Page 1 of 1
/banmask
Posted: December 20th, 2011, 2:11 pm
by BobKare
Hey all!
I've experienced several times, that you IP-ban someone, then they come back by changing their routers IP.
I think it would be good if we were able to ban a mask, like 217.24.***.*, then use /banmask 217.24, or /banmask <player>.
Please tell me if this is possibly done!
Thanks looking into it,
-BobKare
Re: /banmask
Posted: December 20th, 2011, 2:52 pm
by Hellenion
/banip *.*.*.* has a lot of griefers
Edit:
I'm sorry, I don't know anything about these "masks" you speak of.
Re: /banmask
Posted: December 20th, 2011, 3:01 pm
by BobKare
Hellenion wrote:/banip *.*.*.* has a lot of griefers
Edit:
I'm sorry, I don't know anything about these "masks" you speak of.
If some ppls make their router change IP, the router will probably keep the
mask.
The mask is the first two numbers of the IP:
80.212.151.22
Re: /banmask
Posted: December 20th, 2011, 3:03 pm
by Hellenion
won't you then be banning thousands of innocent players with the same ISP?
Re: /banmask
Posted: December 20th, 2011, 3:37 pm
by BobKare
Well, I'm not very experienced with this, but some guy told me about the ability to ban masks^^
Re: /banmask
Posted: December 20th, 2011, 5:54 pm
by fragmer
fCraft has ability to
look up players by IP range (fCraft uses
CIDR notation instead of the more common dot-decimal notation that you used in examples). To look up all players in 217.24.*.*, type in "/Info 217.24.0.0/16".
There is no ability to ban IP ranges, although I might add it at some point. Note that banning IP ranges will very likely result in accidental bans of innocent players. When you ban "X.X.*.*", you are banning 65536 addresses at a time - effectively a whole region.
Re: /banmask
Posted: December 20th, 2011, 7:47 pm
by BobKare
fragmer wrote:fCraft has ability to
look up players by IP range (fCraft uses
CIDR notation instead of the more common dot-decimal notation that you used in examples). To look up all players in 217.24.*.*, type in "/Info 217.24.0.0/16".
There is no ability to ban IP ranges, although I might add it at some point. Note that banning IP ranges will very likely result in accidental bans of innocent players. When you ban "X.X.*.*", you are banning 65536 addresses at a time - effectively a whole region.
Thanks for a fast, informing answer.
Well, are there any way to ban such mf's that I mentioned in the first post?
Re: /banmask
Posted: December 21st, 2011, 10:45 am
by Intertoothh
/ipban 217.24.1.1
/ipban 217.24.1.2
/ipban 217.24.1.3
/ipban 217.24.1.4
/ipban 217.24.1.5
You get the drift
Maybe block them in your firewall?
Re: /banmask
Posted: December 22nd, 2011, 12:18 am
by Jonty800
Ban MAC addresses?
Is that possible?
Would it allow you to win the game?
Re: /banmask
Posted: December 22nd, 2011, 12:39 am
by Lim-Dul
Jonty800 wrote:Ban MAC addresses?
Is that possible?
Would it allow you to win the game?
MAC addresses are re-set every time the packet passes through a new device AFAIK and thus are not a practical way of blocking anything outside of the scope of one Network segment. (Correct me if I'm wrong.)
Re: /banmask
Posted: December 22nd, 2011, 2:20 am
by Planitia
Lim-Dul wrote:Jonty800 wrote:Ban MAC addresses?
Is that possible?
Would it allow you to win the game?
MAC addresses are re-set every time the packet passes through a new device AFAIK and thus are not a practical way of blocking anything outside of the scope of one Network segment. (Correct me if I'm wrong.)
I'm almost sure they stay the same for every device unless changed. Usually on the Internet it uses the routers MAC address which can easily be changed.
Show
MAC addresses are most often assigned by the manufacturer of a network interface card (NIC) and are stored in its hardware, the card's read-only memory, or some other firmware mechanism. If assigned by the manufacturer, a MAC address usually encodes the manufacturer's registered identification number and may be referred to as the burned-in address. It may also be known as an Ethernet hardware address (EHA), hardware address or physical address. A network node may have multiple NICs and will then have one unique MAC address per NIC.
In theory they seem solid but the reason no one uses them for anything good is because they are way too easy to spoof.
I may also be slightly wrong, feel free to correct me. The quote is a Cited quote from Wiipedia simply because I cbb saying it in my own words.
Re: /banmask
Posted: December 22nd, 2011, 2:50 am
by Lim-Dul
That's not what I meant. I meant that you only ever see the MAC address of the last hop (your Ethernet segment), which makes the whole exercise pretty useless - unless you want to ban people on LAN.
Re: /banmask
Posted: December 22nd, 2011, 3:57 pm
by Intertoothh
Jonty800 wrote:Ban MAC addresses?
Is that possible?
Would it allow you to win the game?
Yes, but useless. As other stated.
The mac-address is not a part of the tcp-ip protocol. And is not route-able.
Its a part of the 'Network interface/Datalink layer', allowed stuff to talk to eachother.
(
info)
Banning a mac-address is for 'internet related stuff'
Can be usefull in internal networks, but more for switches etc.
(Good security policy is to have all addresses banned, exept the one's you know)
But they can be easly spoofed/changed.
Re: /banmask
Posted: December 22nd, 2011, 4:47 pm
by fragmer
There is no way to reliably obtain MAC addresses remotely.