so i am getting really weird Firewall Spam on port 6000 from the IP 108.61.129.178

http://i.imgur.com/KWrB4Yr.png

IP Adress seems to be connected to Rogean:

http://myip.ms/view/ip_addresses/1815970208/108.61.129.160_108.61.129.191

I am currently NOT running P99 and this spam has been going on for a while now trying to connect.

This is kind of worrying me reading about rootkit accusations of the .dll in the past.

Check if there is an instance of eqgame.exe running in your process list. I'm not at home so I can't compare that udp request to packet captures with Wireshark while playing, but that is something else you could do in your investigating.

no eqgame.exe running, i re-connected the DSL and got a new IP adress, Spam has now stopped. I did play on PEQ this morning and payed a visit to the new Alkabor.

I had now logged to char select in p99 to see if port 6000 is getting spammed again, so far not.

When playing the game there is a constant stream of UDP packets coming and going, they start the second you attempt to connect from login screen. Download the program wireshark (it's free, find it on google) and you can see the packets in real time. Establish a baseline when playing, then you can determine if what you saw was suspicious. It could just be that the server didn't realize you were disconnected and was still trying to send you information, hard to know without specific knowledge of the situation.

i PMd Rogean, maybe he can shed some light, thought id also ask here incase its an obvious thing

i have no problem for anti-cheat measures WHILE i play on p99, when i am not, what i do on my PC is my private thing.

Do not assume that's what is happening here. First establish a baseline of normal behavior. Then see if you can replicate the issue you had here. Waiting for alerts on your firewall is not the same as monitoring network activity and it is more likely an issue of a false positive on the firewall than an actual security concern.

no i do not, i just looked through my logs again and this is what my Firewall Summary looks like JUST for today (the most! i did today was logging onto p99 char selection after i saw all those drops)

181307 dropped Packets just today.

i really tend to favor this is a bug on the eqemu server side

http://i.imgur.com/Ckgu2XT.png

i just realized i posted this into the very wrong forum sub-section, i appologize and ask any mod to please move this one to the appropiated one. thank you!

178 is an IP Address controlled by Akkadius. That server specifically handles traffic for the Alkabor / EQMac server.
179 is an IP Address controlled by PEQ, and specifically handles their game traffic.

I just investigated and those are keepalive packets it is sending from the loginserver. Basically connections are not being cleaned up properly and being held indefinitely.

I'm going through the EQMac emu code and will try and fix this up tonight. Apologies if it's bothering you!

Do you see any dropped packets from 9000, 7000-7999 as well?

Fixed: https://github.com/cavedude00/Server/commit/787a8c5b041b197ceee86ff85a58b3a4cdc6c648

TAKProject will be updated with that fix soon.

hey thanks for getting back to me

i only saw port 6000 beeing hammered. good to hear this is beeing fixed!