Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Bob DoleToday at 9:43 PM
- what ports does haste use?
- Joey <Haste>Today at 9:49 PM
- @Bob Dole We don't publish the ports that Haste uses. It is compatible with any standard NAT implementation
- Bob DoleToday at 9:50 PM
- Well, it's interesting, because I found some disturbing traffic associated with haste on my network based around UDP port 10000
- Joey <Haste>Today at 9:50 PM
- What makes it disturbing?
- Bob DoleToday at 9:51 PM
- 1) the fact that you dont publish information about what ports it uses anywhere 2) the fact that my computer is connecting to servers that are openly accessible from the internet
- so i spent a lot of time trying to trace down where this traffic was coming from
- if this information was easily accessible at least people would know. it's random IPs on a high UDP port, which most people would associate with botnet traffic. If you google UDP port 10000 the first thing that comes up is rootkit keyloggers
- Joey <Haste>Today at 9:52 PM
- You can scan our software with Google's security software and find that it is not malicious.
- https://virustotal.com/
- Many applications use high UDP ports... all Steam games, for example
- Bob DoleToday at 9:53 PM
- I'm sure the actual executable is not malicious, what I'm trying to explain is that since there's no documentation on what type of network behavior it exhibits, people might get the wrong idea
- Joey <Haste>Today at 9:53 PM
- And most other UDP-based games
- Sure, but publishing that also takes away our competitive advantage
- People are welcome to reverse engineer our product at their leisure, knowing that it violates our license agreement
- Bob DoleToday at 9:54 PM
- That's a really odd stance to take when it would help a lot of people to be able to see where this weird network traffic is coming from
- So since I thought I was rootkitted, I canceled all of my credit cards
- So you can see the type of thing you could stop from happening by simply documenting what type of stuff we can expect
- Joey <Haste>Today at 9:56 PM
- We have chosen not to document it, but people are welcome to inquire about it in support tickets. So far, we've never had a ticket about such traffic
- Bob DoleToday at 9:56 PM
- I'm asking here what ports it uses. is that not good enough?
- Can you confirm UDP 10000 is one of them at least?
- Joey <Haste>Today at 9:56 PM
- Yes, that's why you see it associated with the Haste application.
- Bob DoleToday at 9:57 PM
- I mean I didn't know until I looked at traffic on my firewall and saw it go away when I uninstalled haste. If you google that port you'll see it's not associated with anything good
- Joey <Haste>Today at 9:57 PM
- Our software is also signed, unlike most malicious software
- Port numbers are arbitrary
- Here's the code signature for our software
- If your executable is signed like that, it's not been manipulated
- It would break the signature
- Bob DoleToday at 9:58 PM
- Okay, thanks for the talk. I canceled my subscription with Haste because I think it's disingenuous to not publish what type of network activity users can expect.
- Joey <Haste>Today at 9:59 PM
- Well, we discuss the type of network traffic in our terms of service and privacy policy.
- Bob DoleToday at 9:59 PM
- Is there a URL I can go to, so that I can see it?
- Joey <Haste>Today at 9:59 PM
- It's in the footer of all of our pages:
- https://haste.net/terms-of-service
- https://haste.net/privacy-policy
- Haste
- Terms of Service - Haste
- Haste terms of service.
- Haste
- Privacy Policy - Haste
- Haste reduces latency and improves network stability for gamers without invading your privacy! Read our policies to understand what we do with your data.
- For starters:
- information about your game play (including, without limitation, your location, network performance, game statistics, network statistics, network path, hardware configuration, network traffic, record of performance, and connectivity to the rest of the Internet);
- Information Gathered from Your Use of the Services. We automatically collect certain data when you use the Services, such as (1) IP address; (2) domain server; (3) type of device(s) used to access the Services; (4) web browser(s) used to access the Services; (5) referring webpage or other source through which you accessed the Services; (6) geolocation information; (7) beta use information, (8) information about your game play (including, without limitation, your location, network performance, game statistics, network statistics, network path, hardware configuration, network traffic, record of performance, and connectivity to the rest of the Internet); and (9) other statistics and information associated with the interaction between your browser or device and the Services (collectively “Traffic Data”). Depending on applicable law, some Traffic Data may be Personal Information.
- Bob DoleToday at 10:01 PM
- How exactly does that translate into someone associating your application with the traffic I mentioned? Your TOS basically says you have carte blanche to use any protocol/port you want
- Joey <Haste>Today at 10:02 PM
- Yes, for the purpose of analyzing and optimizing your connection based on testing we perform of your connection
- Bob DoleToday at 10:03 PM
- I can see this is going nowhere. I would highly encourage you to publish what ports and to what IPs people will be seeing traffic to. Also to lock down SSH on the servers your send people's traffic to. Hopefully you can pass my complaint along
- It just seems shady and botnet like to the outsider
- Joey <Haste>Today at 10:04 PM
- For security reasons, we do not intend on publishing ports or IP addresses. SSH is already locked down on all infrastructure.
- Bob DoleToday at 10:04 PM
- it's not
- I was able to open an SSH connection to every IP
- which makes it look even more like a hacked botnet
- Joey <Haste>Today at 10:04 PM
- Sure, but your connection was dropped immediately because we don't accept password authentication.
- Unless someone has a valid private key file, they're not getting in
- Bob DoleToday at 10:05 PM
- Alright. Please consider my complaint, thank you.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement