Easy to fix this. Get static IP at home, then blacklist tcp 27015, and pinhole only your static IP at home to that port.
If that’s no good, because you either can't get static at home, or you need to manage from elsewhere, install vpn server on your server, block traffic to tcp 27015, and vpn in to manage rcon, that’s how I am handling it. They would need to hack my vpn to get my server. Allan -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of [email protected] Sent: Wednesday, August 25, 2010 9:45 AM To: [email protected] Subject: Re: [hlds_linux] ip spoofing On August 25, 2010 at 5:51 AM [email protected] wrote: > Message: 1 > Date: Tue, 24 Aug 2010 13:18:54 -0700 > From: pat w <[email protected]> > Subject: [hlds_linux] IP Spoofing rcon hacker > To: [email protected] > Message-ID: > <[email protected]> > Content-Type: text/plain; charset=ISO-8859-1 > > Hi, > > I've already posted my problem on the srcds forums but I thought it > might get more feedback from the mailing list here. Basically what I > have here is a repeat offender trying to hack my server via the > console rcon. I've banned them with > > addip 0 210.51.45.37 > > as well as > > iptables -A INPUT -s 210.51.45.37 -j DROP > > However upon waking up in the morning and checking my console it > appears they are still at it every day for about 15 attempts -- > > Banning 210.51.45.37 for rcon hacking attempts (repeated about fifteen > times each day) > > I've not noticed any active connections to my server (players or > otherwise) when I notice these reports. How is it they can attempt to > hack my rcon without even being on my server at the time? Is there a > way to find out who is doing this and ban them entirely, or will they > just spoof their IP again? > > Thanks! > There are a few things that you can do to protect yourself. You should check into your network controls to make sure your ip4 settings dont allow for spoofing. The other thing would be to ban more then that single address. Ban his CIDR address instead. iptables -A INPUT -s 210.51.0.0/16 -j DROP That address is from China. You can look up any ip address via www.dnsstuff.com. If it cant find the information for you, it will point you to the appropriate resource like ARIN. _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
