TribesNext

Welcome, Guest. Please login or register.
Did you miss your activation email?


TribesNext >  TribesNext.com Forums >  Support >  [Server] - Man in the middle attack « previous next »
Pages: [1] Print
Author Topic: [Server] - Man in the middle attack
Brandon
Nugget
Posts: 17

View Profile
January 05, 2009, 01:04:03 AM »
When a server is hosted on a secondary IP and a client tries to connect an error pops up that says.

'Potential man in the middle attack detected. Your client claims it connected to: xxx.xxx.xxx.xxx, but the server does not consider this reasonable.'

Any ideas what might cause this?

PS. Primary IP's work fine.
Krash
Administrator
Posts: 222

View Profile
1: January 05, 2009, 02:24:41 AM »
This is something I suspected would come up soon enough and is likely due to the way the IP verification determines its own address.  I'll try to make sure we address this in the next update, but for now a temporary fix that should work for servers using a different BindAddress is to use the following line to set the IP check variable manually:
$IPv4::InetAddress = $Host::BindAddress;

If you pop this into any file that loads before our scripts are run (maybe create a new .cs file to pop in autoexec if you run multiple configs) it should be fine assuming it's set to the IP the clients see. 
I'm asleep at the moment myself, but in the morning I can open the script on our end and check it out.


Edit: I've updated the installer with something that should fix this particular problem (as well as an uninstaller, but that's unrelated).  If you don't want to download the whole thing, you could just replace your existing T2csri.vl2 with this: http://www.tribesnext.com/krash/T2csri.vl2
« Last Edit: January 05, 2009, 12:37:16 PM by Krash »

Brandon
Nugget
Posts: 17

View Profile
2: January 05, 2009, 12:40:01 PM »
That did the trick.

Thanks!
DRDigital
Nugget
Posts: 1

View Profile
3: August 30, 2011, 07:20:51 AM »
That ruined my login.
Jack Booted Thug
Nugget²
Posts: 69

View Profile
4: March 25, 2014, 04:48:01 PM »
This is something I suspected would come up soon enough and is likely due to the way the IP verification determines its own address.  I'll try to make sure we address this in the next update, but for now a temporary fix that should work for servers using a different BindAddress is to use the following line to set the IP check variable manually:
$IPv4::InetAddress = $Host::BindAddress;

If you pop this into any file that loads before our scripts are run (maybe create a new .cs file to pop in autoexec if you run multiple configs) it should be fine assuming it's set to the IP the clients see. 
I'm asleep at the moment myself, but in the morning I can open the script on our end and check it out.


Edit: I've updated the installer with something that should fix this particular problem (as well as an uninstaller, but that's unrelated).  If you don't want to download the whole thing, you could just replace your existing T2csri.vl2 with this: http://www.tribesnext.com/krash/T2csri.vl2


Is this file available anywhere?

I am getting the error listed above.
Krash
Administrator
Posts: 222

View Profile
5: March 25, 2014, 05:24:36 PM »
This particular error was fixed back then, and I included the update in the installer shortly after.  Effectively how the server determines if the connecting address is reasonable is that the client indicates the server it believes it connected to, then checks this against the primary public address the server is reporting.  If this fails, it then checks against a variety of common LAN address conditions, as well as the $Host::BindAddress if it's being used on a server with multiple IPs.  If none of these passes, the client is disconnected with the error above.

Are you connecting to a local server?  If so, what address are you attempting to connect to?

Jack Booted Thug
Nugget²
Posts: 69

View Profile
6: March 25, 2014, 05:54:07 PM »
This particular error was fixed back then, and I included the update in the installer shortly after.  Effectively how the server determines if the connecting address is reasonable is that the client indicates the server it believes it connected to, then checks this against the primary public address the server is reporting.  If this fails, it then checks against a variety of common LAN address conditions, as well as the $Host::BindAddress if it's being used on a server with multiple IPs.  If none of these passes, the client is disconnected with the error above.

Are you connecting to a local server?  If so, what address are you attempting to connect to?

I am trying to set up a server on my other computer and it seems to be working but when I try and join I get the man in the middle error.

The server is called "Boot" in the server list.



I also tried adding that bit of code in the VL2  but when I zipped it back up the file was half the size which was weird. Anyway it seemed to work and I could join but I would drop after a few minutes.
Jack Booted Thug
Nugget²
Posts: 69

View Profile
7: March 25, 2014, 05:55:16 PM »
Is that installer with the fix the main T2 download that has the multiple links or just the patch?

I tried applying the patch again but it didn't fix the problem.
Krash
Administrator
Posts: 222

View Profile
8: March 25, 2014, 06:18:07 PM »
The patch.  The fix that was applied to the man in the middle check just enabled $Host::BindAddress as an allowable destination IP on servers with different WAN addresses to bind to.

If you use non-standard addresses for your LAN and want to connect yourself using your internal address, you might need to add the format to the IP check.  However, if you're trying to connect to your server's bound WAN address, it should automatically allow the connection if the bind preference is correctly set.

If you're able to connect and are dropped after minutes, it's not caused by this issue, as the check occurs only when joining.  A common cause of delayed disconnections is the $Host::CRCTextures preference, which will disconnect any players running custom skins.  I would make sure it is set to $Host::CRCTextures = 0; in your serverprefs.

Jack Booted Thug
Nugget²
Posts: 69

View Profile
9: March 25, 2014, 06:45:34 PM »
I was able to join via going into Classic Online and adding the local machines IP and directly joining that. If I try and join via the internet IP I get the man in the middle error.

I am new to this so am trying to figure it out.


My server seems to reset itself pretty often which is why I was getting disconnected.


Krash
Administrator
Posts: 222

View Profile
10: March 26, 2014, 11:14:44 AM »
Yeah, if you're getting it when connecting to the internet address, the IP the client sees and notifies the server of on joining just doesn't match the address detected by the web service or an address you've attempted to bind the server to.

Pages: [1] Print 
« previous next »
Jump to:  

irc.tribalwar.com / #TribesNext Powered by SMF 1.1.19 | SMF © 2005, Simple Machines
anything