Security in online/LAN games

K

Kerb

Chieftain
Joined
Oct 2, 2005
Messages
14
Hello
I enjoy play games online and LAN. But virus, worms, and other malwares are so common these days that I sometimes worry about my security when I play online/LAN games.
If someone with good technical knowledge could explanin few things, it would be very beneficially to me; so that I wouldn't have to play a game(like civilization) while worrying(it gets pretty tough if you understand)
Here are few questions:

1. I know with firewalls, unless I open up certain ports, I would not be able to host a game. If I open up ports to host a game like civilization, am I vulnerable to attack through those ports by people who is in my game...or
people from outside?

2. I know popular games like civilization and counter strike has tons of mods, plug-ins and so on. Usually, when I join a game or a server with those files(mods, plug-ins, etc), I'm usually forced to download files I don't have.
Can someone send me virus infected files and other harmful files through this way?

3. One day, I was playing a game. I noticed something was eating up my connection, because other people told me that I lag very bad. So I exited a game. Strangely, my modem was still flashing like crazy. So I checked my
connection activity and noticed I am receiving stuff, but nothing was going out from my computer(my computer wasn't sending any informations). My firewall seemed not blocking the connection too. Because if it was blocking I would see red lights from my firewall. I restarted my computer. Still I'm receiving packets. So I physically disconnected myself from the internet. Now, I was not getting any packets in my computer...but my modem was still flashing. After 15 minutes or so, everything stopped, and my normal connection speed returned. This was the first time I've experienced this kind of behaviour. So I security scanned the whole system, but detected none. What could possibly happend? I'm the only user of my own computer. I'm pretty security-minded and would not install just any programs.

4. Is it possible to receive viruses and harmful files in local network? For example, in LAN party(with no internet connection), someone brings horribly infected PC, and plays game with others. I would never share folders or hard drives.

Anyways, please help this newbie with these questions.
Thanks for your help and your time =)
 
Kerb said:
Hello
I enjoy play games online and LAN. But virus, worms, and other malwares are so common these days that I sometimes worry about my security when I play online/LAN games.
If someone with good technical knowledge could explanin few things, it would be very beneficially to me; so that I wouldn't have to play a game(like civilization) while worrying(it gets pretty tough if you understand)
Here are few questions:

1. I know with firewalls, unless I open up certain ports, I would not be able to host a game. If I open up ports to host a game like civilization, am I vulnerable to attack through those ports by people who is in my game...or
people from outside?
Click to expand...
Yes. As a minimum DoS attack will be possible. Something worse (like taking your computer over) might be possible too if there're some bugs in Civ4. In any case running your game under sandbox account with minimal privileges is a good idea.

Kerb said:
2. I know popular games like civilization and counter strike has tons of mods, plug-ins and so on. Usually, when I join a game or a server with those files(mods, plug-ins, etc), I'm usually forced to download files I don't have.
Can someone send me virus infected files and other harmful files through this way?
Click to expand...
Easily, but keep in mind that most of the mod files, even with a virus won't make any harm, because the code of the virus needs to be executed somehow. And that depends on what kind of files are actually downloaded. As long as they're not executables, the chance of taking over are relatively slim, but they exist. There're known exploits for some image and archive handling libraries and there're probably more unknown exploits for various libraries.

Kerb said:
3. One day, I was playing a game. I noticed something was eating up my connection, because other people told me that I lag very bad. So I exited a game. Strangely, my modem was still flashing like crazy. So I checked my
connection activity and noticed I am receiving stuff, but nothing was going out from my computer(my computer wasn't sending any informations). My firewall seemed not blocking the connection too. Because if it was blocking I would see red lights from my firewall. I restarted my computer. Still I'm receiving packets. So I physically disconnected myself from the internet. Now, I was not getting any packets in my computer...but my modem was still flashing. After 15 minutes or so, everything stopped, and my normal connection speed returned. This was the first time I've experienced this kind of behaviour. So I security scanned the whole system, but detected none. What could possibly happend? I'm the only user of my own computer. I'm pretty security-minded and would not install just any programs.
Click to expand...
As long as somebody knows your IP he can send you any amount of information he wants. There's nothing you can do about it (aside from ignoring it - which looks like what was happenning), but it doesn't cause any harm aside from using your bandwidth (so look at it like some kind of DoS attack). In the described instance it was most likely unintentional...

Kerb said:
4. Is it possible to receive viruses and harmful files in local network? For example, in LAN party(with no internet connection), someone brings horribly infected PC, and plays game with others. I would never share folders or hard drives.
Click to expand...
Sure, the ways that work over the internet will still apply and there will be extra Windows-specific possibilities (assuming that's what you run)...

So overall, there isn't much you can do to stay safe there. Sandbox account is one method. But keep thing in perspective. If you don't keep anything of importance on that computer and if you monitor connections with the firewall residing on the separate box, there isn't too much danger in getting something bad. As soon as you notice it (firewall, then virus scanner) you can always just wipe out everything and spawn another instance.

Though the best defense is that nobody will probably/hopefully bother with creating worm targeting particular game... It's doubtful anybody can expect anything of value on people's gaming PCs and adding few thousands of zombie machine to the few millions of existing ones may not be that likely either.
 
Thanks alexti2 for great advises.
I now know what I can and can't do.
I would never understand why someone would harm others in order to benefit themselves though.
But since this is the reality, I guess all I can do is play safe and hope for the best =)
Again, thanks for your time to help me out =)
Wish you the best :king:
 
alexti2 said:
Yes. As a minimum DoS attack will be possible. Something worse (like taking your computer over) might be possible too if there're some bugs in Civ4. In any case running your game under sandbox account with minimal privileges is a good idea.
Click to expand...
Sure it's a good idea, but doesn't actually provide much protection in Windows. The only real sandbox is a machine which is dedicated to gaming (and other untrusted apps) and contains no important personal or work related information. This sandbox machine can be reimaged either periodically or at least every time there is any suspicion of attack (savegames and patches to games can be backed up separately, the image containing only Windows+AV+latest drivers).

And that depends on what kind of files are actually downloaded. As long as they're not executables, the chance of taking over are relatively slim, but they exist. There're known exploits for some image and archive handling libraries and there're probably more unknown exploits for various libraries.
Click to expand...
I think the most obvious attack vector to a game like this is definitely a BOR related to a maliciously constructed mod file. Archive libraries are so widely used that any bugs in them are much much more likely fixed than any in the CivIV executables, which are full of bugs that crash the game randomly anyhow!

But like you said, the chances are much lower, because any attacker would find it easier to put the payload in an executable sent with the mod (if the mod doesn't require dlls or exes to begin with, just make up some excuse, it's still more likely to be accepted than random emailing, which still gets a lot of idiots).

As long as somebody knows your IP he can send you any amount of information he wants. There's nothing you can do about it (aside from ignoring it - which looks like what was happenning), but it doesn't cause any harm aside from using your bandwidth (so look at it like some kind of DoS attack). In the described instance it was most likely unintentional...
Click to expand...
It's impossible to know what the traffic was based on this little information. Kerb should check his firewall logs to identify the traffic. Further than that, the traffic can be fingerprinted and analyzed with packet capture if it happens again.

Also, there is always SOMETHING you can do to malicious traffic coming to your IP in addition to blocking it, which is to send the logs and other forensic information to someone who can do something to stop it. Manually tracking down the ISP of the sending network and convincing them to warn/sue/report to the police/close account/voodoo curse the attacker is a lot of work, so that's why there are distributed solutions which in addition to trying to "fight back" the attackers, they will also aggregate the information from many participating users around the globe and provide tracking and warning about emerging threats (and the few credible ones are even used by governments for their information security agencies).

Though the best defense is that nobody will probably/hopefully bother with creating worm targeting particular game... It's doubtful anybody can expect anything of value on people's gaming PCs and adding few thousands of zombie machine to the few millions of existing ones may not be that likely either.
Click to expand...
Worm (which can spread without any user action, in a network game it would require an exploit of the vanilla game's networking code) is the highest level of malware coding challenge (except perhaps hacking a trojan injecting compiler), so it shouldn't be the primary concern. There are lots of malware out there that either were originally intended to be passed as game components or were later modified to that effect. These however require some user action in installing them, which is a valid line of defense (to be wary of executables coming from an unknown and not widely respected source).
 
Thanks alexti2 and Akhenaton for very detailed explainations.
Although I didn't quite understand very technical stuff, I learned few important things.
Also thanks for very helpful security link...I bookmarked it so that I can visit when something similar happens again.
I'll also remember to save the firewall log next time too =)
Again, thanks ;)
 
You must log in or register to reply here.

Similar threads

A
Resolution, ratio, GoG, and Civ4 in 2024
Replies
2
Views
3K
s.bernbaum
s.bernbaum
P
"Error joining multiplayer session" when my friend tries to join my game
Replies
0
Views
3K
PietroLima545BR
P
S
Sid Domination victory
2
Replies
21
Views
623
Southern_Man
S
D
Playing Civ3 with KeepRes=1 & SkipIntro=0 kills my wifi connection the second the game starts
Replies
0
Views
495
DrMajalis
D
L
Plans to add sandbox and custom games?
Replies
5
Views
493
Krikkit1
K
Back
Top Bottom