OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Alex Arndt (aarndtrogers.com)
Date: Thu Jan 03 2002 - 18:27:20 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Greetings,

    An important port to add to your list would be Microsoft DirectPlay.
    This is the networking portion the DirectX suite and binds to one
    distinct port - UDP 28800.

    Any game that is DirectX compatible will normally use this port, but
    as Jamie pointed out, there's no guarantees that you'll always see
    play on the default ports.

    In any case, the best way to find those games is using either your
    sniffers or monitoring your throughput on the outbound interface of
    your border router. A sudden spike in high port UDP (especially around
    lunch or at the beginning/end of the day) is a pretty good sign some
    gaming is going on.

    Hope this helps!

    Alex Arndt, GCIA
    "Within all order is the potential for chaos..."

    -----Original Message-----
    From: Mike Gilles [mailto:mike.gillesitmtech.com]
    Sent: Thursday, January 03, 2002 4:12 PM
    To: Richard.CTR.Mickeytc.faa.gov; focus-idssecurityfocus.com
    Subject: RE: how can I track networked games

    Rich,

    Here's a list of the ports "typically" used by some of the most popular
    online games currently.
    <snip>
    So here they are:

    Half Life, TFC:
    any to or from 27005
    any to or from 27015
    any to or from 27016

    Quake 3: Arena:
    any to or from 26000, 27000, 27910, 27960

    Starcraft:
    any to or from 6112

    Quake II:
    any to or from 27901
    any to or from 27910

    QuakeWorld:
    any to or from 27500
    any to or from 27001

    Unreal:
    any to or from 7777

    Diablo2 and Battlenet:
    any to or from 6112
    any to or from TCP 116, 118
    <snip>
    BTW: No one plays DOOM anymore, but if they did, I think it operates on UDP
    port 666.

    Hope this helps,

     Michael John Gilles
     Lead Security Engineer, MCSE
     <snip>
    -----Original Message-----
    From: Richard.CTR.Mickeytc.faa.gov
    [mailto:Richard.CTR.Mickeytc.faa.gov]
    Sent: Thursday, January 03, 2002 10:39 AM
    To: focus-idssecurityfocus.com
    Subject: how can I track networked games

    I would like to watch for networked games (such as Doom), but it seems they
    use a multitude of options for connecting. I found clients that connect via
    IPX, TCP, UDP and Server side Java applets just poking around the Internet.

    Any help with Snort rules or general strategies for monitoring these will be
    appreciated.

    Thanks in Advance.

    Rich