You might also want to consider how many of these IPs are potential players.
I have tried something similar on a tf2 server, but a whois lookup showed that most of them where from countries which would not connect to me anyway. Password wise, of course a long pass is good, but looking at your logs, what are they trying? Only passwords "XXX XXX"? 2012/9/28 [email protected] <[email protected]> > You don't need the original perpetrator to report a problem. Requests will > probably be ignored.. But they might do something about it. I've had some > success, Most people don't want their computers to be zombies.. > > On Thu, Sep 27, 2012 at 11:23 PM, Calvin Judy <[email protected]>wrote: > >> ** >> Considering the locations of those IPs, I highly doubt someone is hosting >> multiple servers in different countries to brute force goldsrc rcon >> passwords, it seems more likely that >> they're proxies/exploited machines. >> >> So reporting them to local authorities will have absolutely no effect. >> >> *______________________________________ >> Level 3 Technician >> Griffin Networks LLC - Gaming Solutions* >> >> >> >> ----- Original Message ----- >> *From:* [email protected] >> *To:* Half-Life dedicated Win32 server mailing >> list<[email protected]> >> *Sent:* Friday, September 28, 2012 1:40 AM >> *Subject:* Re: [hlds] Bruteforcing RCON >> >> Ok so it is probably goldsrc. But according to this post there is a >> challenge mechanism which serves to authenticate the request came from the >> IP like a TCP handshake. It would be impossible to receive the challenge >> number without a valid IP. >> >> https://forums.alliedmods.net/showpost.php?p=1718732&postcount=3 >> >> It doesn't look like a DDoS so I'm willing to bet those IPs are real. >> >> On Thu, Sep 27, 2012 at 10:28 PM, Nicholas Hastings < >> [email protected]> wrote: >> >>> No, on goldsrc it uses UDP. Look at his logs. The gamedir is 'valve'. >>> (HLDM) >>> >>> >>> On 9/28/2012 12:49 AM, [email protected] wrote: >>> >>> RCON uses TCP which does not allow spoofing. The IPs are not spoofed. If >>> you look at your own logs it is the same few IPs. >>> >>> You can go ahead and report them to the police. >>> >>> On Thu, Sep 27, 2012 at 9:04 PM, Cameron Munroe < >>> [email protected]> wrote: >>> >>>> Who did you piss off? >>>> >>>> to help you out further can you provide info on your hardware? Windows, >>>> Linux, Company Hosted? Game? >>>> >>>> >>>> >>>> On 9/27/2012 8:58 PM, Rafael wrote: >>>> >>>> Someone is bruteforcing on my server with spoofed IPs and i have >>>> no idea on how to stop it! Today my listip.cfg was about 1,1k of banned >>>> ips... >>>> >>>> 20min logging: http://puu.sh/19j7X and there is even more! (about 20k+ >>>> of lines) >>>> >>>> I have to disable rcon (rcon_password) to avoid banning shared ips used >>>> on spoof... >>>> >>>> Any solutio for that? There is a way to make rcon_password only to >>>> specified IPs? Thanks anyway! >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> To unsubscribe, edit your list preferences, or view the list archives, >>>> please visit:https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds >>>> >>>> >>>> >>>> _______________________________________________ >>>> To unsubscribe, edit your list preferences, or view the list archives, >>>> please visit: >>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds >>>> >>>> >>> >>> >>> _______________________________________________ >>> To unsubscribe, edit your list preferences, or view the list archives, >>> please visit:https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds >>> >>> >>> -- >>> Nicholas Hastings >>> AlliedMods.net <http://www.alliedmods.net> >>> >>> _______________________________________________ >>> To unsubscribe, edit your list preferences, or view the list archives, >>> please visit: >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds >>> >>> >> ------------------------------ >> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds >> >> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds >> >> > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds > >
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
