Forum

Results 1 to 7 of 7
  1. #1
    Join Date
    October 2011
    Posts
    6

    Exclamation Mac clients getting tempbanned on Linux server with CSF

    I run both a game server and a TS 3 server on my Linux CentOS machine. I do have CSF running on the server.

    Issue: Mac players can connect to the game server with no issue of being tempbanned from my machine. However, if they connect to the TS 3 server, whether or not they are connected to the game server, my CSF tempbans their IP due to their machine port scanning my server. PC and Linux players don't have this problem.

    No, I am not going to have their IP white-listed within CSF nor will I disable tempbans due to port scanning. Some players use different locations so white-listing their IP would be pointless.

    A: Why does the TS 3 client on Mac ONLY cause their machine to port scan my server?
    B: What can I have my Mac players adjust or do on their computer to prevent this from happening?
    C: Or, is this a bug that TS is aware of?

    Here is an example of CSF's tempban report for one of my players:

    Code:
    [[email protected] ~]# grep -R -ip snipped- /etc/csf/*
    /etc/csf/csf.tempban:1313446204|-ip snipped-||in|3600|lfd - *Port Scan* detected from -ip snipped- (GB/United Kingdom/host-ip snipped-.range81-129.btcentralplus.com). 11 hits in the last 260 seconds
    /etc/csf/csf.tempip:-ip snipped-|0|1313446204
    /etc/csf/stats/iptables_log:|Aug 15 18:08:54 mc kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=-snipped- SRC=-ip snipped- DST=-ip snipped- LEN=64 TOS=0x00 PREC=0x00 TTL=38 ID=27862 DF PROTO=TCP SPT=52189 DPT=41144 WINDOW=65535 RES=0x00 SYN URGP=0
    /etc/csf/stats/iptables_log:|Aug 15 18:08:56 mc kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=-snipped- SRC=-ip snipped- DST=-ip snipped- LEN=64 TOS=0x00 PREC=0x00 TTL=38 ID=17633 DF PROTO=TCP SPT=52189 DPT=41144 WINDOW=65535 RES=0x00 SYN URGP=0
    /etc/csf/stats/iptables_log:|Aug 15 18:08:56 mc kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=-snipped- SRC=-ip snipped- DST=-ip snipped- LEN=64 TOS=0x00 PREC=0x00 TTL=38 ID=21722 DF PROTO=TCP SPT=52189 DPT=41144 WINDOW=65535 RES=0x00 SYN URGP=0
    /etc/csf/stats/iptables_log:|Aug 15 18:08:57 mc kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=-snipped- SRC=-ip snipped- DST=-ip snipped- LEN=64 TOS=0x00 PREC=0x00 TTL=38 ID=53759 DF PROTO=TCP SPT=52189 DPT=41144 WINDOW=65535 RES=0x00 SYN URGP=0
    /etc/csf/stats/iptables_log:|Aug 15 18:08:58 mc kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=-snipped- SRC=-ip snipped- DST=-ip snipped- LEN=64 TOS=0x00 PREC=0x00 TTL=38 ID=11201 DF PROTO=TCP SPT=52189 DPT=41144 WINDOW=65535 RES=0x00 SYN URGP=0
    /etc/csf/stats/iptables_log:|Aug 15 18:08:59 mc kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=-snipped- SRC=-ip snipped- DST=-ip snipped- LEN=64 TOS=0x00 PREC=0x00 TTL=38 ID=64970 DF PROTO=TCP SPT=52189 DPT=41144 WINDOW=65535 RES=0x00 SYN URGP=0
    /etc/csf/stats/iptables_log:|Aug 15 18:09:01 mc kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=-snipped- SRC=-ip snipped- DST=-ip snipped- LEN=64 TOS=0x00 PREC=0x00 TTL=38 ID=36823 DF PROTO=TCP SPT=52189 DPT=41144 WINDOW=65535 RES=0x00 SYN URGP=0
    /etc/csf/stats/iptables_log:|Aug 15 18:09:06 mc kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=-snipped- SRC=-ip snipped- DST=-ip snipped- LEN=48 TOS=0x00 PREC=0x00 TTL=38 ID=52460 DF PROTO=TCP SPT=52189 DPT=41144 WINDOW=65535 RES=0x00 SYN URGP=0
    /etc/csf/stats/iptables_log:|Aug 15 18:09:13 mc kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=-snipped- SRC=-ip snipped- DST=-ip snipped- LEN=48 TOS=0x00 PREC=0x00 TTL=38 ID=25336 DF PROTO=TCP SPT=52189 DPT=41144 WINDOW=65535 RES=0x00 SYN URGP=0
    /etc/csf/stats/iptables_log:|Aug 15 18:09:29 mc kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=-snipped- SRC=-ip snipped- DST=-ip snipped- LEN=48 TOS=0x00 PREC=0x00 TTL=38 ID=52461 DF PROTO=TCP SPT=52189 DPT=41144 WINDOW=65535 RES=0x00 SYN URGP=0
    /etc/csf/stats/iptables_log:|Aug 15 18:10:01 mc kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=-snipped- SRC=-ip snipped- DST=-ip snipped- LEN=48 TOS=0x00 PREC=0x00 TTL=38 ID=46796 DF PROTO=TCP SPT=52189 DPT=41144 WINDOW=65535 RES=0x00 SYN URGP=0
    I've searched Google and the forums and couldn't find anything...

    Any help will be appreciated. Thanks.

  2. #2
    Join Date
    October 2011
    Posts
    6
    Is it possible to get information from the developers why the Mac client is port scanning?? Or does that have to be for the "paid" users?

  3. #3
    Join Date
    June 2008
    Posts
    18,396
    The Mac client does not start any port scans!
    The client asks for the same ports as the windows and linux client does.

    Please do not reopen a new thread for the same topic!
    When sending me private messages: Please make sure to include reference link to your forum thread or post.

    TeamSpeak FAQ || What should i report, when i open a client thread?

  4. #4
    Join Date
    October 2011
    Posts
    6
    At least it got this thread some attention!

    Then why tell me this only happens to my Mac users when they connect to the TeamSpeak server? As they can visit a web page that the same address is hosting and connect to the game server on it with no problem? Within a minute or two of them connecting to the TS server, their machine starts port scanning. The only common instances are Mac OS and TeamSpeak server. I would be happy to demonstrate this on demand as I have many [Mac] users unable to use my TS server.

  5. #5
    Join Date
    June 2008
    Posts
    18,396
    Please tell me the ip for your server ,to connect to it with a windows and mac machine.

    But we don't know what is going on there.
    Last edited by dante696; November 24th, 2011 at 09:49 AM.
    When sending me private messages: Please make sure to include reference link to your forum thread or post.

    TeamSpeak FAQ || What should i report, when i open a client thread?

  6. #6
    Join Date
    May 2006
    Location
    Europe/Czech Rep.
    Posts
    1,616
    In case of an connection to any server what ts3client do is:

    ask OS resolver for DNS name translation
    try to connect to tsdns
    - - that is your source of problems, not reading documentation(tsdns uses 41144/tcp),
    Code:
    PROTO=TCP SPT=52189 DPT=41144
    - - allow/reject incoming connections to 41144/tcp in your firewall to fix the problem
    - - Optionaly you could start using tsdns, and read more about that featue
    try to connect to UDP port to the IP adress found
    could use 30033/tcp for filetransfer of icons/avatars or file browser

  7. #7
    Join Date
    October 2011
    Posts
    6
    @Tomas:

    Hmm.... I'll try that. Odd that it's only Macs that do that.

    @dante696:

    If Tomas' suggestion doesn't work, I'll let you know what the address is and PM you the password.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •