Well, thank you friends!
Ics - you helped a lot to find the source utility.
Now I'm trying to create iptables rules, and wrote this:
=================================================
# DROP and ban
iptables -N REJECT_RCON_FLOOD
iptables -A REJECT_RCON_FLOOD -j LOG --log-prefix 'IPTABLES-RCON-FLOOD:'
--log-level info
iptables -A REJECT_RCON_FLOOD -j DROP
iptables -A INPUT -p tcp --dport 27000:28900 -m connlimit
--connlimit-above 1 --connlimit-mask 32 -j REJECT_RCON_FLOOD
iptables -A INPUT -p tcp --dport 27000:28900 -m hashlimit
--hashlimit-upto 1/sec \
--hashlimit-burst 1 --hashlimit-mode srcip,dstip,dstport
--hashlimit-name rcon_flood \
--hashlimit-htable-gcinterval 30000 -j ACCEPT
iptables -A INPUT -p tcp --dport 27000:28900 -j REJECT_RCON_FLOOD
=================================================
One by one, as I thought, that is:
1) DROP more then one connections to SRCDS TCP: that is lowering an attack
very much
2) ACCEPT only one packet in second
3) DROP more then one packet
So the problem is that packets are not droped. And I'm really confused. I
really do not understand why. Just like the rule wont work at all!
I can't block rcon at all. So the only way is to limit connections and ban
the source ip of an attacker.
Ideas?
2011/10/18 <[email protected]>
> Looks much like some-prog-that-i-wont-say-out-loud-from-4chan-sute
> output, with just modified message. Looks like idiots have found it and
> started using it.
>
> -ics
>
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
