Re: Probes on UDP port 27015

[Jeff <jeff () TCNET ORG>]

On Tue, 26 Dec 2000, Lionel Ferette wrote:

> I thought I was on holiday! I currently see a lot (every two or
> three minutes) of probes looking for UDP port 27015. These ports
> come from seemingly random sources, mostly from Europe. It may be
> very early to cry wolf, but the distributed and coordinated way its
> done bugs me. Does anyone see such strange activity going on?
>
> Thanks and cheers,

Lionel-

27015 is the default port number for various Sierra Online/Valve
multi-player online games -- "Halflife", among others.

Any game client may also be a server, or optionally the user may run a
game workstation in "dedicated" server mode. There are also various
"dedicated" servers that run under Windows NT, Linux, FreeBSD (in Linux
emulation mode, iirc), etc.

Due to the somewhat decentralized nature of this architecture, there have
sprung up several sites and software packages designed to help users find
and join a game on a server that is playing the game or map that they
prefer, is closest to them from a RTT sense, etc.

Your probes on 27015/udp are most likely game locator servers or clients,
or the game client itself looking for servers or requesting information
regarding servers past or present.

Of course, port numbers mean little -- a packet decode and some additional
investigation might be in order.

-jeff

--
Jeff Godin
Network Specialist
Traverse Area District Library / Traverse Community Network
jeff () tcnet org