Damn, its actually over but I'll reply nevertheless.
Let's get serious here why don't we.
I wasn't joking.
The person asking the original question is looking for a way to stop peeps from attemting to crack their rcon password. If you have any other way to stop a person from attemting to crack your rcon password we'd all like to hear it.
As has been mentioned, such protection is already build into HLDS.
From your statements I take it you are suggesting no firewall.
Yup.
No firewall is like building a house without a front door.
If you really want to carry on with this discussion I'd like to know what FW background you have, because this statement makes me think "yo, I installed ZoneAlarm, that was real easy".
When you notice a fool attempting to crack your rcon password you can simply block their IP address.
Yes, you can. You can use a firewall to block access to the HLDS port from this specific IP. You then risk that more than this one person cannot access your HLDS since it might be a dynamic IP. That also means that the attacker might simply change IPs and carry on merrily. And last, when will you "notice a fools attempting to crack your rcon password"? Do you sit in front of your server watching the console 24 hours? The HLDS rcon protection will detect such an attempt immediately. You will probably detect it when it is already too late.
In response to your scepticism, nobody in their right mind is going to block their halflife UDP port to prevent rcon access and a pro is going to get the password by sniffing traffic to your server.
Correct. Nobody in their right mind would. I suppose what you are talking about is blocking access from a specific IP because blocking access in general would render your HLDS inaccessible and thus useless. I have stated above why blocking one specific IP isn't as safe as you might think. That's why a firewall isn't the correct solution IMHO.
Lastly, the only way the person is going to learn about firewalls is to get one, read the manual and try it out. It's not freaking rocket science.
It may not be rocket science, but it's not as easy as clickety click some .exe and think that all your problems are solved now. In general, a firewall by itself on one computer is completely useless. From a professional point of view, any firewall by itself is useless. It has to be part of a whole security concept with a well-defined security *policy*. Firewalls are used to protect *networks*, not computers.
On one single server you either allow access to a port or you don't. If you don't then don't have a service running at that port. If you do then the weak point is the application that serves this port and a firewall doesn't help.
Don't get mw wrong, I am not saying that firewalls in general are useless. But their protection is overrated, nowadays the answer to all network security problems seems to be "a firewall", thus creating a dangerous false sense of security. I have a firewall on my router at home. It protects the network behind the router because I have services running between the machines I dont want to accessed from the Inet. I have a firewall running at work, protecting a network of servers and workstations that need to run services between each other that should not be accessed from the outside or only from trusted hosts.
You may well use a FW to block access to a port from a specific IP, no objection. Just don't think that this will give you a lasting security. The attacker may simply use a different IP or spoof his IP and you are back to step one. The usual thing to do would be to allow access from a specific IP which you control, not block it.
Florian.
-- Want to produce professional emails and Usenet postings? http://www.netmeister.org/news/learn2quote.html
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
