True I agree, 2 of them are chrome dunno which website that was.
The ones that I see the most are:
93.190.139.112
213.163.75.131
213.163.75.133
Never done much looking into what they might be.
[QUOTE=frosty802;42198954]True I agree, 2 of them are chrome dunno which website that was.
The ones that I see the most are:
93.190.139.112
213.163.75.131
213.163.75.133
Never done much looking into what they might be.[/QUOTE]
2 last ones seem to be dedicated servers from [url]http://www.i3d.net/[/url] in the Netherlands.
The first one might be a dedicated server from [url]http://hostbytes.nl[/url] again in the Netherlands.
93.190.139.112 had a Minecraft server on it: [url]http://old.mcservers.org/detail/93.190.139.112[/url]
213.163.75.131 used to contain servers on it.
I hardly doubt these are used by Garry, but you never know... Does your firewall show the information being sent/received?
[QUOTE=Gfoose;42199934]93.190.139.112 had a Minecraft server on it: [url]http://old.mcservers.org/detail/93.190.139.112[/url]
213.163.75.131 used to contain servers on it.
I hardly doubt these are used by Garry, but you never know... Does your firewall show the information being sent/received?[/QUOTE]
No as Malaware blocks it before it hits the network stack. I may disable it and with a packet capture on it.
[QUOTE=frosty802;42200101]No as Malaware blocks it before it hits the network stack. I may disable it and with a packet capture on it.[/QUOTE]
Good idea, report back with some results :)
Expect a lot of communication with Valve Servers and Workshop too.
[QUOTE=Gfoose;42200242]Good idea, report back with some results :)
Expect a lot of communication with Valve Servers and Workshop too.[/QUOTE]
Okay so the communication is UDP, the content of the source packet is:
[code]....TSource Engine Query.[/code]
However I get a "Destination Port Unreachable" rejected message on the return.
Thats it. Its doing a standard A2S_INFO request on those 3 IPs.
[QUOTE=frosty802;42201033]Okay so the communication is UDP, the content of the source packet is:
[code]....TSource Engine Query.[/code]
However I get a "Destination Port Unreachable" rejected message on the return.
Thats it. Its doing a standard A2S_INFO request on those 3 IPs.[/QUOTE]
That's sent from you to some server, not api.garrysmod.com.
Nothing is sent if you're not doing something that will get you banned, so I'm not sure what you're looking for.
[QUOTE=>>oubliette<<;42201175]That's sent from you to some server, not api.garrysmod.com.
Nothing is sent if you're not doing something that will get you banned, so I'm not sure what you're looking for.[/QUOTE]
Really I was curious to why this was sent out to only those 3 ips at gmod start up thats all. i.e. I started gmod and just left it didn't click on anything and it does those 3 query's and gets nothing back. No idea. My guess something legacy or forgotten about somewhere.
It's possible you're being used in a DRDoS attack (as a reflector/amplifier) and those servers are the targets.
[QUOTE=Flapadar;42210707]It's possible you're being used in a DRDoS attack (as a reflector/amplifier) and those servers are the targets.[/QUOTE]
I don't really see how that is possible.
What part of source engine/gmod would they exploit to make you send random queries to servers?
And that would also require them connecting to you and you would probably see that in the logs.
[QUOTE=ollie;42212210]I don't really see how that is possible.
What part of source engine/gmod would they exploit to make you send random queries to servers?
And that would also require them connecting to you and you would probably see that in the logs.[/QUOTE]
Or maybe they were hacked??
Week passwords. (maybe)
You do also realise that people can just set there IP to any server right?
[QUOTE=ollie;42212210]I don't really see how that is possible.
What part of source engine/gmod would they exploit to make you send random queries to servers?
And that would also require them connecting to you and you would probably see that in the logs.[/QUOTE]
I (wrongly) TSourceEngineQuery traffic was incoming.
After reading: that's just the masterserver list being populated (seen as you've got GMod running)
Sorry, you need to Log In to post a reply to this thread.
