Considering the locations of those IPs, I highly doubt someone is hosting multiple servers in different countries to brute force goldsrc rcon passwords, it seems more likely that they're proxies/exploited machines.
So reporting them to local authorities will have absolutely no effect. ______________________________________ Level 3 Technician Griffin Networks LLC - Gaming Solutions ----- Original Message ----- From: [email protected] To: Half-Life dedicated Win32 server mailing list Sent: Friday, September 28, 2012 1:40 AM Subject: Re: [hlds] Bruteforcing RCON Ok so it is probably goldsrc. But according to this post there is a challenge mechanism which serves to authenticate the request came from the IP like a TCP handshake. It would be impossible to receive the challenge number without a valid IP. https://forums.alliedmods.net/showpost.php?p=1718732&postcount=3 It doesn't look like a DDoS so I'm willing to bet those IPs are real. On Thu, Sep 27, 2012 at 10:28 PM, Nicholas Hastings <[email protected]> wrote: No, on goldsrc it uses UDP. Look at his logs. The gamedir is 'valve'. (HLDM) On 9/28/2012 12:49 AM, [email protected] wrote: RCON uses TCP which does not allow spoofing. The IPs are not spoofed. If you look at your own logs it is the same few IPs. You can go ahead and report them to the police. On Thu, Sep 27, 2012 at 9:04 PM, Cameron Munroe <[email protected]> wrote: Who did you piss off? to help you out further can you provide info on your hardware? Windows, Linux, Company Hosted? Game? On 9/27/2012 8:58 PM, Rafael wrote: Someone is bruteforcing on my server with spoofed IPs and i have no idea on how to stop it! Today my listip.cfg was about 1,1k of banned ips... 20min logging: http://puu.sh/19j7X and there is even more! (about 20k+ of lines) I have to disable rcon (rcon_password) to avoid banning shared ips used on spoof... Any solutio for that? There is a way to make rcon_password only to specified IPs? Thanks anyway! _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds -- Nicholas Hastings AlliedMods.net _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds ------------------------------------------------------------------------------ _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
