You can block TCP/IP port 27015 on Windows Server using IPSec policies. IPSeccmd.exe -W REG -p "Block TCP 27015 Filter" -r "Block Inbound 27015 Rule" -f *=0:27015:TCP -n BLOCK -x
This will of course prevent RCON connections. Allowing certain IP addresses is probably possible but I'm unsure of how to do it. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nephyrin Zey Sent: Monday, April 28, 2008 10:26 PM To: Half-Life dedicated Win32 server mailing list; Half-Life dedicated Linux server mailing list Subject: [hlds] Nuke Exploit Info and Prevention The nuke exploit works as follows: Connect to a server via TCP (rcon, does anything else use TCP? I have no idea.) on its port. Send a million garbage packets ??? Profit The server goes insane handling them. Solution: Limit incoming TCP packets to ~1/second from any given IP on that port, *OR* Block TCP access to the server's port except from trusted people. Linux IPtables rules: iptables -A INPUT -p tcp --dport 27015 -m hashlimit --hashlimit-mode srcip,dstip,dstport --hashlimit 1/sec --hashlimit-burst 1 --hashlimit-name TF_PACKET_LIMIT -j ACCEPT iptables -A INPUT -p tcp --dport 27015 -j DROP /etc/init.d/iptables save /etc/init.d/iptables start (Note: you probably shouldn't enable iptables blindly if you don't know what you're doing) Windows: Block TCP to 27015 except for trusted people. Or something. Someone who admins window servers will need to guide you! - Neph (sv_benchmark_force_start fix coming in a few minutes) _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
