RE: how can I track networked games

From: Mike Gilles (mike.gilles@itmtech.com)
Date: 01/03/02 

From: Mike Gilles <mike.gilles@itmtech.com>
To: Richard.CTR.Mickey@tc.faa.gov, focus-ids@securityfocus.com
Date: Thu, 3 Jan 2002 16:12:03 -0500

Rich,

Here's a list of the ports "typically" used by some of the most popular
online games currently. I do stress typically because they are ephemeral
ports after all and are subject to change. The ports are UDP unless
otherwise stated. So here they are:

 
Half Life, TFC:
any to or from 27005
any to or from 27015
any to or from 27016

Quake 3: Arena:
any to or from 26000, 27000, 27910, 27960
 
Starcraft:
any to or from 6112
 
Quake II:
any to or from 27901
any to or from 27910
 
QuakeWorld:
any to or from 27500
any to or from 27001

Unreal:
any to or from 7777

Diablo2 and Battlenet:
any to or from 6112
any to or from TCP 116, 118

I got some of these from your brethren at NASA... here's the link:
http://www.caida.org/analysis/AIX/. The others I know from experience
*cough* I mean I've seen them used :)

BTW: No one plays DOOM anymore, but if they did, I think it operates on UDP
port 666.

Hope this helps,

 Michael John Gilles
 Lead Security Engineer, MCSE
 Ext. 204
 616.901.9720 mobile
 mike.gilles@itmtech.com
 
 ITM Technology, LLC.
 5940 Tahoe DR. S.E. Suite 110
 Grand Rapids, MI 49546
 616.464.1361 office
 616.464.1362 fax

-----Original Message-----
From: Richard.CTR.Mickey@tc.faa.gov
[mailto:Richard.CTR.Mickey@tc.faa.gov]
Sent: Thursday, January 03, 2002 10:39 AM
To: focus-ids@securityfocus.com
Subject: how can I track networked games

I would like to watch for networked games (such as Doom), but it seems they
use a multitude of options for connecting. I found clients that connect via
IPX, TCP, UDP and Server side Java applets just poking around the Internet.

Any help with Snort rules or general strategies for monitoring these will be
appreciated.

Thanks in Advance.

Rich

Relevant Pages

  • Re: PC is shrinking
    ... I have a PS2 and XBox that I bought a while back. ... library is made of mostly has-been Dreamcast games. ... all PC ports that I'm not interested in playing on a console-. ...
    (comp.sys.ibm.pc.games.action)
  • Warcraft 3 Frozen Throne Cannot Make Games
    ... the PORTS not being opend, but I opend all the Zone Alarm ... the same thing no one can join my games. ... I tried mutliple ports the default 6112 tcp and Udp 4000 ...
    (microsoft.public.games)
  • RE: how can I track networked games
    ... Just remember that a lot of these games can utilize socks proxies. ... > ports after all and are subject to change. ... The ports are UDP unless ... > I would like to watch for networked games, ...
    (Focus-IDS)
  • Re: Linksys firewall question
    ... >> can play one of his games over the internet with his friends. ... Should I put a software firewall on his computer? ... > need to open ports to that ANYONE on the internet can reach his computer ...
    (comp.security.firewalls)
  • Re: Linksys firewall question
    ... > I have a Linksys wired router on our home network. ... > running WinXP SP1 with the built-in firewall disabled. ... > can play one of his games over the internet with his friends. ... There are very few games that require the opening of ports in your ...
    (comp.security.firewalls)