Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Banning dynamic ip's 2

Status
Not open for further replies.
nwebb

nwebb

Technical User
Nov 12, 2002
19
US
Is it possible to ban dynamic ip's from a server? I run a gaming server and am having a TON of trouble with some people who have dynamic ip's. All they do is reboot for a new ip and come back. Can this be fixed?

thanks,
Nate
 
Sort by date Sort by votes
While not really an answer to your question, would blocking Dynamic IP's not block out 99% of internet users ?
 
Upvote 0 Downvote
OK, maybe so. But is there a way, if I have their IP, that I could ban them so they can't just get a different dynamic ip and come back?
 
Upvote 0 Downvote
Not as far as I am aware although you can generally ban by player name on most good Game Servers. A large portion of players don't like playing under a different name since they lose their "reputation".
 
Upvote 0 Downvote
Depending on the protocols (and applicaitons) that are used, it may be possible to "fingerprint" the user's machine and block based on a fingerprint. With web browsers you can grab all kinds of potentially unique information from the browser to identify a specific user (or at least the specific machine).

What's the game and how do the users interface with it?
pansophic
 
Upvote 0 Downvote
And keep this in mind,
if you are using an autoblocking feature on your firewall or IDS, then you might run into trouble as well
Suppose I launch a spoofed attack, appearing to be coming from your ISP DNS servers, then you could loose internet access because you won't be able to resolve DNS names anymore...
Just a thought... --------------------------------------------------------------------
--------------------------------------------------------------------
How can I believe in God when just last week I got my tongue caught in the roller of an electric typewriter?
---------------------------------------------------------------------
 
Upvote 0 Downvote
That's true, but it is a relatively simple 'if' statement to exclude your DNS servers. Certainly, your DNS servers are NOT running a web browser or gaming station. If you want to, you just block access to the gaming and web ports from those servers.

This is just one of the many reasons that most security people are against auto blocking. The potential for denial of service against an actual customer is just too high.
pansophic
 
Upvote 0 Downvote
You can do what you are askinging with the MAC address not the IP. If you record the MAC address you can keep them from comming back on the same machine. The MAC is the hardware address of the machine and can not as a general rule be changed.

Tom G
 
Upvote 0 Downvote
oh yes it can... don't rely on MAC addresses only...
and besides, keeping track of Mac addresses is much harder than using IP addresses... --------------------------------------------------------------------
--------------------------------------------------------------------
How can I believe in God when just last week I got my tongue caught in the roller of an electric typewriter?
---------------------------------------------------------------------
 
Upvote 0 Downvote
A few ideas here:

If you’re using NT, create a security rule that only permits certain IP address and blocks the rest WHILE you’re gaming. Once the rule is created, you can turn it on and off with a few clicks.

Can you change the port? If so, use a different port in the upper range. Using a high range, such as 45555 makes it very time consuming for someone to scan your ports looking for an open IP.

What server are you using and what is the game? Perhaps I can provide more information.
 
Upvote 0 Downvote
If your running a gaming server then I am assuming your on some type of broadband connection. You can block domains. for example:

Violator originally has ip of:
24.48.54.34 and you ban him

He comes back and his IP is now 24.48.54.49

Then block this IP:
24.48.54.0

That blocks his whole ISP so no matter what he does (except goto another ISP) he is blocked.

Yes you might end up blocking some innocent people but only if they are using the same domain as him. Visit
 
Upvote 0 Downvote
pansophic, you wrote:

Depending on the protocols (and applicaitons) that are used, it may be possible to "fingerprint" the user's machine and block based on a fingerprint. With web browsers you can grab all kinds of potentially unique information from the browser to identify a specific user (or at least the specific machine).

how can i get that "fingerprint" using web browsers?

thanks
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Garbear
  • Locked
  • Question
TZ190 VPN Connection works but can't ping some IP's on either side
Replies
0
Views
65
Garbear
Garbear
wayneo4528
  • Locked
  • Question
Site to Site VPN with Billion 7402GX Router and Dynamic IP
Replies
3
Views
91
hairlessupportmonkey
hairlessupportmonkey
ComputerDuck
  • Locked
  • Question
Cisco ASA 5510 multiple IP's on outside interface
Replies
14
Views
132
ComputerDuck
ComputerDuck
scooter2179
  • Locked
  • Question
ASA 5510 - Portforward Rule locked down to specific Public IP's range
Replies
1
Views
65
unclerico
unclerico
Orion13
  • Locked
  • Question
Multiple Wan Ip's
Replies
6
Views
78
cajuntank
cajuntank

Part and Inventory Search

Sponsor

Back
Top