Forum

Results 1 to 9 of 9
  1. #1
    Join Date
    July 2006
    Location
    business
    Posts
    7

    Server opening new connections

    Hi folks,

    setting up an iptables based firewall I just noticed some unusual outgoing traffic originating from port 8767 on my linux machine running TS to port 45647 on a remote machine. It took me quite some time to find any forum threads on this topic, like:
    http://forum.goteamspeak.com/showthread.php?t=15016
    http://forum.goteamspeak.com/showthread.php?t=4708

    I admit I didn't follow those threads in detail. But since the Server-FAQ still says that opening port 8767 UDP suffices to make TS work, the FAQ-writers might want to add that *new outgoing connections* are meant as well. It would sure be nice if it was also explained what exactly happens when the TS server opens a UDP connection from port 8767 to port 45647 on a remote machine.

    My first instinct was to assume that TS did something it was not supposed to do, probably by having been hacked. I mean, if there was a connection to port 80 and it mapped to some TS-page like www.goteamspeak.com, it would be easy to figure out what goes on. Instead, a connection originating from port 8767 looks like an attempt of deception/hiding something. In my case, the destination IP 62.146.63.82 maps to a host name which is not even registered (as of the writing of this post). If whois'ing that IP hadn't revealed some reference to TS, I would have been really concerned about the well being of my linux machine.

    I really think this issue should be addressed in the FAQ, even if only few people may ever take note of this kind of traffic.
    Last edited by Peter; July 14th, 2006 at 10:25 AM.

  2. #2
    Bastian Guest
    This connection is part of the public server list and of Triton CIA, LLCs automated usage tracking system for commercial servers.

  3. #3
    Join Date
    July 2006
    Location
    business
    Posts
    7
    Quote Originally Posted by Bastian
    This connection is part of the public server list and of Triton CIA, LLCs automated usage tracking system for commercial servers.
    Ah, okay, thanks for the info!

    I don't feel completely comfortable, though. I sure don't want my server to appear on a public list, since it is strictly private. So is there any chance server admins will get a config switch or an installation command to disable this feature in one of the next releases?

    I mean, if somebody tried to cloak a commercial server which is not licensed, they will find out how to do it easy enough, since from time to time people ask about those outgoing connections right here or on other forums over which you may have no control.
    On the other hand, there is a privacy concern because at least I was not aware of this feature. Just think about the recent touble Apple got into when iTunes started connecting to the music store without asking the user, or the tons of discussion when Firefox included an undocumented ping-attribute (Article on heise.de).

    I would sure feel much more comfortable if this feature was openly documented and if there was an easy way to turn it off.

  4. #4
    Bastian Guest
    Actually you can choose whether all the servers of your server instance should appear on this public list or not by changing the according setting in the servers web administration interface.

    It's called "List public" and can be found in the "Global Settings" section.

  5. #5
    Join Date
    July 2002
    Location
    Germany
    Posts
    2,192
    Quote Originally Posted by Bastian
    It's called "List public" and can be found in the "Global Settings" section.
    Note though that this option does *NOT* prevent this packet of being sent. It only tells the weblist server to not list you publicly. In the second link you sent, the packet structure and contents are layed out, so you can easily verify what is being sent ( http://forum.goteamspeak.com/showpos...27&postcount=6 ).
    Last edited by Peter; July 14th, 2006 at 10:31 AM.
    You think my answer is stupid ? Read This:
    http://www.catb.org/~esr/faqs/smart-...ons.html#intro

    In a world without fences and walls - who needs windows and gates ?

  6. #6
    Join Date
    July 2006
    Location
    business
    Posts
    7
    Thanks for the replies, Bastian and Peter. I'm now convinced that these connections are not evil.

    I still think that they should be mentioned in the FAQ, though, because from time to time people will probably notice them - and the FAQ seems to be the logical place to look for this.

    Another aspect is: does a particular installation of the TS-Server always connect to the same IP, or does the IP change from time to time? This would be important information when setting up a rather tight firewall where outgoing traffic is strictly controlled, especially for admins who want their server to appear on the public list.

  7. #7
    Join Date
    July 2002
    Location
    Germany
    Posts
    2,192
    The packet is sent to weblist.teamspeak.org - the IP may change (if we move the weblist to a different server).
    You think my answer is stupid ? Read This:
    http://www.catb.org/~esr/faqs/smart-...ons.html#intro

    In a world without fences and walls - who needs windows and gates ?

  8. #8
    Join Date
    July 2006
    Location
    business
    Posts
    7
    Quote Originally Posted by Peter
    The packet is sent to weblist.teamspeak.org - the IP may change (if we move the weblist to a different server).
    Got it!

    But check the current IP's reverse-mapping - if someone has a few spare minutes to adjust that, confusion might be avoided. In fact, I probably wouldn't have started this thread if I hadn't been so confused about that.

  9. #9
    Join Date
    September 2012
    Posts
    1

    Some thoughts

    Quote Originally Posted by Peter View Post
    Note though that this option does *NOT* prevent this packet of being sent. It only tells the weblist server to not list you publicly. In the second link you sent, the packet structure and contents are layed out, so you can easily verify what is being sent ( http://forum.goteamspeak.com/showpos...27&postcount=6 ).
    I have to agree with yurgon.
    I do think that undocumented features should be regarded with suspicion until not cleared.

    It's called "List public" and can be found in the "Global Settings" section.
    I've gone through these settings and this is unselected by me, but TS is still trying to communicate.

    Let's think!
    1) I'm quite sure that a SW not sending out info can't be seen on any public list.
    2) I assume if TS would register itself as public server using 8767 UDP it could send the above mentioned "don't list command" too, but as far as i know this port is used to transfer voice.
    3) If 1) and 2) is true TS needs an other channel to propagate the server or "phone home" as Bastian noted:
    This connection is part of the public server list and of Triton CIA, LLCs automated usage tracking system for commercial servers.
    4) If all the above is true I assume this port can be safely blocked and is not needed if it's for private/clan use.

    I suggest everyone to use a good application firewall.

    I also feel compelled to express my gratitude for providing such quality and free soft as TeamSpeak for the community.

    BR: L
    -------------
    The Bene Gesserit tell no casual lies. Truth serves us better.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Problem with opening TS3 Server to the web
    By Saefr in forum Windows
    Replies: 7
    Last Post: July 27th, 2014, 11:39 AM
  2. Server re-opening
    By Jakamu in forum General Questions
    Replies: 3
    Last Post: August 1st, 2011, 08:00 AM
  3. Replies: 18
    Last Post: April 20th, 2011, 10:34 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •