New mirrors, need to be banned

Facepunch thank that you banned all mirrors, but now mirrors are already appeared.
Please, ban these mirrors:

These ip’s:

keep in mind, they won’t just ban an ip because you say they are a mirror. they will investigate accordingly.

What is a mirror, exactly?

something redirecting you to the same ip

as far as i know it’s a redirecting other ip addresses to forward to a single ip. in this case the issue being when they spoof someone elses ip, stealing population.

are you testing if we’re paying attention, max?:wink:

ninja’d :smiley:

No, not a test. I know what a mirror is in the context of, say, an FTP server, I just haven’t heard it used that much in regards to Rust. :stuck_out_tongue:

apparently “the russians” were/are doing a lot of redirects using spoofed ips to try and steal population from other servers. the team blacklisted individual ips, and eventually some ip ranges to knock them off a few months back, and it’s kind of an uphill battle that still rolls on.

can’t fix stupidity i guess, some people are just jerks:/

Of course I knew! :slight_smile:

But i need ur “votes” to ban this ip’s faster, cuz this dissapointing people

How is that even possible?

I don’t know, but we need to ban this ip’s

It’s (probably) not spoofing any IP addresses, just using multiple ports on the same machine.

I’m still hung up on spoofing IPs, because that’s a pretty sophisticated attack. I feel like I’m missing something here, or people are using the wrong terminology. If we’re talking about people creating a server with an identical / near-identical name, that’s a whole other thing. Seems like a minor annoyance, since most players are going to have their regular servers stored in their history. But if someone wants to start banning leeches like that, I’m all for it.

Spoofing IPs for traffic origination is easy. Poisoning DNS so that points to instead of isn’t terribly difficult either. But actually hijacking routing so that a server IP of (’s address, for example) actually intercepts all Internet traffic destined for would be fairly complex, at least to do reliably. If an attacker set up a rogue server with an IP of in an attempt to steal traffic from FP, it would most likely fail for one of two reasons:

  1. It would fail because the provider hosting that server has it isolated on its own VLAN with common-sense routing to prevent exactly this sort of thing from happening; or
  2. It would fail because BGP, when working properly, generally stops this sort of thing.

If it did succeed, it would likely alternately work and fail in predictable intervals. You’d start seeing route flapping, where the server would appear to work, then stop working as traffic for the same IP stopped going to server A and started going to server B, and vice versa. It wouldn’t be stable for much of anything, let alone gaming. A simple traceroute would reveal this behavior.

I’ve always thought GSPs offered multiple Rust servers on the same IP, using different ports to hook different clients (just as a single IP can host multiple webservers on multiple ports). Thus seeing multiple servers on the same IP isn’t really a problem.

Someone feel free to correct me if I’m missing something here. I just find it hard to believe that someone would rise to the level of IP hijacking to steal Rust players. To me this is like launching a literal ICBM at your neighbor because you don’t like the color of his house.

FAKEEDIT: Oh. If it’s “the Russians”, then all bets are off. Whole lotta shady datacenters over there.

i did mean spoofing/cloning an ip address. but i’ll be honest, having never seen the actual servers that are mirroring, i couldn’t tell you definitively if they ARE spoofing ips or not, just that it was one of the things i read they were having to combat.

and as you said, “the russian” GSPs aren’t necessarily on the level either, at which point it’s about what “they” can get out of it, rather than the moral dilemma it imposes;)