Ace of Spades Game Forums » Topic: How to IP ban hackers (Linux, tshark, iptables)

ape on "How to IP ban hackers (Linux, tshark, iptables)"

ape — Mon, 18 Apr 2011 00:41:08 +0000

Lol, good thing you posted this cause this game is way too hackable
http://dl.dropbox.com/u/6281166/client%202011-04-17%2022-32-02-96.png
http://dl.dropbox.com/u/6281166/client%202011-04-17%2022-35-02-91.png
http://dl.dropbox.com/u/6281166/client%202011-04-17%2022-53-47-61.png

http://www.youtube.com/watch?v=gze_L6O7pm4

Flashman on "How to IP ban hackers (Linux, tshark, iptables)"

Flashman — Sun, 17 Apr 2011 20:36:27 +0000

Is there a way to temporarily block people - eg kick but not ban? I'd like to be able to boot people to make way for an admin or preferred player.

Naka on "How to IP ban hackers (Linux, tshark, iptables)"

Naka — Sun, 17 Apr 2011 19:58:23 +0000

I end up being able to capture packets from client "23", yet it always kicks "26" when I add the IP to firewall.
What's going on?

ComradeFlapjack on "How to IP ban hackers (Linux, tshark, iptables)"

ComradeFlapjack — Wed, 13 Apr 2011 18:33:22 +0000

Ack, can't edit the original anymore. I made a booboo in the iptables rule (depending on your iptables setup).

You need the block before the 'accept packets on 32887' rule so the -A append doesn't work, you need an -I insert (at index 1) so it comes before the accept rule in the chain:

iptables -I INPUT 1 -s CLIENT_IP -p udp --destination-port 32887 -j DROP

Naka on "How to IP ban hackers (Linux, tshark, iptables)"

Naka — Wed, 13 Apr 2011 16:58:38 +0000

You can use a memory editor to monitor chat messages and usernames. Maybe find out how to communicate with clients through wireshark and it wouldn't be too bad.

ComradeFlapjack on "How to IP ban hackers (Linux, tshark, iptables)"

ComradeFlapjack — Wed, 13 Apr 2011 16:41:05 +0000

Gotta get a regular client spot really (unless you use tshark to monitor what's going through chat or something).

Naka on "How to IP ban hackers (Linux, tshark, iptables)"

Naka — Wed, 13 Apr 2011 16:27:54 +0000

And how might I join my own server to figure who cheats?

ComradeFlapjack on "How to IP ban hackers (Linux, tshark, iptables)"

ComradeFlapjack — Wed, 13 Apr 2011 16:10:08 +0000

Thought some other people might appreciate this, this is assuming you're using iptables as your firewall, you'll also need tshark (command link Wireshark client).

While connected to the server view the scoreboard (TAB). To the left of each user name is their connection ID, you need this to identify the user.

Now run:

tshark -f "dst net SERVER_IP and udp dst port 32887 and udp[9:1]=USER_ID" -c 1

replace SERVER_IP with your server IP and USER_ID with the connection ID taken from the scoreboard.

You should see the details of a single packet dumped to the console, this shows the user's IP address (make sure you get the right one, it also shows the server IP address!).

Now do:

iptables -A INPUT -s CLIENT_IP -p udp --destination-port 32887 -j DROP<br />

Replace CLIENT_IP with the IP you looked up via tshark.

Hope that helps some people (until 0.26 comes out anyway...).