[Server] - Man in the middle attack

Comments

• Krash

  January 2009 edited January 2009

  This is something I suspected would come up soon enough and is likely due to the way the IP verification determines its own address. I'll try to make sure we address this in the next update, but for now a temporary fix that should work for servers using a different BindAddress is to use the following line to set the IP check variable manually:
  $IPv4::InetAddress = $Host::BindAddress;
  
  If you pop this into any file that loads before our scripts are run (maybe create a new .cs file to pop in autoexec if you run multiple configs) it should be fine assuming it's set to the IP the clients see.
  I'm asleep at the moment myself, but in the morning I can open the script on our end and check it out.
  
  
  Edit: I've updated the installer with something that should fix this particular problem (as well as an uninstaller, but that's unrelated). If you don't want to download the whole thing, you could just replace your existing T2csri.vl2 with this: http://www.tribesnext.com/krash/T2csri.vl2
• bbrandon

  January 2009

  That did the trick.
  
  Thanks!
• DDRDigital

  August 2011

  That ruined my login.
• JJack Booted Thug

  March 2014

  Krash January 2009

  This is something I suspected would come up soon enough and is likely due to the way the IP verification determines its own address. I'll try to make sure we address this in the next update, but for now a temporary fix that should work for servers using a different BindAddress is to use the following line to set the IP check variable manually:
  $IPv4::InetAddress = $Host::BindAddress;
  
  If you pop this into any file that loads before our scripts are run (maybe create a new .cs file to pop in autoexec if you run multiple configs) it should be fine assuming it's set to the IP the clients see.
  I'm asleep at the moment myself, but in the morning I can open the script on our end and check it out.
  
  
  Edit: I've updated the installer with something that should fix this particular problem (as well as an uninstaller, but that's unrelated). If you don't want to download the whole thing, you could just replace your existing T2csri.vl2 with this: http://www.tribesnext.com/krash/T2csri.vl2
  

  
  Is this file available anywhere?
  
  I am getting the error listed above.
• Krash

  March 2014

  This particular error was fixed back then, and I included the update in the installer shortly after. Effectively how the server determines if the connecting address is reasonable is that the client indicates the server it believes it connected to, then checks this against the primary public address the server is reporting. If this fails, it then checks against a variety of common LAN address conditions, as well as the $Host::BindAddress if it's being used on a server with multiple IPs. If none of these passes, the client is disconnected with the error above.
  
  Are you connecting to a local server? If so, what address are you attempting to connect to?
• JJack Booted Thug

  March 2014

  Krash March 2014

  This particular error was fixed back then, and I included the update in the installer shortly after. Effectively how the server determines if the connecting address is reasonable is that the client indicates the server it believes it connected to, then checks this against the primary public address the server is reporting. If this fails, it then checks against a variety of common LAN address conditions, as well as the $Host::BindAddress if it's being used on a server with multiple IPs. If none of these passes, the client is disconnected with the error above.
  
  Are you connecting to a local server? If so, what address are you attempting to connect to?

  
  I am trying to set up a server on my other computer and it seems to be working but when I try and join I get the man in the middle error.
  
  The server is called "Boot" in the server list.
  
  
  
  I also tried adding that bit of code in the VL2 but when I zipped it back up the file was half the size which was weird. Anyway it seemed to work and I could join but I would drop after a few minutes.
• JJack Booted Thug

  March 2014

  Is that installer with the fix the main T2 download that has the multiple links or just the patch?
  
  I tried applying the patch again but it didn't fix the problem.
• Krash

  March 2014

  The patch. The fix that was applied to the man in the middle check just enabled $Host::BindAddress as an allowable destination IP on servers with different WAN addresses to bind to.
  
  If you use non-standard addresses for your LAN and want to connect yourself using your internal address, you might need to add the format to the IP check. However, if you're trying to connect to your server's bound WAN address, it should automatically allow the connection if the bind preference is correctly set.
  
  If you're able to connect and are dropped after minutes, it's not caused by this issue, as the check occurs only when joining. A common cause of delayed disconnections is the $Host::CRCTextures preference, which will disconnect any players running custom skins. I would make sure it is set to $Host::CRCTextures = 0; in your serverprefs.
• JJack Booted Thug

  March 2014

  I was able to join via going into Classic Online and adding the local machines IP and directly joining that. If I try and join via the internet IP I get the man in the middle error.
  
  I am new to this so am trying to figure it out.
  
  
  My server seems to reset itself pretty often which is why I was getting disconnected.
  
  
  
• Krash

  March 2014

  Yeah, if you're getting it when connecting to the internet address, the IP the client sees and notifies the server of on joining just doesn't match the address detected by the web service or an address you've attempted to bind the server to.