IP spoofer attempting rcon hacking

[tool.arm]

CPU: Pentium D 2.4GHz
RAM: 4GB DDR2-800
Bandwidth: As much as I need
OS: Debian Lenny i386, updated every day
GAME: Left 4 Dead 2 (2 processes running on one server)
MODS: Sourcemod and Metamod
Startup script:

Code:

#!/bin/sh
echo "Starting Left 4 Dead 2 on port 27020"
sleep 1
screen -A -m -d -S l4d27020 ./srcds_run -game left4dead2 +ip ***.***.***.*** -port 27020 -maxplayers 8 -autoupdate -debug -exec server.cfg

Hi,

This is a repeat problem for me. I don't even have rcon enabled in my server.cfg file. When I log into my server in the morning I find this on my console output:

Banning 210.51.45.37 for rcon hacking attempts
Banning 210.51.45.37 for rcon hacking attempts
Banning 210.51.45.37 for rcon hacking attempts
Banning 210.51.45.37 for rcon hacking attempts
Banning 210.51.45.37 for rcon hacking attempts
Banning 210.51.45.37 for rcon hacking attempts
Banning 210.51.45.37 for rcon hacking attempts
Banning 210.51.45.37 for rcon hacking attempts
Banning 210.51.45.37 for rcon hacking attempts
Banning 210.51.45.37 for rcon hacking attempts
Banning 210.51.45.37 for rcon hacking attempts
Banning 210.51.45.37 for rcon hacking attempts
Banning 210.51.45.37 for rcon hacking attempts
Banning 210.51.45.37 for rcon hacking attempts
Banning 210.51.45.37 for rcon hacking attempts
Banning 210.51.45.37 for rcon hacking attempts
Banning 210.51.45.37 for rcon hacking attempts
Banning 210.51.45.37 for rcon hacking attempts
Banning 210.51.45.37 for rcon hacking attempts
Banning 210.51.45.37 for rcon hacking attempts

Now I have banned this IP with:

addip 0 210.51.45.37

as well as added it to my iptables firewall rules with

iptables -A INPUT -s 210.51.45.37 -j DROP

I'm at my wits end here. All I can guess is that this person is spoofing their IP address. I don't see any logins before their initial rcon hacking attempt (there are no players accessing my server). Is there any way to find out who is doing this and ban them for good?

[dualcore1289]

Not really, but if you do not have rcon enabled, what's there to worry about?

[MIG]

It’s most likely not IP spoofing because first of all IP spoofing is one way communication only, the person doing it has no way of knowing it was successful without sending a command and seeing if the server dose it, like changing the hostname or something you can see from an another IP. Secondly if it was IP spoofing the log would look like this
Banning xx.xx.xx.41 for rcon hacking attempts
Banning xx.xx.xx.72 for rcon hacking attempts
Banning xx.xx.xx.51 for rcon hacking attempts
The IPs would all be different to get around the blocking
Most likely what has happened is a 10 year old who dose not like your server for some reason tried to “hack” it and was banned
Your server will be fine if you have a long rcon pass or you simply turn rcon off.