An alternative to setting up a whole VPN is to use Single Packet Authentication to protect the port in question.
http://cipherdyne.org/fwknop/ Works with iptables to dynamically open the port for a specific IP address only after that IP has authenticated by sending a special cryptographic packet. On Wed, Aug 25, 2010 at 6:06 PM, Allan Button <abut...@netaccess.ca> wrote: > Easy to fix this. Get static IP at home, then blacklist tcp 27015, and > pinhole only your static IP at home to that port. > > If that’s no good, because you either can't get static at home, or you need > to manage from elsewhere, install vpn server on your server, block traffic > to tcp 27015, and vpn in to manage rcon, that’s how I am handling it. > > They would need to hack my vpn to get my server. > > Allan > > -----Original Message----- > From: hlds_linux-boun...@list.valvesoftware.com [mailto: > hlds_linux-boun...@list.valvesoftware.com] On Behalf Of > dreamde...@dsrclan.com > Sent: Wednesday, August 25, 2010 9:45 AM > To: hlds_linux@list.valvesoftware.com > Subject: Re: [hlds_linux] ip spoofing > > > > > On August 25, 2010 at 5:51 AM hlds_linux-requ...@list.valvesoftware.comwrote: > > > Message: 1 > > Date: Tue, 24 Aug 2010 13:18:54 -0700 > > From: pat w <xdelar...@gmail.com> > > Subject: [hlds_linux] IP Spoofing rcon hacker > > To: hlds_linux@list.valvesoftware.com > > Message-ID: > > <aanlktik52rbut-ndi4t3+yocgxaxp4nkt4xaape9r...@mail.gmail.com> > > Content-Type: text/plain; charset=ISO-8859-1 > > > > Hi, > > > > I've already posted my problem on the srcds forums but I thought it > > might get more feedback from the mailing list here. Basically what I > > have here is a repeat offender trying to hack my server via the > > console rcon. I've banned them with > > > > addip 0 210.51.45.37 > > > > as well as > > > > iptables -A INPUT -s 210.51.45.37 -j DROP > > > > However upon waking up in the morning and checking my console it > > appears they are still at it every day for about 15 attempts -- > > > > Banning 210.51.45.37 for rcon hacking attempts (repeated about fifteen > > times each day) > > > > I've not noticed any active connections to my server (players or > > otherwise) when I notice these reports. How is it they can attempt to > > hack my rcon without even being on my server at the time? Is there a > > way to find out who is doing this and ban them entirely, or will they > > just spoof their IP again? > > > > Thanks! > > > There are a few things that you can do to protect yourself. You should > check into your network controls to make sure your ip4 settings dont allow > for spoofing. The other thing would be to ban more then that single > address. Ban his CIDR address instead. > > iptables -A INPUT -s 210.51.0.0/16 -j DROP > > That address is from China. You can look up any ip address via > www.dnsstuff.com. If it cant find the information for you, it will point > you to the appropriate resource like ARIN. > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux