OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Derek Walker (derwalkecisco.com)
Date: Thu Jan 03 2002 - 16:20:04 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Just remember that a lot of these games can utilize socks proxies. So it
    all depeneds on your placement and how you are inspecting the data...

    D.

    On Thu, 3 Jan 2002, Mike Gilles wrote:

    > Rich,
    >
    > Here's a list of the ports "typically" used by some of the most popular
    > online games currently. I do stress typically because they are ephemeral
    > ports after all and are subject to change. The ports are UDP unless
    > otherwise stated. So here they are:
    >
    >
    > Half Life, TFC:
    > any to or from 27005
    > any to or from 27015
    > any to or from 27016
    >
    > Quake 3: Arena:
    > any to or from 26000, 27000, 27910, 27960
    >
    > Starcraft:
    > any to or from 6112
    >
    > Quake II:
    > any to or from 27901
    > any to or from 27910
    >
    > QuakeWorld:
    > any to or from 27500
    > any to or from 27001
    >
    > Unreal:
    > any to or from 7777
    >
    > Diablo2 and Battlenet:
    > any to or from 6112
    > any to or from TCP 116, 118
    >
    > I got some of these from your brethren at NASA... here's the link:
    > http://www.caida.org/analysis/AIX/. The others I know from experience
    > *cough* I mean I've seen them used :)
    >
    > BTW: No one plays DOOM anymore, but if they did, I think it operates on UDP
    > port 666.
    >
    > Hope this helps,
    >
    > Michael John Gilles
    > Lead Security Engineer, MCSE
    > Ext. 204
    > 616.901.9720 mobile
    > mike.gillesitmtech.com
    >
    > ITM Technology, LLC.
    > 5940 Tahoe DR. S.E. Suite 110
    > Grand Rapids, MI 49546
    > 616.464.1361 office
    > 616.464.1362 fax
    >
    >
    > -----Original Message-----
    > From: Richard.CTR.Mickeytc.faa.gov
    > [mailto:Richard.CTR.Mickeytc.faa.gov]
    > Sent: Thursday, January 03, 2002 10:39 AM
    > To: focus-idssecurityfocus.com
    > Subject: how can I track networked games
    >
    >
    > I would like to watch for networked games (such as Doom), but it seems they
    > use a multitude of options for connecting. I found clients that connect via
    > IPX, TCP, UDP and Server side Java applets just poking around the Internet.
    >
    > Any help with Snort rules or general strategies for monitoring these will be
    > appreciated.
    >
    > Thanks in Advance.
    >
    > Rich
    >
    >
    >