Jump to content


Firewall Actively Banning Traffic


This topic has been archived. This means that you cannot reply to this topic.
4 replies to this topic

Codewriter #1 Posted May 26 2011 - 03:01

    First lieutenant

  • Players
  • 32714 battles
  • 549
  • [BOND] BOND
  • Member since:
    05-06-2011
Hi,

I've been playing WOT's for about 30 days now and I like it.

While playing WOT I have been disconnected from the the game server once every 1-2 hours.   Once I have been kicked off I noticed that I could not re-connect to the game server for at least 15 minutes.

My windows desktop computer is running windows 7 64 bit and sits isolated from the internet by a Smoothwall Firewall appliance router system.

My Smoothwall system will ban all "BAD" internet traffic coming from the source IP address once detected.

Tonight I realized that my WOT disconnect issue was caused by my Smoothwall Firewall applicance router.....it detected a "MS-SQL probe response overflow attempt" type traffic incoming IN to my network from IP:174.34.231.179 on PORT:32864  ...:)

Looking at my Smoothwall Banned IP LIST...I find 13 174.34.231.xxx entries all with the same type of "MS-SQL probe response overflow attempt" type traffic coming in on ports 32864, 32863, 32862.

At this time I still cannot connect to WOT servers.....

I then remove all 13 174.34.231.xxx ban entries in my smoothwall router...and bang....I'm able to reconnect to WOT's game servers....:)


My question is this...what is all this "MS-SQL probe response overflow attempt" traffic coming in from the WOT's game servers on ports not specified for there game use...???

The higest port that WOT's should be using is 32801 through 32825....yes/no..???

n00bpwner #2 Posted May 26 2011 - 03:18

    Staff sergeant

  • Players
  • 3238 battles
  • 266
  • Member since:
    02-04-2011
Alright, I'm not an expert on this subject matter by any stretch of the imagination; in fact, you can probably call me a noob at it :P.  However, the problem MIGHT be one of two things:

1)World of Tanks is directing small amounts of traffic (but apparently enough for your firewall to throw a red flag) through your ISP and your "port".  This could be to alleviate some stress on the main routers...

2)World of Tanks is directing very small amounts of traffic directly through your personal router.  This would, needless to say, be an automatic red flag for your firewall...

Now, I know almost zilch on this subject, so you can pretty much just ignore me :P.  However, one thing I DO know is that it is typically not wise to mess around with your firewall.  That is there for a reason, and it has its settings for a reason.  So, unless you REALLY, REALLY know what you're doing (i.e. you designed the firewall and/or something similar), don't mess with it.  If you hit a wrong key, you can REALLY f*ck up your computer...

ITDUDE #3 Posted May 26 2011 - 04:04

    Major

  • Beta Testers
  • 13905 battles
  • 4,951
  • [VOLGA] VOLGA
  • Member since:
    09-04-2010
WoT servers send a lot of small packets. Perhaps this is what you firewall thinks is a SQL probe attack. Just white list the IP and you'll be fine.

Codewriter #4 Posted May 26 2011 - 15:52

    First lieutenant

  • Players
  • 32714 battles
  • 549
  • [BOND] BOND
  • Member since:
    05-06-2011

View PostITDUDE, on May 26 2011 - 04:04, said:

WoT servers send a lot of small packets. Perhaps this is what you firewall thinks is a SQL probe attack. Just white list the IP and you'll be fine.


White-list the ip sounds like a good idea...but I'm not sure how to whitelist a range of WoT's ips that they use (174.34.231.0 thru 174.34.231.255)...?

Codewriter #5 Posted May 27 2011 - 19:29

    First lieutenant

  • Players
  • 32714 battles
  • 549
  • [BOND] BOND
  • Member since:
    05-06-2011

View PostCodewriter, on May 26 2011 - 15:52, said:

White-list the ip sounds like a good idea...but I'm not sure how to whitelist a range of WoT's ips that they use (174.34.231.0 thru 174.34.231.255)...?

Problem fixed....got updated SNORT rules for firewall/router....bad rule replaced..:))