Some attacker is using basic TCP/UDP DDoS tools or flood bot that won't make an account and exhausts the default 1000 socket limit? So I've kept my server online with a higher socket limit in the pvpgn config and my network didn't get saturated much from the attack but I noticed there is no way for a trained pvpgn admin to get the IP of the connection. They would need access to the pvpgn log file and that is outside of their scope.

1. The /con is filled with spam. Can we maybe exclude the UNKWN from the list and make a more verbose command like /con -v to show UNKWN.

   W2BN UNKWN <- hundreds of these.
   W2BN UNKWN
   W2BN UNKWN
   W2BN Player
   W2BN Player2

If possible display the current IP of that connection and maybe the uptime for it so the admin can determine after a period of time if a stale connection or potential user logging instill.

W2BN UNKWN 127.0.0.1 2HRS <--- spam bot
W2BN UNKWN 127.0.0.1 10seconds <-- don't ban this IP may be a user currently logging in?
W2BN Player2

2. I can't seem to find an LUA hook for the connections? I can't use the current hooks that have the IP of the connected user as i need the connection state. The issue is when there is such a raw connection on the pvpgn socket. The connection is accounted for in the pvpgn even if it does not send packets to log in, make an account, etc. My idea is to parse those IPs and use CLI to have them blocked in the firewall.