Search Results

Search found 10501 results on 421 pages for 'hardware firewall'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 18/421 | < Previous Page | 14 15 16 17 18 19 20 21 22 23 24 25  | Next Page >

  • Cablemodem (SBG6580) firewall denying some outbound traffic? Why? Not configured [migrated]

    - by lairdb
    I finally got around to turning the syslog on for my cablemodem (Motorola Surfboard SBG6580) and I'm seeing about the expected amount of inbound attackage being blocked... 2014-05-30 21:59:02 Local0.Alert 192.168.111.1 May 31 04:58:56 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,4500 --> 66.27.xx.xx,61459 DENY:Firewall interface [IP Fragmented Packet] attack 2014-05-30 21:59:02 Local0.Alert 192.168.111.1 May 31 04:58:56 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 17.172.232.109,5223 --> 66.27.xx.xx,53814 DENY:Firewall interface access request 2014-05-30 21:59:02 Local0.Alert 192.168.111.1 May 31 04:58:57 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,443 --> 66.27.xx.xx,53385 DENY: Firewall interface [IP Fragmented Packet] attack 2014-05-30 21:59:02 Local0.Alert 192.168.111.1 May 31 04:58:57 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,4500 --> 66.27.xx.xx,61459 DENY:Firewall interface [IP Fragmented Packet] attack 2014-05-30 21:59:10 Local0.Alert 192.168.111.1 May 31 04:59:04 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,443 --> 66.27.xx.xx,59960 DENY: Firewall interface [IP Fragmented Packet] attack 2014-05-30 21:59:10 Local0.Alert 192.168.111.1 May 31 04:59:04 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,4500 --> 66.27.xx.xx,61459 DENY:Firewall interface [IP Fragmented Packet] attack ...and that's great. (Sad, but great.) But I'm also seeing a HUGE amount of what appears to be denied outbound connectivity: 2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58969 --> 38.81.66.127,443 DENY: Inbound or outbound access request 2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58969 --> 38.81.66.127,443 DENY: Inbound or outbound access request 2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58965 --> 162.222.41.13,443 DENY: Inbound or outbound access request 2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58965 --> 162.222.41.13,443 DENY: Inbound or outbound access request 2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58964 --> 38.81.66.179,443 DENY: Inbound or outbound access request 2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58964 --> 38.81.66.179,443 DENY: Inbound or outbound access request ...and Spot checking suggests that it's all legitimate traffic (Opening connections to CrashPlan, etc.), I have no restrictions configured in the modem; I don't see why it should be blocking anything. Am I misreading the log entry, and it's not actually being denied? (Seems unlikely.) Is the ISP (TWC) pushing deny tables that are not exposed in the UI? (Tinfoil hat too tight.) I'm confused. (The good news, such as it is, is that AFAIK I'm not experiencing any actual issues... but maybe I am; tough to tell.) Thanks.

    Read the article

  • How to add an iptables rule with source IP address

    - by ???
    I have a bash script that starts with this: if [[ $EUID -ne 0 ]]; then echo "Permission denied (are you root?)." exit 1 elif [ $# -ne 1 ] then echo "Usage: install-nfs-server <client network/CIDR>" echo "$ bash install-nfs-server 192.168.1.1/24" exit 2 fi; I then try to add the iptables rules for NFS as follows: iptables -A INPUT -i eth0 -p tcp -s $1 --dport 111 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --sport 111 -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -i eth0 -p udp -s $1 --dport 111 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p udp --sport 111 -m state --state ESTABLISHED -j ACCEPT service iptables save service iptables restart I get the error: Try iptables -h' or 'iptables --help' for more information. Bad argument111' Try iptables -h' or 'iptables --help' for more information. Bad argument111' Saving firewall rules to /etc/sysconfig/iptables: ^[[60G[^[[0;32m OK ^[[0;39m]^M Flushing firewall rules: ^[[60G[^[[0;32m OK ^[[0;39m]^M Setting chains to policy ACCEPT: filter ^[[60G[^[[0;32m OK ^[[0;39m]^M Unloading iptables modules: ^[[60G[^[[0;32m OK ^[[0;39m]^M Applying iptables firewall rules: ^[[60G[^[[0;32m OK ^[[0;39m]^M Loading additional iptables modules: ip_conntrack_netbios_ns ^[[60G[^[[0;32m OK ^[[0;39m]^M When I open /etc/sysconfig/iptables these are the rules: # Generated by iptables-save v1.3.5 on Mon Mar 26 08:00:42 2012 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [466:54208] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A OUTPUT -o eth0 -p tcp -m tcp --sport 111 -m state --state ESTABLISHED -j ACCEPT -A OUTPUT -o eth0 -p udp -m udp --sport 111 -m state --state ESTABLISHED -j ACCEPT -A OUTPUT -o eth0 -p tcp -m tcp --sport 111 -m state --state ESTABLISHED -j ACCEPT -A OUTPUT -o eth0 -p udp -m udp --sport 111 -m state --state ESTABLISHED -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 111 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 111 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 111 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 111 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 111 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 111 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 111 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 111 -j ACCEPT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p esp -j ACCEPT -A RH-Firewall-1-INPUT -p ah -j ACCEPT -A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT # Completed on Mon Mar 26 08:00:42 2012 ~ "/etc/sysconfig/iptables" 32L, 1872C I've also tried: iptables -I RH-Firewall-1-INPUT 1 -m state --state NEW -m tcp -p tcp --source $1 --dport 111 -j ACCEPT iptables -I RH-Firewall-1-INPUT 2 -m udp -p udp --source $1 --dport 111 -j ACCEPT

    Read the article

  • WCF push to client through firewall?

    - by Sire
    See also How does a WCF server inform a WCF client about changes? (Better solution then simple polling, e.g. Coment or long polling) I need to use push-technology with WCF through client firewalls. This must be a common problem, and I know for a fact it works in theory (see links below), but I have failed to get it working, and I haven't been able to find a code sample that demonstrates it. Requirements: WCF Clients connects to server through tcp port 80 (netTcpBinding). Server pushes back information at irregular intervals (1 min to several hours). Users should not have to configure their firewalls, server pushes must pass through firewalls that have all inbound ports closed. TCP duplex on the same connection is needed for this, a dual binding does not work since a port has to be opened on the client firewall. Clients sends heartbeats to server at regular intervals (perhaps every 15 mins) so server knows client is still alive. Server is IIS7 with WAS. The solution seems to be duplex netTcpBinding. Based on this information: WCF through firewalls and NATs Keeping connections open in IIS But I have yet to find a code sample that works.. I've tried combining the "Duplex" and "TcpActivation" samples from Microsoft's WCF Samples without any luck. Please can someone point me to example code that works, or build a small sample app. Thanks a lot!

    Read the article

  • Reliable way of generating unique hardware ID

    - by mr.b
    Question: what's the best way to accomplish following. I have to come up with unique ID for each networked client, such that: it (ID) should persist once client software is installed on target computer, and should continue to persist if software is re-installed on same computer and same OS installment, it should not change if hardware configuration is modified in most ways (except changing the motherboard) When hard drive with client software installed is cloned to another computer with identical hardware configuration (or, as similar as possible), client software should be aware of that change. A little bit of explanation and some back-story: This question is basically age old question that also touches topic of software copy-protection, as some of mechanisms used in that area are mentioned here. I should be clear at this point that I'm not looking for a copy-protection scheme. Please, read on. :) I'm working on a client-server software that is supposed to work in local network. One of problems I have to solve is to identify each unique client in network (not so much of a problem), so that I can apply certain attributes to every specific client, retain and enforce those attributes during deployment lifetime of a specific client. While I was looking for a solution, I was aware of following: Windows activation system uses some kind of heavy fingerprinting mechanism, that is extremely sensitive to hardware modifications, Disk imaging software copies along all Volume IDs (tied to each partition when formatted), and custom, uniquely generated IDs during installation process, during first run, or in any other way, that is strictly software in its nature, and stored in registry or on hard drive, so it's very easy to confuse two Obvious choice for this kind of problem would be to find out BIOS identifiers (not 100% sure if this is unique through identical motherboard models, though), as that's the only thing I can rely on, that isn't duplicated, transferred by cloning, and that can't be changed (at least not by using some user-space program). Everything else fails as either being not reliable (MAC cloning, anyone?), or too demanding (in terms that it's too sensitive to configuration changes). Am I missing something obvious here? Sub-question that I'd like to ask is, am I doing it correctly, architecture-wise? Perhaps there is a better tool for task that I have to accomplish... Another approach I had in mind is something similar to handshake mechanism, where server maintains internal lookup table of connected client IDs (which can be even completely software-based and non-unique at any given moment), and tells client to come up with different ID during handshake, if duplicate ID is provided upon connection. That approach, unfortunately, doesn't play nicely with one of requirements to tie attributes to specific client during lifetime.

    Read the article

  • What is a hardware-id?

    - by Rob
    Some forums that I regularly visit sell premium programs, and to prevent them from being leaked they use hardware-id authentication. That is, first they send you a program to run to grab your HWID, you tell them your HWID, they store it in a database, then they send you the actual program. If your HWID isn't in the database, the program won't run. So what is Hardware-ID, and how is it generated? Why is it that my HWID is different depending on the programmer that sends me a HWID-grabber?

    Read the article

  • Simple hardware RNG

    - by roygbiv
    I made a tongue-in-cheek comment to this question about making a hardware RNG. Does anyone know of any simple plans or can anyone descibe a simple hardware based RNG and the software to drive it? Go to Radio Shack. Buy a diode, an NTR resistor, a capacitor and serial cable. Cut off the end of the serial cable that does not fit on your computer. Solder the diode and resistor in series between pins DTR and DSR of the cable. Solder the capacitor between DSR and TXD pins. Write a small C program to do the following: Set DTR to 1. Start Timer. Monitor DSR until it goes to 1. Stop Timer. Calculate resistance from elapsed time. Retreive serveral bits from that value to use as part of random number. Repeat until enough bits have accumulated.

    Read the article

  • Developer oriented hardware benchmarks?

    - by Promit
    Perhaps I'm looking in the wrong places, but every hardware benchmark I've found, for nearly any component, is oriented towards gamers and/or workstations (video editing etc). Is there anyone doing benchmarks that are relevant to software developers? For example, take SSDs. I don't care how fast Crysis loads off an SSD -- that is completely worthless information. What I want to know is, which drive yields the quickest build times? What about Intellisense and refactoring operations? What RAID configuration has the biggest benefit? I could probably come up with more examples, but you get the point. Long story short, where are the benchmarks that tell me which hardware will be most effective in helping me be a productive software developer?

    Read the article

  • Server Sizing Methodology

    - by adbrpc
    Our development environment consist of JBoss 5.0.1 DB Server, SQL Server 2008, Oracle IDM. Hardware is Win 2008 32 bit, 4GB RAM. We have reached stage where our environment can not handle application resulting in JBoss shut down throwing out of memory errors and CPU reaching to 90% usage. I am looking methodology to calculate correct server sizing where I input TPS, max number of concurrent users, max CPU utilization etc.. to give me number of servers, RAM size, number of cores. I am expecting application to grow 10% annually. Load Balancer and Failover should also be taken in account while sizing.

    Read the article

  • Webservice randomly dropping connections - possibly due to firewall nonevent data?

    - by adam
    I have a hosted webapp which requests data from a REST webservice in our office. Each page calls one (or several) webservices, which go from our host, via our firewall (a Watchguard Firebox) to a server in our office. All of a sudden, the app has dramatically slowed. We have determined that the webservice is timing out at random when called externally (it's fine when called within the office network). I'm pretty certain it's our connection which is dropping the webservice call, so I've written a quick php/curl script which calls the webservice over many iterations and shows the various timings. Below is an example output, showing both a failed and a successful call (with a 5 second timeout): http_code namelookup_time connect_time pretransfer_time starttransfer_time total_time 1 0 0.000096 0.0342 0.0000 0.0000 0.0342 2 200 0.000052 0.0332 0.1327 0.1751 0.1752 As per iteration #1 above, failed requests seem to be failing between connect and pretransfer. I'm not sure if this shows that the connection is successfully past the firewall, or could the firewall still cause an issue? Our firewall is showing a series of nondata event log messages for the relevant access rule. Our IT team tells me these are routine, although I can find no mention of these in Google. I'm not sure if this fits in between connect and pretransfer. Having elinated the webservice server (by testing internally) and the live webapp (by testing different code on different external servers, I am left suspecting the connection to the office. Could the firebox nondata events be causing a problem between connect and pretransfer?

    Read the article

  • Crash Report in Ubuntu... hardware problem?

    - by Andrew
    Got this on my machine. I was just browsing the web on Chrome and my computer froze. I recently just built this machine. I have a feeling it is a hardware problem... Possibly one of my parts arrived broken in some way.... Starting anac(h)ronistic cron Stopping anac(h)ronistic cron Stopping cold plug devices Stopping log initial device creation Starting enable remaining boot-time encrypted block devices Starting configure network device security Starting configure virtual network devices Starting save udev log and update rules Stopping configure virtual network devices Stopping save udev log and update rules Checking battery state... Stopping System V runlevel compatibility Stopping enable remaining boot-time encrypted block devices Stopping Mount filesystems on boot 91.573384] BUG: unable to handle kernel NULL pointer dereference at (null) 91.573437] IP: [<ffffffff81313514>] strcmp+0x14/0x30 91.573470] PGD 1f7822067 PUD 1ed7a6067 PMD 0 91.573498] Oops: 0000 [#1] SMP 91.573519] CPU 3 91.573531] Modules linked in: dm_crypt bnep snd_hda_codec_realtek rfcomm bluetooth parport_pc ppdev arc4 fglrx(P) rt2800usb rt2800lib crc_ccitt rt2x00usb rt2x00lib mac0021 cfg80211 psmouse snd_hda_intel snd_hda_codec snd_hwdep snd_pcm snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq snd_timer send_seq_device snd joydev mac_hid mei(C) soundcore serio_raw snd_page_alloc lp parport ses enclosure usbhid hid i915 drm_kms_helper drm i2c_algo_bit mxm_umi tg_video wmi usb_storage 91.573826] 91.573837] Pid: 2297, comm: update-notifier Tainted: P C O 3.2.0-29-generic #46-Ubuntu To Be Filled By O.E.M. To Be Filled By O.E.M./Z77 Extreme4 91.573912] RIP: 0010:[<ffffffff81313514>] [<ffffffff81313514>] strcmp+0x14/0x30 91.573954] RSP: 0018:ffff8801f83f5bb8 EFLAGS: 00010246 91.573982] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 91.574019] RDX: 0000000000000069 RSI: 0000000000000000 RDI: ffff88021adb26f8 91.574056] RBP: ffff8801f83f5bb8 R08: ffff88022f2d6e80 R09: 0000000000000000 91.574093] R10: ffff88021e7dbf00 R11: 0000000000000003 R12: ffff88021c10eb40 91.574130] R13: 0000000000000000 R14: ffff88021adb26f8 R15: ffff8801f83f5d40 91.574168] FS: 00007f958cf53940(0000) GS:ffff88022f2c0000(0000) kn1GS:0000000000000000 91.574210] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 91.574240] CR2: 0000000000000000 CR3: 000000021f6d7000 CR4: 00000000000406e0 91.574277] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 91.574314] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000000 91.574351] Process update-notifier (pid: 2297, threadinfo ffff801f83f4000, task ffff880208fe2e00) 91.574397] Stack: 91.574409] ffff8801f83f5be8 ffffffff811ed509 ffff88021adb26c0 ffff88021b8b7020 91.574453] ffff88021b461c60 fffffffffffffffe ffff8801f83f5c18 ffffffff811ed61f 91.574496] ffff88021adb26c0 ffff88021b8b7020 ffff8801f83f5dc8 0000000000000001 91.574539] Call Trace: 91.574558] [<ffffffff811ed509] sysfs_find_dirent+0x59/0x110 91.574591] [<ffffffff811ed61f] sysfs_lookup+0x5f/0x110 91.574621] [<ffffffff81182745] d_alloc_and_lookup+0x45/0x90 91.574654] [<ffffffff8118fe65] ? d_lookup+0x35/0x60 91.574683] [<ffffffff811848d2] do_lookup+0x202/0x310 91.574712] [<ffffffff8118660c] path_lookupat+0x11c/0x750 91.574744] [<ffffffff81318db7] ? __strncpy_from_user+0x27/0x60 91.574778] [<ffffffff81186c71] do_path_lookup+0x31/0xc0 91.574809] [<ffffffff81187779] user_path_at_empty+0x59/0xa0 91.574842] [<ffffffff81187822] ? do_filp_open+0x42/0xa0 91.574872] [<ffffffff811877d1] user_path_at+0x11/0x20 91.574902] [<ffffffff8117c80a] vfs_fstatat+0x3a/0x70 91.574933] [<ffffffff81161cff] ? kmem_cache_free+0x2f/0x110 91.574965] [<ffffffff8117c85e] vfs_lstat+-x31/0x70 91.574993] [<ffffffff8117c9fa] sys_newlstat+0x1a/0x40 91.575022] [<ffffffff81176ee1] ? do_sys_open+0x171/0x220 91.575053] [<ffffffff8117cb1a] ? sys_readlinkat+0x7a/0xb0 91.575086] [<ffffffff81661ec2] system_call_fastpath+0x16/0x1b 91.575118] Code: 83 c1 01 40 84 ff 75 ef 5d c3 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 00 55 31 c0 48 89 e5 66 2e 0f 1f 84 00 00 00 00 00 0f b6 14 07 <3a> 14 06 75 0f 48 83 c0 01 84 d2 75 ef 31 c0 5d c3 0f 1f 00 19 91.577243] RIP [<ffffffff81313514>] strcmp+0x14/0x30 91.579314] RSP <ffff8801f83f5bb8> 91.581385] CR2: 0000000000000000

    Read the article

  • EMEA Partner Community for Hardware at OpenWorld!

    - by Giuseppe Facchetti
    If you are going to OpenWorld next September, do not miss the opportunity to meet the key EMEA Resellers driving Hardware growth! EMEA Partner Community for Hardware Partner Success Stories & Program UpdatesThe key appointment at OOW for EMEA Hardware Partners This interactive session, dedicated to EMEA partners interested in growing their Servers and Storage business, will open with Oracle EMEA Executives sharing their thoughts on Hardware latest news, announcements, and related EMEA partner programs -- and how to leverage them in the EMEA market. And the core of the session will feature a few EMEA partners sharing their recent successes in using Oracle Hardware as the infrastructure for mission critical solutions that solve key customer business issues -- and help EMEA customers (and partners!) grow their business. Details and logistics: Make sure you register for OPN Exchange @ OpenWorld and check the Content Catalog. Contact: [email protected]

    Read the article

  • Does ICS modify windows firewall policies in the registry?

    - by insipid
    I had a host machine I wanted to enable ICS on. First I realized that doing so was not possible until I enabled the Windows Firewall. Once I enabled the firewall and set up ICS, I noticed due to group policy I could no longer disable the firewall. Also, any ports I tried to open seemed to be ignored. Although nothing seemed to be configured when I used the mmc snap-in to view local computer policy, when I checked the registry I noticed several policies set there in HKLM (such as disabling AllowLocalPolicyMerge). I was able to remove the policies from the registry and my open ports worked, but they were eventually re-added without my input. The network I am sharing the internet from is an "unsecured" wireless network with an authentication page, is it possible that this is causing those policies to be set? Did ICS set those policies? When you go to the properties of the ICS enabled adapter and go to the ICS settings it takes you to a tab called services where you can add and remove "services running on your network that internet users can access". Is this related to the windows firewall?

    Read the article

  • HP DL380 G3 2U For Basic Web Server in 2012

    - by ryandlf
    I have an opportunity to pick up a used HP DL380 G3 2U for $100. I'm looking for a basic entry level web server that I can host a small - medium size website on and more or less learn the ins and outs of running my own web server before I bite the bullet and spend a couple grand on a server. The specs are: Dual (2) Intel Xeon 2.4GHz 400MHz 512KB Cache 4GB PC2100 ECC Registered Memory 6 x 72GB 10K U320 SCSI Hard Drives Smart Array 5i RAID Controller Redundant Power Supplies DVD/Floppy, Dual Intel GB NIC's, USB Or would I be better off spending a couple hundred bucks on something like: this new HP Seems like the only major difference is SATA and a bit of storage, but I will likely be implementing a separate storage system of some sort anyways. I guess it also wouldn't hurt to mention that I plan on running a linux server distro, so would the hardware be likely to support linux with a system that is 4 generations old? I don't mind spending a couple hundred extra dollars if its a better solution, but as mentioned previously I am simple looking for a server to learn on and probably use for a year or so while I put together a small - medium size website.

    Read the article

  • Performance of java on different hardware?

    - by tangens
    In another SO question I asked why my java programs run faster on AMD than on Intel machines. But it seems that I'm the only one who has observed this. Now I would like to invite you to share the numbers of your local java performance with the SO community. I observed a big performance difference when watching the startup of JBoss on different hardware, so I set this program as the base for this comparison. For participation please download JBoss 5.1.0.GA and run: jboss-5.1.0.GA/bin/run.sh (or run.bat) This starts a standard configuration of JBoss without any extra applications. Then look for the last line of the start procedure which looks like this: [ServerImpl] JBoss (Microcontainer) [5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] Started in 25s:264ms Please repeat this procedure until the printed time is somewhat stable and post this line together with some comments on your hardware (I used cpu-z to get the infos) and operating system like this: java version: 1.6.0_13 OS: Windows XP Board: ASUS M4A78T-E Processor: AMD Phenom II X3 720, 2.8 GHz RAM: 2*2 GB DDR3 (labeled 1333 MHz) GPU: NVIDIA GeForce 9400 GT disc: Seagate 1.5 TB (ST31500341AS) Use your votes to bring the fastest configuration to the top. I'm very curious about the results. EDIT: Up to now only a few members have shared their results. I'd really be interested in the results obtained with some other architectures. If someone works with a MAC (desktop) or runs an Intel i7 with less than 3 GHz, please once start JBoss and share your results. It will only take a few minutes.

    Read the article

  • Why my Buffalo router keeps on sending rdp, netbios, ftp, http requests?

    - by user192702
    I have the following network setup: Buffalo Router (192.168.100.1) < Watchguard XTM21 (192.168.100.13) < PC For some reason I keep on seeing the following repeating on my XTM21's Traffic Monitor. While I have enabled Port Forwarding, none of the ports reported below were enabled. Can someone let me know why I'm seeing all of these? 2013-10-19 23:37:56 Deny 192.168.100.1 192.168.100.13 ftp/tcp 4013 21 0-External Firebox Denied 60 64 (Unhandled External Packet-00) proc_id="firewall" rc="101" tcp_info="offset 10 S 282700472 win 5840" Traffic 2013-10-19 23:37:59 Deny 192.168.100.1 192.168.100.13 http/tcp 2459 80 0-External Firebox Denied 60 64 (Unhandled External Packet-00) proc_id="firewall" rc="101" tcp_info="offset 10 S 296571237 win 5840" Traffic 2013-10-19 23:38:02 Deny 192.168.100.1 192.168.100.13 8000/tcp 3244 8000 0-External Firebox blocked ports 60 64 (Internal Policy) proc_id="firewall" rc="101" tcp_info="offset 10 S 298709937 win 5840" Traffic 2013-10-19 23:38:05 Deny 192.168.100.1 192.168.100.13 8000/tcp 3244 8000 0-External Firebox blocked ports 60 64 (Internal Policy) proc_id="firewall" rc="101" tcp_info="offset 10 S 298709937 win 5840" Traffic 2013-10-19 23:38:05 Deny 192.168.100.1 192.168.100.13 rdp/tcp 3896 3389 0-External Firebox Denied 60 64 (Unhandled External Packet-00) proc_id="firewall" rc="101" tcp_info="offset 10 S 290482691 win 5840" Traffic 2013-10-19 23:38:08 Deny 192.168.100.1 192.168.100.13 netbios-ns/udp 2110 137 0-External Firebox Denied 78 64 (Unhandled External Packet-00) proc_id="firewall" rc="101" Traffic 2013-10-19 23:38:32 Deny 192.168.100.1 192.168.100.13 ftp/tcp 4025 21 0-External Firebox Denied 60 64 (Unhandled External Packet-00) proc_id="firewall" rc="101" tcp_info="offset 10 S 321868558 win 5840" Traffic 2013-10-19 23:38:35 Deny 192.168.100.1 192.168.100.13 http/tcp 2471 80 0-External Firebox Denied 60 64 (Unhandled External Packet-00) proc_id="firewall" rc="101" tcp_info="offset 10 S 325918731 win 5840" Traffic 2013-10-19 23:38:38 Deny 192.168.100.1 192.168.100.13 8000/tcp 3256 8000 0-External Firebox blocked ports 60 64 (Internal Policy) proc_id="firewall" rc="101" tcp_info="offset 10 S 327854525 win 5840" Traffic 2013-10-19 23:38:41 Deny 192.168.100.1 192.168.100.13 8000/tcp 3256 8000 0-External Firebox blocked ports 60 64 (Internal Policy) proc_id="firewall" rc="101" tcp_info="offset 10 S 327854525 win 5840" Traffic 2013-10-19 23:38:41 Deny 192.168.100.1 192.168.100.13 rdp/tcp 3896 3389 0-External Firebox Denied 60 64 (Unhandled External Packet-00) proc_id="firewall" rc="101" tcp_info="offset 10 S 327101423 win 5840" Traffic 2013-10-19 23:38:44 Deny 192.168.100.1 192.168.100.13 netbios-ns/udp 2110 137 0-External Firebox Denied 78 64 (Unhandled External Packet-00) proc_id="firewall" rc="101" Traffic

    Read the article

  • Virtual environment firewall with CSF + iptables rules on VM?

    - by luison
    We are getting into virtualization with a Proxmox VE (OpenVZ + KVM) server. Our plan for firewall is to have CSF (http://configserver.com/cp/csf.html) running on the host machine as we've had a reasonable good experience with it in the past. Apart from that we plan simple firewall rules on the VM machines (mostly OpenVZ containers with same kernel) and maybe fail2ban simple specific rules. I would appreciate comments with anyone with similar experiences? I understand all traffic comes via the host machine so a combined firewall there with specific firewalling on the VM should work, alltough some iptables rules are hard to get to work on OpenVZ containers.

    Read the article

  • Firewall Deep Inspection Updates and Antivirus Subscription, worth it?

    - by msemack
    I realize that this is a subjective question, but I'm trying to get some experiences We have Juniper firewalls in our organization (SSG-320M, SSG-5, and some old NS-5GT). We have the option of a yearly subscription for: Deep Inspection Signature Updates Juniper-Kaspersky Antivirus I seem similar services available from other Firewall vendors. We have Symantec Endpoint Protection deployed to all workstations and servers, plus a dedicated appliance for e-mail spam/virus filtering. So, I'm not sure what these firewall-base services will bring to the table that I don't already have. I would appreciate some feedback from people using these firewall services (Juniper or otherwise). Are these services generally worth it? Do they really catch anything? Do they interfere with normal traffic (false positives)?

    Read the article

  • VPN is working, except for DNS lookups. Firewall (Cisco ASA 5505) issue?

    - by macke
    I've got the following set up: LAN -> DHCP / DNS / VPN server (OSX 10.6) -> Cisco ASA 5505 -> WAN Connecting to the LAN via VPN works fine. I get all the details properly and I can ping any host on the internal network using their IP. However, I can't do any host lookups whatsoever. I've looked through the logs on and found this nugget in the firewall log: 3 Sep 08 2010 10:46:40 305006 10.0.0.197 65371 portmap translation creation failed for udp src inside:myhostname.local/53 dst inside:10.0.0.197/65371 Port 53 is dns services, no? Because of that log entry, I'm thinking that the issue is with the firewall, not the server. Any ideas? Please keep in mind that I have very little knowledge and experience with this kind of firewall and the little experience I do have is with the ASDM GUI console, not the CLI console.

    Read the article

  • How do I examine my Windows firewall outbound rules?

    - by David
    I need a program to listen to port 9000 on localhost with my Windows firewall. I've created an outgoing and an incoming rule for my program but I can only see my incomming rule in the Windows firewall general menu? I've also noticed that I've many more outgoing rules in my outgoing rule menu but I can only see 4 outgoing rules in my general firewall menu but I see many many more incomming rules? The program doesn't listen to port 9000 or it doesn't working. I've also tried netstat -a -p to no avail. I didn't see 0.0.0.0:9000 in the output? How can I check if my program listen to port 9000 or connect to port 9000 when it's open?

    Read the article

  • Running a webserver behind a firewall, is it secure?

    - by i.am.intern
    Currently we have a Linux-based firewall which NAT-ing our public IP address to give internet access to our staff's PCs and a Windows Server 2003 for internal filesharing. I want to host Redmine/SVN (a bugtracker) internally behind this firewall using a Linux server. This webserver will be accessed by our clients externally so they can post bug reports. This means that I have to open port 80 & 22 at the firewall to give access to the webserver and me to SSH it from home. However, let's say I'm using password-based SSH for the webserver and somebody cracked it. Does that mean the cracker could ping and access other servers and PCs in the network?

    Read the article

  • What firewall ports do I need to open when using FTPS?

    - by anoopm
    I need to access an ftps server (vsftpd) on a vendor's site. The vendor has a firewall in front of the ftps server and I have a firewall in front of my ftps client. I understand that ports 990, 991 and maybe 989 need to be opened up for control traffic. When looking at it from the vendor's firewall perspective, should these ports be opened up for both inbound and outbound traffic? What about ports for the DATA channel? Do I have to open all ports above 1000? And should I do it for both inbound and outbound traffic? TIA for your help.

    Read the article

  • How can I measure TCP timeout limit on NAT firewall for setting keepalive interval?

    - by jmanning2k
    A new (NAT) firewall appliance was recently installed at $WORK. Since then, I'm getting many network timeouts and interruptions, especially for operations which would require the server to think for a bit without a response (svn update, rsync, etc.). Inbound SSH sessions over VPN also timeout frequently. That clearly suggests I need to adjust the TCP (and ssh) keepalive time on the servers in question in order to reduce these errors. But what is the appropriate value I should use? Assuming I have machines on both sides of the firewall between which I can make a connection, is there a way to measure what the time limit on TCP connections might be for this firewall? In theory, I would send a packet with gradually increasing intervals until the connection is lost. Any tools that might help (free or open source would be best, but I'm open to other suggestions)? The appliance is not under my control, so I can't just get the value, though I am attempting to ask what it currently is and if I can get it increased.

    Read the article

  • How to open a server port outside of an OpenVPN tunnel with a pf firewall on OSX (BSD)

    - by Timbo
    I have a Mac mini that I use as a media server running XBMC and serves media from my NAS to my stereo and TV (which has been color calibrated with a Spyder3Express, happy). The Mac runs OSX 10.8.2 and the internet connection is tunneled for general privacy over OpenVPN through Tunnelblick. I believe my anonymous VPN provider pushes "redirect_gateway" to OpenVPN/Tunnelblick because when on it effectively tunnels all non-LAN traffic in- and outbound. As an unwanted side effect that also opens the boxes server ports unprotected to the outside world and bypasses my firewall-router (Netgear SRX5308). I have run nmap from outside the LAN on the VPN IP and the server ports on the mini are clearly visible and connectable. The mini has the following ports open: ssh/22, ARD/5900 and 8080+9090 for the XBMC iOS client Constellation. I also have Synology NAS which apart from LAN file serving over AFP and WebDAV only serves up an OpenVPN/1194 and a PPTP/1732 server. When outside of the LAN I connect to this from my laptop over OpenVPN and over PPTP from my iPhone. I only want to connect through AFP/548 from the mini to the NAS. The border firewall (SRX5308) just works excellently, stable and with a very high throughput when streaming from various VOD services. My connection is a 100/10 with a close to theoretical max throughput. The ruleset is as follows Inbound: PPTP/1723 Allow always to 10.0.0.40 (NAS/VPN server) from a restricted IP range >corresponding to possible cell provider range OpenVPN/1194 Allow always to 10.0.0.40 (NAS/VPN server) from any Outbound: Default outbound policy: Allow Always OpenVPN/1194 TCP Allow always from 10.0.0.40 (NAS) to a.b.8.1-a.b.8.254 (VPN provider) OpenVPN/1194 UDP Allow always to 10.0.0.40 (NAS) to a.b.8.1-a.b.8.254 (VPN provider) Block always from NAS to any On the Mini I have disabled the OSX Application Level Firewall because it throws popups which don't remember my choices from one time to another and that's annoying on a media server. Instead I run Little Snitch which controls outgoing connections nicely on an application level. I have configured the excellent OSX builtin firewall pf (from BSD) as follows pf.conf (Apple App firewall tie-ins removed) (# replaced with % to avoid formatting errors) ### macro name for external interface. eth_if = "en0" vpn_if = "tap0" ### wifi_if = "en1" ### %usb_if = "en3" ext_if = $eth_if LAN="{10.0.0.0/24}" ### General housekeeping rules ### ### Drop all blocked packets silently set block-policy drop ### all incoming traffic on external interface is normalized and fragmented ### packets are reassembled. scrub in on $ext_if all fragment reassemble scrub in on $vpn_if all fragment reassemble scrub out all ### exercise antispoofing on the external interface, but add the local ### loopback interface as an exception, to prevent services utilizing the ### local loop from being blocked accidentally. ### set skip on lo0 antispoof for $ext_if inet antispoof for $vpn_if inet ### spoofing protection for all interfaces block in quick from urpf-failed ############################# block all ### Access to the mini server over ssh/22 and remote desktop/5900 from LAN/en0 only pass in on $eth_if proto tcp from $LAN to any port {22, 5900, 8080, 9090} ### Allow all udp and icmp also, necessary for Constellation. Could be tightened. pass on $eth_if proto {udp, icmp} from $LAN to any ### Allow AFP to 10.0.0.40 (NAS) pass out on $eth_if proto tcp from any to 10.0.0.40 port 548 ### Allow OpenVPN tunnel setup over unprotected link (en0) only to VPN provider IPs ### and port ranges pass on $eth_if proto tcp from any to a.b.8.0/24 port 1194:1201 ### OpenVPN Tunnel rules. All traffic allowed out, only in to ports 4100-4110 ### Outgoing pings ok pass in on $vpn_if proto {tcp, udp} from any to any port 4100:4110 pass out on $vpn_if proto {tcp, udp, icmp} from any to any So what are my goals and what does the above setup achieve? (until you tell me otherwise :) 1) Full LAN access to the above ports on the mini/media server (including through my own VPN server) 2) All internet traffic from the mini/media server is anonymized and tunneled over VPN 3) If OpenVPN/Tunnelblick on the mini drops the connection, nothing is leaked both because of pf and the router outgoing ruleset. It can't even do a DNS lookup through the router. So what do I have to hide with all this? Nothing much really, I just got carried away trying to stop port scans through the VPN tunnel :) In any case this setup works perfectly and it is very stable. The Problem at last! I want to run a minecraft server and I installed that on a separate user account on the mini server (user=mc) to keep things partitioned. I don't want this server accessible through the anonymized VPN tunnel because there are lots more port scans and hacking attempts through that than over my regular IP and I don't trust java in general. So I added the following pf rule on the mini: ### Allow Minecraft public through user mc pass in on $eth_if proto {tcp,udp} from any to any port 24983 user mc pass out on $eth_if proto {tcp, udp} from any to any user mc And these additions on the border firewall: Inbound: Allow always TCP/UDP from any to 10.0.0.40 (NAS) Outbound: Allow always TCP port 80 from 10.0.0.40 to any (needed for online account checkups) This works fine but only when the OpenVPN/Tunnelblick tunnel is down. When up no connection is possbile to the minecraft server from outside of LAN. inside LAN is always OK. Everything else functions as intended. I believe the redirect_gateway push is close to the root of the problem, but I want to keep that specific VPN provider because of the fantastic throughput, price and service. The Solution? How can I open up the minecraft server port outside of the tunnel so it's only available over en0 not the VPN tunnel? Should I a static route? But I don't know which IPs will be connecting...stumbles How secure would to estimate this setup to be and do you have other improvements to share? I've searched extensively in the last few days to no avail...If you've read this far I bet you know the answer :)

    Read the article

  • Why is file sharing over internet still working, despite all firewall exceptions for filesharing being disabled?

    - by Triynko
    Every exception in my windows server firewall that starts with "File and Printer Sharing" is disabled (ordered by name, so that includes domain, public (active), and private profiles). The Network and Sharing Center's options for everything except password protected sharing are off. Why would I still be able to access a network share on that server via an address like "\\my.server.com\" over the internet? The firewall is on for all profiles and blocking incoming connections by default. A "netstat -an" command on the server reveals the share connection is occurring over port 445 (SMB). I restarted the client to ensure it was actually re-establishing a new connection successfully. Is the "Password protected sharing: On" option in Network and Sharing Center bypassing the firewall restrictions, or adding some other exception somewhere that I'm missing? EDIT: "Custom" rules are not the problem. It's the "built-in" rules for Terminal Services that was the problem. Can you believe port 445 (File Sharing Port) has to be wide open to the internet to use Terminal Services Licensing?)

    Read the article

  • VB.net Unique Hardware ID ideas

    - by xzerox
    I was wondering if there would be anything else I could use in my Hardware ID protection that would make it much more unique. I am currently using Processor ID Volume ID Mac Address Graphics Card Name If you guys can provide source codes to anything else that would make it even more unique please tell me.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 14 15 16 17 18 19 20 21 22 23 24 25  | Next Page >