Search Results

Search found 6517 results on 261 pages for 'reverse dns'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 191/261 | < Previous Page | 187 188 189 190 191 192 193 194 195 196 197 198  | Next Page >

  • Ubuntu VPN Server (PPTPD) Configuration - Pass Traffic to Internet

    - by SnAzBaZ
    I am trying to configure PPTPD on my Ubuntu box to pass all VPN traffic through to it's internet connection, so I essentially want it to work like a Proxy. I think the problem is that no default gateway is being assigned to my PPTP client (Windows 7). I can connect to the VPN fine, I get an IP address and DNS servers but no default gateway. Do I need to configure a specific option to tell the VPN server to forward all traffic it receives down it's eth0 port and out to the internet. Thanks!

    Read the article

  • Why do I get "General Failure" when pinging host name on a Win 7 node on the network?

    - by hydroparadise
    This is a very peculiar problem with a station on our network. The client pc is running Windows 7 Pro. What makes this problem interesting is that this client is the only node on the network that seems to be experiencing this proglem. When I try to ping a specific Win 08 server by host name, I get an IPv6 address and get General failure. But when I ping it's IPv4 address, it responds just fine. My first thought would check the DNS server the name resolutions to see what would be going on, but the problem begs the quesion, why does the station get an IPv6 address back and fails as opposed to using the IPv4 settings (which are static btw). What gives? I am including a screen shot of trying the one specific server and failing while trying another server with success. All other nodes on the network don't have problems communicating with the server the one station is having issues with.

    Read the article

  • postfix uses hostname instead of myhostname.

    - by sunny.oxide
    Hi there, I am trying to set up an outgoing mail server for sending emails which is to relay to our ISP. In /etc/postfix/main.cf I have myhostname to ourcompany.example.com and myorigin and mydomain to $myhostname. ourcompany.example.com is resolvable. But looking at the logs in /var/log/maillog it appears that postfix does use the myhostname for the send address, but uses whatever from getmyhostname(), which is set to an internal DNS name since this is an internal server and we only send email out, but not handling incoming email. Any ideas?

    Read the article

  • New to programming

    - by Shaun
    I have a form (Quote) with an auto-number ID, on the form at the moment are two subforms that show different items (sub 1 shows partition modules sub 2 shows partition abutments) both forms use the same parts tables to build them. Both forms are linked to the quote form using the ID. All works well until the forms is refreshed or re-loaded, subform 1 shows the module names and quantities and blank spaces for the abutment names but shows the quantiews for the abutments, the reverse of this is shown in the abutments subform 2. When the lists for the variuos types and the detailed parts lists are printed they are correct. This seems to be only a visual problem. All based on Access 2003. Subform 1 SELECT Quote_Modules.ModuleID, Quote_Modules.QuoteID, Quote_Modules.ModuleDescription, Quote_Modules.ModuleQty, Quote.Style, Quote.Trim FROM Quote INNER JOIN Quote_Modules ON Quote.QuoteID=Quote_Modules.QuoteID ORDER BY Quote_Modules.ModuleID; Subform 2 SELECT Quote_Modules.ModuleID, Quote_Modules.QuoteID, Quote_Modules.ModuleDescription, Quote_Modules.ModuleQty, Quote.Style, Quote.Trim FROM Quote INNER JOIN Quote_Modules ON Quote.QuoteID=Quote_Modules.QuoteID ORDER BY Quote_Modules.ModuleID;

    Read the article

  • Super Cam iphone app how do they make it possible?

    - by Silent
    there is an iphone app called supercam and you can get it through the app store free. This app features a way to connect your webcam or dv cam that is connected on the internet, you could set up the ip address and enter the data on the app and it will connect to your online camera. the thing is that they have the video stream and it looks like they embedded the video in a uiview or webview at the bottom they have buttons to choose from all the cameras you have set up. so this is different from other video streaming apps because it does not play the video from the full screen mode (MPMediaPlayer API) would there be any tutorials about this or somehow take reverse engineer this?

    Read the article

  • Outgoing mail from linux not being delivered

    - by Jason
    I can't seem to send mail through my php scripts or through the linux console on my Centos 5.5 LAMP server, when the email is addressed to go to a domain that is hosted by my box. I think it is something to do with the email routing internally, or the DNS servers that the box uses not reporting the correct MX records. Basically my box doesn't host any mail, it's all hosted on google apps. My name servers are hosted by a 3rd party provider and I am using webmin. Webmin doesn't recognise the settings on the 3rd party provider. I'm unsure how to fix this. Previously when I had this problem on a cpanel server, I would edit the remotedomains and localdomains files, moving domains from one file to another and it would fix the problem. What information do I need to provide for anyone to work out what the issue is? Thanks

    Read the article

  • Trying to establish remote debug with visual studio running inside vmpalyer

    - by Kazoom
    i have this configuration a visual studio running inside virtual machine. the host machine has xp on it and so does the virtual machine. i have to run remote debug on the third machine which is connected to the host machine. i m currently facing this problem i m not able to ping my virtual machine from my host machine, however reverse is possible. how to resolve that? both my machine are on same workgroup (not domain, arent they both same?)

    Read the article

  • Bridging LXC containers to host eth0 so they can have a public IP

    - by Vianney Stroebel
    UPDATE: I found the solution there: http://www.linuxfoundation.org/collaborate/workgroups/networking/bridge#No_traffic_gets_trough_.28except_ARP_and_STP.29 # cd /proc/sys/net/bridge # ls bridge-nf-call-arptables bridge-nf-call-iptables bridge-nf-call-ip6tables bridge-nf-filter-vlan-tagged # for f in bridge-nf-*; do echo 0 $f; done But I'd like to have expert opinions on this: is it safe to disable all bridge-nf-*? What are they here for? END OF UPDATE I need to bridge LXC containers to the physical interface (eth0) of my host, reading numerous tutorials, documents and blog posts on the subject. I need the containers to have their own public IP (which I've previously done KVM/libvirt). After two days of searching and trying, I still can't make it work with LXC containers. The host runs a freshly installed Ubuntu Server Quantal (12.10) with only libvirt (which I'm not using here) and lxc installed. I created the containers with : lxc-create -t ubuntu -n mycontainer So they also run Ubuntu 12.10. Content of /var/lib/lxc/mycontainer/config is: lxc.utsname = mycontainer lxc.mount = /var/lib/lxc/test/fstab lxc.rootfs = /var/lib/lxc/test/rootfs lxc.network.type = veth lxc.network.flags = up lxc.network.link = br0 lxc.network.name = eth0 lxc.network.veth.pair = vethmycontainer lxc.network.ipv4 = 179.43.46.233 lxc.network.hwaddr= 02:00:00:86:5b:11 lxc.devttydir = lxc lxc.tty = 4 lxc.pts = 1024 lxc.arch = amd64 lxc.cap.drop = sys_module mac_admin mac_override lxc.pivotdir = lxc_putold # uncomment the next line to run the container unconfined: #lxc.aa_profile = unconfined lxc.cgroup.devices.deny = a # Allow any mknod (but not using the node) lxc.cgroup.devices.allow = c *:* m lxc.cgroup.devices.allow = b *:* m # /dev/null and zero lxc.cgroup.devices.allow = c 1:3 rwm lxc.cgroup.devices.allow = c 1:5 rwm # consoles lxc.cgroup.devices.allow = c 5:1 rwm lxc.cgroup.devices.allow = c 5:0 rwm #lxc.cgroup.devices.allow = c 4:0 rwm #lxc.cgroup.devices.allow = c 4:1 rwm # /dev/{,u}random lxc.cgroup.devices.allow = c 1:9 rwm lxc.cgroup.devices.allow = c 1:8 rwm lxc.cgroup.devices.allow = c 136:* rwm lxc.cgroup.devices.allow = c 5:2 rwm # rtc lxc.cgroup.devices.allow = c 254:0 rwm #fuse lxc.cgroup.devices.allow = c 10:229 rwm #tun lxc.cgroup.devices.allow = c 10:200 rwm #full lxc.cgroup.devices.allow = c 1:7 rwm #hpet lxc.cgroup.devices.allow = c 10:228 rwm #kvm lxc.cgroup.devices.allow = c 10:232 rwm Then I changed my host /etc/network/interfaces to: auto lo iface lo inet loopback auto br0 iface br0 inet static bridge_ports eth0 bridge_fd 0 address 92.281.86.226 netmask 255.255.255.0 network 92.281.86.0 broadcast 92.281.86.255 gateway 92.281.86.254 dns-nameservers 213.186.33.99 dns-search ovh.net When I try command line configuration ("brctl addif", "ifconfig eth0", etc.) my remote host becomes inaccessible and I have to hard reboot it. I changed the content of /var/lib/lxc/mycontainer/rootfs/etc/network/interfaces to: auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 179.43.46.233 netmask 255.255.255.255 broadcast 178.33.40.233 gateway 92.281.86.254 It takes several minutes for mycontainer to start (lxc-start -n mycontainer). I tried replacing gateway 92.281.86.254 by : post-up route add 92.281.86.254 dev eth0 post-up route add default gw 92.281.86.254 post-down route del 92.281.86.254 dev eth0 post-down route del default gw 92.281.86.254 My container then starts instantly. But whatever configuration I set in /var/lib/lxc/mycontainer/rootfs/etc/network/interfaces, I cannot ping from mycontainer to any IP (including the host's) : ubuntu@mycontainer:~$ ping 92.281.86.226 PING 92.281.86.226 (92.281.86.226) 56(84) bytes of data. ^C --- 92.281.86.226 ping statistics --- 6 packets transmitted, 0 received, 100% packet loss, time 5031ms And my host cannot ping the container: root@host:~# ping 179.43.46.233 PING 179.43.46.233 (179.43.46.233) 56(84) bytes of data. ^C --- 179.43.46.233 ping statistics --- 5 packets transmitted, 0 received, 100% packet loss, time 4000ms My container's ifconfig: ubuntu@mycontainer:~$ ifconfig eth0 Link encap:Ethernet HWaddr 02:00:00:86:5b:11 inet addr:179.43.46.233 Bcast:255.255.255.255 Mask:0.0.0.0 inet6 addr: fe80::ff:fe79:5a31/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:64 errors:0 dropped:6 overruns:0 frame:0 TX packets:54 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:4070 (4.0 KB) TX bytes:4168 (4.1 KB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:32 errors:0 dropped:0 overruns:0 frame:0 TX packets:32 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:2496 (2.4 KB) TX bytes:2496 (2.4 KB) My host's ifconfig: root@host:~# ifconfig br0 Link encap:Ethernet HWaddr 4c:72:b9:43:65:2b inet addr:92.281.86.226 Bcast:91.121.67.255 Mask:255.255.255.0 inet6 addr: fe80::4e72:b9ff:fe43:652b/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1453 errors:0 dropped:18 overruns:0 frame:0 TX packets:1630 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:145125 (145.1 KB) TX bytes:299943 (299.9 KB) eth0 Link encap:Ethernet HWaddr 4c:72:b9:43:65:2b UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3178 errors:0 dropped:0 overruns:0 frame:0 TX packets:1637 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:298263 (298.2 KB) TX bytes:309167 (309.1 KB) Interrupt:20 Memory:fe500000-fe520000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:6 errors:0 dropped:0 overruns:0 frame:0 TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:300 (300.0 B) TX bytes:300 (300.0 B) vethtest Link encap:Ethernet HWaddr fe:0d:7f:3e:70:88 inet6 addr: fe80::fc0d:7fff:fe3e:7088/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:54 errors:0 dropped:0 overruns:0 frame:0 TX packets:67 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:4168 (4.1 KB) TX bytes:4250 (4.2 KB) virbr0 Link encap:Ethernet HWaddr de:49:c5:66:cf:84 inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) I have disabled lxcbr0 (USE_LXC_BRIDGE="false" in /etc/default/lxc). root@host:~# brctl show bridge name bridge id STP enabled interfaces br0 8000.4c72b943652b no eth0 vethtest I have configured the IP 179.43.46.233 to point to 02:00:00:86:5b:11 in my hosting provider (OVH) config panel. (The IPs in this post are not the real ones.) Thanks for reading this long question! :-) Vianney

    Read the article

  • Best way to script checking whether a machine is on the corporate network

    - by Ben
    I am writing a Powershell script to determine if a machine is on the corporate network. The machine may or may not be on the domain, so I want to check at "IP" level. Have written something to check by pinging a couple of servers on a couple of different subnets (to get around the risk of someone being on another (external) subnet with a host on the same IP.) Works, but it's a bit slow, and not especially "future-proof" - e.g. in 2 years time when I decomission the server it'll break. Is there a way I can use the dns suffix being given by the local dhcp server? Just direct me what I need to check - I can figure out the script. Ta, Ben

    Read the article

  • Lost contact with my NAS after changing its IP

    - by Beles
    I did some brain-dead reconfiguring of my D-Link DNS-323 NAS some days ago. I have a home network where each computer gets a dynamically allocated IP address starting at 192.168.1.100. The irritating point (for me at least) was that the NAS changed IP if the power went down or I turned off the router. I then had to remap a drive-letter to point to the new IP address of the NAS. To remedy that I configured the NAS to have a static IP, 192.168.0.10. I had no good reason to choose that IP, other than I found it in a user manual for the NAS. After I changed the IP and rebooted the NAS it disappeared from the network and was never to be found again. Now I have a black brick standing in my home, looking good, but "dead". Could anyone point me in a direction which helps me solve this problem? I have about 100gb worth of pic of my children on this brick so I really want it back :-) Sincerely,

    Read the article

  • Facebook doesn't work on computer, but work on mobile device, both use the same router

    - by sasa
    I have a very strange problem and I'm thinking that can be problem with dns or something similar, but not sure and don't know how to solve. My computer is connected to router and every site works fine except facebook (Chrome and Firefox). Chrome shows "Error 101 (net::ERR_CONNECTION_RESET): The connection was reset." But, on mobile device witch is connected to the same router facebook works fine (Fb application and Delphin browser). Pinging facebook works fine. Clearing cookies and cache didn't help. Also, I performed antivirus and antimalware scan and there is nothing. What can be a problem? Update: I'm also connect notebook on that wifi router, and on it works fine. nslookup facebook.com Server: UnKnown Address: 192.168.1.1 Non-authoritative answer: Name: facebook.com Addresses: 2a03:2880:2110:3f01:face:b00c:: 2a03:2880:10:1f02:face:b00c:0:25 2a03:2880:10:8f01:face:b00c:0:25 69.171.224.37 69.171.229.11 69.171.242.11 66.220.149.11 66.220.158.11

    Read the article

  • Network Path not found while joining Active Directory

    - by Chiggins
    So I have an Amazon EC2 box running Windows Server 2008 with Active Directory installed on it. I also have a Windows 7 virtual machine, which is set to use the Active Directory box as its DNS and WINS server. I'm trying to join the virtual machine to the domain, and I'm asked for authentication. I give authentication, wait a minute, and I get an error saying: The following error occurred attempting to join the domain "ad.chigs.me": The network path was not found. How can I fix this so that I'll be able to join the domain?

    Read the article

  • How to get the place name by latitude and longitude using openstreetmap in android

    - by Gaurav kumar
    In my app i am using osm rather than google map.I have latitude and longitude.So from here how i will query to get the city name from osm database..please help me. final String requestString = "http://nominatim.openstreetmap.org/reverse?format=json&lat=" + Double.toString(lat) + "&lon=" + Double.toString(lon) + "&zoom=18&addressdetails=1"; RequestBuilder builder = new RequestBuilder(RequestBuilder.GET, URL.encode(requestString)); try { @SuppressWarnings("unused") Request request = builder.sendRequest(null, new RequestCallback() { @Override public void onResponseReceived(Request request, Response response) { if (response.getStatusCode() == 200) { String city = ""; try { JSONValue json = JSONParser.parseStrict(response); JSONObject address = json.isObject().get("address").isObject(); final String quotes = "^\"|\"$"; if (address.get("city") != null) { city = address.get("city").toString().replaceAll(quotes, ""); } else if (address.get("village") != null) { city = address.get("village").toString().replaceAll(quotes, ""); } } catch (Exception e) { } } } }); } catch (Exception e1) { }

    Read the article

  • RODC password replication and A/D sites and subnets

    - by Gregory Thomson
    I work at a school district with about 30 school sites. Windows 2008 A/D setup - all central at the district office. In A/D, all is under one site, and no subnets defined. One A/D forest and only one domain under that. We're now looking to start putting RODCs at the schools to put the authentication and DNS out there closer to them. I haven't worked with A/D sites and subnets, and only a little with RODC password replication. But just got an invite to a meeting to talk about this tomorrow... If we start breaking down the A/D pieces into sites/subnets, can we also use that as a way to help apply an RODC password replication policy in a way that matches so that only each school sites' users passwords are replicated/cached on their RODC?

    Read the article

  • How to close the logon process named NtLmSsp ?

    - by Aristos
    I have a windows 2003 server and time to time I am getting many login failures like this one. Logon Failure: Reason: Unknown user name or bad password User Name: administrator Domain: xx.xx.xx.xx Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NTLM Workstation Name: XLHOST Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 173.45.70.100 <- hacker Source Port: 4722 AND Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: user Source Workstation: XLHOST Error Code: 0xC0000064 The question is, how can I close this process of login ?, what I have left open and some one can try to login ? Some notes: I login to the server using tunneling, nothing is open except dns, email, and web ports, not even ftp, and all default ports are change and hidden. I also monitor port scan and capture any one that try to find the hidden ports. Probably it is something open... Thank you in advanced.

    Read the article

  • LinkSys WRT54GL + AM200 in half-bridge mode - Setup guide recommendations?

    - by Peter Mounce
    I am basically looking for a good guide on how to set up my home network with this set of hardware. I need: Dynamic DNS Firewall + port-forwarding VPN Wake-on-LAN from outside firewall VOIP would be nice QoS would be nice (make torrents take lower priority to other services when those other services are happening) DHCP Wireless + WPA2 security Ability to play multiplayer computer games I am not a networking or computing neophyte, but the last time I messed with network gear was a few years ago, so am needing to dust off knowledge I kinda half have. I have read that I should be wanting to set up the AM200 in half-bridge mode, so that the WRT54GL gets the WAN IP - this sounds like a good idea, but I'd still like to be advised. I have read that the dd-wrt firmware will meet my needs (though I gather I'll need the vpn-specific build, which appears to preclude supporting VOIP), but I'm not wedded to using it. My ISP supplies me with: a block of 8 static IPs, of which 5 are usable to me a PPPoA ADSL2+ connection

    Read the article

  • Function that copies into byte vector reverses values

    - by xeross
    Hey, I've written a function to copy any variable type into a byte vector, however whenever I insert something it gets inserted in reverse. Here's the code. template <class Type> void Packet::copyToByte(Type input, vector<uint8_t>&output) { copy((uint8_t*) &input, ((uint8_t*) &input) + sizeof(Type), back_inserter(output)); } Now whenever I add for example a uint16_t with the value 0x2f1f it gets inserted as 1f 2f instead of the expected 2f 1f. What am I doing wrong here ? Regards, Xeross

    Read the article

  • How to migrate exchange 2007 (sherweb) to Google Apps?

    - by Yoffe
    I need to migrate our Sherweb.com exchange 2007 services to a Google Apps account. For the process I am really not sure.. I understand I should start with creating aliases for all email accounts within the exchange server, in Google Apps, and here I'm not sure how am I supposed to explain the Exchange that the DNS have changed without losing emails.'' Second thing is: How can I safely move the up-to 3GB mailboxes from the Exchange server to the new Google Apps accounts? Must it be with Outlook data files? If so, how do I actually upload the data files into the Google Apps account? And if not, what would be a proper way to do so? Would really appreciate any kind of help.

    Read the article

  • How come I can't ping my home computer?

    - by bikefixxer
    I'm trying to set up a vpn into my home computer in order to access files from wherever. I have the home computer set up with a no-ip dynamic dns program so I can always connect, and have also tried using the actual ip address. However, when I try to connect or even ping from anywhere outside of my house I can't get through. I've tried putting that particular computer in the dmz, turned off the computers firewall and anti-virus, and I still don't get anything. I have comcast as my home internet provider. I have also tried from two different locations. Are there any other solutions I can try or is comcast the issue? I used to be able to do this when I ran a small web server at home for fun but now nothing works. Thanks in advance for any suggestions!

    Read the article

  • Adding an equation or formula to a figure caption in LaTeX

    - by gotgenes
    I have a figure in LaTeX with a caption to which I need to add a formula (equation* or displaymath environments). For example: \documentclass[12pt]{article} \begin{document} \begin{figure}[tbph] \begin{center} %... \end{center} \caption{As you can see \begin{displaymath}4 \ne 5\end{displaymath} } \label{fig:somefig} \end{figure} \end{document} This makes pdflatex angry, though it will produce a PDF. ! Argument of \@caption has an extra }. <inserted text> \par l.9 } What's the right way to go about adding an equation to a figure caption? NOTE: Please do not suggest simply using the $ ... $ math environment; the equation shown is a toy example; my real equation is much more intricate. See also: Adding a caption to an equation in LaTeX (the reverse of this question)

    Read the article

  • Commercial NAS RAID1 disks moved to Software Raid system?

    - by Rolnik
    I've got a couple of commercial NAS boxes and I'm wondering if they (ReadyNas duo, DLink DNS-323) or any other NAS is suitable for having their RAIDed disks moved to a software-based NAS. To be specific, I'm a big fan of the (largely) Debian-based Ubuntu. Can the aforementioned NAS drives be migrated to Ubuntu (e.g. using the mdadm Linux command)? Secondly, is there any commercial NAS that can be migrated over? Incidentally, here is a link to somebody who succeeded in a migration: http://www.linuxquestions.org/questions/slackware-14/moving-raid1-drives-into-computer-with-same-md-numbers-862312/ My specific scenario I'd like to prepare for, is the eventual (sudden) death of one of the NAS motherboards.

    Read the article

  • Powershell, Task Scheduler or loop and sleep

    - by Paddy Carroll
    I have a job that needs to go off every minute or so, it loads a DLL i have written in C# that retrieves state for an SQL Server Mirror (Primary, Mirror and witness) for a number of databases; it allows us to poke DNS to show where the primary instances are. Please don't mention Clustering - We're not doing that. I can't be arsed to write a service, there simply isn't enough time do I Task Scheduler - every minute: Invoke a powershell script that loads the DLL does the business Task scheduler - At Startup : Invoke a similer powershell script that loads the DLL once but then loops and sleeps, refreshing the Object that the DLL exposes. Pros and cons?

    Read the article

  • Need help identiying a nasty rootkit in Windows

    - by goofrider
    I have a nasty rootkit that not tools seem to be able to idenity. I know for sure it's a rootkit, but I can figure out which rootkit it is. Here's what I gathered so far: It creates multiple copies of itself in %HOME%\Local Settings\Temp with names like Q.EXE, IAJARZ.exe, etc., and install them as hidden services. These EXE have SysInternals identifiers in them so they're definitely rootkits. It hooked very deep in the system, including file read/write, security policies, registry read/write, and possibly WinSock/TCP/IP. When going to Sophos.com to download their software, the rootkit inject something called Microsoft Ajax Tootkit into the page, which injects code into the email submission form in order to redirect it. (EDIT: I might have panicked. Looks like Sophos does use an AJAZ email form, their form is just broken on Chrome so it looked like a mail form injection attack, the link is http://www.sophos.com/en-us/products/free-tools/virus-removal-tool/download.aspx ) Super-Antispyware found a lot of spyware cookies, in the name of .kaspersky.2o7.net, etc. (just chedk 2o7.net, looks like it's a legit ad company) I tried comparing DNS lookup from the infected systems and from system in other physical locations, no DNS redirections it seems. I used dd to copy the MBR and compared it with the MBR provided by ms-sys package, no differences so it's not infecting MBR. No antivirus or rootkit scanner be able to identify it. Most of them can't even find it. I tried scanning, in-situ (normal mode), in safe mode, and boot to linux live CD. Scanners used: Avast, Sophos anti rootkit, Kasersky TDSSKiller, GMER, RootkitRevealer, and many others. Kaspersky reported some unsigned system files that ought to be signed (e.g. tcpip.sys), and reported a number of MD5 mismatches. But otherwise couldn't identify anything based on signature. When running Sysinternal RootkitRevealer and Sophos AntiRootkit, CPU usage goes up to 100% and gets stucked. The Rootkit is blocking them. When trying running/installing HiJackThis, RootkitRevealer and some other scanners, it tells me system security policy prevent running/installing it. The list of malicious acitivities go on and on. here's a sample of logs from all my scans. In particular, aswSnx.SYS, apnenfno.sys and PROCMON20.SYS has a huge number of hooks. It's hard to tell if the rootkit replaced legit program files like aswSnx.SYS (from Avast) and PROCMON20.SYS (from Sysinternal Process Monitor). I can't find whether apnenfno.sys is from a legit program. Help to identify it is appreciated. Trend Micro RootkitBuster ------ [HIDDEN_REGISTRY][Hidden Reg Value]: KeyPath : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg Root : 586bfc0 SubKey : Cfg ValueName : g0 Data : 38 23 E8 D0 BF F2 2D 6F ... ValueType : 3 AccessType: 0 FullLength: 61 DataSize : 32 [HOOKED_SERVICE_API]: Service API : ZwCreateMutant Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS OriginalHandler : 0x8061758e CurrentHandler : 0xaa66cce8 ServiceNumber : 0x2b ModuleName : aswSnx.SYS SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwCreateThread Image Path : c:\windows\system32\drivers\apnenfno.sys OriginalHandler : 0x805d1038 CurrentHandler : 0xaa5f118c ServiceNumber : 0x35 ModuleName : apnenfno.sys SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwDeleteKey Image Path : C:\WINDOWS\system32\Drivers\PROCMON20.SYS OriginalHandler : 0x80624472 CurrentHandler : 0xa709b0f8 ServiceNumber : 0x3f ModuleName : PROCMON20.SYS SDTType : 0x0 HiJackThis ------ O23 - Service: JWAHQAGZ - Sysinternals - www.sysinternals.com - C:\DOCUME~1\jeff\LOCALS~1\Temp\JWAHQAGZ.exe O23 - Service: LHIJ - Sysinternals - www.sysinternals.com - C:\DOCUME~1\jeff\LOCALS~1\Temp\LHIJ.exe Kaspersky TDSSKiller ------ 21:05:58.0375 3936 C:\WINDOWS\system32\ati2sgag.exe - copied to quarantine 21:05:59.0217 3936 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:05:59.0342 3936 C:\WINDOWS\system32\BUFADPT.SYS - copied to quarantine 21:05:59.0856 3936 BUFADPT ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:05:59.0965 3936 C:\Program Files\CrashPlan\CrashPlanService.exe - copied to quarantine 21:06:00.0152 3936 CrashPlanService ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:06:00.0246 3936 C:\WINDOWS\system32\epmntdrv.sys - copied to quarantine 21:06:00.0433 3936 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:06:00.0464 3936 C:\WINDOWS\system32\EuGdiDrv.sys - copied to quarantine 21:06:00.0526 3936 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:06:00.0604 3936 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe - copied to quarantine 21:06:01.0181 3936 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:06:01.0321 3936 C:\Program Files\AddinForUNCFAT\UNCFATDMS.exe - copied to quarantine 21:06:01.0430 3936 OTFSDMS ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:06:01.0492 3936 C:\WINDOWS\system32\DRIVERS\tcpip.sys - copied to quarantine 21:06:01.0539 3936 Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:06:01.0601 3936 C:\DOCUME~1\jeff\LOCALS~1\Temp\TULPUWOX.exe - copied to quarantine 21:06:01.0664 3936 HKLM\SYSTEM\ControlSet003\services\TULPUWOX - will be deleted on reboot 21:06:01.0664 3936 C:\DOCUME~1\jeff\LOCALS~1\Temp\TULPUWOX.exe - will be deleted on reboot 21:06:01.0664 3936 TULPUWOX ( UnsignedFile.Multi.Generic ) - User select action: Delete 21:06:01.0757 3936 C:\WINDOWS\system32\Drivers\usbaapl.sys - copied to quarantine 21:06:01.0866 3936 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:06:01.0913 3936 C:\Program Files\VMware\VMware Player\vmware-authd.exe - copied to quarantine 21:06:02.0443 3936 VMAuthdService ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:06:02.0443 3936 vmount2 ( UnsignedFile.Multi.Generic ) - skipped by user 21:06:02.0443 3936 vmount2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:06:02.0459 3936 vstor2 ( UnsignedFile.Multi.Generic ) - skipped by user 21:06:02.0459 3936 vstor2 ( UnsignedFile.Multi.Generic ) - User select action: Skip

    Read the article

  • powershell task scheduler or loop and sleep

    - by Paddy Carroll
    I have a job that needs to go off every minute or so, it loads a DLL written in C# that retrieves state for an SQL Server Mirror (Primary, Mirror and witness) for a number of databases; it allows us to poke DNS to show where the primary instances are. Please don't mention Clustering - We're not doing that. I can't be arsed to write a service, there simply isn't enough time do I Task Scheduler - every minute: Invoke a powershell script that loads the DLL does the business Task scheduler - At Startup : Invoke a similer powershell script that loads the DLL once but then loops and sleeps, refreshing the Object that the DLL exposes. Pros and cons?

    Read the article

  • Hosting online with xampp?

    - by Andrew
    I'm not quite sure what I'm doing wrong, because from what I've read, this should all be working. What I've done: Forwarded ports 80, 8080, and 443. Changed the ServerName localhost:80 line in \apache\conf\httpd.conf to ServerName myip:80. Registered at dyndns.com, and have been using their update client to link my IP to the DNS thingy. Made sure xampp was using port 80, and started apache and MySql. And...nothing. What did I miss? =/.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 187 188 189 190 191 192 193 194 195 196 197 198  | Next Page >