I was referring to the client-side IP's being mostly dynamic which would be initiating the rcon connections... Of course 90% of mainstream servers out there have static IP addresses however most clients do not. When connecting to rcon the server-side IP details don't really matter as you are attempting to block (In the instance of restricting) the client-side IP's hence the whitelist suggestion similar to firewalling (Attempting to restrict connections based on source IP?).
Yes you could use a software based firewall or iptables in linux or similar, however what I was referring to is: You rent a game server (my reference of a "normal server owner"), the GSP is not going to give everyone access to their firewalls. Plus a large number of servers out there are on shared physical boxes and are not on a "dedicated" server which they have full root or RDP access to, thus they can not configure by default software based firewalls either. So yeah a PITA in practice unless you have full access over the physical server hosting the games and/or access to hardware based firewalls. So "Normal Server owners are slack" is not 100% correct, while a number are, they also in most instances probably don't have access. -------------------------------------------------- From: "Shane Arnold" <clontar...@iinet.net.au> Sent: Monday, June 21, 2010 4:48 PM To: "Half-Life dedicated Win32 server mailing list" <hlds@list.valvesoftware.com> Subject: Re: [hlds] HD Counte Strike Source: RCON HACKER > How is updating a firewall to secure a server a pain in the ass? > > Perhaps you should of said "normal" server owners are slack? Windows is > point and click and iptables is one line of text (a lot shorter than > this email). I'd also imagine pretty much damn near all GSP's use a > static IP system, and you'll find the minority of people experiencing > RCON hack attempts are people at home on dynamic IP DSL connections > being hacked. > > **On 22/06/2010 7:32 AM, Rothgar wrote: >> Yeah that sounds like the best method of doing it. >> >> I am not sure if someone could hook rcon attempts and make some sort of >> whitelist system? Through SourceMod or MetaMod or something. >> >> Updating firewall rules would be a PITA for normal server owners and >> especially GSP's, also with a number of people probably not having static >> IP's however I'm sure it works well for people who have static IP's and >> have >> access to firewalls. >> >> -------------------------------------------------- >> From: "Matthew Lyons"<mly...@internode.com.au> >> Sent: Monday, June 21, 2010 4:17 PM >> To: "Half-Life dedicated Win32 server mailing list" >> <hlds@list.valvesoftware.com> >> Subject: Re: [hlds] HD Counte Strike Source: RCON HACKER >> >> >>> There are other videos on YT of similar hacks all look to use the same >>> process. >>> >>> 1) Install either a 3rd party plugin or dll to a CSS client >>> installation. >>> 2) Run the modified CSS client >>> 3) On CSS client invoke the plugin/hack via console command >>> 4) Minimise and run a separate windows executable that prompts for a >>> servers IP:port >>> 5) After entering an IP:port combination about 4-5 lines of "Decrypting >>> rcon password" progress bars show >>> 6) After about 5s the server name, ip and rcon password are displayed >>> 7) In the video he does this about 4 times and successfully connects to >>> 3 >>> of the servers (4th had blocked the port so HLSW timed out). >>> >>> All related videos on YT showed a similar process. >>> >>> Block your rcon ports or setup a firewall allowing only a whitelist of >>> IPs >>> to pass through it. >>> >>> I doubt valve will fix this, they are moving CSS to OB and this is just >>> another incentive for them to do so. >>> >>> -- >>> Matt Lyons >>> Content Administrator, games.on.net >>> Email: m...@games.on.net >>> Web: http://games.on.net >>> "In theory, there is no difference between theory and practice; In >>> practice, there is." >>> >>> >>> >>> _______________________________________________ >>> To unsubscribe, edit your list preferences, or view the list archives, >>> please visit: >>> http://list.valvesoftware.com/mailman/listinfo/hlds >>> >>> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds >> > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds