I am using cloudflare as my domain manager. I am taking advantage of their DNS proxy to hide behind them to avoid being DDoS-ed on a given A or CNAME record. Usually this works out of the box for HTTP. In order for other services to work its clients need to support SRV record which teamspeak does support it. However teamspeak exposes my public IP in the clients logs (ctrl+l) - which breaks the concept of this.
For this particular example this is the DNS settings:
;; A Records
example.com. 1 IN A ___MY-PUBLIC-IP___
;; SRV Records
_ts3._udp.example.com. 1 IN SRV 0 5 9987 example.com.
_tsdns._tcp.example.com. 1 IN SRV 0 5 41144 example.com.
This A record has DNS proxy enabled.
Teamspeak clients logs:
6/1/2020 21:49:32 Windows Audio Session Devel DeviceDeleteList::wait_for_deletes - enter - DeviceDeleteList
6/1/2020 21:49:32 Windows Audio Session Devel DeviceDeleteList::wait_for_deletes - leave - DeviceDeleteList
6/1/2020 21:49:32 ClientUI Info Connect to server: example.com
6/1/2020 21:49:32 ClientUI Info Trying to resolve example.com
6/1/2020 21:49:32 TSDNS Info A/AAAA DNS resolve successful, "example.com" =(h: 104.24.104.221 p:0)
6/1/2020 21:49:32 TSDNS Info A/AAAA DNS resolve for possible TSDNS successful, "example.com" =(h: 104.24.104.221 p:0)
6/1/2020 21:49:32 TSDNS Info SRV DNS resolve successful, "_tsdns._tcp.example.com" =(h: dc-2c0fc161e8d2.example.com p:41144)
6/1/2020 21:49:32 TSDNS Info SRV DNS resolve successful, "_ts3._udp.example.com" =(h: dc-bec1b4d8da32.example.com p:9987)
6/1/2020 21:49:32 TSDNS Info A/AAAA DNS resolve successful, "dc-bec1b4d8da32.example.com" =(h: ___MY-PUBLIC-IP___ p:0)
6/1/2020 21:49:32 ClientUI Info Lookup finished: ip=___MY-PUBLIC-IP___ port=9987 query=example.com error=0
6/1/2020 21:49:32 ClientUI Info Resolve successful: ___MY-PUBLIC-IP___:9987
6/1/2020 21:49:32 ClientUI Info Initiating connection: ___MY-PUBLIC-IP___:9987
6/1/2020 21:49:32 Windows Audio Session Devel DeviceDeleteList::wait_for_deletes - enter - DeviceDeleteList
6/1/2020 21:49:32 Windows Audio Session Devel DeviceDeleteList::wait_for_deletes - leave - DeviceDeleteList
6/1/2020 21:49:32 ClientUI Info Connect status: Connecting
6/1/2020 21:49:32 PktHandler Devel Puzzle solve time: 6
6/1/2020 21:49:32 ClientUI Info Connect status: Connected
6/1/2020 21:49:32 ClientUI Info Connect status: Establishing connection
6/1/2020 21:49:32 ClientUI Info Connect status: Connection established
6/1/2020 21:49:34 TSDNS Info TSDNS queried unsuccessfully 104.24.104.221:41144
6/1/2020 21:49:34 TSDNS Info No TSDNS found
As you can notice teamspeak exposes my public IP in the logs anyways… which allows attacker to exploit it. I believe this should not be visible on the clients side - only at server’s level…
Yeah it wont work like that, as far as I’m aware the IP will always be displayed. Even if it was possible to hide it, there are other methods of obtaining it.
I have this particular domain completely proxied by Cloudflare and have checked all its resolution and my public IP was not exposed during the resolution process.
I agree that there are other ways of getting servers real IP (wireshark the real traffic for example). I just don’t want it to make it so obvious at first glance - via direct resolution or checking logs… usually such attackers are people (kids) with very low knowledge on this topic…
When you resolve this it will result in the origin IP and not a Cloudflare one. Thus the client receives the origin IP when fully resolving the srv record no matter the Cloudflare proxy.
Just in the server list won’t help.
As long as the client connects to the server directly and not through a reverse proxy he will have the server IP no matter what.
Even if he connects to a Nickname and the client would theoretically not show the server address he can still wireshark the connection and find the IP like that.
The only solution is a separate proxy service. There is nothing TeamSpeak can do about this really.
Edit: Though I agree a little more control over the server list entry would be great!
Well I thought the ability to select what gets reported to the server list would be great. Maybe a setting like connection method where you can enter the Domain / IP / Nickname to be displayed in the serverlist.
Just recommending to fix some things here… and just to be honest; No server admin in the world wants that User are able to expose their hidden IP addresses, but the weblist won’t avoid it.
Just like said… quite some work.
The address can be hidden into the client protocol and weblist aswell, since it’s just able to hide it in some ways. Maybe not a total solution, but a way to make it stronger.
