RCON bruteforcing

R4to0.exe · **Author**

Some n00b is using some type of bruteforcing and spoofing the IPs on my server. Today my listip.cfg was about 1200 of banned IPs because of this sh*t. I had to delete all banned IPs because they are shared and legit players can't enter.

20min map logging: http://puu.sh/19j7X
last 24h logging: http://puu.sh/19jLU (14k of lines)

Someone have any idea about that? There is a way to restrict rcon_password to specified IPs?

Thanks anyway.

YamiKaitou · 09-28-2012 , 00:55 Re: RCON bruteforcing

Yes, but not through HLDS. You have to use a firewall to do it.

RaHBeR · 09-28-2012 , 07:42 Re: RCON bruteforcing

Hi,
YamiKaitou we can restrict the TCP protocol to some IPs in the firewall, right? RCON commands use the TCP protocol?
Regards,
RaHBeR

YamiKaitou · 09-28-2012 , 07:44 Re: RCON bruteforcing

Yes, RCON uses TCP. Game traffic uses UDP. So, blocking TCP access from various IPs will not disrupt their ability to play on your server.

RaHBeR · 09-28-2012 , 12:06 Re: RCON bruteforcing

Hi Again,
Ok thanks YamiKaitou for info and R4to0.exe for bring up this topic.
Regards,
RaHBeR

R4to0.exe · 09-28-2012 , 13:10 Re: RCON bruteforcing

But goldsrc uses UDP for rcon commands, no?

joropito · 09-28-2012 , 13:13 Re: RCON bruteforcing

Quote:

Originally Posted by YamiKaitou

Yes, RCON uses TCP. Game traffic uses UDP. So, blocking TCP access from various IPs will not disrupt their ability to play on your server.

You're wrong, rcon uses UDP. I don't know any implementation using tcp. At least goldsrc.
In fact if you run hlds and check listening ports, you can see that only udp are bound.

In a linux server, there's a way to use iptables to filter rcon packets with specific information or all packets.

R4to0.exe · 10-05-2012 , 12:22 Re: RCON bruteforcing

Disabled rcon but the shitty still trying, flooding my log files. There is a way to filter the rcon commands, as the noob is trying with only 3 chars? And the spoofed ips are being banned by hlds(last time checked, about 2000 of banned ips, and i ban players only by steam id).

Thanks anyway.

S0m3Th1nG_AwFul · 10-06-2012 , 05:47 Re: RCON bruteforcing

R4to0.exe,

You can try use this plugin

PHP Code:


			
#include <amxmodx>
#include <orpheu>
#define PLUGIN "RCON-disabler"
#define VERSION "0.1"
#define AUTHOR "S0m3Th1nG_AwFul!"

new rcon_disabled

public plugin_init()
{
    register_plugin(PLUGIN, VERSION, AUTHOR)
    rcon_disabled = register_cvar("rcon_disabled", "1")
    OrpheuRegisterHook(OrpheuGetFunction("SV_Rcon"), "On_Rcon_Pre", OrpheuHookPre)
}

public OrpheuHookReturn:On_Rcon_Pre()
{
    if(get_pcvar_num(rcon_disabled))
        return OrpheuSupercede
    
    return OrpheuIgnored
}

This will totally disable RCON functionality, so you will not see any logs from it.
Plugin requires (it's not possible to do such thing without it!) Orpheu module and signature I provided below.