Is it possible to exploit root from rcon or execute code locally from rcon? If not then I don't see why an attacker would want to brute force a game server anyways.
[EMAIL PROTECTED] wrote:
[ Converted text/html to text/plain ]
Just a quick question.
I've confirmed that you are able to bring down the console and use the rcon_address and rcon_password commands to communicate to a server via rcon WITHOUT being logged into the server. Doesn't that present a hole which allows multiple password attacks? In the past some admins have used sv_rcon_minfailures to protect against this, but if you don't need to be logged in, then this can't protect you anymore right? You don't get to see the responses of your rcon commands when in the window, but all they would need is a logged in player to look for a sample " rcon say hello " command to know they've cracked the password.
Snewo --
_______________________________________________ The coolest e-mail address on the web and it’s FREE! Sign-up[1] today for Beer Mail @ beer.com.
===References:=== 1. http://webmail.beer.com
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
