[Akuba]

The question is, do you really need rcon access that often? Or would it work to open the screen session. If you rarely use rcon, try disableing it by removing the "-ip xxx.xxx.xxx.xxx" parameter from your startscript. This (should) stop the attacks atleast for now.

Try this for a few days and see if it happens again if you enable it again.