Computer open to attack running GIT ??

Gamer's Internet Tunnel, formerly Gamer's IPX Tunnel

Computer open to attack running GIT ??

Postby CalliduS » Tue Sep 21, 2004 4:18 am

I'm not clued up on the way GIT works though I have got it working between 2x LANs (great job making this prog its fantastic). What I would like to know is, are we open to people gaining access to PCs on the LANs that are connected through GIT ?
I currently have only selected Ethernet II frame type with these boxes ticked using GIT 0.99b2

APR
TCP
UDP
ICMP
Also match source

All other boxes are unticked, as well as Alter IP even though both LANs are behind NAT routers.

In config I've set to only connect to a set host, as in hostname:213 (not 0.0.0.0:213) on UDP and only selected the ports for the games I wish to pass through.

Not really knowing what I'm on about bit:
With this setup could hackers sniff packets and gain access to the LAN ?

Thankyou for your time and for making such a great little program.

P.S
Just for the record I've managed to connect WC3, BFV and Teamspeak2 with them settings. Both LANs are on the same subnet and IP range i.e 192.168.1.xxx but neither LAN shares the same IP.
CalliduS
 
Posts: 34
Joined: Sat Sep 18, 2004 3:33 am
Location: UK

Postby Ark » Tue Sep 21, 2004 10:03 am

GIT will block any packets it receives on port 213 that aren't from the specified destination host. GIT will also block any packets it receives that aren't to (or from, since also match source port is checked) the ports listed in the config window.
Yes a person could spoof a packet to be from the host you are accepting packets from, and send it into GIT, but it could only affect the types of games you have set based on the port numbers. There is nothing to worry about though, since that information is hard to guess and there is not much they could do with only game ports.
If you are running TCP multi-listen mode, GIT will accept packets on port 213 from any host, but the packets must still contain tunneled packets that only match the ports you have listed, so unless you have GIT set up to forward junk like netbios and other ports games don't use, you are fine.
The only time I would really worry is if you are using TCP multi-listen mode AND you selected all ports in the port list so GIT will accept anything. Then if a person knows about GIT and sees port 213 open, and they know how to send a packet into GIT, it can make its way onto your LAN. So don't pick all ports.
As for people sniffing your game traffic on the internet. GIT tunnels your packets on port 213 and does not encrypt them at all, so it in effect acts like a VPN without the P. Its a virtual network, but its not private. People who could sniff your internet traffic could sniff anything you send over GIT. No big deal for games, but if you are using GIT as a cheap VPN substitute, beware.
Ark
Site Admin
 
Posts: 2108
Joined: Sat Sep 13, 2003 4:21 pm

Postby CalliduS » Tue Sep 21, 2004 10:48 am

Thankyou very much for the reply and cheers again for the great prog, keep it up.
CalliduS
 
Posts: 34
Joined: Sat Sep 18, 2004 3:33 am
Location: UK


Return to GIT

Who is online

Users browsing this forum: No registered users and 29 guests

cron