03.11.2013, 09:22
The above solution works for the official rcon, which is in the zip with the server. However, this does not work for brute-force bot as SAMPBrute. The packets are not forged in the same way and the instance sought does not appear.
There is a match between the two types of packets: the character "x" at offset 53. This tells the server that it is a RCON command.
I would drop matching packets but I did not managed yet. I tried with the settings "--from 52" and "--to 52" to narrow the search at offset 53 (count from 0),
but there is no match 
There is a match between the two types of packets: the character "x" at offset 53. This tells the server that it is a RCON command.
I would drop matching packets but I did not managed yet. I tried with the settings "--from 52" and "--to 52" to narrow the search at offset 53 (count from 0),
Код:
iptables -A INPUT -p udp --dport 7777 -i eth0 -m string --algo kmp --hex-string '|78|' --from 52 --to 52 -j DROP