Strange port action from voobly

 knight_345


Edited 12 April 2017 - 12:47 am by knight_345
Ya i don't get this and i like my firewalls/network defense setup and yes i know its way over the top vs what most people have but i'm kind of a tin foil hat when it comes to this topic.

Explain this topic plz if you can, and iv seen it try and connect all over the place to ips and ports that make no sense, default gateway and final router Ip is 192.168.1.1

trying to send network packets to anything different "A" not going to connect to anything and "B" i'm not understanding the ports its trying to use, mostly this happens when a new player joins a room i'm in or hosting, seen it in the logs try and connect to anything from 192.168.1.2~192.168.1.254 with odd ports, makes no sense.

You must login into Voobly to view image

You must login into Voobly to view image


Ps i can do and setup for wire shark captures from the last router to the adsl modem if needed if that's helpful.

I'm setup atm to be able to do man in the middle attacks vs my own network if and when needed.

As well all voobly network tests come out with a passed verdict O_o
Link | Reply | Quote
 knight_345


Posted 12 April 2017 - 6:09 pm
Hemmm interesting, and things to read and lookup, ty for links and for tanking the time to help me out.

here is some more strange pics that i'm not understanding.

You must login into Voobly to view image


Here its going on about port 60778 yet im not seeing any of that in my firewall logs as i monitor whats going on in real time as voobly network testing tool is doing its thing, all most makes me want to wireshark the topic to double check if this firewall is reading whats going on the right way.

Port 16000 is forwarded btw in the first router.

You must login into Voobly to view image


In this log it shows everything using port 16000 at my end and connecting to ip
198.50.175.1
198.50.175.2
198.50.175.3

Everything looks good here best i can tell, so not 100% understanding why its trying to connect as you say to proxy at internal ips of 192.168.1.2~254

That's internal ips for networked computers that have nothing to do with the internet, everything at my end is pointing to 192.168.1.1 in the static network setup in windows on the computer i use to game on as well i play other vintage online games on this computer and when i log in to game their not flooding connection attempts at internal ips.

Ps i have twin routers/nat back to back atm on my network setup and i'm working on my 3rd edge freeBSD firewall/nat/IDS as we speak so things will get even more interesting, should i forward port 16000 on the other router as well ?
Link | Reply | Quote
 knight_345


Posted 12 April 2017 - 8:54 pm
Update, was starting to wonder if it was one of my firewalls that was buging and it turns out its not, did a wireshark capture from the last router/nat~wan side to the dsl modem/internet and it seems voobly is spaming connection attemptes from that part of the world at 192.168.xxx.xxx right to the net.

Any ideas whats going on here ?

i can upload full wireshark caputers if needed on the topic.
Link | Reply | Quote
 Mataichi


Posted 15 April 2017 - 3:06 pm
Yo Chris, you really ought to check your PMs once in a while.


Link | Reply | Quote
[1]
Displaying 1 - 4 out of 4 posts
Forum Jump:
1 User(s) are reading this topic (in the past 30 minutes)
0 members, 1 guests