Jump to content
keyes528

Multiple Blocked IPs - Garrys Mod hl2.exe

Recommended Posts

217.23.9.123 - this happens when I start the game, 2 records

91.211.117.31

91.211.117.73

46.246.94.108

The other 3 come when I join a server. (Only tested 1 server).

All are outbound. Are these false positives? Garrys mod is a official steam game.

Share this post


Link to post
Share on other sites

To add: the ips have stopped after I turned off the in game server browser from looking at server history: some of the ips above are servers in game.

I switched it to show lan, and it has since stopped,

Is it possible the outgoing connection is the game pinging these servers?

Share this post


Link to post
Share on other sites

Without know all thew aspects, it is possible the Game works in a Peer-To-Peer (aka; P2P) mode.  As such it is possible that some of these Gaming Peers may be on an IP address that is being flagged.  It is also possible that the IP adddresses that is being flagged isn't dedicated to just a Game Server/Service/Peer bu the IP is shared amongst other uses and one of the other systems collocated on the system may be the cause of the IP address to be flagged.

 

The above is a general, non specific, possibility. 

 

We will have to wait for Andrew and/or Steve to make an informed statement based upon what they have in the Malwarebytes' records associated with each IP address noted.

Share this post


Link to post
Share on other sites

Without know all thew aspects, it is possible the Game works in a Peer-To-Peer (aka; P2P) mode.  As such it is possible that some of these Gaming Peers may be on an IP address that is being flagged.  It is also possible that the IP adddresses that is being flagged isn't dedicated to just a Game Server/Service/Peer bu the IP is shared amongst other uses and one of the other systems collocated on the system may be the cause of the IP address to be flagged.

 

The above is a general, non specific, possibility. 

 

We will have to wait for Andrew and/or Steve to make an informed statement based upon what they have in the Malwarebytes' records associated with each IP address noted.

Hello, actually I have some more info.

All of the IPs are coming up when I view the games server browser.

I have 3 products which view a similar browser.

Steam

Counter Strike source

Garrys mod.

It shows up when I set it to "history". This shows previously played servers, and some of the above I may have played months or years ago.

When I switch the browser to display LAN it stops, aince there are no games present on the LAN.

If you go to the website gametracker, you can enter the IPs and they appear to be legit servers.

My question is, im not joining these servers, but it appears that the server browser is "pinging" the servers, and is it possible malwarebytes is stopping this as its a flagged IP? I understand it could be possible another server for e.g a website on the company could be flagged.

But is it safe to ignore if its just the game browser pinging servers that are flagged?

Share this post


Link to post
Share on other sites

A PING is one way to look at it.  Another is more like when two people meet.  They generate a greeting and may shake hands.  The related Games do something to that effect.  Most likely when this happens they are using a network protocol that is special or proprietary to the game.  Malwarebytes doesn't look at packets and protocols.  It looks at the IP address.  Either it is in Malwarebytes' table or not and if you have white-listed the IP address or not. 

 

I am not a Gamer.  It's been quite a while since I played one.  However I believe if the Game is seeking peers and goes to a site in Malwarebytes' table then most likely it is safe.  But that would depend on the nature of why the IP address entered into the database to begin with.  For that, we must wait for Andrew and/or Steve to make an informed statement.

Share this post


Link to post
Share on other sites

Steam and many of their games use P2P to allow transfer of data between clients faster and more reliable than using one link/source. The software itself uses the gamers connection to update their own files and also feed other gamers with updated content. The trouble with P2P is that the software will almost always reach out to a malicious IP.

 

I personally play some Steam games (FPS) and never found the blocks interfered with the game or grabbing content.

 

/edit  The IP's you listed will be checked. Thanks.

Share this post


Link to post
Share on other sites

Hi, could you check the steam server browser? Or any source games?

I dont have this problem with Counter Strike Global Offensive.

You warnings seem to show only on the history tab of the servers, where some of the Ips are present.

Should I delete the history or keep it for investigation?

Share this post


Link to post
Share on other sites

Keep your history tab. MysteryFCM may want to look at it.

Share this post


Link to post
Share on other sites

This is not an F/P

Share this post


Link to post
Share on other sites

This is not an F/P

So what does this mean?

I deleted the server history and it has now stopped, e.g it has stopped pinging?

And the ip 185.24.234.66?

Does this mean im infected or steam was just pinging a bad server?

Share this post


Link to post
Share on other sites

F/P = False Positive.

 

Steam will utilise thousands of IPs for client updates etc. It is not uncommon for some of these to show a blocked alert. The block is simply stopping your PC from connecting to an IP that was identified as housing a plethora of badness ie: exploits, RATs, Trojans etc.

 

Steam in your cases tried to connect to a bad client/server however there is no way for us to determine if you have been infected or not, from the the info you have provided.

 

If you feel you may be infected, please follow https://forums.malwarebytes.org/index.php?/topic/9573-im-infected-what-do-i-do-now/

Share this post


Link to post
Share on other sites

I updated to the latest patch of mbam and cleared the server history.

Is there anyway my pc got infected by pinging bad servers?

And can MysteryFCM explain what was the reason to block those IPs? When I looked up those ips they seemed to be normal game servers.

Share this post


Link to post
Share on other sites

I updated to the latest patch of mbam and cleared the server history.

Is there anyway my pc got infected by pinging bad servers?

And can MysteryFCM explain what was the reason to block those IPs? When I looked up those ips they seemed to be normal game servers.

 

The IPs in question were blocked due to the presence of everything from fraud to malware. As Steam was just pinging them, you weren't open to any of the malicious content residing on them and can safely ignore them.

Share this post


Link to post
Share on other sites

The IPs in question were blocked due to the presence of everything from fraud to malware. As Steam was just pinging them, you weren't open to any of the malicious content residing on them and can safely ignore them.

So malware didnt cause those IPs to show up?

And what wpuld happen if I didnt have malwarebytes turned on? Would I have gotten hit by Malware if I didnt have ot on?

It wasnt just steam.exe but some games that shared the same browser, and the steam overlay (why would the overlay be involved if you would know?)

Share this post


Link to post
Share on other sites

So malware on my system didnt cause those IPs to show up?*(like I dont have malware that caused it?)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.