Bans by IP address

[Undeference]

Currently, the ban command will allow banning by IP address only if it matches an address used in the current game. Without too much work, that restriction could be lifted.

Pros:
Editing admin.dat by hand is prone to error and can cause race conditions

Cons:
Makes it very easy for admins to ban the wrong address
IP bans would be by IP address only and not by GUID
The name field would be something like "IP ban" (but you could put the player's name in the reason)

[Lakitu7]

Personally I'd still edit admin.dat because I usually have a guid from the logs and I'd like to use it.

[Teapot]

I honestly don't think it matters. But if you must do it, you should probably use a separate flag.

[Lakitu7]

If we do a separate flag then we can have a separate syntax too (ie one that optionally includes guid), so I'd rather see that.

[jm82792]

Doesn't sound like a bad idea.

[David]

Having in-game commands for things like this seems kinda pointless, IMO it'd make more sense as a server console command, or just fix a way that we can safely edit admin.dat.

[Cadynum]

Yes, but you have to be very very restrictive about who has the command.
Also this doesn't make much sense without allowing a subnet ban in a time when almost everyone has a dynamic ip.
In that case how big subnets are going be be allowed to ban? I'm personally sitting on a /20 for example.

[CATAHA]

There are situations where the server administrator is not even playing Tremulous (for example some ISP creating server and giving some rights to trusted users), he simply set the server and everything. In this case, the game should have a command for admins. In the end, the real owner of the server does not cost anything limit moderators access to the ban by IP.

[swamp-cecil]

I say GUID, because my brother likes to teamkill teammates "by accident", so IP wouldnt be a good idea. Luckily, he only does that on KoRx and none of us cares about KoRx.

[David]

There are situations where the server administrator is not even playing Tremulous (for example some ISP creating server and giving some rights to trusted users), he simply set the server and everything. In this case, the game should have a command for admins. In the end, the real owner of the server does not cost anything limit moderators access to the ban by IP.

Someone needs to be responsible for the server and have access.  There are other things that require file access that are much more common tasks.  (Eg adding maps, changing settings, setting admin levels etc)

[Tremulant]

I say GUID, because my brother likes to teamkill teammates "by accident", so IP wouldnt be a good idea. Luckily, he only does that on KoRx and none of us cares about KoRx.

All the more reason for IP based bans, you can then go and kick the living shit out of him for getting you banned for a week, maybe he'll stop griefing as a result.

btw, can we have an "i'm unqualified to pass judgement" option added to the vote?

[CATAHA]

Someone needs to be responsible for the server and have access.  There are other things that require file access that are much more common tasks.  (Eg adding maps, changing settings, setting admin levels etc)

Yes, but... For example huge russian ISP corbina. Server started, two full admins was given to trusted players, new maps uploading once per 4-6 months. Giving rights and stuff maked by those two admins. And settings... is there really reason changing settings on properly configured server? Dont think so. For example on our clan server we discussed about settings and configured it once. And it still up (year+) and we see no reason change any settings.

UPD: Summing up - better to let it be an admin option to ban by IP. You can always disable its use, but when it is needed it can be given to trusted high-level admins.

[Undeference]

btw, can we have an "i'm unqualified to pass judgement" option added to the vote?

There already is an option for that. It's called "not voting".

Subnet bans (at least /16 or /64 for non-console) are possible using ban. They just require someone to connect in that range during that map.

[Kiwi]

I think this should be allowed, but only given to a select few admins who can be trusted to use it correctly and not make typos.  Perhaps even entering the ip twice should be a safety measure?  Although namelog should take care of most of the problems, the rest should be fixed via editing admin.dat.  There is still no harm in adding it as a feature (you can always not give it to people).

[Lakitu7]

I say GUID, because my brother likes to teamkill teammates "by accident", so IP wouldnt be a good idea. Luckily, he only does that on KoRx and none of us cares about KoRx.

Uh, it's going to always be by ip either way. The only question of guid is if you ban BOTH the ip and the guid, or just the ip. Nobody's going to ban JUST a guid; that's worthless.

[F50]

Perhaps, but there are some griefers who don't know what a GUID is, which makes banning them by GUID more useful than banning by IP.

[David]

Subnet bans (up to /16 or /64 for non-console) are possible using ban.

IMO that needs to be changed, a /16 is a whole ISP's worth, which would be equivalent to a /24 in IPv6.  By current standards a /48 or /56 would be equivalent to a v4 /32.

IMO IPv6 bans should be /64 by default, and allow up to /24 to match with v4 bans.  (Although IMO /16 is a bit OTT).

[swamp-cecil]

Another reason for to do GUID bans: Players can change their IP easily. Guid is a lot more difficult since people will have less experience with it.

[Kiwi]

Another reason for to do GUID bans: Players can change their IP easily. Guid is a lot more difficult since people will have less experience with it.

not really.. changing an ip requires unplugging your router and wait a while (assuming your isp changes your ip when this happens).  Changing your guid requires the removal of 1 file.  The equivalent of 5 sec vs 5 min.

[Qrntz]

Another reason for to do GUID bans: Players can change their IP easily. Guid is a lot more difficult since people will have less experience with it.

not really.. changing an ip requires unplugging your router and wait a while (assuming your isp changes your ip when this happens).  Changing your guid requires the removal of 1 file.  The equivalent of 5 sec vs 5 min.

Unplugging the router is for barbarians. I just do a DHCP release and it gets me another IP.

[cron]

not really.. changing an ip requires unplugging your router and wait a while (assuming your isp changes your ip when this happens).  Changing your guid requires the removal of 1 file.  The equivalent of 5 sec vs 5 min.

Unplugging the router is for barbarians. I just do a DHCP release and it gets me another IP.

Your ISP is strange then, as most ISPs just assign you the same IP address as you had before when releasing/renewing DHCP (unless it's not available for some reason).

[CorSair]

I say we add IP bans, although it doesn't make it totally secure. Same applies to GUID.

[Mr. Phawks]

On connection, the server should query the client for three things as a ban/security measure - name, GUID, IP. The server should automatically log all three of these elements every time a client connects. Using a Tremstats-like database, the server can build a profile for the client; names/GUIDs/IPs are added to the profile any time one of them changes and is linked to another element of the profile.

For example, my profile would list my name as Name1, my GUID as GUID1, and my IP as 192.168.1.1 (I know that's a router IP). I start playing on the server. After a few days, I join a clan and change my name. So [ClanTag]Name1 is added to my profile since it has the same GUID and/or IP. A day later my router crashes and I reboot it. [ClanTag]Name1 logs onto a game to test the connection out afterward. IP 192.168.2.1 is added to [ClanTag]Name1 and the associated GUID. I get enraged after a particularly bad match and ragedelete my Tremulous folder. A few days later I regret it and reinstall. I connect as Name2 with a new GUID and the old IP. Name2 and GUID2 are added to my profile. If anything connects to the server with any one of the logged names/GUIDs/IPs, all three items from the current connection are added to that profile.  This way the server can issue a ban for that profile, and on connection, any client with an associated name, GUID, and/or IP will be refused.

Also, because some people will try to circumvent it via name changes, all name changes in-game or otherwise will be affixed to that said profile. When a name is changed, the profile is queried, and if a ban has been issued, the client is kicked. Wildcards in names can also be used.

Another idea I just had is to have part of the hardcoded game query the client machine's MAC address and submit it as part of the profile. MAC addresses are slightly harder and more dangerous to change, so that may be an effective tool in assisting bans.

[Kiwi]

Then someone takes your name (while you are not there) and decons the rector.  You both get banned for 4 weeks.

[Aelita]

Another idea I just had is to have part of the hardcoded game query the client machine's MAC address and submit it as part of the profile. MAC addresses are slightly harder and more dangerous to change, so that may be an effective tool in assisting bans.

Don't talk out of your ass if you have no clue what you're saying. Not only is this a bad idea because MAC addresses can be trivially changed, the game is also open source and it would also be trivial to change the code to send any arbitrary address.

Linux, BSD, OSX:

Code: [Select]

ifconfig <interface> <hw ether/link/lladdr> 00:11:22:33:44:55Windows: You have to edit the registry and reboot, which is slightly more obnoxious, but not difficult.

Your ISP is strange then, as most ISPs just assign you the same IP address as you had before when releasing/renewing DHCP (unless it's not available for some reason).

Most major ISPs will assign at random unless you've explicitly purchased a static address. Some cable ISPs are exceptions to this (like Comcast).

[Mr. Phawks]

Another idea I just had is to have part of the hardcoded game query the client machine's MAC address and submit it as part of the profile. MAC addresses are slightly harder and more dangerous to change, so that may be an effective tool in assisting bans.

Don't talk out of your ass if you have no clue what you're saying. Not only is this a bad idea because MAC addresses can be trivially changed, the game is also open source and it would also be trivial to change the code to send any arbitrary address.

1) While MAC addresses CAN be changed semi-easily, they are not as easy to change as IP or GUID. As you said, it involves a registry hack and rebooting, which is more complicated than deleting a file or typing two commands in a terminal. Also, and I'm not sure if this applies to all ISPs, but I know from experience that mine used to deactivate the internet when the primary connection MAC address changed. I say used to because I now have a router, which has a constant MAC address. Every time a new desktop would be wired up, we would have to call the ISP to inform them of the change. So, while it may be easy to change, MAC addresses are generally more stable and thus easier to ban than IPs or GUIDs.

2) Yes, the game is open-source. Yes, as such, it is simple to edit/remove code related to the MAC address query. However, by extension, it would also be possible to make alien hitboxes three times larger. Why doesn't everyone do this and get away with it?
 a) It's coding related, which a lot of casual players are not comfortable/savvy with. Even if you find a tutorial online, it involves working with code. A considerable number of people are turned away by that alone.
 b) Pure servers. All official servers, by my understanding, are pure. That means they check for altered content in critical game files. This is how servers prevent clients from using huge hitboxes or modified credit systems and the like. The connection could be refused simply because of modified code, i.e. modified/spoofed MAC address query code.

While my idea involving MAC addresses is no certain fix, it does add an additional level of sophistication to the security/effectiveness of bans. Changing your name takes a few seconds in-game, no big deal, obviously longer if you decide to change it in your autogen.cfg. Changing your IP takes thirty seconds and basic knowledge of using a command prompt/terminal. Changing your GUID takes thirty seconds and finding the right file to delete in the right place. Changing your MAC can easily take five minutes, between registry editing and rebooting.

Basically, it is a bigger hassle to change a MAC address and thus changing it to avoid a ban is more work than most people would want to go through.

Then again, an account system could solve most problems. Official servers would require users to be logged in. The account would be universal and linked to both the website and the game. It could also prevent siblings or users of public/shared computers from getting each other banned from servers. Accounts would be set up basically the same as my profile idea and the forum system.

[David]

Changing the MAC can be done from the GUI on windows, and there are plenty of crapware apps out there to do it nice and easy without a reboot.

And your ISP never see's your computers MAC, they see the MAC of the WAN port on your modem / router.  And the only places that limit MAC are universities and other places stuck in the 1980's.  (Does DSL even have MACs?)

Hit boxes are computed server-side, so the best you could do is confuse your client a lot.  People don't need to know how to code to download THZ or TremFusion and get everything they need to cheat.  The pure check only covers the QVM and assets, not the client.  Thus why there are lots of unofficial clients around.

IMO it's easier to change my MAC than my IP, the MAC takes all of 5 seconds (run a command, reconnect to the wifi), where as the IP takes a few minutes of poking my router, and probably won't change anyway.

The account system has been mooted several times, there lots and lots of issues - political, technical and legal - that mean it's never moved beyond informal chat.


Basically the end result is if you want to become someone new, there's nothing at all we can do about it.  Most attempts to change that would go the same way as DRM, punishing honest people and not affecting the dishonest ones.

[Mr. Phawks]

Out of curiosity, and slightly off topic, what do you mean by political and legal issues? I'm not terribly well versed in the GPL, but I can't imagine any issues that could have with an account system. Unless it's related to some sort of personal identification laws internationally, since the Tremulous community is probably the most diverse I've seen for any game.

[David]

Sharing IP's would cause issues with the EU, and tracking people without an opt-in may cause issues too.  Most of the laws think the web is the internet so probably don't cover us, but would probably still need to be checked (or just ignored).  It's by no means a issue that will stop anything from happening, just a headache for who ever has to look at it all.

By political I was meaning trem-politics, there has to be some central authority everyone trusts, we'd very quickly end up with 5 different people running their own auth-servers, and probably abusing them.

[RedDevil]

a nub admin had handicaped me why he told me i use wallhack but i don't pls speak with him :|