A nice UT link - 333networks

[$carface]

Another archived server: http://333networks.com/ut/75.102.40.198:7778

[UT99.org]

So what exactly is in this beacon code when people add your master list? You can remotely crash them if you wanted can't you? Also you can get their computer name? That's a couple I can remember and no I'm not making this up

[Darkelarious]

Archived servers are a known bug. It happens when a server was offline for a certain minimum time. After that, the server is considered inactive and loading the archive page. Solution is a new write to the database, telling the master server to start indexing it again. Very sad, very annoying, but it will have to wait until I have time to fix it. Can take a day, can take a month. Unless, of course, somebody else with knowledge of perl, event-based programming and master servers volunteers to help.

So what exactly is in this beacon code when people add your master list? You can remotely crash them if you wanted can't you? Also you can get their computer name? That's a couple I can remember and no I'm not making this up

One of the reasons why I do not get to fixing all the bugs, is because I am writing an accompanying document about master servers and server queries. It is a work in progress, I do not count on finishing it before this weekend. The current progress can be found at my git: http://git.333networks.com/MasterServerDocs

For those unable to google how git works, read this:

Contents of a heartbeat

Code: Select all

\heartbeat\7778\gamename\ut\

7778 is the ut query port on which the UT client gets server information. IP address is determined by the udp datagram (sender ip), gamename obviously is "ut". There is no computer name involved, there is no way to use a master server to go all NSA on somebody's host computer/server. All horror stories / scary tales / fairy tales.

Remotely crashing IS possible if your UT client satisfies a number of conditions. One of the solutions is to update the game version, but I don't know by heart which versions are affected. The remote crashing is however not a noob/newb-compatible thing. You need to know exactly what you are doing, and having the necessary software installed in order to crash the server. It is possible, but very unlikely. This has NOTHING to do with the master server; this is an UT server / UT client thing, of which Epic is aware. Apply said update and the problem is solved. Again. Horror story and fairy tale.

[UT99.org]

It's not that tricky, if you are referring to the 'secure validate' bug. You could even test this from a quick php script that lets yo uenter your server ip and query port.

However, if you do the validation properly obviously you won't crash them. And I don't think people who add a custom master uplink will especially fear being crashed by it.

But even if they have fixed UDP validations isn't heartbeat a new one they will need to fix? Which would make them hesitant to add custom masterservers unless they know they have fixed this



And hmm maybe the computername part only applies to LAN servers. (if you have no idea what I'm talking about it's in the Engine and IPDrv files)

Code: Select all

//
// Return beacon text for serverbeacon.
//
event string GetBeaconText()
{	
	return
		Level.ComputerName
	$	" "
	$	Left(Level.Title,24) 
	$	" "
	$	BeaconName
	$	" "
	$	NumPlayers
	$	"/"
	$	MaxPlayers;
}

[Darkelarious]

Another archived server: http://333networks.com/ut/75.102.40.198:7778

Somebody better send me a fruit basket for fixing this one within the hour.

It's not that tricky, if you are referring to the 'secure validate' bug.

I did not even think of that one yet. General rule: the less people know about these things, the better. Secure/validate one has a simple reasoning: the return ratio of bytes is 3:4. You send a string of 3 characters, you get 4 back. When sending enough characters, the UT server secure/validate checker gets an overflow in the string-array (if only Uscript knew strings...) when returning with the 3:4 ratio. I think that was fixed in all UT versions except for UTDemo. So we fixed it on our own servers with a custom query for UTDemo. No sleep lost so far.

But even if they have fixed UDP validations isn't heartbeat a new one they will need to fix? Which would make them hesitant to add custom master servers unless they know they have fixed this?

I do not know where you are going with this-- the heartbeat/beacon is a signal sent by the UT server. There is no response, there is no processing done on behalf of the UT server or the master server. Simply said, the UT server sends the address, the master server stores the address. Upon querying the master server with your UBrowser, your own browser and master server exchange the secure/validating, after which you get the master server list, which the UBrowser pings one by one. During the pinging, there is no validation involved.

For fun, I could write a custom script that does nothing more than send out a beacon, and return 10 000 000 players to be online when queried. Of course, you would not be able to enter this server as it does not exist, but it IS possible to fake a query like this over plain UDP.

As for the computer name, I have no reason to believe that it is sent either at LAN or any other query, still. There are no computer names or hostnames in 333networks' master server database and I am yet to find any hostnames in my UT client. Even if they got sent, they were not recognized as valid query keyword, thus ignored. I did some research, I found your code and differences with the same function in IpDrv.ClientBeaconReceiver, but I deemed it irrelevant. Did you verify that the Level.Computername actually IS the same as the dhcp device name?

Anyway, I do not involve myself with computer names, nor are they shown on the site, unless you filled it in manually in one of the text fields like server name.

[UT99.org]

The computername code seems to be a remnant from Unreal that still exists in the engine classes, it's not referenced anywhere else. I wouldn't be surprised to see it used like this on other unreal engine games. It does make sense that it would be something to do with the LAN uplink. Sorry for not checking thoroughly

I do not know where you are going with this-- the heartbeat/beacon is a signal sent by the UT server. There is no response, there is no processing done on behalf of the UT server or the master server. Simply said, the UT server sends the address, the master server stores the address. Upon querying the master server with your UBrowser, your own browser and master server exchange the secure/validating, after which you get the master server list, which the UBrowser pings one by one. During the pinging, there is no validation involved.

For fun, I could write a custom script that does nothing more than send out a beacon, and return 10 000 000 players to be online when queried. Of course, you would not be able to enter this server as it does not exist, but it IS possible to fake a query like this over plain UDP.

But, why does the uplink class open one port higher than the query port for listening (Usually 7779)?

I do not know where you are going with this-

You do, given the past of your company, and given the fact you are replacing a good master server, unwillingness to set up links when people have asked, and saying you don't overly care if you get attacked and will simply shut it down.

I'm only asking mild question as to why you wouldn't promote secure uplinking. I believe most the server admins who already imploy the secure validation have no idea about this port and are not using the secure validation on the uplink lines. It's not hard to be up-front when asked these questions because I'm seeing a lot of 'Trust us' and very little reason to do that

[Darkelarious]

I do not know where you are going with this-

This refers to the computer name and the function that is not called/referenced anywhere. However, I read something more in your post(s). You put it as a 'mild question', but I sense something more, I also read a sharp disapproval/mistrust.

Let me make a few things abundantly clear.

333networks is not a company. 333networks does not have a business model. 333networks does not have a board with grim-looking suits and ties. 333networks does not have a product line or development center. 333networks is a few people who used to play as a clan together. Later on, one of us recreationally started programming (hello, that is me, by the way), one who recreationally sketches and photoshops pictures for the site and documentation, and one that recreationally tests the website and servers for bugs, functionality and other unforeseen features. None of us worked, works or probably will work for Epic Games or any other gaming industry. Everything we know, we know because we were curious and persistent to know. With every bug or question, we find out something more.

As far as I know, I am the first one to 1) write a master server 2) in a different programming language and 3) improved it with knowledge of database and 4) the ability to show everything on a website 5) as a hobby. Everything I did, was in my spare time on my own account. And to say honestly, I think this is an awesome achievement! There is by my knowing nobody who ever did this so far, nor did somebody use it in the way we did. Additionally, it turns out that my master server is faster and contains more addresses than Epic Games' master. We got this far because a number of people believed that it was possible, and helped me out with testing and providing supportive and positive feedback. I spend long hours at night, trying to implement suggestions, my own ideas, or trying to solve somebody else's problems. Let's face it: when your server does not show up, or shows incorrect information, that is not my problem. But I want everybody's server to show up, and I want to show them correctly, not because I have to, but because I want to. This entire project started because I automatically wanted to show my servers on my own website. Instead, I chose to share it with others.

The suggested 'fact' that we are replacing a perfectly good master server is in my eyes a bit odd. We do not even remotely have the ability or intention to pull the plug on Epic Games' or Gamespy's master server, or any other official master server. I (or we for that matter) do not enforce anybody to use or replace our master server. Everybody who wants to use the 333networks master is able to do so. There is nothing that prohibits any administrator or player from not using my master in the first place.

Supportive feedback is something useful, I can do something with that. But I can not do anything with people who sound like they piss vinegar or are out of lemon juice. The line between "suggestion" and "demanding" has long been passed. I am now met with impatience and words like "unwillingness". So far, I did not react on that, because I consider it not constructive or productive, but rather childish and demotivating. I did a tremendous amount of work for people who like UT, and fear that at some point Epic or Gamespy or any other official master server may or may not pull the plug. I did a lot of work for people who like to know that there are alternatives or unofficial master servers. I do everything because I want to do it. If something is not there, or not implemented, or not even considered it yet, it is because I do not have the time, the resources or even the knowledge. It is a miracle that we got this far in the first place with what we have.

I pointed out many times that this is a hobby, a passion. Everybody is free to use it, I tried to make it as accessible as possible for everybody. But when somebody thinks that he/she has the right to take my hobby away from me by attacking or crashing my master server or website, I believe that I have the right to say: "well, fine!". I think that I did a very nice job for a lot of people. I wrote the master server with the best intents, trusting all of you to appreciate the efforts and trusting all of you not to damage it on purpose. The people who are supportive and enjoying the fruits of my work, are very welcome. For the people who do not appreciate it or trust me or my work, it is your choice! You decide whether you want it or not. There is no contract, there is no license agreement that tells you that you must do something or can not do something. It is all "as is" material, which you can use freely. Or to phrase it more delicately: "I would ask a refund if I were you". Or another way: "take it or leave it".

So why this sharp, defensive longread? I put a lot of work in my hobby. I spend a lot of time for other people. From me, for you. I consider this not to be a 'mild question', but a demand for answers. Answers, for the record, that I am not obliged to give. The reason why I do answer them is, again, because I want to do it. This post would not even have been necessary if people consider their words more carefully, this entire thread would not even exist if I kept my work and hobby to myself. Now look back at the title of this thread. It says "nice link"-- and that is what I originally intended with 333networks. Something nice that is appreciated by others.

Now, if you still do not trust my master server, trust the amount of efforts, work and time I put in it. I hope to have answered everybody's questions.

[DLD-RABBIT]

I'm not sure i understand the underlying premise of the last few posts, we should be thankful for 333Networks for their efforts toward UT99, lets face the facts two master servers are gone, maybe Dark's master server will be the only one left in the next few years, instead of being an %$$ why not just say thankyou 333Networks for all you do for UT99 On the issue of " promote secure uplinking" What do you have now? master.mplayer.com how is that working for you? All i'm saying is thankyou 333Networks
Jim DLD-RABBIT

[UT99.org]

Uhm why are you dodging the question like this? How hard can it be to say no I am mistaken or no the code in that object is redundant. If not, inform people to use the securevalidate lines when using custom master servers, so they are never put in a situation where yours or another master server will crash them. And so they will never be in a situation where their server is crashing and nobody can figure out why

And yes normally I would be thankful for a second master server, god forbid people have to use a service like gametracker to find somewhere to play. I could swear I already wrote here that I'm thankful of what you are doing. If Epic decide to abandon us for whatever reason then we have you. I don't get why so defensive and dodging after someone posts legitimate questions asking about the dangers of using a custom masterserver like you are providing. It seems like you are asking for too much trust when not in a position to be given your history and what you have said.

God I hope epic read this before they pull the plug presuming the community has backup in place

[Hook]

I'm not sure i understand the underlying premise of the last few posts, we should be thankful for 333Networks for their efforts toward UT99, lets face the facts two master servers are gone, maybe Dark's master server will be the only one left in the next few years, instead of being an %$$ why not just say thankyou 333Networks for all you do for UT99 On the issue of " promote secure uplinking" What do you have now? master.mplayer.com how is that working for you? All i'm saying is thankyou 333Networks
Jim DLD-RABBIT

Ditto - Thank YOU RABBIT for your wise comments here!
And absolutely - A huge THANK YOU to Darkelarious and 333Networks for his great work on this much needed project - not to mention his good will in sharing his good works with others!
Folks, Darkelarious has been around for many years in the UT Community, and has given given given of himself and his good work to us.
I have known him in this community for many many years and he is very trustworthy I can assure you.
Do you remember POTS? - POTS found 333net and Dark for me - and together we found out what good things he was doing - then let the rest of UT know about him.
You know JackGriffin? (Gopo) He knows Dark also and is good with his work also.
It should be viewed as a great privilege and an honor that he graces this forum, or any forum, with what he is offering to us.
Now, lets give him our support!

Again, my words cannot thank him enough for his efforts!
Darkelarious - and 333Networks!

[UnrealGGecko]

I probably didn't say much before, but I agree with Rabbit and Hook as well. This is a very welcome addition to UT, it's as important to it as the SDK. Thank you!

[UT99.org]

To be honest I didn't even read his post, only skimmed it over for an answer. Maybe he should enter politics when he's done with UT?

Here's the code in question

Spoiler

Code: Select all

//=============================================================================
// UdpServerUplink
//
// Version: 1.3
//
// This uplink is compliant with the GameSpy Uplink Specification.
// The specification is available at http://www.gamespy.com/developer
// and might be of use to progammers who want to adapt their own
// server uplinks.
//
// UdpServerUplink sends a heartbeat to the specified master server
// every five minutes.  The heartbeat is in the form:
//    \heartbeat\QueryPort\gamename\unreal
//
// Full documentation on this class is available at http://unreal.epicgames.com/
//
//=============================================================================
class UdpServerUplink extends UdpLink config;

// Master Uplink Config.
var() config bool		DoUplink;				// If true, do the uplink
var() config int		UpdateMinutes;			// Period of update (in minutes)
var() config string     MasterServerAddress;	// Address of the master server
var() config int		MasterServerPort;		// Optional port that the master server is listening on
var() config int 		Region;					// Region of the game server
var() name				TargetQueryName;		// Name of the query server object to use.
var IpAddr				MasterServerIpAddr;		// Master server's address.
var string		        HeartbeatMessage;		// The message that is sent to the master server.
var UdpServerQuery      Query;					// The query object.
var int				    CurrentQueryNum;		// Query ID Number.

// Initialize.
function PreBeginPlay()
{
	// If master server uplink isn't wanted, exit.
	if( !DoUplink )
	{
		Log("DoUplink is not set.  Not connecting to Master Server.");
		return;
	}

/*
	if( Level.NetMode == NM_ListenServer )
	{
		Log("This is a Listen server.  Not connecting to Master Server.");
		return;
	}
*/

	// Find a the server query handler.
	foreach AllActors(class'UdpServerQuery', Query, TargetQueryName)
		break;

	if( Query==None )
	{
		Log("UdpServerUplink: Could not find a UdpServerQuery object, aborting.");
		return;
	}

	// Set heartbeat message.
	if( MasterServerAddress ~= "unreal.epicgames.com" )
		HeartbeatMessage = "\\heartbeat\\"$Query.Port$"\\gamename\\"$Query.GameName$"\\gamever\\"$Level.EngineVersion;
	else
		HeartbeatMessage = "\\heartbeat\\"$Query.Port$"\\gamename\\"$Query.GameName;

	// Set the Port.
	MasterServerIpAddr.Port = MasterServerPort;

	// Resolve the Address.
	if( MasterServerAddress=="" )
		MasterServerAddress = "master"$Region$".gamespy.com";
	Resolve( MasterServerAddress );
}

// When master server address is resolved.
function Resolved( IpAddr Addr )
{
	local bool Result;
	local int UplinkPort;

	// Set the address
	MasterServerIpAddr.Addr = Addr.Addr;

	// Handle failure.
	if( MasterServerIpAddr.Addr == 0 )
	{
		Log("UdpServerUplink: Invalid master server address, aborting.");
		return;
	}

	// Display success message.
	Log("UdpServerUplink: Master Server is "$MasterServerAddress$":"$MasterServerIpAddr.Port);
	
	// Bind the local port.
	UplinkPort = Query.Port + 1;
	if( BindPort(UplinkPort, true) == 0 )
	{
		Log( "UdpServerUplink: Error binding port, aborting." );
		return;
	}
	Log("UdpServerUplink: Port "$UplinkPort$" successfully bound.");

	// Start transmitting.
	Resume();
}

// Host resolution failue.
function ResolveFailed()
{
	Log("UdpServerUplink: Failed to resolve master server address, aborting.");
}

// Notify the MasterServer we exist.
function Timer()
{
	local bool Result;

	Result = SendText( MasterServerIpAddr, HeartbeatMessage );
	if ( !Result )
		Log( "Failed to send heartbeat to master server.");
}

// Stop the uplink.
function Halt()
{
	SetTimer(0.0, false);
}

// Resume the uplink.
function Resume()
{
	SetTimer(UpdateMinutes * 60, true);
	Timer();
}

// Received a query request.
event ReceivedText( IpAddr Addr, string Text )
{
	local string Query;
	local bool QueryRemaining;
	local int  QueryNum, PacketNum;

	// Assign this packet a unique value from 1 to 100
	CurrentQueryNum++;
	if (CurrentQueryNum > 100)
		CurrentQueryNum = 1;
	QueryNum = CurrentQueryNum;

	Query = Text;
	if (Query == "")		// If the string is empty, don't parse it
		QueryRemaining = false;
	else
		QueryRemaining = true;
	
	while (QueryRemaining) {
		Query = ParseQuery(Addr, Query, QueryNum, PacketNum);
		if (Query == "")
			QueryRemaining = false;
		else
			QueryRemaining = true;
	}
}

function bool ParseNextQuery( string Query, out string QueryType, out string QueryValue, out string QueryRest, out string FinalPacket )
{
	local string TempQuery;
	local int ClosingSlash;

	if (Query == "")
		return false;

	// Query should be:
	//   \[type]\<value>
	if (Left(Query, 1) == "\\")
	{
		// Check to see if closed.
		ClosingSlash = InStr(Right(Query, Len(Query)-1), "\\");
		if (ClosingSlash == 0)
			return false;

		TempQuery = Query;

		// Query looks like:
		//  \[type]\
		QueryType = Right(Query, Len(Query)-1);
		QueryType = Left(QueryType, ClosingSlash);

		QueryRest = Right(Query, Len(Query) - (Len(QueryType) + 2));

		if ((QueryRest == "") || (Len(QueryRest) == 1))
		{
			FinalPacket = "final";
			return true;
		} else if (Left(QueryRest, 1) == "\\")
			return true;	// \type\\

		// Query looks like:
		//  \type\value
		ClosingSlash = InStr(QueryRest, "\\");
		if (ClosingSlash >= 0)
			QueryValue = Left(QueryRest, ClosingSlash);
		else
			QueryValue = QueryRest;

		QueryRest = Right(Query, Len(Query) - (Len(QueryType) + Len(QueryValue) + 3));
		if (QueryRest == "")
		{
			FinalPacket = "final";
			return true;
		} else
			return true;
	} else {
		return false;
	}
}

function string ParseQuery( IpAddr Addr, coerce string QueryStr, int QueryNum, out int PacketNum )
{
	local string QueryType, QueryValue, QueryRest, ValidationString;
	local bool Result;
	local string FinalPacket;
	
	Result = ParseNextQuery(QueryStr, QueryType, QueryValue, QueryRest, FinalPacket);
	if( !Result )
		return "";

	if( QueryType=="basic" )
	{
		// Ignore.
		Result = true;
	}
	else if( QueryType=="secure" )
	{
		ValidationString = "\\validate\\"$Validate(QueryValue, Query.GameName);
		Result = SendQueryPacket(Addr, ValidationString, QueryNum, ++PacketNum, FinalPacket);
	}
	return QueryRest;
}

// SendQueryPacket is a wrapper for SendText that allows for packet numbering.
function bool SendQueryPacket(IpAddr Addr, coerce string SendString, int QueryNum, int PacketNum, string FinalPacket)
{
	local bool Result;
	if (FinalPacket == "final") {
		SendString = SendString$"\\final\\";
	}
	SendString = SendString$"\\queryid\\"$QueryNum$"."$PacketNum;

	Result = SendText(Addr, SendString);

	return Result;
}

defaultproperties
{
     UpdateMinutes=1
     MasterServerPort=27900
     TargetQueryName=MasterUplink
     RemoteRole=ROLE_None
}

So when you uplink to his server you open a port (If I use the word backdoor would you take it more seriously) where he can if he wanted to or by mistake send packets to crash a server. Not only him but anyone adding a master server with the lines he's promoting

Here's a sample from his site, take note of the IpServer.UdpServerUplink lines

Spoiler

Code: Select all

[Engine.GameEngine]
CacheSizeMegs=4
UseSound=True
ServerActors=IpDrv.UdpBeacon
ServerActors=IpServer.UdpServerQuery
ServerActors=IpServer.UdpServerUplink MasterServerAddress=unreal.epicgames.com MasterServerPort=27900
ServerActors=IpServer.UdpServerUplink MasterServerAddress=master0.gamespy.com MasterServerPort=27900
ServerActors=IpServer.UdpServerUplink MasterServerAddress=master.telefragged.com MasterServerPort=27500
ServerActors=IpServer.UdpServerUplink MasterServerAddress=darkelarious.blicky.net MasterServerPort=27900
ServerActors=IpServer.UdpServerUplink MasterServerAddress=master.333networks.com MasterServerPort=27900
ServerActors=UWeb.WebServer
ServerPackages=SoldierSkins
ServerPackages=Botpack

Here is securevalidate readme. you decide for yourselves

Spoiler

ReadMe to the SecureValidate package

*** What is this thing?
*** How to install it?




*** What is this thing?

Well, as some of you have heard, and, well I assume all of you have
heard it, or you wouldn't have downloaded this package, a new vulnerability
in the Unreal engine has been discovered. The same guy, who discovered
several previous issues, Luigi Auriemma, that lead to UT440 and UT451,
announced a new bug he discovered. It's a quite simple bug and with it is
also quite simple to crash lots of unreal servers by sending a single UDP
package.

You can read more information about this security issue here:
http://aluigi.altervista.org/adv/unsecure-adv.txt

The mentioned solution of this problem is implemented by this package, at
least for the most urgent part.



The Validate-function is only used three times in standard UT. This package
implements two classes which extend two other classes with two of the calls
and checking the parameters before letting them handled by the original
(faulty) class.

These two classes are overridden:
IpServer.u
UdpServerUplink extends UdpLink
function string ParseQuery( IpAddr Addr, coerce string QueryStr, ...

UdpServerQuery extends UdpLink
function string ParseQuery( IpAddr Addr, coerce string Query, ...

UdpServerUplink is used to register the server within the global server list
by sending frequently UDP packages. While the master server doesn't seem to
send any packages, he is able to and read packages are parsed. So if someone
hacks one of the master servers or their DNS they may be able to send these
UDP packages. And because it is UDP also other people can send UDP-packages
with the faked IP and port of the master servers to crash the Server.

UdpServerQuery is used to send information about the server to any querying
client. This may be UnrealTournament or any tool to query servers out there
and of course also a bad person trying to hack you server.
Some mods or add-ons (older versions of Pure (< 6E); some versions of MapVote?)
may replace the default handler class. So you have to decide whether you want
their additional functionality/protection or of this class.



This class is _not_ reimplemented:
UBrowser.u
UBrowserGSpyLink (InternetInfo <- InternetLink <- TcpLink <- UBrowserBufferedTcpLink)
function GotMatch(int MatchData)

UBrowserGSpyLink is used to receive the global server list from one of the
master servers. As this implies this is a functionality of a client, not of
a server. Also this is TCP meaning it is quite complicated to insert packages
with a faked IP, also it is not a permanent connection, generally only used
only for a few seconds. So unless someone hacks one of the master servers or
their DNS this can't be used to hack the server or client.
Also the name of this class is hard coded in it's factory class
UBrowserGSpyFact and reimplemented for instance in the RocketArena-Mod.





*** How to install it?

You have to copy both files SecureValidate.u and SecureValidate.int into the
system directory of UT. Now we'll start a little UnrealTournament.ini-changing
spree:

You have to change four line in the section Engine.GameEngine, here the
original code (of course you might use another cache size):

[Engine.GameEngine]
CacheSizeMegs=4
UseSound=True
ServerActors=IpDrv.UdpBeacon
ServerActors=IpServer.UdpServerQuery
ServerActors=IpServer.UdpServerUplink MasterServerAddress=unreal.epicgames.com MasterServerPort=27900
ServerActors=IpServer.UdpServerUplink MasterServerAddress=master0.gamespy.com MasterServerPort=27900
ServerActors=IpServer.UdpServerUplink MasterServerAddress=master.mplayer.com MasterServerPort=27900

Now the new lines:

[Engine.GameEngine]
CacheSizeMegs=128
UseSound=True
ServerActors=IpDrv.UdpBeacon
ServerActors=SecureValidate.SVUdpServerQuery
ServerActors=SecureValidate.SVUdpServerUplink MasterServerAddress=unreal.epicgames.com MasterServerPort=27900
ServerActors=SecureValidate.SVUdpServerUplink MasterServerAddress=master0.gamespy.com MasterServerPort=27900
ServerActors=SecureValidate.SVUdpServerUplink MasterServerAddress=master.mplayer.com MasterServerPort=27900

As you see you have to simply exchange IpServer. with SecureValidate.SV four
times. This will result in using the new classes instead of the old ones.

Also you have to create a renamed copy of the following section:

[IpServer.UdpServerQuery]
GameName=ut

copy and/or rename this section to (this may be optional):

[SecureValidate.SVUdpServerQuery]
GameName=ut

likewise you could copy/rename the section
[IpServer.UdpServerUplink]
to
[SecureValidate.SVUdpServerUplink]
.



That's installing. No further configuration - besides like the
original classes - is needed.
This is a server-side only package, no client has to load it or
have it installed.









I hope everything works fine, ... it's really a quite simple package, so
it should.


Happy fragging,
JustDoIt
--
#loki.ut on irc.quakenet.org

EUT, New_Ipserver, and the ones he mentioned in the readme all fix this as well. I don't think I need to mention the "unwillingness" of setting up links or ability to act in the way a master server should, passing on raw lists of those servers in real-time to leafs like other people have expressed interest in hosting. He could set all this up over time with no pressure if he wanted to but doesn't express interest or act like he cares. The fact he says he will pull the plug if he ever gets attacked is telling on it's own. I consider it a legit question, he may be the nicest guy in the world doesn't exclude the fact someone in his position can severely abuse their position or be hacked like the readme says as well. I don't want to end all this on a negative note but I'm really lost for words, sorry

[Darkelarious]

Let's start with your last/negative note, billybill.
I consider the way you interact with me to be rude. As you said, you skimmed over my post, instead of actually reading it carefully. I took the time to write a response, the least you could do is read it. You then reacted quite offensive with which I read as "you're either wrong or not telling". I do not know in which culture that is normal; I consider this offensive and I do not want to participate in a discussion/thread where people have this attitude. If this happens again, I'm out. I trust that I have myself clear how I think about this, now and in the future.

Now some actual content.
Do I understand correctly that your entire fuzz is about the example lines that are currently written on http://333networks.com/masterserver where I use

Code: Select all

ServerActors=IpServer.UdpServerUplink MasterServerAddress=master.333networks.com MasterServerPort=27900

instead of

Code: Select all

ServerActors=SecureValidate.SVUdpServerUplink MasterServerAddress=master.333networks.com MasterServerPort=27900

Is that what this is all about?

Then I have a few generic questions that may have been answered by somebody else before, or perhaps not have been considered in the first place:

1) We know the UdpServerUplink sends out a heartbeat. Does the SecureValidate uplink send the exact same heartbeat? If yes, then what is the difference between this uplink and the old one? Or if there is a difference, what difference is it, then? In case of the former, then why would you need this SecureValidate uplink? In case of the later, it would unevitably mean that I will have to adjust my master to work with it.

2) Am I correct to understand that the SecureValidate.SVUdpServerQuery does exactly the same as the old IpServer.UdpServerQuery, except that it truncates incoming secure strings at n characters? If yes, then why is the master the problem? As I understand your essay, you are worried that I am able to obtain your server address and port, and send malicious queries to it. Your assumption is correct that I can write my query bot to send malicious queries. The big BUT here, is that everybody with a network tool or php script --as you pointed out-- can crash the server, you do not need my master server or query bot for that, you just take the server address from your UBrowser. And SecureValidate solves that problem.

I must say that I am a bit surprised that you are so freely willing to post the instructions on crashing a server this way. I can only guess that there are still hundreds of unprotected servers. Handing people with malicious intent the receipe for chaos is not in the community's best interest.

At this point I am still assuming that you are only referring to these example lines with IpServer versus SecureValidate. If it is the administrator's choice to use this SecureValidate instead of IpServer, then would the administrator not be smart enough to realize that my tutorial only uses the DEFAULT lines from UnrealTournament.ini, and would the administrator not be comprehensive enough to replace the IpServer from the example with his/her own SecureValidate --or any IpServer candidate for that matter-- instead? Besides, today it is SecureValidate, tomorrow another. I can not be expected to keep track of all alternatives and utilize them in my tutorial.

Which brings me to another point. I think it is the responsibility of the administrator to make sure his/her server is "secure". With that I mean: be careful with your passwords (do not bind them to keys) and make sure that everything works. It is in my mentality to be trusting towards people. I make something nice for them (for example, an UT server), they do efforts to have fun and not to break it on purpose. If somebody (systematically) tries to break something for which I did efforts, all the fun is over. I do not use the SecureValidate, because it serves no purpose. If somebody wants to damage it, they will find a way, with or without protection. And in that case, I'm out. Please do not take that as ignorance, but as a statement.


However.
The role of security for the master server still remains unclear to me. From your first comment/post in this thread, I assume you referred to security to prevent the master server from being crashed. Of course, I have my basic line of defense, such as sanitizing SQL input and protection from flooding. DDoS attacks are handled by the provider, but they would take the website, UT servers and such offline with it. With common sense and proper input verification you can most of the risks scaled down. Again, none of them applies specifically to the master server. I also happen to have made a threat assessment long before the first version of the master: what happens if my server gets "hacked"? What content would it leak? What confidential material? What can I do against that? As for transparency and being trusted with what I do, I also shared the source code of the entire project in my own git repository of which I shared the link several times now. There is tons of safe and unsafe code, all structured and semi-regularly updated. That way, everybody can make the same threat assessment on his/her own.

The 333networks master server has exactly the same behaviour as the official master servers. I first recorded the exchange between UBrowser and UT server, later I observed the behaviour between UBrowser and master server. With plain old-fashioned reverse engineering, I put my own master server together. I take pride in the progress that I have made with it and I am proud that a lot of people started using it already. This has always been, and probably will be for a very long time, a work in progress. Simply said, this has been my hobby, if you (anybody) do not like it, there is nothing from stopping you to try and make your own.

As far as I know, there is no way for the master server to determine whether somebody is using the IpServer or SecureValidate on the UT server, apart from crashing the server to test. That means that for the master server, it does not matter which IpServer equivalent you use, as their responses are supposed to be the same. Even worse, there are custom variants that generate/insert fake players and/or bots, as we discovered already. I can not detect them until I know how they exactly work, and only then it remains to be seen whether I can come up with a viable solution, within a reasonable time frame.

Which brings me back to the suggested "don't care" and "unwilling". By my long posts you may have guessed that it is not really a matter of "no care". But there is also regular work to be done, and life is more than programming and playing UT. The "shared" version, where different masters could exchange servers with each other, is a good example. Brilliant idea, practical application, significant improvement and effectiveness of resources. But not simple to write either. What protocol do we use? And amongst master servers? Do they also need to query the UT servers themselves, or only the list of servers? There are practical questions, technical issues. Each and every one of them requires time to be implemented. I have been working on this function for quite some time already, even before it was brought up here. It is partially implemented: current master can query other master servers, and can be queried, but it would be a nicer implementation if it could automatically update the list of other masters too. It is all out there in 333networks' git hub, but what it lacks is people who actually bother to go through all of the code before they complain/comment. I have a simple rule about my source code: if you can use it you are free to do so; if you can not understand it, then simply do not use it.

Everybody is free to make suggestions or recommendations. I am glad that people use the master and report it when they find something odd, bugs or other unforeseen features. Next to that, I am the only one who has the knowledge of this particular mixture of programming language, modules and implementation within UT, therefore I am the only one who can make the actual contributions. On the other hand, I also reserve the right to decide what I want in or not. When somebody suggests to add certain features, I either consider them practical/useful, or I consider them irrelevant or too much work to be implemented right away. I also want to implement a number of functions still, but I need time to work my way through them. Whether I get to it is another question. I do not have to express interest or act like I care or not. As I said before; this is my hobby, that implies that I care by default. To put it more crude: I decide on my own when or whether I want to implement something or not. I am not somebody to whom you can say what to do and expect that I will do it according to your ways and ideals. Please consider that when you ask me about something in your next posts. If you do not like it, you are free to use the source code and write your own. Even better, I am also still working on the documentation how everything works and how I implemented it. That way everybody can build on the original master I wrote.


When asking questions, be aware of the response you could get. In my case, that is in 99% of the cases a very elaborate and detailed answer, in which I try to address everything as accurately as I possibly can. That's why I should not become a politician-- I give honest answers and I try to do things that are in people's best interest. And you may have figured out by now that I like writing. Whether it is UT documentation or a master server.

[UT99.org]

But, why does the uplink class open one port higher than the query port for listening (Usually 7779)?

Original Question. And you mis-quoted me with this

You then reacted quite offensive with which I read as "you're either wrong or not telling". I do not know in which culture that is normal; I consider this offensive and I do not want to participate in a discussion/thread where people have this attitude. If this happens again, I'm out. I trust that I have myself clear how I think about this, now and in the future.

here is the actual quote

Uhm why are you dodging the question like this? How hard can it be to say no I am mistaken or no the code in that object is redundant.

The I in this refers to myself, so read it again.

So as for this one,

I took the time to write a response, the least you could do is read it.

I don't think you have properly read any of those posts given all of the above. So based on that hypocrisy I neglected to go on with the rest of your post. So here is the question one more time let's see where this goes

But, why does the uplink class open one port higher than the query port for listening (Usually 7779)?

Uhm why are you dodging the question like this? How hard can it be to say no I am mistaken or no the code in that object is redundant.

[papercoffee]

OK ...Can we all calm down now?
I don't know shit about server and their security, but I don't like the prevailing mood of the two last posts of you.