Security risk with running UT99 server

Discussions about Servers
User avatar
jaypeezy
Experienced
Posts: 109
Joined: Fri Feb 26, 2010 1:53 am

Security risk with running UT99 server

Post by jaypeezy » Fri May 02, 2014 11:59 pm

Greetings, everyone. Since January of this year I've managed to get a server running, finally figured out all the various router/port magic I needed to do and people can really connect to it!

In fact, I would really like to have a public server, where I can give people the IP on forums and they can connect to play on it (including you all at UT99.org :D ) but I've been hesitant to do just that.

Admittedly, I don't know a lot about IP addresses/running a server. As far as aimbotting/cheating/stuff like that I could care less, since the gametype and mutators I'd mean to run don't really make it rewarding for whoever would do that anyhow. When I say "security," I'm really asking, are there any ways UT can be exploited to gain access to other parts of my computer in an internet connection? I wouldn't want to risk such a thing happening.

User avatar
Feralidragon
Godlike
Posts: 5313
Joined: Wed Feb 27, 2008 6:24 pm
Personal rank: Work In Progress
Location: Liandri

Re: Security risk with running UT99 server

Post by Feralidragon » Sat May 03, 2014 12:45 pm

Theoretically, there's no risk, since UEngine is a virtual machine by itself, and thus almost all operations you can do should be sandboxed.

If you run native mods however, there's no guarantee what's in them that could be exploited to be able to get some local access (you will have to trust whoever made them). For example, it just takes a native mod to be able to read/write to the file system, and not having the basic security measures applied to it that maybe someone could exploit it to write elsewhere in your PC, as long as reading stuff from it.
But as long as you're not doing so, it should be safe.

If you want to be 99.9999% certain that no one gets access to your machine while running a UT server, you could install Virtual Box, install something like Windows XP (since it's very light), and host the server from there. That way you have a truly sandboxed virtual machine "isolated" from your "real" machine, but you need a good CPU to run it (or at least one with hardware virtualization).

User avatar
Wises
Godlike
Posts: 1089
Joined: Sun Sep 07, 2008 10:59 am
Personal rank: ...

Re: Security risk with running UT99 server

Post by Wises » Sun May 04, 2014 1:57 pm


If you want to be 99.9999% certain that no one gets access to your machine while running a UT server, you could install Virtual Box, install something like Windows XP (since it's very light), and host the server from there. That way you have a truly sandboxed virtual machine "isolated" from your "real" machine, but you need a good CPU to run it (or at least one with hardware virtualization).
Windows XP Would be the target in this case ^

Umfortunately.

JackGriffin
Godlike
Posts: 3765
Joined: Fri Jan 14, 2011 1:53 pm
Personal rank: -Retired-

Re: Security risk with running UT99 server

Post by JackGriffin » Sun May 04, 2014 7:34 pm

Ferali is correct but there is a bit more to consider. Most current routers people are using are supplied by the internet providers and so are in the lower quality range. Why does this matter? Well, you tend to see a lot of server admins running on separate boxes sitting in their garage or spare room and because UEngine is so light on resources and they can get away with using an older (spare) tower that was laying around.
Because the routers are cheaper they don't have robust selection of port forward/port triggering and also many guys don't want to spend the time to figure it all out. They stick that server into a DMZ on the router, it works, and so they stop worrying about it and start playing.

So now you have a box open to the internet, usually without any firewall protection locally, and it's expecting traffic. That's all fine and good but then they start using it for a home FTP server, local file exchange, internet surfing, whatever and the whole time they forget it's sitting outside the protection of the router.

I'm not advocating hurting anyone but spend a little time learning to check open ports on a remote connection then try it on a few of the UT servers you play on. It's going to surprise you.

tl/dr: Don't forget to lock your server down. If you DMZ it needs a local firewall solution to close the unused ports and traffic.
So long, and thanks for all the fish