Jump to content

Mainlog.html reveals too much sensitive information


Yekaterina
 Share

Recommended Posts

1 hour ago, rm -rf said:

Would it implicitly mean that the ip database (as you have build @Helicity) is shared amongst several players? Or is there any other exploit of privacy?

I found that you do not even need to successfully connect to someone in order to gain their IP. You just double click on their room, then mainlog will write "Attempting to connect to <IP>".

Even if they disallow specs or have timeout error or port error, mainlog will still note down the IP that you were trying to reach and then comment after it "attempt failed". If you successfully join, there will be a line saying "successfully connected to <IP>"

That means, as soon as you host a game, anyone can obtain your IP even if you don't see them joining or have banned them.

Link to comment
Share on other sites

1 hour ago, rm -rf said:

Would it implicitly mean that the ip database (as you have build @Helicity) is shared amongst several players?

As far as I know, my IP database has been permanently deleted before anyone except Norse Harold had been able to gain access to it. I have never shared it with the public. In addition, I am not aware of anyone else who might be keeping such databases.

 

There is one other potential exploit, which is using packet sniffers or tracing software like WireShark. But that is beyond my tech skill level so I can't comment on it.

Link to comment
Share on other sites

33 minutes ago, Helicity said:

I found that you do not even need to successfully connect to someone in order to gain their IP. You just double click on their room, then mainlog will write "Attempting to connect to <IP>".

Doesn't seem to work if the game is password protected.

Link to comment
Share on other sites

1 hour ago, Helicity said:

There is one other potential exploit, which is using packet sniffers or tracing software like WireShark. But that is beyond my tech skill level so I can't comment on it.

Yes you can still parse the pcap files but the program would be a little bit more complex. As TG host, you would have to find who is who between 7 or more IP sources.

It should be enough to block a 13y old player who loves putting all better players in a wall (@G.O.A.T you get my point right? BYW the list of people you hate is quite long)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...