Topic: Players running firewalls will have their IP banned  (Read 5180 times)

0 Members and 1 Guest are viewing this topic.

Offline Dizzy

  • Captain
  • *
  • Posts: 6179
Players running firewalls will have their IP banned
« on: April 21, 2006, 07:32:51 am »
Why it is you don't think your firewall are causing players to drop, I dont know and I dont care. If you arnt part of the solution you are part of the problem. So from now on, if you are involved in a drop and found to be running a FW, you will be banned from all future SG servers without fanfare if you refuse to turn it off. Maybe you might warrant a link to this thread, but for past crimes a simple, "dont let the door hit you in the ass on your way out" might be all you get. I hope this catches on with other server admins because we all know how frustrating player drops are and how it gives the game a bad name. But its not the game, its you.

Have a nice day.


Offline Soreyes

  • Commander
  • *
  • Posts: 3903
  • Gender: Male
  • It's Not News. It's CNN
Re: Players running firewalls will have their IP banned
« Reply #1 on: April 21, 2006, 07:43:11 am »
WOW Dizzy.  Who Tweaked your Butt... j/k     ;D


[img width=600 height=150]

Offline Hexx

  • Sexy Shoeless Lyran God Of War
  • Captain
  • *
  • Posts: 6058
Re: Players running firewalls will have their IP banned
« Reply #2 on: April 21, 2006, 08:21:19 am »
Just out of idle curiousity, and with no real reason behind the query whatsoever -
is there any actual way to determine if someone has a firewall up?
What about the false accusations that are sure to arise?
If I finally catch DH alone,without his sacrificial lamb t00l to throw in his way , what's to stop him from simply dropping-then claiming I must have a firewall? Prompting all those other players
(yourself included) to decide that this would obviously be the best way to never lose to Hexx again?
Courageously Protesting "Lyran Pelt Day"

Offline Dizzy

  • Captain
  • *
  • Posts: 6179
Re: Players running firewalls will have their IP banned
« Reply #3 on: April 21, 2006, 09:20:40 am »

is there any actual way to determine if someone has a firewall up?
What about the false accusations that are sure to arise?

Yes, and the temptation of lying about your firewall may be muted by the threat of us posting the contrary. But there are plenty of peeps who are honest and will up front admit they have it on and will turn it off. As far as accusations, there are already procedures in place since the 1st few CW servers and subsequently adopted by all following servers that handle player complaints and accusations. The game will go on as usual, without the drops and those players causing them.

EDIT:
what's to stop him from simply dropping-then claiming I must have a firewall?

Drops from firewalls might be better described as 'failure to load at start of mission'.

Offline Icehawk

  • Commodore 9thFleet
  • Lt. Junior Grade
  • *
  • Posts: 62
  • Gender: Male
Re: Players running firewalls will have their IP banned
« Reply #4 on: April 21, 2006, 11:49:52 am »
well i usually have my mcafee personal firewall always running and usually have no  issues with multiplayer missions if i did it would not even let  me play the game since i  have had to totally uninstall spysweaper type softare to even get the game to run

**** We are the Blue Guard we are watching ****

Offline Strat

  • Retired
  • EAW Update Crew
  • Lt. Commander
  • *
  • Posts: 1368
Re: Players running firewalls will have their IP banned
« Reply #5 on: April 21, 2006, 11:50:06 am »
What conclusive evidence is there that FW's have any effect?

And what about Routers? and NAT? and the Routers Firewall?  What about port forwarding? DMZ? How do you want those confgured?

I turn my FW's off now, just becuase I know SOME person will ask me when i'm on a dyna, but I've never experienced trouble with my FW's.

If anything, the router gives me trouble where I can't connect to some poeple.

Do you plan to ban those as well? Why not....

Heck, let just shoot OP in the foot and ban anyone with an IP address becuase they have too many numbers :p

Offline Bonk

  • Commodore
  • *
  • Posts: 13298
  • You don't have to live like a refugee.
Re: Players running firewalls will have their IP banned
« Reply #6 on: April 21, 2006, 12:22:19 pm »
NAT, properly configured, will cause no problems at all. (ensure the router is accepting pings from the wan as well). For port forwarding to work properly and reliably, you must have a static LAN config. (technically you should for the DMZ as well). Never use the DMZ and port forwarding on the same machine. Port triggering by design will not work reliably with directplay 7.

If properly configured routers are not a problem, unfortunately most people do not know how to configure a router and seem unwilling to read the manaul to find out. (configuring statically outside the DHCP pool range, disabling UPnP etc...). It is a shame that routers have become so commonplace, though they are not a problem for those who understand the details of network configuration.

Software firewalls, have been shown to be unstable for mutiplayer SFC play through experience. Most will not configure it to allow pings - which are necessary. Software firewalls introduce another unnecssary and potentially (usually) buggy layer in the tcp/ip stack of your machine. Most work by creating a virtual nic (wheher you can see it or not) and offer very little control over the actual NAT that is taking place.

A number of users have reported significantly increased mission stability without the use of firewalls. (Karnak DieHard, myself...)

We never had mission stability issues like we do now before software firewalls became so prevalent. Coincidence? I think not.

I stopped using Zonealarm many years ago after I traced it to being the cause of mission instability in OP. This instability varied from version to version with Zonealarm, indicating it was a problem for them. Karnak and DieHArd both had similar experiences with the Windows XP firewall.

If a report of software firewall use is received while the suspect user is still online, it is not too hard to find out if they actually are running a software firewall.



I'll add more to this post with edits but thought I'd get this in now, considering your comments...

edit: ok, smoke break over... back to explaining why software firewalls are bad for networks, network applications and actually provide a false sense of security:

In two different professional settings I have experienced signficant probelms with software firewalls...

1) I spent weeks trying to troubleshoot a backup application on an NT4 network. After much pain I finally tracked it down to a BlackIce install on the domain controller. This cost a lot of time and money. Not only did it cause problems for running backup over the network, it did not protect against an earlier worm infection on the network caused by a user who opened an unknown attachement, that the fully updated virus software detected but could not stop. False security. After discussions with BlackIce support, they admitted that their current version of their firewall could not currently cope with allowing the poroper operation of this backup application over the network...

OK, that was case #1. (actually I just thought of a third...)

2) When running a webserver in a comlicated intranet at another job site, the server was inexplicably invisible from vertain netwrok segments. Again, after much pain and agony I tracked the trouble down to a ZoneAlarm install on the webserver. Uninstalled Zonealarm and prestop, everyone could see the webserver again. Zonealarm, as far as it was concerned, waws properly configured, yet it was definitely the casue of the problem. Again, this cost a lot of money in valuable man hours.

3) A data aquisition system, responsible for collecting data that represented tens of thousands of dollars a day to the company was crippled by an an unknown source. Again, after much troubleshooting and diagnotices (right down to powerline monitoring for the entire facility) a McAfee install with a firewall component was determined to be the cause. It was interfering with serial communications when it should not have been. McAfee was at a loss for an explanation but it was definitely the problem. This was probably the most expensive case of software firewall problems I have come across. It probably cost about $37,000 to the company when all was said and done in lost productivity and additional cost to the instrument manufacturer who sent out a techincian to help troubleshoot the system under a service contract.. Also, in this case that same firewall failed to protect against a worm infection. More false security. Very expensive false security.

I have more coming...

OK, now think about what is happening, latency is extremely critical in multiplayer gaming applications. The multiplayer game itself is often very processor intensive... now introduce a software firewall that relies on a virtual network adapter and NAT running on that same processor. The processor is busy with game data, and sends packets to the network expecing them to go unheeded... but wait, that software firewall needs to use the procesor to process the nat at the virtual network adapter. (which is not under your control at all by the way)...

Now you say, "but I get good latency numbers when I test with the firewall up". Aha, say I, but are you running a processor intensive game while said tests are underway? No.

OK, now the software firewall manufacturer is clearly making assumptions about what you are doing with your connection. They cannot possibly account for all applications. Not one of them charge nearly the amount of money that would take.

Hardware firewalls are a different matter,  (more to come) ... "Hardware" firewalls or routers actually have hardware network interfaces, to perform their NAT and packet filtering with, and are not hampered by other tasks, (like running a processor intensive game), they are purpose built for tha job and do nothing else. Most run an embedded OS like VxWorks and firmware written by/for the hardware manufacturer. They are not invelnerable to failure but as they have the hardware and purpose designed software to do it are far more reliable. Though bugs and issues do occure that can require regular reboots of the device or frequirent firmware updates.

False security: some firewalls can actually introduce vulnerabilites in your system that did not previously exist. If you have ever monitored firewall activity or hacking attempts you will find they increase exponentially with porn warez and P2P app usage. Playing a game does not draw this negative attention and does not really require the use of a firewall.

(more to come)

Keeping your OS up to date and using common sense on configuring the network is the best protection there is. Generally all that is required to connect to the internet is a minimal TCP/IP protocol on the client machine. The more minimal the better. (No windows filesharing, no NetBIOS ets...)

DSL (PPPOE) can be a bit of a problem and complicate such matters as it introduces another layer of NAT that is not completely under your control. Often people will use ISP provided PPPOE clients when the one native to the OS in use is often superior in functionality and security.



OK, now to address the question/rebuke: But BatteFeild 1942, Quake2004 and Eve work flawlessly with my software firewall and router, so SFC netcode just sucks! ... (smoke break.. this rant is tiresome  :D)

To put it simply those other games only require that the client be able to communicate with the server, which is usually known before the main game code starts. In Quake like games, the client sends and receives all data through the game server. You are never in direct communincation with other players.

In SFC, you must be able to connect to the game server, like other games determined form a serverlist, and known in advance of the main game code running. Now SFC runs a (now inadequate) firewall detection at the serverlist, not becasue it needs to for communication witht he server but rather to ensure that you will be able to communicate relaibl;y with all the other players on the server (whcih cannot be known in advance) independently of the server. Once a multiplayer dynaverse mission launches, you are not talking to the server anymore but only the other players n the mission. In order fot the mission to start you must be able to connect to these players and maintain uninterrupted communication witht hem, as the server is no longer managing that communication. When in a multiplayer mission, the host is actually the server that you are connected to and the other players are clients. I cannot think of any other games that work like this. SFC is unique in this respect. It is efficient, and greatly reduces bandwidth and porcessorl loads on the dynaverse server, but was conceived before software firewalls were commonplace.

If we ever get the client source I'd like to see a more complete software firewall detection implemted to greatly increase the stability of multiplayer missions thus improving the reputation of the game that is much maligned due to poor understanding.

Phew... I think I might be done... maybe....
« Last Edit: April 21, 2006, 01:37:42 pm by Bonk »

Offline Strat

  • Retired
  • EAW Update Crew
  • Lt. Commander
  • *
  • Posts: 1368
Re: Players running firewalls will have their IP banned
« Reply #7 on: April 21, 2006, 12:47:01 pm »
Wow, I had no idea.

So it basically points to software anamolies more than the principle of a firewall's function.

Thanks for the correction.

As for port forwarding, the list of ports must not be complete.  There is a thread around here showing a list of ports to set for forwarding.

I have, but one day, after never having problems before and settings(IE the port warding) haven't not been changed, me and PX could not connect with OP.  We could do otherthings, but OP was a pain.  I double checked, triple checked both of us by RDP. No firewalls, no anything.  I could see with my eyes the ports being forwarded.  No go.

I eventually set us both on DMZ and it worked fine.  Dunno why sometimes it happens and sometimes not.  I've had this happen with others.  Sometimes works, sometimes it freaks out.

Now I bascially set my pc on a DMZ when I play OP, that the most I can do, sometimes the others still need to fix it on thier end.

Oh well.. thats life

Offline Bonk

  • Commodore
  • *
  • Posts: 13298
  • You don't have to live like a refugee.
Re: Players running firewalls will have their IP banned
« Reply #8 on: April 21, 2006, 12:57:28 pm »
I have, but one day, after never having problems before and settings(IE the port warding) haven't not been changed, me and PX could not connect with OP.  We could do otherthings, but OP was a pain.  I double checked, triple checked both of us by RDP. No firewalls, no anything.  I could see with my eyes the ports being forwarded.  No go.

Were both routers allowing pings from the WAN? Were both LAN PCs using a static network configuration that did not conflict with DHCP IP ranges on the LANs?

Offline Strat

  • Retired
  • EAW Update Crew
  • Lt. Commander
  • *
  • Posts: 1368
Re: Players running firewalls will have their IP banned
« Reply #9 on: April 21, 2006, 12:59:58 pm »
That would be correct.  My only explination is that some routers (ones meant for the home that is) just don't play well. 

Which would be in agreement with information I've read in other places.

Offline Bonk

  • Commodore
  • *
  • Posts: 13298
  • You don't have to live like a refugee.
Re: Players running firewalls will have their IP banned
« Reply #10 on: April 21, 2006, 01:05:30 pm »
Routers generally run a firmware, you will find that updates are often released as bugs in the firmware are revealed. Routers use hardware nics and a minimal embedded operating system like VxWorks. AS such they are not invulnerable to memory leaks and data corruption caused by lost packets, firmware bugs etc... (same for cable and DSL modems). It is generally good practice to update your firmware as releases are made and reboot the moodem and router weekly or at least monthly.

Also, switching between the DMZ and port forwarding without rebooting the router or PC can easily cause issues. And I'm not so sure that poeple really understand what a static LAN configuration really means.

The other thing that can happen is that cable and DSL modems may have been hacked by previous users and not corrected byt eh ISP before reissuing them. Newer DOCSIS 2 compliant modems are not as vulnerable, but I have seen some exploits posted...
« Last Edit: April 21, 2006, 01:19:14 pm by Bonk »

Offline Strat

  • Retired
  • EAW Update Crew
  • Lt. Commander
  • *
  • Posts: 1368
Re: Players running firewalls will have their IP banned
« Reply #11 on: April 21, 2006, 01:13:55 pm »
Routers generally run a firmware, you will find that updates are often released as bugs in the firmware are revealed. Routers use hardware nics and a minimal embedded operating system like VxWorks. AS such they are not invulnerable to memory leaks and data corruption caused by lost packets, firmware bugs etc... (same for cable and DSL modems). It is generally good practice to update your firmware as releases are made and reboot the moodem and router weekly or at least monthly.

The other thing that can happen is that cable and DSL modems may have been hacked by previous users and not corrected byt eh ISP before reissuing them. Newer DOCSIS 2 compliant modems are not as vulnerable, but I have seen some exploits posted...

I undestand what you are saying.  Unfortunatly for me, I think that not all firmware is created equal for theese routers.

I bought this USR wireless router and it will regularly start slowing to a halt.  It took them 6 months to give a new firmware.  Its better, but not perfect.  And no, I don't run and P2P stuff, I've tried and it just totally freaks out then.

My particular one runs on an older version of Linux and busybox, among other things.

I just reboot it everyonce and a while and it makes all the difference.

Something isn't right.  Next time I'm buying a linksys for sure.

Offline Bonk

  • Commodore
  • *
  • Posts: 13298
  • You don't have to live like a refugee.
Re: Players running firewalls will have their IP banned
« Reply #12 on: April 21, 2006, 01:20:00 pm »
Oh crap... don't get me started on wireless...

Wireless just cannot be trusted for multiplayer gaming, the potential interferences and drops, lost packets, just boggle the mind.

If I had my way we'd all still be on coaxial lans for the superior signal quality that the inductive protection that coaxial cable offers.

I still have a hard time even accepting UTP (unsheilded twisted pair cabling).

It always comes down to supposedly idiot-proofing networks against bumbling users and minimally trained lazy technicians.

UTP and its simpler to manage star topology won out over coax because it is simpler to plan and install, and a user cannot disrupt the network by unplugging their machine incorrectly. (On coax networks users inevitably broke the circuit instead of disconnecting the "T" from the lan adapter).  However there is no real reason that a star topology could not have neen achieved with coaxial cable, I guess it just boiled down to cost effectiveness in manufacture and rollout, UTP is cheaper to produce, test and install.

When all is said and done I maintain that hard-wired networks are simpler due to the far superior reliability and security.

But its an iPod world nowadays... sigh.  :(

Offline Strat

  • Retired
  • EAW Update Crew
  • Lt. Commander
  • *
  • Posts: 1368
Re: Players running firewalls will have their IP banned
« Reply #13 on: April 21, 2006, 01:40:26 pm »
If the world was pefect we'd be using a token Ring network anyways. :/

But I don't use the wireless for gaming.  I use my main PC for that, and its wired.

Offline Lepton

  • Lt. Commander
  • *
  • Posts: 1620
Re: Players running firewalls will have their IP banned
« Reply #14 on: April 21, 2006, 07:33:12 pm »

My suggestion would be to boycott the server.  There are any number of other servers that people are getting ready to put up or are currently developing.  These server admins feel no need act like some whiny fag about connection issues.  They are cool.  You are an ass.  Please, oh, please.  I've said it before.  I'll say it again.  Don't let the door hit you in the ass on your way out the next time you quit the game.


System Specs:

Dell Dimension E521
AMD64x2 5000+
2G DDR2 RAM
ATI Radeon HD 4850 512MB GDDR3
250GB SATA HD

Offline Dizzy

  • Captain
  • *
  • Posts: 6179
Re: Players running firewalls will have their IP banned
« Reply #15 on: April 21, 2006, 08:24:25 pm »

My suggestion would be to boycott the server.  There are any number of other servers that people are getting ready to put up or are currently developing.  These server admins feel no need act like some whiny fag about connection issues.  They are cool.  You are an ass.  Please, oh, please.  I've said it before.  I'll say it again.  Don't let the door hit you in the ass on your way out the next time you quit the game.

Finally I have a reason to ban your IP. I hope you get banned from the dynaverse for your personal attack as well. Frankly I've been sick of your nastiness for a long time. I shall surely ask them to ban you. I mean, here I am telling players they need to turn off firewalls which cause player drops and all sorts of other bad nasties and you go jump off the deep end with your rhetoric.

Also, calling for/organizing a public boycott of a server is one of the worst nastiest things you can do in this community. It's even worse than calling me names and publicly insulting and humiliating me.

Again, the game can't be made to work with firewalls. But players can turn them off. That is the only solution to this problem which is getting worse every server. Certainly my reasoning that players wont be tolerated with continually making the game a pain for others doesnt deserve the post you just made.

Edit: This is little different from the rule of age old CW servers requiring players who continually drop from PvP due to bad connection issues to stay off the front lines and avoid drafting. I just took it a small step further because it is getting much worse and most peeps think its the game but its the player with the firewall. But not for much longer.


Offline likkerpig

  • Commander
  • *
  • Posts: 2614
  • Gender: Male
Re: Players running firewalls will have their IP banned
« Reply #16 on: April 21, 2006, 08:42:03 pm »

My suggestion would be to boycott the server.  There are any number of other servers that people are getting ready to put up or are currently developing.  These server admins feel no need act like some whiny fag about connection issues.  They are cool.  You are an ass.  Please, oh, please.  I've said it before.  I'll say it again.  Don't let the door hit you in the ass on your way out the next time you quit the game.

Finally I have a reason to ban your IP. I hope you get banned from the dynaverse for your personal attack as well. Frankly I've been sick of your nastiness for a long time. I shall surely ask them to ban you. I mean, here I am telling players they need to turn off firewalls which cause player drops and all sorts of other bad nasties and you go jump off the deep end with your rhetoric.

Also, calling for/organizing a public boycott of a server is one of the worst nastiest things you can do in this community. It's even worse than calling me names and publicly insulting and humiliating me.

Again, the game can't be made to work with firewalls. But players can turn them off. That is the only solution to this problem which is getting worse every server. Certainly my reasoning that players wont be tolerated with continually making the game a pain for others doesnt deserve the post you just made.



<snicker> <giggle> <guffaw>
OK ok... dizzy first post made me laugh...
then lepton did the predictable post that made any thinking person actually think.
And dizzy comes back with a doozy... the soft tone to the posts he made above. You f*cking pusssy.
Hey bud, I love your servers, but not to the point where I'm gonna suck your ego to play them.
Lepton has always said the unpopular things, doesn't mean he is wrong every time.

I'm sorry... I cannot take this seriously... I see dizzy and lepton <snicker>
well, I see them arguing...
and it comes down to a slap fight...
The stronger wrist wins!
"Atheism is a religion like not collecting stamps is a hobby."



Offline Dizzy

  • Captain
  • *
  • Posts: 6179
Re: Players running firewalls will have their IP banned
« Reply #17 on: April 21, 2006, 08:59:14 pm »
Hey bud, I love your servers, but not to the point where I'm gonna suck your ego to play them.

I get more satisfaction when you reply to my posts. Playing on my server just pisses me off, cuz only 10% of those that play ever say thank you. So I feel 90% used. Lepton is sucks my ego tho. I cant complain there. He's almost as good as my wife. I guess that's where the fag comment came from. Maybe he should keep his tight little mouth closed. I prefer it open.

Offline likkerpig

  • Commander
  • *
  • Posts: 2614
  • Gender: Male
Re: Players running firewalls will have their IP banned
« Reply #18 on: April 21, 2006, 09:19:20 pm »
Hey bud, I love your servers, but not to the point where I'm gonna suck your ego to play them.

I get more satisfaction when you reply to my posts. Playing on my server just pisses me off, cuz only 10% of those that play ever say thank you. So I feel 90% used. Lepton is sucks my ego tho. I cant complain there. He's almost as good as my wife. I guess that's where the fag comment came from. Maybe he should keep his tight little mouth closed. I prefer it open.

Heh, for a time, I replied to server admins when the campaign was over... knowing there would be a bunch of negative bulshiet coming their way... tell them that I enjoyed the server, what points I really liked, the occasoinal negative points as well... just wanted to show my appreciation as well as one persons point of view.
Never got a response so I gave up on it. I figured it was a personalized response to how things went, but I guess people prefered polls and all that.

Eh, run it or don't. If you do, you know people will enjoy it, because you are good at it.
Lepton is good at being the negative vibes, he does bring up good points, whether anything can be done about them or not.
Does he bring them up to improve the game or for his own satisfaction... dunno, lepton can answer that.

Lepton, you should get into the Hot and Spicy board, there are so many philosophies and dogma that are worth degrading... it's like a feeding frenzy!
Heh, like having a line of pikemen advancing on you with a machine gun, unlimited ammo, unlimited barrels, unlimited coolant...
"Atheism is a religion like not collecting stamps is a hobby."



Offline Nemesis

  • Captain Kayn
  • Global Moderator
  • Commodore
  • *
  • Posts: 13060
Re: Players running firewalls will have their IP banned
« Reply #19 on: April 21, 2006, 09:48:45 pm »
Every server results in people posting about their battles, victories and defeats.  Thread after thread of such posting.  Each of those threads and each of those postings is an indirect thankyou and act of appreciation to the server operator.
Do unto others as Frey has done unto you.
Seti Team    Free Software
I believe truth and principle do matter. If you have to sacrifice them to get the results you want, then the results aren't worth it.
 FoaS_XC : "Take great pains to distinguish a criticism vs. an attack. A person reading a post should never be able to confuse the two."