DWX 1.3 weird connections

[Castout]

Follow up from here

http://www.redrodgers.com/forums/sho...t=4912&page=69

Quote:

I've noticed that dangerous waters.exe to try to connect to the following without me actually trying to play with anyone(outbound connection).

IPv4: 111.94.x.x, 119.110.x.x (TCP destination port 80)
IPv6: ff02:1:ff61:75bd (ICMPv6)


Does anybody know what's going on?

I'm not accusing anything just found it strange I don't think the exe would need to communicate to any server.

Quote:

Umm thanks for the reply from my firewall log/event list actually


My adapter ini looks something like this. I tried playing online yesterday but it failed neither of us could see each other session. I've allowed dangerous waters.exe to connect out and accept connection. My firewall logged that I connected out to my opponent computer but I just couldn't see any session while the firewall never logged even any connection attempt from him when I tried to host(nothing logged as blocked and no incoming connection logged).

This file contains all adapters found on this system:
Local Area Connection - IPv6 - fe80:xxx:75bd
Teredo Tunneling Pseudo-Interface - IPv6 - 2001:0:4137xx6xx:e21f
Teredo Tunneling Pseudo-Interface - IPv6 - fe80:xxx:e21f
6TO4 Adapter - IPv6 - 2002xx:x:1de0
Local Area Connection - IPv4 - 118.136.29.224

As far as I know my iSP is not using any IPv6 protocol. Must be windows 7 thing perhaps.

And yesterday I noticed something which confused me too. While I was trying to host with ip 118.136.29.224(and my opponent's was 70.164.96.xx) the firewall logged that dangerouswaters.exe was connecting to 118.136.29.1, to port 1900 ??! Perhaps it was trying to tell the local network of the DW opened session?!

Quote:

Thanks for the suggestion

I don't think I'm having any problem with UPnP service. I think DW is trying to alert the local LAN maybe. It tries to connect to IPv6 and IPv4 addresses.

The IPv4 addresses is always showing as local ip(same country) either to port 1900 or port 80 and none other.

I'm sure it's only happening with DW.

Do I need to reinstall the application?

As for Sertore asking whether the system is infected with malware I must say no. I've scanned the system from time to time and the system itself is no more than 2 months old. However because of me being a political activist I believe I've been a victim of hacking from time to time especially in 2009 and in the week when I just got this new rig but unless the hacking did serious damage as to not allow the system to boot successfully I would never be sure whether I've been victimized by such attacks.

[sertore]

To be a bit more sure, install free version and run a scan with http://www.malwarebytes.org/

[Krabb]

Port 1900 is Universal Plug'n'Play. It is used to automatically configure network devices. Do you have a router?

[Castout]

Quote:

Originally Posted by sertore

To be a bit more sure, install free version and run a scan with http://www.malwarebytes.org/

I just did last night and it reported my PC as being clean. My PC is installed with firewall and security suite with 2 different AV which work fine together.

Quote:

Originally Posted by Krabb

Port 1900 is Universal Plug'n'Play. It is used to automatically configure network devices. Do you have a router?

I don't think so I've only a cable modem.

[Castout]

Just after posting that I had a blue screen crash. maybe all this is not hacking but the PSU is failing. Still doesn't explain why the blue screen crashing had stopped for a year. It was happening within 3-4 days in 2009 for some months. A lot of times the result caused me to unable to boot into windows. I'm changing the PSU very soon.

[Castout]

Umm I reinstalled DW and DW stock 1.04 exhibit the same behavior of connecting to port 1900 of another ip(same ip as host with the last digit being chnaged to 1). I think it's thus not a DWX problem at all.

[sertore]

Dear Castout,
your concerns about traffic on port 1900 should be explained as follow: as soon as you start to host a game, the DirectPlay service is engaged.

It starts to enumerate the available ports to use the ones related to the specific DirectX service (as you probably know in the range 2305-2400): the enumeration use the standard UPnP-compliant NATs to open the ports at the game start, and close them at the the game close.

This should be the reason why you see the traffic on port 1900, the UPnP standard, when you start the game: it is a side effect due to the use of DirectPlay feature of DirectX.

So, not worry about that: it should be the normal behaviour of the original game, modded or not.

Cheers.

[Castout]

Thanks Sertore for the explanation. I appreciate it very much

[Castout]

--deleted--

[Castout]

Umm I'm just curious about connection out to port 80 when playing DW

Does anyone experience the same? Or is it just me?

Game should not try to connect out when no online session was attempted.