Trojans do not just weasel their way into your system if you don't have a firewall going. I have no firewall and have no problems, because I make sure I don't invite problems onto my system. If you get crap on your system you basically open the floodgate whether or not you have a firewall. In fact most good spyware will disable your firewall without letting you know it's done that.

Consider using a downloaded anti spyware program like hijack-this, CWS Shredder, ad aware and spybot search and destroy. Avoid crap products like norton and mcaffee. They just return false positives all the time.

then unfilter certain ports as you deem necessary such as port 80 for web browsing

Sounds like somebody hasn't caught on to the difference between inbound and outbound...

The technical details (source port, destination port) are more than I think I should confuse people here with unless specifically asked for, though.

Again, if trojans are just magically appearing on your computer then you are already infected.

Presuming that to be true, installing windows already has you infected with internet explorer :-?

I have no firewall and have no problems, because I make sure I don't invite problems onto my system. If you get crap on your system you basically open the floodgate whether or not you have a firewall. In fact most good spyware will disable your firewall without letting you know it's done that.

Firewalls are overrated - but they are still too good a line of defense to be just plain ignored. (Not implying you are ignoring them, it would seem you've made a wellinformed decision) The problems start when people start relying on (only) the firewall, and get lax with the rest. (And restart with reinstall or end with scrapped pcs ;) )

Avoid crap products like norton and mcaffee. They just return false positives all the time.

The software sheriffs, outlawing anything for any reason... or that is at least how it initially appears. You see, the most common targets (that I know of) are security products...... ...but at least for the most part those that can be used for an attack; things that shouldn't be on average joe's pc. Problem is, it tends to frustrate those who uses them legitimately too. At least somebody started using the phrase "potentially unwanted software"

I'm without antivirus like you are without firewall. And doing fine without. Once per a few months I use AV for a routine check. I don't think I have yet found anything beyond false alarms, like the mentioned PUS.

MHJ - A very safe pair of hands returns to the bridge.

There's is a growing tendency for spyware software, particularly at the free trial stage, to ''discover'' -''potentialy harmful programmes'' Not surprisingly post purchase these same spyware scammers who presumably now have entered into a contractual relationship are rather more cautious.

Further point - any individual having a strong interest in things military, albeit a leisure pursuit, should or may reasonably expext in todays climate to be 'watched'

That sophisticated techniques pertain should be in no doubt ! Clinging to any concept of 'clothing' is misplaced as the very architecture of communication is and should be expected to be monitored.