[Skamadix]

Another community is taking a list of IPs that connect to their servers, and spoofing RCON commands with this list of IP addresses against our servers - causing Sourcemod to automatically ban their IP.

Has anyone ran into this before?

Disabling RCON for us unfortunately is not an option.

[JoB2C]

Is whitelisting by IP an option?

[psychonic]

You can't spoof RCon packet addresses; RCon goes over TCP. Additionally, SourceMod itself does not do any such automatic banning.

It's possible that they are spoofing game traffic (UDP) from those addresses and that the engine or something else is banning them. RCon and game traffic share the same ban list for IP bans.

[Zephyrus]

Quote:

Originally Posted by psychonic You can't spoof RCon packet addresses; RCon goes over TCP. Additionally, SourceMod itself does not do any such automatic banning. It's possible that they are spoofing game traffic (UDP) from those addresses and that the engine or something else is banning them. RCon and game traffic share the same ban list for IP bans.

they are opening a page in the motd with a websocket to the target server's rcon address and spam that.

[asherkin]

https://forums.alliedmods.net/showpo...1&postcount=11

[psychonic]

Quote:

Originally Posted by Zephyrus Quote: Originally Posted by psychonic You can't spoof RCon packet addresses; RCon goes over TCP. Additionally, SourceMod itself does not do any such automatic banning. It's possible that they are spoofing game traffic (UDP) from those addresses and that the engine or something else is banning them. RCon and game traffic share the same ban list for IP bans. they are opening a page in the motd with a websocket to the target server's rcon address and spam that.

That's not spoofing, nor SM doing the resulting ban. My statement holds.