/NetworkInterceptor

Monitor and block outgoing network connections

Primary LanguageJavaThe UnlicenseUnlicense

NetworkInterceptor           download-on-hangar download-on-spigot

⚠️ SecurityManager was terminally deprecated in Java 17. This affects NetworkInterceptor on all platforms. Fortunately, the issue is easily resolved, without change to NetworkInterceptor. Add the following specification to server/proxy start-up

    java -Djava.security.manager=allow

This specification was verified to be compatible with Java 17.0.1 and later, through Java 22.0.2.

Overview

NetworkInterceptor detects and (optionally) blocks outgoing network connections. Some examples include:

  • Generally required:
    • player authentication (Mojang)
  • Generally good:
    • server version check (Minecraft variants: Paper, Spigot, etc.)
    • plugin version check
  • Generally not so good:
    • plugin auto-download and install
    • plugin arbitrary code download and execute
    • plugin data reporting

NetworkInterceptor installs a custom security manager into the Java runtime environment which logs and (optionally) blocks outgoing network connections. This allows server administrators easily to monitor the nature of connections made by plugins, and if they desire, prevent them.

Can it be bypassed?

A plugin with malicious intent could (most likely) find a way to bypass it.

More detailed analysis

For more detailed analysis of network traffic, we recommend trying Wireshark.

Commands

All NetworkInterceptor commands are accessible at the console, and in-game with appropriate permissions (default OP). Tab-completion is supported for all commands.

Version Support

See Version Support for supported versions. Only certified releases are supported.

The Wiki

NetworkInterceptor is completely documented on The Wiki. Please start there when you have questions.

And we'll never forget: NetworkInterceptor 1.0 was made with ❤️ by Luck. All credit for the original design and implementation belongs to him.