I am currently at college under my school's domain and I cannot even log onto Neocron, and when I do my ping is a constant 2,000 making it unplayable. Now, reason being is probably because I'm on my school's domain with firewalls up the ass which I can't turn off, so is there a way I can log onto windows without using my school's domain or anyway I can fix this problem!

Thanks.

u can login without their domain, but that means no internet or you have your own, there really isnt a way to ignore their domain restrestrictions and still use their internet :/

-Crono

The domain (as in windows domain) isn't at fault regarding firewalls etc.
Even if you managed to not log into the domain (you would need a local account on the machine you want to login at, and my best guess is that only the admins have that), you would still be behind the school's firewall.
I.e you are still on the same network, not just logged in to the windows domain (to share files, printers etc).

You can easily hack into the administrator account on the local pc, and even into the windows 2000-2003 server if you have acces to it.

Use ERD commander on a bootcd to reset the administrator passwords.

If the bios is locked, just pull the battery from the mb.


Not that these things would be easy to do in school and will probably get you kicked out :-)

Originally posted by winnoc
You can easily hack into the administrator account on the local pc, and even into the windows 2000-2003 server if you have acces to it.

Use ERD commander on a bootcd to reset the administrator passwords.

If the bios is locked, just pull the battery from the mb.


Not that these things would be easy to do in school and will probably get you kicked out :-)

or help at all ...

Im at college too and we have internet without using the Novell Domain. The best is to use linux and then u need to know the adress of the proxy server or Gateway if the gateway can be accesed without using a domain account youre in and able to use the internet with the proxy but without restrictions

Trust me, if you have the admin account on the server you can do pretty much anything.... untill they find out off course.

You can get into the proxyserver / firewall and allow your user or ip to go through.

I would however advise not to play neocron in school. School is for studyuing, and if you don't you'll end up playing neocron ALL DAY LONG :-)....... and on a crappy pc cuz you won't have the cash to buy a new one hehehe.

local admin != domain admin

A domain server is a access regulator. You have to change the settings on that machine to be able to do anything that is restricted by a remote machine.

I mean, ok you could stop a local running firewall, but i doubt that it will have such.

:edit: And of course the domain controler (=server) is physically protected against students. Serverroom / keys

I am currently at college under my school's domain
I assume* this implies you're using a computer connected to your school's network and either have local logon rights or a domain account which gives you local access to the computer and web browsing, etc.

Err I won't take anybody's advice on trying to bypass your school's domain account policies/access. People aren't screwing around with that shit anymore. At best you get expelled or suspended. At worst you get charged with a felony and spend a mandatory sentence hoping somebody sends you soap-on-a-rope. And if you think they aren't watching, well it's your life ...


and I cannot even log onto Neocron and when I do my ping is a constant 2,000 making it unplayable.

well a firewall with outbound access control lists will either block the traffic completely or not at all. Don't think I've met one that just "adds a couple thousand ms to your outbound traffic" so if you can log into the server (albeit slowly) then the problem is some where else.

It could be your experiencing increased lag from policy based traffic routing - ie. the school routes common traffic like HTTP and SMTP at a higher priority through it's system then all other types of TCP traffic (like NC) - coupled with the fact that everybody else is using the same outbound pipe (even though universities usually have pretty big pipes) that kind of lag wouldn't surprise me ...

*could make an ass out of me or you

edit: consistency

Well, being on a college network which is connected to the internet, chances are a load of them are infected with worms/virii which will certainly slow things down a lot. I found on the comps here things like Gator and Gain are running on loads of the comps clogging up everything.

Originally posted by winnoc
Trust me, if you have the admin account on the server you can do pretty much anything.... untill they find out off course.

You can get into the proxyserver / firewall and allow your user or ip to go through.


LOL - and what makes you think for 1 second that firewall access is going to be controlled on the same Windows server? If their IT department has a shred of sence, they will be using a Unix based firewall, and not some shitty little app / box that you can buy for £500 from PC World.

Also, local admin does not give you domain admin rights - if you have local access rights on a machine, you still can't really do shit, apart from control the local machine. You will still need to log on as a domain admin in order to be able to do anything half way decent. Even then, you will not be able to bypass the firewall, unless you are sat outside the DMZ - but then what domain admin, is going to be stupid enough to put ANY machine on a DMZ that is connected to a network?

So there's no way I can play Neocron then, huh?

Fuck this, I'm bringin up my PC from home next weekend.

Uh ...

You realise that won't change a damn thing, right ?

Doesn't whether you plug a school PC, your own PC, or your dick into the socket ... it's still the same network on the end of the cable, over which you have absolutely zero control.

(With or without local admin :rolleyes:)

The point some others were trying to make is that network traffic handling works on a different basis from network resource access.

The domain security merely controls your access (or non-access) to resources on the network - it doesn't have much bearing on what happens at an IP level.

Well he might have a really shitty network card in the college comp....

Well this sucks... lol

Okay, here is what I don't understand though...

I can play an online game like Wolfenstein: Enemy Territory with like a 20 ping, yet games like Neocron I can't log on and in SWG get 4,000 ping where nothing even loads in-game (buildings, etc.)

o_O

Well what outbound ports do those games all use? Try switching the default connection port in Neocron.ini to something else and see if that works ...

What do I change it to?

What do I change it to?

Well pick a port number between 1026-65535 ...

or try finding out what Wolfenstein uses and change NC to that port. It's possible that the University Admins know about NC and SWG and block the default outbound ports to those game servers ...

Anybody try setting the outbound NC port to 80 or 25 to bypass a firewall control list? Might be interesting to test ...
(yea I know it might bork your web browser or mail prog while playing NC)

Didnt we go through the Wolfenstein versus NC thing a while back ?
(apologies if it was someone else)

Games like Wolfenstein et al make direct connections outbound to each remote resource needed.

i.e. When you select a WS server you make a connection to it directly - your firewall sees that the connection was iniitiated by you to that IP, and allows traffic back from it fine.

With NC it's different - you make your outbound connection to a login server IP first - so far, so good, The firewall sees this and allows traffic back because it knows the connect was initiated by you.

Then comes the problem however ... once you are authenticated on the login server NC hands you over to a *game* server to actually play. Your firewall doesn't know about this second game server IP because you havent contacted it directly so far, therefore it assumes the packets from it are unsolicited and tries to inspect each one to work out who the fuck it's for.

I strongly suspect that's where your delay lies.

yeah the only way i can see to fix this is to get your own 56k connection and play off that or somethin...

or get wireless internet ... neither of which will give pings a lot better than 2000

Then comes the problem however ... once you are authenticated on the login server NC hands you over to a *game* server to actually play. Your firewall doesn't know about this second game server IP because you havent contacted it directly so far, therefore it assumes the packets from it are unsolicited and tries to inspect each one to work out who the fuck it's for.

Kurai: Clarification on something for me then ...

If the Logon server passes the connection over to the game server without having that connection initiated from the game client then why does a normal NAT router allow the game to work?

A NAT setup on a router would have the same problem as a firewall if the logon server passed the connection over to the game server and then the game server tried to reply to the client - both wouldn't know what the game server IP was trying to do right since the NAT router is wouldn't have a translation entry in it's table for the game server (new IP) coming in ...

The way I see it:

1) Client connects with logon server for authentication. Router/Firewall sets up translation for Private-to-Public IP#1 connection
2) Logon server passes token back to client.
3) Client receives token and creates new connection outbound to game server (maybe game server IP is sent as part of token package). Router drops #1 translation and sets up new translation for IP#2 (game server)

I would have to test this by monitoring the NAT table as the game starts to see if new entries are created during the logon process but how else could the NAT device know the new IP address was a valid connection and not some random traffic?

Thanks,

Kug

Originally posted by Kugero
Well pick a port number between 1026-65535 ...

or try finding out what Wolfenstein uses and change NC to that port. It's possible that the University Admins know about NC and SWG and block the default outbound ports to those game servers ...

Anybody try setting the outbound NC port to 80 or 25 to bypass a firewall control list? Might be interesting to test ...
(yea I know it might bork your web browser or mail prog while playing NC)

Right now the port is 8040 as I can see when logging on, but I looked around in the Neocron folder and couldn't find where I could change this?

Vid,

Run a file search for Neocron.ini - open it with notepad and you'll see where to change the port number.

If you run into problems just change the port number back to 8040 ...

My suggestions are not gaurenteed to work just speculations on possible solutions ...

Originally posted by Kugero
Kurai: Clarification on something for me then ...

If the Logon server passes the connection over to the game server without having that connection initiated from the game client then why does a normal NAT router allow the game to work?
Stateful inspection, in a word (well ... two words :D)

Cheap home level NAT solutions won't bother with this, just look at the packet header (which will contain the routeable IP, and the internal NAT'ed IP) and chuck it at the relevant host inside the network.

There's a common misconception - NAT doesn't remove all mention of your internal private IP space from packets, it just makes the hosts unreachable directly.

Fuck this... guess I can only play at home. lol

Are any of these firewall or scanning programs?

http://pic6.picturetrail.com/VOL174/2015288/3901580/48761017.jpg