open All Channels
seplocked EVE Information Portal
blankseplocked Regarding Recent Socket Errors
 
This thread is older than 90 days and has been locked due to inactivity.


 
Pages: [1] 2 3 4 5

Author Topic

CCP Fallout

Posted - 2010.12.02 22:22:00 - [1]
 

A number of players have been experiencing socket closed errors since EVE Online: Incursion 1.0.0. Our investigations have led to the discovery of at least one vendor of traffic shapers flagging EVE Online network traffic as a “BitTorrent encrypted transfer.” Many universities are blocking all such traffic, and we are still trying to establish if more vendors are flagging our network client erroneously. Please note that not all closed socket errors may be related to this particular problem, and we are continuously investigating closed socket issues and encourage you to continue reporting this issue whenever you encounter it by filing a petition.

Why did this occur? When we released Incursion 1.0.0, we made a change to the client/server handshake. For those unfamiliar with this term, it is essentially the client saying “hi, let’s establish a connection” and the server responding with “this is our current version information, number of logged in users, and other information of interest to you.” The client then responds with a positive message (i.e. if the version information is correct, you can log in immediately) or will contact the update servers if the client version you are using is out-of-date. This change, essentially increasing the number of fields from six to seven, resulted in a bit in our handshake packet to change from a "6" to a "7" which was enough to cause the signature for the EVE Online client in this particular vendor's whitelist to no longer match. Note: This could be the cause of the closed socket errors many have been recently reporting; however, as noted above, we are still investigating this particular issue.

The vendor in question has modified their signature to remove the false positive and restore the Eve Online client to the whitelist. This particular vendor's signatures are normally updated on Mondays; however, they may issue the update earlier if it’s requested by affected users (i.e. network sysadmins at universities). The vendor has no mechanism to push an update sooner. The patches must be applied by the device administrators. We suggest that, if you are affected by this issue, you contact your network sysadmins and explain what is occurring and how they can resolve the issue with their vendor. You may wish to provide them with the following email address (security@ccpgames.com) and they can discuss the matter in detail with our security team.

We will continue investigating any connectivity issues and will work with any third-party vendors to resolve any further false positives we may become aware of. We apologize for this inconvenience.

therealdhs
GoonWaffe
Goonswarm Federation
Posted - 2010.12.02 22:50:00 - [2]
 

Are you able to give out the name/vendor of the traffic shaping program in question?

Donald Hump
Amarr
Assisted Suicide Services
Posted - 2010.12.02 23:10:00 - [3]
 

Edited by: Donald Hump on 02/12/2010 23:10:50
so im going to be unable to play eve at my college since the network admins refuse to even do anything with the network and they wont contact u guys .i told them that all i want is the ip and the port ok'd told them it was for EVE Online and they keep saying they dont do it its not up to them but they run the IT department/control the internet/wireless. thank god only got 1 more week before break.

Yuki Kulotsuki
Posted - 2010.12.02 23:49:00 - [4]
 

Originally by: Donald Hump
Edited by: Donald Hump on 02/12/2010 23:10:50
so im going to be unable to play eve at my college since the network admins refuse to even do anything with the network and they wont contact u guys .i told them that all i want is the ip and the port ok'd told them it was for EVE Online and they keep saying they dont do it its not up to them but they run the IT department/control the internet/wireless. thank god only got 1 more week before break.
It's not unusual for IT to be segregated into different departments. So something related to firewall exceptions, host quarantines and the like would be handled by a security group while network maintenance and administration handled by a networking group. And even if it's not, policy is usually not decided by "admins" but actual administrative staff. Bureaucracy's a *****.

Threshner
Posted - 2010.12.03 00:02:00 - [5]
 

SO why not change the client/server handshake back to the way it originally was?
I am currently logged on but the game is very slow to respond to anything. Some if not most of the icons on my sidebar are unable to be pressed.

This is a real downer if im forced to quit eve because of a patch -.-

Noun Verber
Gallente
Posted - 2010.12.03 00:12:00 - [6]
 

Originally by: Threshner
SO why not change the client/server handshake back to the way it originally was?
I am currently logged on but the game is very slow to respond to anything. Some if not most of the icons on my sidebar are unable to be pressed.

This is a real downer if im forced to quit eve because of a patch -.-


My guess is that the change was the one that checks version before login, instead of after, which is a change that is better for ease of use.

Ochipala
Posted - 2010.12.03 00:19:00 - [7]
 

Originally by: Threshner
SO why not change the client/server handshake back to the way it originally was?
I am currently logged on but the game is very slow to respond to anything. Some if not most of the icons on my sidebar are unable to be pressed.

This is a real downer if im forced to quit eve because of a patch -.-


Same here, im from South East Asia, can't do anything as my ISP says not their problem since we have to pass through US networks. Already file a petition.

Solore Dotor
Posted - 2010.12.03 01:04:00 - [8]
 

I filed a ticket with WPI netops.. there's about a 0.05% chance they'll actually do it. If they don't do it, is CCP saying I'm out of luck and I should close my accounts?

Tiliam
Caldari
Posted - 2010.12.03 01:24:00 - [9]
 

To everyone asking if they should close their accounts - no. If the problem is caused by this issue then it should be fixed as soon as the network admins update the whitelist to the latest version. Of course they may not update every week (good ones will as it is a regular weekly update on software which helps maintain good network performance) and will have their own internal schedule as to how often to update (it is probably an automated process anyway which is why no-one will want to do it manually).

Even though I'm not impacted by this issue I have found it an interesting read.

Kaillei
Gallente
Scarab Empire
Posted - 2010.12.03 01:34:00 - [10]
 

But if they won't add eves new signature to the whitelist, can we get some sort of assurance from CCP that they will give users the option to use the old method of authenticating? - even if it means some people don't get updates until they try to log in (big deal)

Donald Hump
Amarr
Assisted Suicide Services
Posted - 2010.12.03 01:41:00 - [11]
 

Edited by: Donald Hump on 03/12/2010 15:09:49
Edited by: Donald Hump on 03/12/2010 01:47:49
Edited by: Donald Hump on 03/12/2010 01:42:18
my college is very messed up everything is run by one group i mean everything they are the only people to go to when something is wrong thats my problem there useless. and the head guy who runs it doesnt care about anyone or anything unless it affects him .and even if i can get them to update so Eve will work they only do it once or twice per semester which i know is a very long time . took them 2 months to allow more then 30 people on the wireless .

CCP Sreegs

Posted - 2010.12.03 02:06:00 - [12]
 

Originally by: Solore Dotor
I filed a ticket with WPI netops.. there's about a 0.05% chance they'll actually do it. If they don't do it, is CCP saying I'm out of luck and I should close my accounts?


Hey guys we said the latest this should be fixed is Monday. That's when the vendor pushes the updated signatures to their clients (your schools). If you can get your school's admins to contact support for their p2p filtering solution they have a signature ready for them that will fix it which they have to apply.

therealdhs
GoonWaffe
Goonswarm Federation
Posted - 2010.12.03 02:32:00 - [13]
 

So all of the schools in question (Big list here) use the same traffic shaping programs?

While I'd love to go to the IT department and ask them to update their signatures, it would waste everyone's time if it was for a program they don't use, and wouldn't get an update for.

CCP Sreegs

Posted - 2010.12.03 02:38:00 - [14]
 

Originally by: therealdhs
So all of the schools in question (Big list here) use the same traffic shaping programs?

While I'd love to go to the IT department and ask them to update their signatures, it would waste everyone's time if it was for a program they don't use, and wouldn't get an update for.


All of the schools who have been willing to communicate with me what they use, use the same traffic shaping equipment. I have no way of knowing what any particular school is using if they don't tell me. I've called more schools than I have fingers in the past two days and the ones who responded were using the same device.

therealdhs
GoonWaffe
Goonswarm Federation
Posted - 2010.12.03 02:43:00 - [15]
 

Can't ask for much more than that, and if everyone you've contacted uses the same program, I'm sure it's widespread. As I stated in my first post, can you provide the name of the program? I could probably track down whoever manages it if I knew a little bit about it.

CCP Sreegs

Posted - 2010.12.03 02:50:00 - [16]
 

Originally by: therealdhs
Can't ask for much more than that, and if everyone you've contacted uses the same program, I'm sure it's widespread. As I stated in my first post, can you provide the name of the program? I could probably track down whoever manages it if I knew a little bit about it.


It will be your network or security staff in IT. It's a traffic shaping appliance, used to control bandwidth basically. Some of the schools I talked to seemed to be hesitant to share the details about the product they were using. I've emailed them back but unless they tell me it's ok to divulge the vendor I'm going to respect their desire to keep it under wraps. Without them being forthright with me this issue would have been a real problem to resolve.

Solore Dotor
Posted - 2010.12.03 03:21:00 - [17]
 

Originally by: CCP Sreegs

Hey guys we said the latest this should be fixed is Monday. That's when the vendor pushes the updated signatures to their clients (your schools)


ohhh didn't realise it was a push. i thought netops would have to do it themselves and they're too lazy to be bothered

CCP Sreegs

Posted - 2010.12.03 03:43:00 - [18]
 

Originally by: Solore Dotor


ohhh didn't realise it was a push. i thought netops would have to do it themselves and they're too lazy to be bothered


Don't hold me to that as my memory's fuzzy but I was told specifically that updates are done on Mondays.

Zitus
NON PROPERO
Posted - 2010.12.03 05:17:00 - [19]
 

CCP Sreegs, The college kids thank you for your hard work!

Looks like tomorrow I'm gonna have to call techspot and settle this out.

Zagdul
Gallente
Clan Shadow Wolf
Fatal Ascension
Posted - 2010.12.03 09:24:00 - [20]
 

Edited by: Zagdul on 03/12/2010 09:26:11
Originally by: CCP Fallout
This change, essentially increasing the number of fields from six to seven, resulted in a bit in our handshake packet to change from a "6" to a "7" which was enough to cause the signature for the EVE Online client in this particular vendor's whitelist to no longer match.


Has any testing been done to change the 7 to an 8 or 9?

Edit: To clarify, I understand you can't go backwards. That said, what about setting up dummy packets for future expansion??

CCP Sreegs

Posted - 2010.12.03 10:02:00 - [21]
 

Edited by: CCP Sreegs on 03/12/2010 10:02:08
Originally by: Zagdul
Edited by: Zagdul on 03/12/2010 09:26:11
Originally by: CCP Fallout
This change, essentially increasing the number of fields from six to seven, resulted in a bit in our handshake packet to change from a "6" to a "7" which was enough to cause the signature for the EVE Online client in this particular vendor's whitelist to no longer match.


Has any testing been done to change the 7 to an 8 or 9?

Edit: To clarify, I understand you can't go backwards. That said, what about setting up dummy packets for future expansion??


Anything other than a 6 would have broken the signature. Going forward they're ignoring that bit.

CCP Sreegs

Posted - 2010.12.03 14:24:00 - [22]
 

Originally by: CCP Sreegs


Hey guys we said the latest this should be fixed is Monday. That's when the vendor pushes the updated signatures to their clients (your schools). If you can get your school's admins to contact support for their p2p filtering solution they have a signature ready for them that will fix it which they have to apply.


Ok I need to add an addendum to this... The updates are released by the vendor on Monday. It is up to the administrator of the device to update their devices. One would hope that your administrators would want to update their signatures but we have no way of forcing them to do so.

So, while it may not be what you all want to hear it's the facts as they stand. We don't control your school's networks and we are not their customer, you are, so it will be up to you guys to pressure them to get this done if they don't do it in a timely fashion. I'd recommend linking them this thread and they can email me if they have questions.

sacredchord
NON PROPERO
Posted - 2010.12.03 16:36:00 - [23]
 

Originally by: CCP Sreegs
Originally by: CCP Sreegs


Hey guys we said the latest this should be fixed is Monday. That's when the vendor pushes the updated signatures to their clients (your schools). If you can get your school's admins to contact support for their p2p filtering solution they have a signature ready for them that will fix it which they have to apply.


Ok I need to add an addendum to this... The updates are released by the vendor on Monday. It is up to the administrator of the device to update their devices. One would hope that your administrators would want to update their signatures but we have no way of forcing them to do so.

So, while it may not be what you all want to hear it's the facts as they stand. We don't control your school's networks and we are not their customer, you are, so it will be up to you guys to pressure them to get this done if they don't do it in a timely fashion. I'd recommend linking them this thread and they can email me if they have questions.


I appreciate all the work that's been done on this CCP side, it speaks wonders for your dedication as a company. Furthermore I have a request. I'm sure many students are in the same boat as me at the moment, being that the IT departments at our specific schools are giant bureaucratic cluster***s that take quite some time to process tickets. I will attempt to take this up with my department today, but what assurance (to the extent that assurances are possible in this sort of thing) do I have the vendor update will solve the problem? If you all at CCP are pretty certain this will do the trick, I'll try to submit a ticket and push it through today. However, my IT department is not very receptive to repeat traffic with regards to things they do not deep as 'their problem' (prior gaming experience attests to this. Of course I understand your guesses are the best you can give for now, but any advice you have is appreciated. Again, thank you for the outstanding work so far, the dedication is appreciated.

William Cooly
Sol Enterprises
Posted - 2010.12.03 16:44:00 - [24]
 

I've been having what appears to be the same problem, except for Singularity and not TQ. While this is less pressing a concern, it's still fairly annoying. I'm reposting that I'm having this in case anyone else is, as everyone else only seems to be having TQ problems, and I'm wondering if my problem is only local.

sacredchord
NON PROPERO
Posted - 2010.12.03 16:49:00 - [25]
 

Originally by: William Cooly
I've been having what appears to be the same problem, except for Singularity and not TQ. While this is less pressing a concern, it's still fairly annoying. I'm reposting that I'm having this in case anyone else is, as everyone else only seems to be having TQ problems, and I'm wondering if my problem is only local.


I can't speak for everyone, but I've been having problems with both. TQ is just a little more pressing atm. Can you log onto TQ but not singularity?

William Cooly
Sol Enterprises
Posted - 2010.12.03 17:11:00 - [26]
 

Originally by: sacredchord
Can you log onto TQ but not singularity?


TQ works fine, but the problems everyone seems to be describing with their logons are the same ones I'm having with Singularity.

I was considering that maybe something had changed with the code in Singularity that hadn't been implemented in TQ that would cause it to be blocked similarly, only also by domestic security protocols, not just school ones.

Gnulpie
Minmatar
Miner Tech
Posted - 2010.12.03 18:54:00 - [27]
 

Awesome work!!

Show me couple more gaming companies that care this much about their customers.


Well done CCP and well done CCP Sreegs!

Bacon Baron
Posted - 2010.12.03 19:03:00 - [28]
 

Can we confirm that the update is ready to be deployed by the colleges, and that it fixes it?

If so, I will pester ResNet repeatedly until they push it out.

CCP Sreegs

Posted - 2010.12.03 19:20:00 - [29]
 

Edited by: CCP Sreegs on 03/12/2010 19:22:26
Originally by: sacredchord


I appreciate all the work that's been done on this CCP side, it speaks wonders for your dedication as a company. Furthermore I have a request. I'm sure many students are in the same boat as me at the moment, being that the IT departments at our specific schools are giant bureaucratic cluster***s that take quite some time to process tickets. I will attempt to take this up with my department today, but what assurance (to the extent that assurances are possible in this sort of thing) do I have the vendor update will solve the problem? If you all at CCP are pretty certain this will do the trick, I'll try to submit a ticket and push it through today. However, my IT department is not very receptive to repeat traffic with regards to things they do not deep as 'their problem' (prior gaming experience attests to this. Of course I understand your guesses are the best you can give for now, but any advice you have is appreciated. Again, thank you for the outstanding work so far, the dedication is appreciated.


A cooperative university has tested the signature. It works. The only reason it wouldn't work would be if they're not using the same device, which will make me very angry as I won't sleep for a few more days trying to find out wtf.

:edit: I've also reviewed the new signature with the vendor and compared it to packet traces and we're both on the same page. The theory is sound and the one instance I've been able to see it tested in has validated its authenticity. I wish I could contribute more here but I have no insight into other people's networks so I'm doing a lot of shooting in the dark here.

CCP Sreegs

Posted - 2010.12.03 19:24:00 - [30]
 

Originally by: Bacon Baron
Can we confirm that the update is ready to be deployed by the colleges, and that it fixes it?

If so, I will pester ResNet repeatedly until they push it out.


An "emergency patch" is available from support for their traffic shaping/p2p filtering product. The full signature update which will be available Monday will contain the same fix if they are scared of the unofficial patch.


Pages: [1] 2 3 4 5

This thread is older than 90 days and has been locked due to inactivity.


 


The new forums are live

Please adjust your bookmarks to https://forums.eveonline.com

These forums are archived and read-only