Odd connection attempt

Blarnathwip80

Hi there,

Just wondering if anyone can help answer a mystery that came up today.

I've been playing around with ServUO for about a week or so, setting up and playing with various scripts and tools just for fun, nothing serious.

Anyway, this afternoon, I noticed something that came up in my console log while I was away from the desk:

03:39:53 Client: X.XX.XXX.XXX: Connected. [1 Online]
03:39:53 Client: X.XX.XXX.XXX: Encrypted client detected, disconnecting
03:39:53 Client: X.XX.XXX.XXX: Disconnected. [0 Online]

I looked up the IP and it was from St Petersburg, Russia. I haven't told anyone about this server as it's just something I was playing around with in my spare time so I'm not entirely sure how someone other than myself would know to try connecting to it.

Does ServUO automatically publish the server you're running to a publicly facing list somewhere? I looked at servuo.com/shards/ to see if it was showing up in there but it's not, so I don't know. I was playing around a few days ago with some third party tools that connect to the server like UO Architect and CentrED+, but that was days ago and those connections showed up as a local IP. Maybe a script I'm using pings out to one of those shard aggregate sites? Is that a common thing?

Just a mystery, any thoughts?

Thanks
 
Have you ever been in the same zip code as Donald Trump? If so this sounds like possible collusion..

On a serious note I'd put up a firewall, and monitor incoming connection attempts to your pc, its possible it had nothing to do with UO and you received a message since you had a server listening, and the correct packets weren't sent for a valid connection. ZoneAlarm has a free firewall software you could try.. It's educational to examine all the pings you receive and track them down to their sources.
 
You don't have to redact IP addresses honestly, even with an IP address you still have to be knowledgeable in order to abuse it :)

It's likely it's just a crawler that's sending a ping of random bytes, port-scanning as it goes.

Any incoming data on the shard listener port is interpreted as a login request, the reason it assumes the client is encrypted is because the first "packet" (first byte of data) for the handshake is not a registered or recognised packet ID by the shard.
 
I get IP connect/disconnects for the ServUO server list, and for a layer count that is registered on the EasyUO website. I just added those IP's as exempt, so the console doesn't blast that information every minute or so.
 
You must log in or register to reply here.
Back