Shodan Stories Day 26: Multicasting in Siberia, UDP Packet Pixies, and Free Civ
The other day I saw someone on Shodan searching for “udpxy”, and I couldn’t determine what was going on with that because all of the results would give me 401 no auth errors. Today I realized that I could, of course, add “200 OK” to the search and only return successful connections. So I did.
A Udpxy Server on 22.214.171.124
There were only two results, both in Russia, so I picked the one that seemed a little more interesting, from Tomsk, Siberia. I could see from Shodan that the “udpxy” service was running on port 4321, so I visited in a browser. udpxy, pronounced “you-dee-pixie”, is a relay for multicast data streams to any HTTP clients that make the correct GET request. That means essentially that it can take multiple UDP streams and turn them into something accessible over HTTP. You might want to do this so that you can pipe your captured cable tv streams to your smart phone, or something like that. In everything I could read about this application however it seemed to be for running on your local network first and foremost, with most long-term internet applications having better and safer tools available, which would explain why there were only two results on Shodan that were accessible. So I got kind of curious about why this one, and did a port scan.
👻 🌵 ✨ $ nmap 126.96.36.199 Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-29 17:49 EST Nmap scan report for 188.8.131.52 Host is up (0.18s latency). Not shown: 997 closed ports PORT STATE SERVICE 53/tcp open domain 4321/tcp open rwhois 5555/tcp filtered freeciv Nmap done: 1 IP address (1 host up) scanned in 20.35 seconds
What’s that on port 5555? Freeciv, as in Free Civilization? The open source implementation of blockbuster game franchise Civilization? Built in 1996 and still looks the same even though it’s been in steady beta development for 23 years? I was a little suspicious, because ports are frequently used for things other than what the common label is for them, especially snappy all the same number ones like 5555. I found that it was closed to TCP connections but UDP was working! That would make sense if this were a Freeciv server, which would require real time gaming.
➜ sandbox git:(master) ✗ nc -vu 184.108.40.206 5555 found 0 associations found 1 connections: 1: flags=82<CONNECTED,PREFERRED> outif (null) src 192.168.0.108 port 50154 dst 220.127.116.11 port 5555 rank info not available Connection to 18.104.22.168 port 5555 [udp/personal-agent] succeeded!
So I thought I’d install Freeciv and see if I could join their server. It’s extremely quaint. I had to install and start it from the command line, brings me back to the golden age of MS-DOS gaming. Those were truly the days.
Sure enough you can connect to a remote server. There were a couple that just showed up in my list. When I tried to connect to this server however I timed out, and then the game crashed.
Too bad. I looked into whether the multicasting could be related to the gaming. It seems that… yes? The answer got a bit too in the weeds for me to figure out. I have a new game to play anyway. See you tomorrow.