Disable LAN Port Scanning?

  • Wasn't quite a bug, so I figured this is the better forum - I tried to fire up the Eco client at work today (I work IT at a large university), and shortly after the server browser came up, my internet connection went down despite still being connected to the wireless network. Thought, "that's odd". Internet access came back later, tried again, same thing happened. Decided to try the secondary wi-fi, as I'd normally prefer the secured one. This one has authentication via web browser. After logging in there, a message came up saying I was being blocked as a possibly compromised computer. In talking with the help desk, they explained my computer had been running port scans and that triggers an automatic two hour lockdown.

    So, tl;dr, is there any way to disable the LAN port scanning? If not, can it be added?

  • you could make a firewall rule localy that blocks that port. if u am not wrong you need to block localy in your firewall the udp port 2999

  • The help desk guy was saying I triggered the lockdown with a TCP scan. I'm guessing this is just the intended functionality of the LAN server search.

  • lan discovvery is done via UDP . Tcp is not doing any port scan .. the only thing that i am aware of that is using tcp is when actually communicating .. there might be something else maybe scanning your network ?

  • I'll give it a shot tomorrow and see if I get locked out. Thanks for the help.

  • No dice - set up an outgoing rule to block UDP 2999, still got flagged as a potentially compromised computer.

  • then i suspect there is some other software causing the issue :/

  • Never happened before. Happened after each use of ECO. I've done complete malware and virus scans to make sure it isn't anything else.

    I just won't play it from the campus network. Simple enough. Thank you for the help, in any case.

  • I gotta say I can't believe it would be ECO, ECO actually works on an assigned port system, there is no scanning the server selection uses the assigned port, do you know what port the server you're attempting to connect to uses?

  • The flagging has come even before I've connected in most instances, the exception being when I managed to make it on to the server I do play on for a few minutes, which I'm guessing is just the lag time for the campus automated system to cut me off. Without knowing all the details, I believe it's the scan that ECO does looking for LAN servers that's setting off the alarms.

  • That seems like a pretty aggressive security on their part. The server/client does broadcast/listen on UDP port 2999 to look for any other running servers of Eco, but this is fairly standard discovery practice.

    Is that restriction on all port ranges? Eco does default to a pretty low port number which some security programs do not like.

    Either way there is no way at the moment to change/disable the LAN scan at the moment, but we can add support for it if you want to create a bug about this issue.

  • They didn't specify whether it was the low port number, but that does sound like a reasonable possibility. They indicated that it looked like something probing, but I'm guessing that's just the broadcast.

    If I'm the only one with the problem (and since I haven't seen another thread like this, I guess I am), I don't want to add to what I'm sure is more than enough work.

Log in to reply