Jump to content
NHL'94 Forums

SECURITY ISSUES WITH NETPLAY/HAMACHI?


Recommended Posts

Hi Everyone,

Thought i'd post this more out of concern for everyone else really, but also to tap into the collective knowledge too. I've just cleared up a major infection on my laptop, and unless someone can tell me it's impossible I think it's been caused by hooking up to others for online play through Gens & Hamachi.

I'm no computer whizz. I have a basic understanding of things & am generally able to sort things out with a bit of work when I need to, but can someone with more knowledge than me please tell me: When you hook up to someone else via netplay are you effectively opening up your computer to theirs and telling the system "It's OK, I trust this computer, let it hook up and do what it wants"?

The reason I ask is that this is the first time i've had a big big problem in 4 years of owning this computer. I run AVG free anti-virus and over the years every now and then, maybe twice or three times a year max it finds a virus. I guess this is pretty normal? In the past, like all red-blooded males i've also visited some sites the good lord would probably frown upon, and until it got closed down I also had some file sharing software installed. I have to point out that I have not used either of these things for a long long time, probably like 6 months to a year at least.

Well, since joining this community i've played against a number of different people. Usually with absolutely no problems whatsoever, but there was one player who, whenever I tried to connect to him for exhibitions things went wrong - failing to connect, error messages on GENS etc, all at the exact moment of connection. It just didn't seem right - not like when i've been playing against others & had trouble connecting.

The only other thing i've done recently was download a Playstation ISO for the emulator I have. I unzipped it & everything, but it didn't work, so I deleted it straight away.

Well, for a little while (not sure exactly) I started to notice some visible slow down of my programs and processes, in particular for 5 or 10 minutes after boot up there would be a long delay when opening anything - messenger, google chrome, excell or word files. Everything. After this long "boot up" period there'd always be a delay when opening a new webpage on Google Chrome too, and sometimes it would freeze all together.

Then since the 18th of this month AVG started reporting 20 rootkits found! To make matters worse it would only delete 2 of them as it said the others were hidden. So here I was thinking my computer's finished and going to need to be wiped, thus losing all my programs & files etc. Like I said, over 4 years i've had only minor problems - 2 or 3 viruses per year maybe, during a period when I was visiting some "entertainment sites" more than I should have (tell me you've never done it & i'll show you the guy who's lying! lol), so to all of a sudden have 20 rootkits show up on my system, when I haven't been doing anything potentially harmful to my system seems very very odd. The fact that it coincides with joining this community & playing online games just seems far too much of a coincidence. As I said, the only other thing i've done of late was download that ISO file too, but that was from a trusted website according to my anti-virus program.

Fortunately I downloaded a rootkit removal tool, and after a lengthy scan and then having to manually check through a long list on Google for false-positives I identified 2 known viruses and deleted a host of suspicious items in my temporary internet files. I ran AVG again, and amazingly it didn't identify a single problem! My system is now zipping around like road-runner on speed! It's like having a brand new computer!

I guess my point is i'd really like to know from someone who has more understanding than me, is netplay/hamachi a security risk? Like I said, it just seems like too much of a coincidence that after many trouble free years I join this online league & all of a sudden my system is infested! & if so, clearly we've all got a serious responsibility to make sure we're running a clean system that's not going to pose a threat to others.

I understand I may well be wrong, so I wouldn't like to post a name here, but i've deleted the person I was worried about from my AIM list (It wasn't someone in my league so there's no worries there), and I want to make sure this doesn't happen again.

If someone could fill me in on how connecting via hamachi & GENS works security wise i'd really appreciate it.

Cheers................gotta run, off to the adult video store!! lol (Joking!!!!!!)

Link to comment
Share on other sites

Hamachi is used for that reason - to be the middleman between two computers. If you were to do a "direct connect" (using your real IP addresses instead of Hamachi ones), then there might be a slight risk. Hamachi negates that by acting like a server that you both connect to.

I don't think you got the viruses from Hamachi. It is possible you some malware on your PC for awhile and just recently got one that slowed your PC down significantly. Just do a regular check of your PC and you should be fine. Hamachi doesn't require opening ports on your computer, which is what opens holes for Trojans and the likes to get on your PC.

AVG is good virus software. Also, I use Malwarebytes Anti-malware to check for spyware and other malwares. Most antivirus software do not check for those, so you need another program to do that.

You can go to download.com (CNET site) and get some good reviews and downloads for keeping your PC clean.

Or you can get a Mac!

Link to comment
Share on other sites

Hamachi is used for that reason - to be the middleman between two computers. If you were to do a "direct connect" (using your real IP addresses instead of Hamachi ones), then there might be a slight risk. Hamachi negates that by acting like a server that you both connect to.

Thanks for that. I didn't know that. & obviously thats the same way when you connect via client right?

I can only think it was that ISO file I downloaded then, 'cos i've done absolutely nothing else of late that I can think was a potential risk, and it was instant - 1 day nothing on the AVG scan, next day 20 rootkits!

I'll definitely download that malware stuff too

Link to comment
Share on other sites

Actually, yes, Hamachi is a security risk because it basically makes it so both your computers appear to be on the same local network. You are bypassing the firewall built into the router.

It is MUCH BETTER TO SET UP PORT FORWARDING ON YOUR ROUTER. That way you are only exposed on one port. And that port is being used by the emulator.

Also, AVG is a good anti-virus, but actually Microsoft Security Essentials is probably the best free one you can get these days (surprising, i know!).

PC WOrld Top 5 Free Antivirus for 2011 - AVG doesn't make the cut

Link to comment
Share on other sites

Actually, yes, Hamachi is a security risk because it basically makes it so both your computers appear to be on the same local network. You are bypassing the firewall built into the router.

It is MUCH BETTER TO SET UP PORT FORWARDING ON YOUR ROUTER. That way you are only exposed on one port. And that port is being used by the emulator.

Also, AVG is a good anti-virus, but actually Microsoft Security Essentials is probably the best free one you can get these days (surprising, i know!).

PC WOrld Top 5 Free Antivirus for 2011 - AVG doesn't make the cut

Ah OK, so in fact there's a good chance that this was the result of using netplay? I'm now checking out how I set up port forwarding :-S

Link to comment
Share on other sites

Ah OK, so in fact there's a good chance that this was the result of using netplay? I'm now checking out how I set up port forwarding :-S

It wouldn't be due to using netplay. It could possibly be due to being on the hamachi network, but I kind of doubt it. Root kit seems like you downloaded and ran something.. but I don't know. If you remember the names of the rootkits, you could google them and that might give an idea of how they infect people.

Link to comment
Share on other sites

MICROSOFT SECURITY ESSENTIAL IS THE BEST FOR SURE! take smoz's word on it - I got the worst malware that fake Windows7 security anti-virus that tries to get your credit card over and over but i never installed it, but still it kept me from accessing the internet and all other document (EVEN ITUNES). I had to get MSE from another computer to install it on my infected one, got rid of the problem after the first full scan. Definitely the most effective free anti-virus I've used.

Link to comment
Share on other sites

Well thanks for the help guys. Last night AVG found nothing. Today it scanned and found 8 problems again?! Only thing apart from web browsers i'd opened up all day was AIM! It deleted 2 of them.

I downloaded and ran Malwarebites. took forever but found 8 problems & deleted them all. I'll see if AVG picks anything up when it scans 2morrow & then get rid of it & install MSE after that.

Hopefully this will be the end of it!

Link to comment
Share on other sites

Oops my mistake. You should do as smoz says and set up hamachi for port forwarding. Do you have a router or are you directly connected to the modem.

There is an option in the Hamachi settings (sorry don't have my laptop in front of me right now) where you can set the port that Hamachi will use. I set it to 45000, as an example. If on a router, you then need to set up your router to allow access to port 45000.

Ports should be set up for UDP and TCP.

You can also set up these ports to be forwarded as well:

ZSNES port is 7845.

Kaillera (Genesis) port is 27888 and 27886.

You can go to portforward.com and look up how to set up port forwarding on your router.

There is also a Port Forwarding Guide that smoz put together. Read that.

And stop downloading porn! :P

Link to comment
Share on other sites

No, that's not quite it....

Hamachi makes it so you don't need to do port forwarding. And that is the security hole -- the other computers in your hamachi networks can see all your ports, and that's potentially bad. For example, I sometimes get notifications on my computer because I can see other people's xbox 360's through Hamachi, and my computer wants to know if that xbox should be able to watch movies from my computer (since i have my computer set up to send movies to my own xbox).

When I say to set up port forwarding, I mean, set it up so you don't NEED hamachi anymore.

If you set up port forwarding, then you no longer need Hamachi when hosting, because you've allowed connections on the one specific port the game uses. So ideally everyone sets up port forwarding for 27886, and we don't need Hamachi anymore.

(But, there is no proof here that Hamachi caused the rootkits/viruses. They could have been from downloading that playstation game... which sounds possible considering the game didn't work)

Link to comment
Share on other sites

I could have sworn you could set up Hamachi to just use one port as well. I would think this would protect your computer by assigning that port only for Hamachi communications, regardless of the other persons setup, no?

Regardless, you should shut off Hamachi when you aren't using it. I don't see the point of constantly leaving it on when we use AIM for communication.

Link to comment
Share on other sites

my guess is a fake Playstation emulator, that actually was a virus-making program, has been regenerating. color me glad that so few people make malicious files for Macs. the Microsoft thing sounds like a good idea. time to strip your computer down to the basics. I'd upload/burn everything, reinstall the operating system and be careful about what goes back onto the computer. it seems the little virus has found its way deep into the core of your system. good luck.

Link to comment
Share on other sites

I could have sworn you could set up Hamachi to just use one port as well. I would think this would protect your computer by assigning that port only for Hamachi communications, regardless of the other persons setup, no?

Regardless, you should shut off Hamachi when you aren't using it. I don't see the point of constantly leaving it on when we use AIM for communication.

If all that option does is make the hamachi tunnel work on port 45000, it's pointless if, after the data gets through that port, hamachi then re-maps it back to 27886 (or in the case of a virus, some other vulnerable port).

my virus --> port 3456 --> my hamachi --> 45000 -------> internet --------> 45000 --> your hamachi --> port 3456 --> now your virus!

The only option I saw that looked like it would help was something like "block known vulnerable windows ports". (doesn't help if the security hole is new or in some other program)

Good point that you should turn off Hamachi when not using it.

Link to comment
Share on other sites

my guess is a fake Playstation emulator, that actually was a virus-making program, has been regenerating. color me glad that so few people make malicious files for Macs. the Microsoft thing sounds like a good idea. time to strip your computer down to the basics. I'd upload/burn everything, reinstall the operating system and be careful about what goes back onto the computer. it seems the little virus has found its way deep into the core of your system. good luck.

Hmmmm. Well it certainly seems something is regenerating. AVG found nothing Saturday night & then 8 problems the following morning?! :-S Sophos anti-rootkit identified the Playstation emulator as a problem, but it also identified lots of other things that appear to be false positives. I've had the emulator on there for years, and it definitely works & never appeared to be a problem before. It also identified the add-ons to my N64 emulator, which again, have been there for years & have never been identified before, so I don't know if I can trust Sophos - Reading reviews it has a reputation for producing false positives.

I'll put the Microsoft anti-virus on today & see what happens with that!

Again, all of this started not long after joining this community & starting to play online.

Link to comment
Share on other sites

Dump AVG and go with Microsoft Security Essentials.

Are you running Windows XP or Windows 7/Vista?

If you are running 7/Vista I would create a firewall rule to allow hamachi. Also make sure you have port forwarding set on your router to your PC ( you will want to give your PC a static IP ) and then make sure that you are allowing that port on Win 7/Vista firewall.

Link to comment
Share on other sites

Dump AVG and go with Microsoft Security Essentials.

Are you running Windows XP or Windows 7/Vista?

If you are running 7/Vista I would create a firewall rule to allow hamachi. Also make sure you have port forwarding set on your router to your PC ( you will want to give your PC a static IP ) and then make sure that you are allowing that port on Win 7/Vista firewall.

I'm running Vista. Set up port forwarding with Smozoma yesterday. Will delete AVG & download MSE today!

Link to comment
Share on other sites

Dump AVG and go with Microsoft Security Essentials.

Are you running Windows XP or Windows 7/Vista?

If you are running 7/Vista I would create a firewall rule to allow hamachi. Also make sure you have port forwarding set on your router to your PC ( you will want to give your PC a static IP ) and then make sure that you are allowing that port on Win 7/Vista firewall.

I don't understand the firewall rule for hamachi. If hamachi was working already, then there is no need to change anything related to the firewall to make hamachi work any different. Or am I missing something?

Port forwarding: opens a particular port on your router's firewall, so you don't need hamachi to host a game.

Hamachi: allows people on your hamachi networks to bypass your router's firewall completely, so you don't need to do port forwarding to host a game.

Link to comment
Share on other sites

All very odd.

Did a Malwarebytes scan last night & it eliminated all the problems it found. Today AVG found absolutely nothing, although took about 3.5 hours to do a scan! :-S

The only thing I haven't done today that I normally do is hook up to AIM. Did a scan of my memory stick & found a virus on there though! Will have to install MSE and then see what happens tomorrow, but at the moment it would seem my system is virus free again.

Is it worth Smozoma advising people in a thread about the potential security issues associated with using Hamachi.............and porn download? lol

Link to comment
Share on other sites

Hey smoz,

I found this on Hamachi's website. Might better understand it.

Hamachi ports and protocols

Wiki page on Hamachi:

Wiki

"You can set a static UDP listening port and TCP handshake port....................."

........................................... :-S

Link to comment
Share on other sites

Hey smoz,

I found this on Hamachi's website. Might better understand it.

Hamachi ports and protocols

Wiki page on Hamachi:

Wiki

These say what I've been saying:

wikipedia says:

"it(Hamachi) establishes a connection over the Internet that emulates the connection that would exist if the computers were connected over a local area network"

I.e, it bypasses your router's protection, so all ports are accessible (except specific ones Hamachi knows to block because they are security vulnerabilities).

The first link is about how to forward ports if Hamachi is not working for you, which is not what this thread is about -- his Hamachi is working fine and maybe actually have allowed a virus to propagate through it (although it looks like the bad playstation game may have been the source).

Link to comment
Share on other sites

These say what I've been saying:

wikipedia says:

"it(Hamachi) establishes a connection over the Internet that emulates the connection that would exist if the computers were connected over a local area network"

I.e, it bypasses your router's protection, so all ports are accessible (except specific ones Hamachi knows to block because they are security vulnerabilities).

The first link is about how to forward ports if Hamachi is not working for you, which is not what this thread is about -- his Hamachi is working fine and maybe actually have allowed a virus to propagate through it (although it looks like the bad playstation game may have been the source).

The first article explains the ports that Hamachi uses for communication. It connects to the server via TCP, and if TCP fails, it uses SSL. It communicates to the peer via UDP ports. I read it and thought it was interesting, as I never knew the way it actually worked. Just added it for those who were interested.

I don't understand the firewall rule for hamachi. If hamachi was working already, then there is no need to change anything related to the firewall to make hamachi work any different. Or am I missing something?

Port forwarding: opens a particular port on your router's firewall, so you don't need hamachi to host a game.

Hamachi: allows people on your hamachi networks to bypass your router's firewall completely, so you don't need to do port forwarding to host a game.

Port Forwarding, like you said, opens ports through the router, which is the "hardware" firewall. Hamachi bypasses this firewall.

The software firewall (Windows firewall) needs to have a rule to allow Hamachi access to the internet. Hence, when you first install Hamachi, Windows Firewall asks you if it should allow Hamachi access to the internet. I believe this is the "rule" that everyone is talking about.

I know this has nothing to do with LA Robbie's problem, you had said that you didn't understand the firewall rule, I was just giving information on how it works.

As far as LA Robbie's problem, I think the only way he would have been able to catch a virus via Hamachi would be if someone was running malicious code on the other side of the connection.

Steps to avoid LA Robbie's problems in the furture:

- Make a user account (non-administrator) and use this to surf the internet and do all your PC wishes. Give your administrator account a password (most Win XP installs, as an example, have a hidden administrator login that has a default of no password). Whenever software needs to be installed, it will prompt you for admin login and password. This would help with some malware, as a password would be needed to modify certain files and registry entries.

- You can use the Microsoft Security Essentials for your anti-virus, anti-malware needs. I guess it's OK, I just installed it to try it out, but there have been some "security fixes" updates to the software, which worries me a little bit. Seems like hackers are finding their way around the protection.

- Scan once a week, at least.

- Keep your Windows updated with all the latest security patches

Link to comment
Share on other sites

I know this has nothing to do with LA Robbie's problem, you had said that you didn't understand the firewall rule, I was just giving information on how it works.

Ah, poorly worded on my part! I meant, I don't understand why people are recommending opening ports for Hamachi (when it's already working)

Link to comment
Share on other sites

Well, just to let you all know, 2 AVG scans in a row have revealed nothing but tracking cookies, so right now it looks like Malwarebytes did the trick!

Only thing is I never used AIM, Hamachi or Netplay yesterday. Sounds like Smozoma knows more about the possibility of any of those things being a problem than me, but basically i'll be using them today & then if there's any new problems tomorrow it would seem that 1 of those is leaving a door open perhaps? Of course for the good of everyone on this community i'll let people know if that's the case!

Thanks for all the help guys!

Link to comment
Share on other sites

UPDATE:

Just to let you all know, after AVG scans found nothing 2 days running I did some test games with Hamachi, and I now believe I can say with some certainty that the Hamachi network IS the cause of the problem.

On the 26 no problems, 27th no problems. On the evening of the 27th I played some wireless online games at work via hamachi.

28th first thing in the morning - did a scan. Once again totally clean.

Immediately after finishing the scan I connected online at home via cable. Connecting through Hamachi I played 4 or 5 games against Comeback. Immediately after finishing I scanned again - guess what?! Loads of rootkits again!

After 3 consecutive clean scans the only variable is that I hooked up to Hamachi at home via a cable plugged directly into my router. There's no other potential source of infection.

I have set up port-forwarding with Smozoma so I don't need hamachi anyway, so from now on i'll be playing only via my real IP or through client. Hamachi is getting deleted!

Link to comment
Share on other sites

the last 2 weeks i've been having problems with hamachi being slow or unresponsive. it would disconnect and reconnect mid-game. i previously never had any problems with the program. i ended up finding that hamachi was corrupted and reinstalled several times. i now have it working but it's still slow and seems to want to suck all my cpu. i think their latest update is faulty or doesn't work well with latest windows update.

Link to comment
Share on other sites

Does anyone know if an infection's location indicates the source of the infection? Am I right in thinking it doesn't and that an infectious file once into the system can hide itself anywhere?

I only ask as yesterday I scanned with AVG - once again s**t loads of rootkits after 3 consecutive days clean. The only things i'd opened after the last clean scan were Hamachi & AIM.

I then did a complete scan with Malwarebytes - nothing?!

I deleted AVG & installed Microsoft Security Essentials - found one virus in the AOL files!

I believe this doesn't indicate that infact AIM was the source of the problem, but can someone confirm that? Would it be an idea to re-install it?

Link to comment
Share on other sites

  • 2 weeks later...

Does anyone know if an infection's location indicates the source of the infection? Am I right in thinking it doesn't and that an infectious file once into the system can hide itself anywhere?

I only ask as yesterday I scanned with AVG - once again s**t loads of rootkits after 3 consecutive days clean. The only things i'd opened after the last clean scan were Hamachi & AIM.

I then did a complete scan with Malwarebytes - nothing?!

I deleted AVG & installed Microsoft Security Essentials - found one virus in the AOL files!

I believe this doesn't indicate that infact AIM was the source of the problem, but can someone confirm that? Would it be an idea to re-install it?

Try to read up on the names of the rootkits if possible since that could give an idea of where they came from.

Leave all your Hamachi groups. Make a group for yourself. Only play people using your own group. Evict them after the game. This will prevent random people you played 3 weeks ago from reinfecting you.

When's the last time you did a windows update, by the way?!

Link to comment
Share on other sites

OK, Update: I found a file using a rootkit finder that produces new files - which wud explain why they kept coming back after the original infection. Also, I was playing direct through the modem as it was a better connection that through the router, but I thought maybe the modem doesn't have a firewall and that was the problem?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Who's Online   0 Members, 0 Anonymous, 68 Guests (See full list)

    • There are no registered users currently online
×
×
  • Create New...