On August 25, 2010 at 5:51 AM [email protected] wrote:
> Message: 1 > Date: Tue, 24 Aug 2010 13:18:54 -0700 > From: pat w <[email protected]> > Subject: [hlds_linux] IP Spoofing rcon hacker > To: [email protected] > Message-ID: > <[email protected]> > Content-Type: text/plain; charset=ISO-8859-1 > > Hi, > > I've already posted my problem on the srcds forums but I thought it might > get > more feedback from the mailing list here. Basically what I have here is a > repeat > offender trying to hack my server via the console rcon. I've banned them > with > > addip 0 210.51.45.37 > > as well as > > iptables -A INPUT -s 210.51.45.37 -j DROP > > However upon waking up in the morning and checking my console it appears > they > are still at it every day for about 15 attempts -- > > Banning 210.51.45.37 for rcon hacking attempts > (repeated about fifteen times each day) > > I've not noticed any active connections to my server (players or otherwise) > when I > notice these reports. How is it they can attempt to hack my rcon without > even being > on my server at the time? Is there a way to find out who is doing this and > ban them > entirely, or will they just spoof their IP again? > > Thanks! > There are a few things that you can do to protect yourself. You should check into your network controls to make sure your ip4 settings dont allow for spoofing. The other thing would be to ban more then that single address. Ban his CIDR address instead. iptables -A INPUT -s 210.51.0.0/16 -j DROP That address is from China. You can look up any ip address via www.dnsstuff.com. If it cant find the information for you, it will point you to the appropriate resource like ARIN. _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
