Re: [hlds] Someone took over server

Thu, 22 Jan 2015 19:50:03 -0800 

If you absolutely need to leave RCON enabled, then restricting access to it
with a firewall rule is probably the best option.  In other Valve games
there were server cvars to control the number of failed RCON attempts
before a client was banned:

sv_rcon_banpenalty
sv_rcon_maxfailures
sv_rcon_minfailures
sv_rcon_minfailuretime

But "find rcon" in the CS:GO console doesn't show these so I don't think
they'll work in this case.  But even if those cvars were available, they
would only help against a brute force attack where someone was trying to
guess your password.  If the person already knows your password, then any
built-in safeguards are moot, only a firewall rule will help you.  RCON
passwords are passed in clear text, so (in theory) if there's some sort of
man-in-the-middle attack, it would be exposed.

    - Dave

On Thu, Jan 22, 2015 at 10:05 PM, Korrey Moore <[email protected]> wrote:

> You should not be using RCON when other alternatives for server
> administration exist like Source Mod. RCON is basically root access to your
> server and has almost nil security protection against all sorts of attacks.
>
> There have been innumerable RCON exploits exposed over the years on pretty
> much every Valve game that has had it available, so you can pretty much
> assume that there is never a password protecting it. Malicious maps can
> also easily change the RCON password to allow an attacker to take control
> of your server.
>
> I would highly recommend you immediately disable RCON by setting the
> rcon_password cvar to blank ( rcon_password "" ) and prohibit external
> access by blocking HTTP traffic to the port the server is running on (by
> default this is 27015 or 27016.) The game uses the UDP protocol for client
> traffic so disabling HTTP will only block connections to RCON.
>
>
> _______________________________________________
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
>
>


-- 
Dave Parker
Systems Administrator
Utica College
Integrated Information Technology Services
(315) 792-3229
Registered Linux User #408177

_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds

Reply via email to