How real is the threat of being hacked when gaming?

[FlyinPenguin]

Another question: Can somebody really find your IP just by having your Live or PSN screen name? What would they even be able to do with it? My router's firewall would block any kind of attack except by a true and experienced hacker right?

Is it dangerous to set up a DMZ only for a game system? That seems to be a recommend method of dealing with restrictive NATs. Aren't game systems too restrictive in how they can receive and execute code for hacking to be a real concern?

No, they cannot. They have to have admin/mod privileges to see an IP attached to a name. They could find it out if you say played a game together.

If they have your IP, they can ddos you/find out your general location/look for open ports/harass your ISP in giving out more information on you.

I should have clarified; my concern is people who I have played with finding my IP. So, if we are in a lobby together they can find out my IP? How? Do they have a hacked console or do have a PC running special software hooked up between the console and router that monitors network traffic or something? Does it make a difference if they are host? I would assume that would make a difference since everyone is connecting directly to them (I'm thinking COD here).

[Saras]

If there's a direct connection, they can log it. There's little need for hacked clients.

Anyway, I wouldn't worry about it. Generally, the people that know how to do any real damage have better targets to dedicate their time to, as for script kiddies that I could imagine to pissed of at something like this, a good up to date firewall should be enough to deal with the vast majority of them.

[FlyinPenguin]

What do you mean they can log in? Log in to what?

[Belmakar]

You've got it wrong. They can log it. With it being your IP address.

[FlyinPenguin]

You've got it wrong. They can log it. With it being your IP address.

OK. That makes more sense. So if their consoles aren't hacked, how they logging it? They must have a PC connected between the console and router?

[Saras]

Most non shit routers can do that. Special firmware would make it easier, but it's not really a requirement.

[Belmakar]

Most non shit routers can do that. Special firmware would make it easier, but it's not really a requirement.

This.

You can easily set up a router to log any incoming or outgoing connections. Also, a common router is nothing but a small computer with an OS dedicated to routing. Nothing stops you from, for example, set up a Windows PC (all Windows Server versions come with a routing software by default) to work as your local router. And there is also the option to just set up a network monitor (which are available as dedicated hardware, or any PC with a software like WireShark or Observer running) somewhere in the network and make sure it receives all traffic from and to the console, which is pretty easy (on wired networks you just need a repeater, and on wireless networks you don't even need any additional hardware at all).

[kitamesume]

if you aren't on a static IP from your ISP then just reboot your modem and it'd change IP, problem solved

[FlyinPenguin]

You guys are so damn informative

Does playing on a dedicated server make a difference? Are people's IP addresses still transmitted to each other or does the server just send out data packets to other players that only contains relevant game data?

Also, in peer to peer games like COD, is it only the host who can see everyone's IP?

[AceHigh]

I would say that router's weakest link is wireless, so I turned my off. IP by itself provides no sensitive information or security risk.

[Belmakar]

If you have a good encryption (WPA2 with AES, for example) and a reasonably long and unpredictable passphrase (mine is about 50 characters long, easy as hell to remember and almost impossible to guess), as well as the SSID broadcast disabled, the probability of it being hacked out of malicious intent is very low, as cracking the AES encryption would take considerable amounts of (time * computing power), and some asshole who just wants to use some network for something evil wouldn't even think of hacking into it if there is a not or just WEP encrypted WLAN anywhere near.
However, turning it off has some nice side effects on it's own (lower power consumption, it doesn't get as warm, all of the processing power is available for wired traffic, and some people are concerned about the WLAN being actually harmful for the body, and of course the reduction of the risk of being hacked to zero), so if you don't use it anyway, that's indeed the best option.

[megido-rev.M]

Decent attackers wouldn't really care about SSID not being broadcasted, no?

[Saras]

No, but chances are, there are easier targets about. Generally speaking, if the hacker is skilled enough and dedicated enough, you're shit out of luck if can't match him in a game of cat and mouse. He will get into your system eventually.


@FlyinPenguin
That depends on how the game is coded and what services are used. However, the easiest way to be somewhat sure that a hacker will have a hard time getting your IP address is to use someone else's IP in the first place.

[JoonasTo]

If you have a good encryption (WPA2 with AES, for example) and a reasonably long and unpredictable passphrase (mine is about 50 characters long, easy as hell to remember and almost impossible to guess), as well as the SSID broadcast disabled, the probability of it being hacked out of malicious intent is very low, as cracking the AES encryption would take considerable amounts of (time * computing power), and some asshole who just wants to use some network for something evil wouldn't even think of hacking into it if there is a not or just WEP encrypted WLAN anywhere near.
However, turning it off has some nice side effects on it's own (lower power consumption, it doesn't get as warm, all of the processing power is available for wired traffic, and some people are concerned about the WLAN being actually harmful for the body, and of course the reduction of the risk of being hacked to zero), so if you don't use it anyway, that's indeed the best option.

Setting your wireless to only allow connections from certain MAC addresses is a pretty good way to stump them also. That way, even if they crack the pass, they'll still be sol.

[Belmakar]

If they manage to get through the encryption, requiring them to change their wireless MAC address to match one of the allowed ones won't really stop them (not even slow them down much).

Note that, in opposite to wired network interfaces, the MAC addresses of wireless network adapters may be changed almost without restrictions

[JoonasTo]

Wired network adapter MACs can be changed freely too btw. Takes two click in windows. 

And unless you allow a shitload of addresses it does work quite nicely. The programming of response to wrong MACs does matter a lot though. If it just sends them, sorry, wrong address it's next to useless but if it doesn't respond to anything with false identifications from wrong pass or MAC it effectively adds one more layer to the security. Running through pass quesses and MACs takes a lot longer than running through just passes.

Easiest way to keep outsiders from your wireless is probably just keeping your machines connected all the time and disallowing all extra connections aside from more machines than your own. Obviously not that practical if you use a laptop/phone outside of home too.


Oh and anyone can actually capture all data sent over the wireless if they are in range. That's why you should always use the minimum power you can live with. Sure it will be encrypted and it might take forever to crack the encryption but the data will still be there.


There should be a way to key your wireless to RSA keys too, that might be worth looking into.