Tracking Alts on Dynamic IPs
-
Hi everyone,
I'm one of few staffers on a small mush, handling a lot of code-side workload. One thing we have been struggling with is tracking alternate characters across dynamic IP ranges. I'm still trying to sift through the docs (we use penn), but I'm also curious if anyone has figured out a simple, effective way to do this?
Something that is hopefully general and fairly automatic. As I mentioned, we don't have a lot of help handy, and with over 50 characters, can't afford to be watching every little thing, or sifting endlessly through command logs.
Thanks
-
I'm pretty sure that analyzing your connection logs with, say, an Awk a script tailored to finding shared IPs across characters would easily find alts across time.
-
Well. There are several problems here. Some technical, some not. First, the technical, because that's the easy part:
- @WTFE's method above is a great solution if you have shell access, which probably covers the set of people who should be doing this anyway (see social problems, below).
- If you want it in game, consider if history matters;
- Most mush types record the last connected address (or even a handful of them) on some of the wizard only attrs; if that's enough, it becomes a process of sweeping through character objects to find matches of some sort.
- If that isn't enough, you'll need to record the history yourself in some format. Consider how you want to do this and whether or not it is worth the trouble; SQL is one reasonable solution, but there are likely others.
If you have what you need in attributes, see
@grep
and similar tools. If you need it in SQL, you'll need your alt-detector to run a select of some sort to find things....I just looked at what I had on TheReach and ... uh, no, that's ugly. In summary though, I had a table with IPv4 address, hostname, char dbref number, and some time data. When people connected, it updated it as needed, and alts checks of various levels used
select
s with a horridly tangled mess of subqueries to do CIDR bitmasking in sql, which was kinda cool but horrible slow, done inside a synchronoussql()
that stalled the whole game and pretty much theno was the only one who ever knew how to use it safely. Do not recommend.Gotchas I noted that you should keep in mind: Many games are starting to support IPv6. Most older games are IPv4 only, and the traditional "dotted quad" form we know and love is IPv4-only. Brief review on terminology:
- IP stands for Internet Protocol; TCP/UDP are implemented on top of IP packets. PING and similar tools send special IP packets.
- IPv4 has 32bit host addresses, conventionally represented with a dotted set of four 8bit numbers written in decimal (i.e. 0-255). Hilariously, 4 billion addresses aren't enough and we're running out. (Well, ran out a while back, but limping alone either way)
- IPv6 has 128bit addresses, conventionally represented as colon-separated sets of 16bit numbers written in hexadecimal. (i.e. 0-ffff).
- IPv6 has a lot of zeros in it, so the :: means "shove a ton of zeros in that spot 'til it makes a full address." (e.g. ::1, or all zeros followed by 1 -- is the IPv6 localhost)
- Hostnames may point to any number of IPv4 or IPv6 addresses, or both. (In A and AAAA recordsets via DNS, which is another lecture)
- IPs can point to hostnames (really just one unless someone screwed things up) but are often misconfigured.
For both of these, we talk about "netmasks" as a way to describe ranges of addresses. Instead of 1.2.3.*, meaning 1.2.3.0 through 1.2.3.255, a better way to describe it is 1.2.3.0/24 -- the 24 meaning the first 24 bits are meaningful but the last 8 are not. Likewise 1.2.2.0/23 covers 1.2.2.0 though 1.2.3.255. There are calculators online that can help with this if you get confused, or you can use the really ugly old form with netmasks like 255.255.255.0, (meaning /24)
IPv6 does the same thing, but obviously has more bits. /48's and /64's are very common. /128's are almost useless, because of how many addressable bits can be freely rechosen by the client under normal configs in the interest of privacy. (Yes: Modern internet is designed to make this difficult for you to do.) Players can and DO actively set their ipv6 address to hilarious stuff, like :feed:face:dead:beef: and whatnot.
Hostname resolution from an IP is not reliable. IP's might come into your game in either form. You can represent ipv4 as an ipv6 addr of the form ::ffff:1234:5678 where the last two terms represent the 32bits of the ipv4 addr. e.g. 10.0.0.1 -> ::ffff:a00:1.
Players connecting via dynamic IP might:
- Keep the same IP for years
- Switch addresses several times a night in their same ipv4 /24.
- Alternate between several seemingly unrelated ISPs (which can be home/work/school/coffeeshop, but not always)
- Switch addresses periodically over astonishingly large sets like /16 or worse.
The wider you match, the more matches you can find, but the less meaningful they will be. Believe it or not, some people do live in neighborhoods with OTHER PEOPLE that actually use internet! This can muddy waters quite a bit.
You need to handle and use this sort of matching for it to really be an effective tool. If storing in sql, use the async
@query
system if your game has it (mux, etc).sql()
is synchronous and will make you cry.This brings us to the social problems part. People don't seem to understand the concept of false positives. For that reason, +alts checking of this sort usually needs to be limited to a very small set of people or you'll spend all your staff time trying to put out drama fires. No, documentation does not help. Meetings do not help. BBposts, forumposts, wiki pages, etc. all do not help. People are dumb, suspicious, and paranoid. If they see the slightest hint that person A is connecting from THE SAME PLANET as person B then CLEARLY THEY ARE THE SAME PERSON and OUT TO GET THEM. This gets old very, very fast.
Further, there are a very large number of cases where multiple people from the same household play, so they all show up on an IP. HOWEVER, you cannot use ip-match to prove people live together. Consider:
- Most of my mush connections would appear to originate from 66.220.1.33.
- My lovely partner has her own farm of servers and while we would often be playing from the same room, we potentially appear continents apart.
- Both of us offer shells in various forms for various purposes, leading to a multitude of other people that seem to live with us, but do not.
- 66.220.1.33 was the ipv4 address for KUU, one of the big Mechanipus servers hosting the Reach and a bunch of others. That quickly made it look like all game wiz's on all games there were coming from the same place, which I'm sure made all sorts of hilariously salacious rumormongering possible.
- It gets even worse if you connect via localhost.
So: Can this sort of ip-address based system tell you:
- If two people are the same, for certain? No.
- If two people are different, for certain? No.
If that is confusing, disheartening, or seems otherwise wrong, then that methodology cannot help you. (Not sure anything can, really...)
So: What's the best path forward?
On Haunted Memories, we had a player-accessible system for declaring your alts for staff. This worked very well, nice, and safely. It did 90% of what staff ever needs these things for, didn't show other players who was who, and didn't have any false positives(*). It did depend on player honesty and player trust in staffers.
Really though, if you can't trust staff with the knowledge of your alts, why the hell would you play there?
(*) Actually it had some hilarious bugs related to recycled DBrefs getting reused without correctly updating these tables, so for months it showed one of my alts as somebody's armor vouchers or something, but that's a different sort of trouble.
-
One thing you may consider doing is storing the DNS name and/or IP into an attribute and continously concating the data with something like setunion() with whatever IP/dns they connect from again.
Then when you do a search search against that field.
One thing that's hard to identify with alts is frankly those who don't want to be found will be hard to find.
A lot of users who hide who or where they come from will use public proxies.
Things like TOR, hidemyass, or similar sites.
And while it is fairly easy to block people who use these sites, identifying who is using it is a quite a bit more problematic.
So the best you can hope for is just log all the sites they connect to, store it in an attribute like _SITES on the player, and write code to search that variable.
As others have very well stated earlier, doing searches on subnets while a good grenade throw on who may be the same person, is iffy on if it's the same person.
A group of individuals could even be using the exact same ip.
An example would be if a group of mudders are mudding from Microsoft.
All of them logging in. All their IP's will likely be exactly the same, because they're going out through the corporate PROXY DMZ system which NAT's their IP to an outbound IP address that's exactly the same.
Similar issues for a group of people in a single house using the same router, or any number of other things.
So if you ever block IP's, keep in mind while you're fairly confident it's the same person, there's a small possibility others will use that IP address as well, so always balance the cost of doing it against the effect of having them gone
-
Based on what you all are saying, it seems like ipv6 is one of those 'theoretically impossible' things to track. While I understand how various analysis tools and methods would work fairly well, I can't imagine anyone would be able to invest that kind of time and effort into a game? I guess what I'm wondering is: What is your personal experience? A few people mentioned some games, and what they've done, but what I'm wondering is, did it work for you? Are their issues of cheating, for example, and can it usually be detected?
-
"Cheating" is a conditional phrase based on the local laws and policies of the game. Without knowing what people are doing, giving advice is difficult.
In my experience, issues of cheating of this sort are people breaking some sort of alts policy, such as "you're allowed only two characters".
Normally social engineering can scope out this kind of cheating, as people tend to have a specific voice in their writing style, a timetable in their login habits, and a circle of friends that notably overlaps. Sure, one player may be bouncing though a proxy for one character and not for another character, but it's doubtful their preferred RP partners don't.
Use these as tools to make a reasonable deduction.
I treat alt-hunting as more of an investigative, policing procedure, not an exact science. If I can get most of the players to accept "this is the rule, we can't be perfect so please don't make us care", then it probably won't be a problem.
-
@mushered said in Tracking Alts on Dynamic IPs:
Based on what you all are saying, it seems like ipv6 is one of those 'theoretically impossible' things to track. While I understand how various analysis tools and methods would work fairly well, I can't imagine anyone would be able to invest that kind of time and effort into a game? I guess what I'm wondering is: What is your personal experience? A few people mentioned some games, and what they've done, but what I'm wondering is, did it work for you? Are their issues of cheating, for example, and can it usually be detected?
It's not impossible to track, it's just not generally worth the effort. The lowest effort method to track someone on a dynamic IP is simply tracking the host-name because while that will have quite a lot of false positives, in my experience there's usually only a few people from any given host playing on the same MU* at which point you can do something more laborious with the few remaining connections. At high levels of effort you can log all their activities and develop probabilistic models based on their activity times and word choices, but unless you're actually tracking terrorists, why would you bother?
Generally in my experience, someone trying to play alts against the rules or someone violating a ban tend to make themselves fairly obvious in the ways that they speak and interact with other players and whenever you become suspicious, most MU*'s support flagging characters to have all their commands recorded, allowing you then to quite easily tell if there's actual cheating going on.
I don't think I've ever encountered anyone trying to break a rule against alts (connecting to the same game from two different IP's at once seems like a logistical nightmare for little benefit) and most people who get banned tend to stay away in my experience.
-
@mushered Defining "cheating" as.... you're allowed X characters, and you have more than that, I only recall one clear time where it's happened. Granted, I've only been MUing for about 3.5 years, but I still think it's enough data for to say "it's rare".
Generally speaking, the players who break this policy have been identified through other players, rather than any sort of code thing. You notice that these two people are extremely similar, you point it out to staff, they investigate, cheater is caught.
That said, I've seen The Reach use what is basically a catalog of your IP addresses. It checks for various overlaps. It was riddled with false positives. If you ever were connected to the net via an airplane, hotel, etc, you'd likely end up getting flagged as a potential alt of many, many other people. All in all, it was messy, and I'm not sure there was a lot of value in it.
I'm also on another game that is invite-only. To create a character, you need to submit a request to staff, basically saying who you are. That's checked against the invite list. If you're in, you're in! Once in, you can use a command to create new characters for yourself, that are tied to your first character. Super easy!
-
@skew said in Tracking Alts on Dynamic IPs:
I'm also on another game that is invite-only. To create a character, you need to submit a request to staff, basically saying who you are. That's checked against the invite list. If you're in, you're in! Once in, you can use a command to create new characters for yourself, that are tied to your first character. Super easy!
This is what I'd suggest as well. Not necessarily the invite only part -- that could be handled a few ways (invite, email for first login, etc.) -- but the request from existing login thing.
Someone could arguably request a second login from email, but I ended up building in perks that make that less appealing unless someone's really desperate to hide, in which case they're likely to take other steps as well to obscure themselves.
-
I would like to second the warning about possible false positives as this has actually happened to me.
It was in the mid 90s and the friend who got me into mushing recommended a new game. I took that recommendation and made a character there. Naturally since i was going there on his recommendation I made a char to interact with his. We were both in college at the time and living in the same dorm, 5 floors apart but same building, on the same campus, and connecting on the same university supplied internet access, before long staff decided we were the same person because of the IPs, it took quite a bit of going round and round and pointing out others that were also playing there and living on campus that also played before staff finally let the matter drop. I am not sure they ever beveled us.
While the mushing population currently is a lot lower I do know there are a handful of other mushing living in the same town I do, some I am friends with some I just know of. I do not know which ISPs they all use but I would not be surprised if some of the others used Verizon like I do. So it is conceivable the situation could repeat itself. -
I often show up as an alt of every damn person that uses Verizon from phone to connect in the PNW.
I do know of only a single instance of someone cheating where alts are concerned. One. Once, in all my years. Mind, maybe others were and they never got caught, but it's definitely not a significant problem in the community.
-
I've encountered alt-cheating many times over the years, but its always caught (Except those I didn't catch, obviously) and people are rarely as clever at hiding who they are as they think they are.
But I never use IP address for tracking, or at least not automatically. Partially, because I once had two roommates that mushed with me: we all came from the same site obviously. Partially, because dynamic IP's are a pain.
Partially because its just not worth it.
I DO have +alts code that binds multiple characters to a single 'account', and I use it to idly monitor alts, but its mostly an honor system. If someone lies, they get all their characters banned. Mostly I don't use this for enforcement, though, but instead to do 'account-wide' stuff like mark bbposts read across all your alts if you read it on one, stuff like that.
-
I don't know how IP matching possibly works in large cities where most people subscribe to a tiny number of ISPs. In Toronto other than a handful of techies I know almost everyone's either using Rogers or Bell, and all it takes to change your dynamic IP is turn your modem off and on again.
I can see 'invite only' working but it also makes games way less accessible.
-
@Arkandel Email to request is what I hope will work. Sure, people can game that system with alternate email addresses -- but email for first, request second/third/whatevs from an existing alt seems the best way to go.
Realistically, people are going to need (yes, need) a wiki login for the structure of the places I'm working on, so they're going to need to send in an email to somewhere, eventually, anyway.
Can even be all done in one step that way if they ask for both names desired in said email (if they aren't the same), which saves some time for everyone.
-
@surreality Oh, that can work, sure.
My ideal solution is still to not need to worry about how many alts someone's playing.
-
All this being a guess, as @mushered hasn't responded to the guesswork at why the question.
So, Musher Ed, why the question?
-
@Thenomain I thought it was mushered instead of Musher Ed. Like, "Hey you gamin' tonight?" "Nah, I'm all mushered out." Musher Ed is a much better way to think about it.
-
@Arkandel said in Tracking Alts on Dynamic IPs:
I don't know how IP matching possibly works in large cities where most people subscribe to a tiny number of ISPs. In Toronto other than a handful of techies I know almost everyone's either using Rogers or Bell, and all it takes to change your dynamic IP is turn your modem off and on again.
Most of these larger ISP's and back-end tiers lease subnets of their larger subnets to these smaller ISP's.
With some small amount of digging around, you can get the subnets for these tiny ISP's and block those specific ISP's and not the larger subnets.
A few exceptions are china ISP's where a lot of their information is hidden behind the great wall of china, where a lot of times you have to block entire A-class addresses if someone's being a turd and trying to attack your site as their subnet information is obfuscated.
But generally you're pretty good by blocking based on the subnet lookups you can find of any given ISP.
For those who try to hide using proxies, you can get most of the IP lists of the most common proxies and even have dynamic methods to block the more nefarious proxies like TOR with some hardcode mods.
There's always ways around things, but it boils down to what level of restriction you want. The more you tighten, the more chance of impacting innocents. So you have to weigh every choice you do.
-
I meant it like 'mushered' as in mushered out. The question was with regards to cheating. On our game, you are not allowed to share items, there are credit restrictions, in game money and other things. There is also the issue of people being turds as many pointed out. After years of mushered-ing and staffing, you would be surprised the strange things you catch people doing. Being able to link ip addresses to charbits has been an thing as long as I can remember. Of course, I don't think dynamic stuff was even around when I started.
@Ashen-Shugar
You mention subnets, and that was sort along the lines of what I had been thinking initially. With some softcode monkeying, I imagine we could lock down certain ranges with a glob pattern, for example? -
@mushered said in Tracking Alts on Dynamic IPs:
I meant it like 'mushered' as in mushered out. The question was with regards to cheating. On our game, you are not allowed to share items, there are credit restrictions, in game money and other things. There is also the issue of people being turds as many pointed out. After years of mushered-ing and staffing, you would be surprised the strange things you catch people doing. Being able to link ip addresses to charbits has been an thing as long as I can remember. Of course, I don't think dynamic stuff was even around when I started.
@Ashen-Shugar
You mention subnets, and that was sort along the lines of what I had been thinking initially. With some softcode monkeying, I imagine we could lock down certain ranges with a glob pattern, for example?All the years of mudding, not much surprises me anymore of what people are capable of
But yes, you can lock down ranges with glob patterns or with subnets.
Stuff like 192.168.0.0 255.255.0.0 locks down any site starting with 192.168.
Some newer codebases also allow globbing of dns sites which is nice, though some people have obfuscated DNS's. I've seen people connect with a site of '.' for example. Yes. A period