[BYSergey]

Quote:

Originally Posted by ^SmileY it's using various different ips, ban any ip no tack any effect And its wrong values: Code: sv_rcon_banpenalty "60" // Ban penalty for wrong rcon (Minutes "0" disable) sv_rcon_maxfailures "1" // Maximum of failures to ban IP sv_rcon_minfailures "1" // Minimum failures in flood time sv_rcon_minfailuretime "30" // Seconds to register a failure (Flood time)

Bans no writed in listip,i try with command "writeip",no result,this only message in console,he no ban somebody ip.Or this problem only in my server?

[seriousspot]

Quote:

Originally Posted by ^SmileY it's using various different ips, ban any ip no tack any effect And its wrong values: Code: sv_rcon_banpenalty "60" // Ban penalty for wrong rcon (Minutes "0" disable) sv_rcon_maxfailures "1" // Maximum of failures to ban IP sv_rcon_minfailures "1" // Minimum failures in flood time sv_rcon_minfailuretime "30" // Seconds to register a failure (Flood time)

nah you wrong, try yourself, the sv_rcon_banpenalty 0 doesen't mean its disable it its permanent ban,

sv_rcon_maxfailures "1" // Maximum of failures of one IP* - allmost correct
sv_rcon_minfailures "1" // Minimum failures in flood time - correct
sv_rcon_minfailuretime "30" // time cycle between failures(interval) - wrong


so bassically if you use sv_rcon_minfailuretime "30" the bots usually got timing between 20s to 1min, most of them will not be banned, but if you use my values, the interval i set is one week, it will be more safier


In future please do more research before posting and missleading people..

[^SmileY]

Of course if you using correct vars + this cvars it working normally, the other vars specified in passed top is not any correct

Ps. For sure if you using a last version of HLDS and not running dproto

[^SmileY]

Quote:

Originally Posted by seriousspot nah you wrong, try yourself, the sv_rcon_banpenalty 0 doesen't mean its disable it its permanent ban, sv_rcon_maxfailures "1" // Maximum of failures of one IP* - allmost correct sv_rcon_minfailures "1" // Minimum failures in flood time - correct sv_rcon_minfailuretime "30" // time cycle between failures(interval) - wrong so bassically if you use sv_rcon_minfailuretime "30" the bots usually got timing between 20s to 1min, most of them will not be banned, but if you use my values, the interval i set is one week, it will be more safier In future please do more research before posting and missleading people..

You are wrong, test and post results before post

[joropito]

About console flood:
You can't avoid that unless:
1- You filter such packets (in linux: iptables -A INPUT -p udp -m udp --dport 27000:27500 -m string --from 15 --to 170 --algo kmp --hex-string "|4272757465206279|" -j DROP)
2- You put some plugin/module with memory hooking to avoid that
3- You ban ALL IPs (they're not fake ips but for sure are dynamic), but you don't event know that

About issue
It's not against you. They're like bots scanning for HL servers and bruteforcing rcon passwords, ignore it.

Quote:

Originally Posted by YamiKaitou Probably all spoofed IPs

rcon can't be spoofed because there's a handshake (getchallenge) before you can send rcon request

Code:

 09:41 IP y.y.y.y.50908 > x.x.x.x.27015: UDP, length 20
        0x0000:  4500 0030 4150 4000 4011 17fb .... ....  E..0AP@.@.......
        0x0010:  .... .... c6dc 6987 001c e19f ffff ffff  ......i.........
        0x0020:  6368 616c 6c65 6e67 6520 7263 6f6e 0a00  challenge.rcon..

 09:41 IP x.x.x.x.27015 > y.y.y.y.50908: UDP, length 31
        0x0000:  4500 003b 0000 4000 4011 5940 .... ....  E..;..@[email protected]@....
        0x0010:  .... .... 6987 c6dc 0027 e1aa ffff ffff  ....i....'......
        0x0020:  6368 616c 6c65 6e67 6520 7263 6f6e 2031  challenge.rcon.1
        0x0030:  3033 3337 3337 3032 370a 00              033737027..

 09:41 IP y.y.y.y.50908 > x.x.x.x.27015: UDP, length 36
        0x0000:  4500 0040 4151 4000 4011 17ea .... ....  E..@AQ@.@.......
        0x0010:  .... .... c6dc 6987 002c e1af ffff ffff  ......i..,......
        0x0020:  7263 6f6e 2031 3033 3337 3337 3032 3720  rcon.1033737027.
        0x0030:  .... .... .... .... ..20 2073 7461 7473  ---------..stats

09:41 IP x.x.x.x.27015 > y.y.y.y.50908: UDP, length 104
        0x0000:  4500 0084 0000 4000 4011 58f7 .... ....  E.....@[email protected].....
        0x0010:  .... .... 6987 c6dc 0070 e1f3 ffff ffff  ....i....p......
        0x0020:  6c43 5055 2020 2049 6e20 2020 204f 7574  lCPU...In....Out

[seriousspot]

Quote:

Originally Posted by ^SmileY Of course if you using correct vars + this cvars it working normally, the other vars specified in passed top is not any correct Ps. For sure if you using a last version of HLDS and not running dproto

Quote:

Ps. For sure if you using a last version of HLDS and not running dproto

I have described it correctly your post was wrong, thats it, and about these cvars again you're wrong was even in 07's in 3xxx builds or more earlier can't remember exactly, and theres nothing todo about dproto, i am suspect that you using it, please don't misslead people.

[seriousspot]

Quote:

Originally Posted by joropito About console flood: You can't avoid that unless: 1- You filter such packets (in linux: iptables -A INPUT -p udp -m udp --dport 27000:27500 -m string --from 15 --to 170 --algo kmp --hex-string "|4272757465206279|" -j DROP) 2- You put some plugin/module with memory hooking to avoid that 3- You ban ALL IPs (they're not fake ips but for sure are dynamic), but you don't event know that About issue It's not against you. They're like bots scanning for HL servers and bruteforcing rcon passwords, ignore it. rcon can't be spoofed because there's a handshake (getchallenge) before you can send rcon request Code: 09:41 IP y.y.y.y.50908 > x.x.x.x.27015: UDP, length 20 0x0000: 4500 0030 4150 4000 4011 17fb .... .... E..0AP@.@....... 0x0010: .... .... c6dc 6987 001c e19f ffff ffff ......i......... 0x0020: 6368 616c 6c65 6e67 6520 7263 6f6e 0a00 challenge.rcon.. 09:41 IP x.x.x.x.27015 > y.y.y.y.50908: UDP, length 31 0x0000: 4500 003b 0000 4000 4011 5940 .... .... E..;..@[email protected]@.... 0x0010: .... .... 6987 c6dc 0027 e1aa ffff ffff ....i....'...... 0x0020: 6368 616c 6c65 6e67 6520 7263 6f6e 2031 challenge.rcon.1 0x0030: 3033 3337 3337 3032 370a 00 033737027.. 09:41 IP y.y.y.y.50908 > x.x.x.x.27015: UDP, length 36 0x0000: 4500 0040 4151 4000 4011 17ea .... .... E..@AQ@.@....... 0x0010: .... .... c6dc 6987 002c e1af ffff ffff ......i..,...... 0x0020: 7263 6f6e 2031 3033 3337 3337 3032 3720 rcon.1033737027. 0x0030: .... .... .... .... ..20 2073 7461 7473 ---------..stats 09:41 IP x.x.x.x.27015 > y.y.y.y.50908: UDP, length 104 0x0000: 4500 0084 0000 4000 4011 58f7 .... .... E.....@[email protected]..... 0x0010: .... .... 6987 c6dc 0070 e1f3 ffff ffff ....i....p...... 0x0020: 6c43 5055 2020 2049 6e20 2020 204f 7574 lCPU...In....Out

Thanks for your packet sniffing research, i will try it, these blocking remote rcon from 27000 to 27500 ports? i am correct? can you make one with rules that blocks all ports from 1 to 65535 and user for example me can only access it with specified ip (my ip adress)? theres same thing about ssh security only ip's on list can connect

[^SmileY]

Quote:

Originally Posted by seriousspot I have described it correctly your post was wrong, thats it, and about these cvars again you're wrong was even in 07's in 3xxx builds or more earlier can't remember exactly, and theres nothing todo about dproto, i am suspect that you using it, please don't misslead people.

Read more before post again, http://www.cstrike-planet.com/cfgmaker?cfg=srcds

-.-

edit: About ports, it using a 1200 UDP port to attack in my HLDS (I using port 1200 to play) LOL

[seriousspot]

Quote:

Originally Posted by ^SmileY Read more before post again, http://www.cstrike-planet.com/cfgmaker?cfg=srcds -.- edit: About ports, it using a 1200 UDP port to attack in my HLDS (I using port 1200 to play) LOL

This is outdated and missleading, why you don't want to test yourself and see that i am correct instead posting useless info here?

Quote:

edit: About ports, it using a 1200 UDP port to attack in my HLDS (I using port 1200 to play)

what?

[^SmileY]

SRCDS Its outdated?



About port, yes i using -port on command line to launch in 1200 udp and server work normally.