Search Results

Search found 11363 results on 455 pages for 'elastic ip'.

Page 2/455 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • How do I map an elastic IP to a domain, dont want to use Route 53

    - by Kaustubh P
    This is the first time I am doing this, so noob alert. I have an ec2 instance, to which I have assigned an elastic IP. I want to map this elastic IP to a webaddress foo.com, which I have bought from name.com. How do I do this? It would be very helpful if you you increase my vocabulary, and tell me the things involved, I dont know where to begin, SO has always been helpful! This is a screenshot of my name.com CP:

    Read the article

  • Cisco 881 losing NAT NVI translation config after reload

    - by MasterRoot24
    This is a weird one, so I'll try to explain in as much detail as I can so I'm giving the whole picture. As I've mentioned in my other questions, I'm in the process of setting up a new Cisco 881 as my WAN router and NAT firewall. I'm facing an issue where NAT NVI rules that I have configured are not enabled after a reload of the router, regardless of the fact that they are present in the startup-config. In order to clarify this a little, here's the relevant section of my current running-config: Router1#show running-config | include nat source ip nat source list 1 interface FastEthernet4 overload ip nat source list 2 interface FastEthernet4 overload ip nat source static tcp 192.168.1.x 1723 interface FastEthernet4 1723 ip nat source static tcp 192.168.1.x 80 interface FastEthernet4 80 ip nat source static tcp 192.168.1.x 443 interface FastEthernet4 443 ip nat source static tcp 192.168.1.x 25 interface FastEthernet4 25 ip nat source static tcp 192.168.1.x 587 interface FastEthernet4 587 ip nat source static tcp 192.168.1.x 143 interface FastEthernet4 143 ip nat source static tcp 192.168.1.x 993 interface FastEthernet4 993 ...and here's the mappings 'in action': Router1#show ip nat nvi translations | include --- tcp <WAN IP>:25 192.168.1.x:25 --- --- tcp <WAN IP>:80 192.168.1.x:80 --- --- tcp <WAN IP>:143 192.168.1.x:143 --- --- tcp <WAN IP>:443 192.168.1.x:443 --- --- tcp <WAN IP>:587 192.168.1.x:587 --- --- tcp <WAN IP>:993 192.168.1.x:993 --- --- tcp <WAN IP>:1723 192.168.1.x:1723 --- --- ...and here's proof that the mappings are saved to startup-config: Router1#show startup-config | include nat source ip nat source list 1 interface FastEthernet4 overload ip nat source list 2 interface FastEthernet4 overload ip nat source static tcp 192.168.1.x 1723 interface FastEthernet4 1723 ip nat source static tcp 192.168.1.x 80 interface FastEthernet4 80 ip nat source static tcp 192.168.1.x 443 interface FastEthernet4 443 ip nat source static tcp 192.168.1.x 25 interface FastEthernet4 25 ip nat source static tcp 192.168.1.x 587 interface FastEthernet4 587 ip nat source static tcp 192.168.1.x 143 interface FastEthernet4 143 ip nat source static tcp 192.168.1.x 993 interface FastEthernet4 993 However, look what happens after a reload of the router: Router1#reload Proceed with reload? [confirm]Connection to router closed by remote host. Connection to router closed. $ ssh joe@router Password: Authorized Access only Router1>en Password: Router1#show ip nat nvi translations | include --- Router1# Router1#show ip nat translations | include --- tcp 188.222.181.173:25 192.168.1.2:25 --- --- tcp 188.222.181.173:80 192.168.1.2:80 --- --- tcp 188.222.181.173:143 192.168.1.2:143 --- --- tcp 188.222.181.173:443 192.168.1.2:443 --- --- tcp 188.222.181.173:587 192.168.1.2:587 --- --- tcp 188.222.181.173:993 192.168.1.2:993 --- --- tcp 188.222.181.173:1723 192.168.1.2:1723 --- --- Router1# Here's proof that the running config should have the mappings setup as NVI: Router1#show running-config | include nat source ip nat source list 1 interface FastEthernet4 overload ip nat source list 2 interface FastEthernet4 overload ip nat source static tcp 192.168.1.2 1723 interface FastEthernet4 1723 ip nat source static tcp 192.168.1.2 80 interface FastEthernet4 80 ip nat source static tcp 192.168.1.2 443 interface FastEthernet4 443 ip nat source static tcp 192.168.1.2 25 interface FastEthernet4 25 ip nat source static tcp 192.168.1.2 587 interface FastEthernet4 587 ip nat source static tcp 192.168.1.2 143 interface FastEthernet4 143 ip nat source static tcp 192.168.1.2 993 interface FastEthernet4 993 At this point, the mappings are not working (inbound connections from WAN on the HTTP/IMAP fail). I presume that this is because my interfaces are using ip nat enable for use with NVI mappings, instead of ip nat inside/outside. So, I re-apply the mappings: Router1#configure ter Router1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#ip nat source static tcp 192.168.1.2 1723 interface FastEthernet4 1723 Router1(config)#ip nat source static tcp 192.168.1.2 80 interface FastEthernet4 80 Router1(config)#ip nat source static tcp 192.168.1.2 443 interface FastEthernet4 443 Router1(config)#ip nat source static tcp 192.168.1.2 25 interface FastEthernet4 25 Router1(config)#ip nat source static tcp 192.168.1.2 587 interface FastEthernet4 587 Router1(config)#ip nat source static tcp 192.168.1.2 143 interface FastEthernet4 143 Router1(config)#ip nat source static tcp 192.168.1.2 993 interface FastEthernet4 993 Router1(config)#end ... then they show up correctly: Router1#show ip nat nvi translations | include --- tcp 188.222.181.173:25 192.168.1.2:25 --- --- tcp 188.222.181.173:80 192.168.1.2:80 --- --- tcp 188.222.181.173:143 192.168.1.2:143 --- --- tcp 188.222.181.173:443 192.168.1.2:443 --- --- tcp 188.222.181.173:587 192.168.1.2:587 --- --- tcp 188.222.181.173:993 192.168.1.2:993 --- --- tcp 188.222.181.173:1723 192.168.1.2:1723 --- --- Router1# Router1#show ip nat translations | include --- Router1# ... furthermore, now from both WAN and LAN, the services mapped above now work until the next reload. All of the above is required every time I have to reload the router (which is all too often at the moment :-( ). Here's my full current config: ! ! Last configuration change at 20:20:15 UTC Tue Dec 11 2012 by xxx version 15.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname xxx ! boot-start-marker boot-end-marker ! ! enable secret 4 xxxx ! aaa new-model ! ! aaa authentication login local_auth local ! ! ! ! ! aaa session-id common ! memory-size iomem 10 ! crypto pki trustpoint TP-self-signed-xxx enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-xxx revocation-check none rsakeypair TP-self-signed-xxx ! ! crypto pki certificate chain TP-self-signed-xxx certificate self-signed 01 xxx quit ip gratuitous-arps ip auth-proxy max-login-attempts 5 ip admission max-login-attempts 5 ! ! ! ! ! ip domain list dmz.xxx.local ip domain list xxx.local ip domain name dmz.xxx.local ip name-server 192.168.1.x ip cef login block-for 3 attempts 3 within 3 no ipv6 cef ! ! multilink bundle-name authenticated license udi pid CISCO881-SEC-K9 sn xxx ! ! username admin privilege 15 secret 4 xxx username joe secret 4 xxx ! ! ! ! ! ip ssh time-out 60 ! ! ! ! ! ! ! ! ! interface FastEthernet0 no ip address ! interface FastEthernet1 no ip address ! interface FastEthernet2 no ip address ! interface FastEthernet3 switchport access vlan 2 no ip address ! interface FastEthernet4 ip address dhcp ip access-group 101 in ip nat enable duplex auto speed auto ! interface Vlan1 ip address 192.168.1.x 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat enable ! interface Vlan2 ip address 192.168.0.x 255.255.255.0 ! ip forward-protocol nd ip http server ip http access-class 1 ip http authentication local ip http secure-server ! ! ip nat source list 1 interface FastEthernet4 overload ip nat source list 2 interface FastEthernet4 overload ip nat source static tcp 192.168.1.x 1723 interface FastEthernet4 1723 ! ! access-list 1 permit 192.168.0.0 0.0.0.255 access-list 2 permit 192.168.1.0 0.0.0.255 access-list 101 permit udp 193.x.x.0 0.0.0.255 any eq 5060 access-list 101 deny udp any any eq 5060 access-list 101 permit ip any any ! ! ! ! control-plane ! ! banner motd Authorized Access only ! line con 0 exec-timeout 15 0 login authentication local_auth line aux 0 exec-timeout 15 0 login authentication local_auth line vty 0 4 access-class 2 in login authentication local_auth length 0 transport input all ! ! end I'd appreciate it greatly if anyone can help me find out why these mappings are not setup correctly using the saved config after a reload.

    Read the article

  • multiple domains, one static IP address and latency

    - by shirish
    how is latency affected when multiple domains are using one single static IP address ? The scenario is in shared web-hosting By latency meaning the DNS lookup the client has to do. As far as I understand it, the browser would hit the root servers to try to figure out the IP Address and it belongs where and then when it comes to the correct server, it probably looks up some sort of table to determine which site names much and show that site as such via browser to the user. Is my understanding correct or backwards or what ?

    Read the article

  • Grouping IP Addresses based on ranges [on hold]

    - by mustard
    Say I have 5 different categories based on IP Address ranges for monitoring user base. What is the best way to categorize a list of input IP addresses into one of the 5 categories depending on which range it falls into? Would sorting using a segment tree structure be efficient? Specifically - I'm looking to see if there are more efficient ways to sort IP addresses into groups or ranges than using a segment sort. Example: I have a list of IP address ranges per country from http://dev.maxmind.com/geoip/legacy/geolite/ I am trying to group incoming user requests on a website per country for demographic analysis. My current approach is to use a segment tree structure for the IP address ranges and use lookups based on the structure to identify which range a given ip address belongs to. I would like to know if there is a better way of accomplishing this.

    Read the article

  • Forward the Wan IP to another Wan IP without change the Source address

    - by user195410
    I have tried this case by using the NAT function in iptables but fail example. PC A IP is 1.1.1.1 (Win7) My Server IP is 2.2.2.2 (CentOS 6.2) target Server B is 3.3.3.3 (Windows server 2003) Flow: PC A WanIP -- My Server A -- Server B (WanIP) ----My iptables rules--------- iptables -t nat -A PREROUTING -d 2.2.2.2 -p tcp --dport 80 -j DNAT --to-destination 3.3.3.3:80 iptables -t nat -A POSTROUTING -d 2.2.2.2 -j MASQUERADE finally, i can access server B website by enter 2.2.2.2:80 but when i checked the access log at Server B i found it's source address had been changed to src:2.2.2.2 dst:3.3.3.3 please help me to do how to get the real address is src:1.1.1.1 dst:3.3.3.3

    Read the article

  • Forward the Wan IP to another Wan IP without changing the source address

    - by user195410
    I have tried this case by using the NAT function in iptables but fail example. PC A IP is 1.1.1.1 (Win7) My Server IP is 2.2.2.2 (CentOS 6.2) target Server B is 3.3.3.3 (Windows server 2003) Flow: PC A WanIP -- My Server A -- Server B (WanIP) My iptables rules: 1. iptables -t nat -A PREROUTING -d 2.2.2.2 -p tcp --dport 80 -j DNAT --to-destination 3.3.3.3:80 2. iptables -t nat -A POSTROUTING -d 2.2.2.2 -j MASQUERADE finally, i can access server B website by enter 2.2.2.2:80 but when i checked the access log at Server B i found it's source address had been changed to src:2.2.2.2 dst:3.3.3.3 please help me to do how to get the real address is src:1.1.1.1 dst:3.3.3.3

    Read the article

  • Providing a static IP for resources behind AWS Elastic Load Balancer (ELB)

    - by tharrison
    I need a static IP address that handles SSL traffic from a known source (a partner). Our servers are behind an AWS Elastic Load Balancer (ELB), which cannot provide a static IP address; many threads about this here. My thought is to create an instance in EC2 whose sole purpose in life is to be a reverse proxy server having it's own IP address; accepting HTTPS requests and forwarding them to the load balancer. Are there better solutions?

    Read the article

  • Get the interface and ip address used to connect to a specific host (ip)

    - by umop
    I'm sure this has been asked and answered before, but I wasn't able to find it, so hopefully this will at least link someone to the right place. I want to find out my local interface and ip address used to reach a certain host. For instance, if I had 3 adapters connected to my box and they all three went to different networks, I'd like to know which of the three (specifically, its ip address) is used to reach my.local.intranet (in this case, it would be a vpn tunnel interface). I suspect this is a job for ifconfig or traceroute, but I haven't been able to find the correct switches. I'm running OSX 10.7 (Darwin) Thanks!

    Read the article

  • AWS Load Balancer with a static IP address

    - by user965904
    I have a set-up running on Amazon cloud with a couple of EC2 Instances running through a load balancer. It is important that the site has a unique(static) IP or set of IPs as I'm plugging in 3rd party APIs which only accept requests made from IPs which have been added to their whitelist. So basically unless we can give these 3rd parties a static IP or range of IPs that the requests from the site will always come from then we would be unable to make any calls to them. Anyone knows how to achieve this as I know that Elastic IPs are not compatible with load balancers? If I were to look up the IP of the load balancer DNS name (e.g. dualstack.awseb-BAMobile-ENV-xxxxxxxxx.eu-west-1.elb.amazonaws.com resolves to 200.200.200.200) would that IP be Static? Any help/advise is greatly appreciated guys.

    Read the article

  • Do Spambots have access to unlimited IP addresses?

    - by Reg Gordon
    I have been attacked for weeks by the same spambot trying to brute force the login page. I have a login security module now installed on my Drupal 6 website and it bans on IP after x amount of attempts. It's been going on for ever and I have banned about 1000 IP addresses. Is there any point in me banning on IP due to the spambot having access to unlimited IP addresses or will they run out of them eventually?

    Read the article

  • php: showing my country based on my IP, mysql optimized

    - by andufo
    I'm downloaded WIPmania's worldip table from http://www.wipmania.com/en/base/ -- the table has 3 fields and around 79k rows: startip // example: 3363110912 endip // example: 3363112063 country // example: AR (Argentina) So, lets suppose i'm in Argentina and my IP address is: 200.117.248.17 1) I use this function to convert my ip to long function ip_address_to_number($ip) { if(!$ip) { return false; } else { $ip = split('\.',$ip); return($ip[0]*16777216 + $ip[1]*65536 + $ip[2]*256 + $ip[3]); } } 2) I search for the proper country code by matching the long converted ip: $sql = 'SELECT * FROM worldip WHERE '.ip_address_to_number($_SERVER['REMOTE_ADDR']).' BETWEEN startip AND endip'; which is equivalent to: SELECT country FROM worldip WHERE 3363174417 BETWEEN startip AND endip (benchmark: Showing rows 0 - 0 (1 total, Query took 0.2109 sec)) Now comes the real question. What if another bunch of argentinian guys also open the website and they all have these ip addresses: 200.117.248.17 200.117.233.10 200.117.241.88 200.117.159.24 Since i'm caching all the sql queries; instead of matching EACH of the ip queries in the database, would it be better (and right) just to match the 2 first sections of the ip by modifying the function like this? function ip_address_to_number($ip) { if(!$ip) { return false; } else { $ip = split('\.',$ip); return($ip[0]*16777216 + $ip[1]*65536); } } (notice that the 3rd and 4th splitted values of the IP have been removed). That way instead of querying these 4 values: 3363174417 3363170570 3363172696 3363151640 ...all i have to query is: 3363110912 (which is 200.117.0.0 converted to long). Is this right? any other ideas to optimize this process? Thanks!

    Read the article

  • PHP: detecting IP's entry to a specific IP range

    - by ilnur777
    I have the PHP function that determines whether one IP goes to a specific IP range, but I don't know how to find out the IP's network and mask. Can anyone help with this? <? // Example of calling and checking IP-address 192.168.0.4 // belonging to a network 192.168.0.0 with mask 255.255.255.248 if(ip_vs_net("192.168.0.4","192.168.0.0","255.255.255.248")){ print "Address belongs to a netwok<BR>"; } else { print "Address is out of subnetwork's range<BR>"; } function ip_vs_net($ip,$network,$mask){ if(((ip2long($ip))&(ip2long($mask)))==ip2long($network)){ return 1; } else { return 0; } } ?>

    Read the article

  • Are same IP address with different submask unique?

    - by xEnOn
    In a same block of IPv4 addresses, can there be same IPs with different submasks? For example, can I have this: 180.70.65.140/26 180.70.65.140/25 180.70.65.140/24 All the 3 addresses above have the same numbers but different subnet mask. Are all the 3 addresses distinct of their own? In other words, 180.70.65.140/25 belongs to User A, 180.70.65.140/25 belongs to User B and 180.70.65.140/24 belongs to User C? After applying the submask, their network addresses look like this: 180.70.65.140/26 --> 180.70.65.128/26 180.70.65.140/25 --> 180.70.65.128/25 180.70.65.140/24 --> 180.70.65.0/24 If the addresses are recognised uniquely, how is it so? How would each of the these addresses being recognised to be unique? I am thinking like once I have 180.70.65.140/26, I can't reuse the same numbers of 180.70.65.140 again but since classless is meant to increase the number of IP addresses, it would do much if I can't reuse.

    Read the article

  • Access internal IP using public IP

    - by willvv
    Hi, I have a DSL modem with a public IP address (201.206.x.x), and I have a web server in my internal network (192.168.0.50). I set up the modem to forward requests to port 80 to my web server, so, if I access 201.206.x.x from outside my network, it shows my web page, the same happens if I access 192.168.0.50 from a computer inside my network. Now, the problem is when I try to access 201.206.x.x from my internal network, the browser tries to connect to the DSL modem configuration, instead of redirecting my request to my Web server. Which settings do I have to change in the modem to set up this redirection? Thanks!

    Read the article

  • Set IP address to point to certain domain

    - by silvercover
    I have a Linux VPS, DirectAdmin as web panel and already set a domain to it. everything is OK and I can see my website in my browser using domain name. Now I need to have access to my site using its IP address. something like http://86.57.88.29, but when I try to load my site in a browser using its IP I get below message and I have to post-fix my IP with /~admin (http://86.57.88.29/~admin) to get it work. This IP is being shared among many domains. To view the domain you are looking for, simply enter the domain name in the location bar of your web browser. So how can I configure my IP to point to my public_html folder without and ~admin like phrase? Thanks.

    Read the article

  • Finding Local IP via Socket Creation / getsockname

    - by BSchlinker
    I need to get the IP address of a system within C++. I followed the logic and advice of another comment on here and created a socket and then utilized getsockname to determine the IP address which the socket is bound to. However, this doesn't appear to work (code below). I'm receiving an invalid IP address (58.etc) when I should be receiving a 128.etc Any ideas? string Routes::systemIP(){ // basic setup int sockfd; char str[INET_ADDRSTRLEN]; sockaddr* sa; socklen_t* sl; struct addrinfo hints, *servinfo, *p; int rv; memset(&hints, 0, sizeof hints); hints.ai_family = AF_UNSPEC; hints.ai_socktype = SOCK_DGRAM; if ((rv = getaddrinfo("4.2.2.1", "80", &hints, &servinfo)) != 0) { fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(rv)); return "1"; } // loop through all the results and make a socket for(p = servinfo; p != NULL; p = p->ai_next) { if ((sockfd = socket(p->ai_family, p->ai_socktype, p->ai_protocol)) == -1) { perror("talker: socket"); continue; } break; } if (p == NULL) { fprintf(stderr, "talker: failed to bind socket\n"); return "2"; } // get information on the local IP from the socket we created getsockname(sockfd, sa, sl); // convert the sockaddr to a sockaddr_in via casting struct sockaddr_in *sa_ipv4 = (struct sockaddr_in *)sa; // get the IP from the sockaddr_in and print it inet_ntop(AF_INET, &(sa_ipv4->sin_addr.s_addr), str, INET_ADDRSTRLEN); printf("%s\n", str); // return the IP return str; }

    Read the article

  • Automatically Applying Security Updates for AWS Elastic Beanstalk

    - by Eric Anderson
    I've been a fan of Heroku since it's earliest days. But I like the fact that AWS Elastic Beanstalk gives you more control over the characteristics of the instances. One thing I love about Heroku is the fact that I can deploy an app and not worry about managing it. I am assuming Heroku is ensuring all OS security updates are timely applied. I just need to make sure my app is secure. My initial research on Beanstalk shows that although it builds and configures the instances for you, after that it moves to a more manual management process. Security updates won't automatically be applied to the instances. It seems there are two areas of concerns: New AMI releases - As new AMI releases hit it seems we would want to run the latest (presumably most secure). But my research seems to indicate you need to manually launch a new setup to see the latest AMI version and then create a new environment to use that new version. Is there a better automated way of rotating your instances into new AMI releases? In between releases there will be security updates released for packages. Seems we want to upgrade those as well. My research seems to indicate people install commands to occasionally run a yum update. But since new instances are created/destroyed based on usage it seems that the new instances would not always have the updates (i.e. the time between the instance creation and the first yum update). So occasionally you will have instances that aren't patched. And you are also going to have instances constantly patching themselves until the new AMI release is applied. My other concern is that perhaps these security updates haven't gone through Amazon's own review (like the AMI releases do) and it might break my app to automatically update them. I know Dreamhost once had a 12 hour outage because they were applying debian updates completely automatically without any review. I want to make sure the same thing doesn't happen to me. So my question is does Amazon provide a way to offer fully managed PaaS like Heroku? Or is AWS Elastic Beanstalk really more of just a install script and after that you are on your own (other than the monitoring and deployment tools they provide)?

    Read the article

  • Auto blocking attacking IP address

    - by dong
    This is to share my PowerShell code online. I original asked this question on MSDN forum (or TechNet?) here: http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/f950686e-e3f8-4cf2-b8ec-2685c1ed7a77 In short, this is trying to find attacking IP address then add it into Firewall block rule. So I suppose: 1, You are running a Windows Server 2008 facing the Internet. 2, You need to have some port open for service, e.g. TCP 21 for FTP; TCP 3389 for Remote Desktop. You can see in my code I’m only dealing with these two since that’s what I opened. You can add further port number if you like, but the way to process might be different with these two. 3, I strongly suggest you use STRONG password and follow all security best practices, this ps1 code is NOT for adding security to your server, but reduce the nuisance from brute force attack, and make sys admin’s life easier: i.e. your FTP log won’t hold megabytes of nonsense, your Windows system log will not roll back and only can tell you what happened last month. 4, You are comfortable with setting up Windows Firewall rules, in my code, my rule has a name of “MY BLACKLIST”, you need to setup a similar one, and set it to BLOCK everything. 5, My rule is dangerous because it has the risk to block myself out as well. I do have a backup plan i.e. the DELL DRAC5 so that if that happens, I still can remote console to my server and reset the firewall. 6, By no means the code is perfect, the coding style, the use of PowerShell skills, the hard coded part, all can be improved, it’s just that it’s good enough for me already. It has been running on my server for more than 7 MONTHS. 7, Current code still has problem, I didn’t solve it yet, further on this point after the code. :)    #Dong Xie, March 2012  #my simple code to monitor attack and deal with it  #Windows Server 2008 Logon Type  #8: NetworkCleartext, i.e. FTP  #10: RemoteInteractive, i.e. RDP    $tick = 0;  "Start to run at: " + (get-date);    $regex1 = [regex] "192\.168\.100\.(?:101|102):3389\s+(\d+\.\d+\.\d+\.\d+)";  $regex2 = [regex] "Source Network Address:\t(\d+\.\d+\.\d+\.\d+)";    while($True) {   $blacklist = @();     "Running... (tick:" + $tick + ")"; $tick+=1;    #Port 3389  $a = @()  netstat -no | Select-String ":3389" | ? { $m = $regex1.Match($_); `    $ip = $m.Groups[1].Value; if ($m.Success -and $ip -ne "10.0.0.1") {$a = $a + $ip;} }  if ($a.count -gt 0) {    $ips = get-eventlog Security -Newest 1000 | Where-Object {$_.EventID -eq 4625 -and $_.Message -match "Logon Type:\s+10"} | foreach { `      $m = $regex2.Match($_.Message); $ip = $m.Groups[1].Value; $ip; } | Sort-Object | Tee-Object -Variable list | Get-Unique    foreach ($ip in $a) { if ($ips -contains $ip) {      if (-not ($blacklist -contains $ip)) {        $attack_count = ($list | Select-String $ip -SimpleMatch | Measure-Object).count;        "Found attacking IP on 3389: " + $ip + ", with count: " + $attack_count;        if ($attack_count -ge 20) {$blacklist = $blacklist + $ip;}      }      }    }  }      #FTP  $now = (Get-Date).AddMinutes(-5); #check only last 5 mins.     #Get-EventLog has built-in switch for EventID, Message, Time, etc. but using any of these it will be VERY slow.  $count = (Get-EventLog Security -Newest 1000 | Where-Object {$_.EventID -eq 4625 -and $_.Message -match "Logon Type:\s+8" -and `              $_.TimeGenerated.CompareTo($now) -gt 0} | Measure-Object).count;  if ($count -gt 50) #threshold  {     $ips = @();     $ips1 = dir "C:\inetpub\logs\LogFiles\FPTSVC2" | Sort-Object -Property LastWriteTime -Descending `       | select -First 1 | gc | select -Last 200 | where {$_ -match "An\+error\+occured\+during\+the\+authentication\+process."} `        | Select-String -Pattern "(\d+\.\d+\.\d+\.\d+)" | select -ExpandProperty Matches | select -ExpandProperty value | Group-Object `        | where {$_.Count -ge 10} | select -ExpandProperty Name;       $ips2 = dir "C:\inetpub\logs\LogFiles\FTPSVC3" | Sort-Object -Property LastWriteTime -Descending `       | select -First 1 | gc | select -Last 200 | where {$_ -match "An\+error\+occured\+during\+the\+authentication\+process."} `        | Select-String -Pattern "(\d+\.\d+\.\d+\.\d+)" | select -ExpandProperty Matches | select -ExpandProperty value | Group-Object `        | where {$_.Count -ge 10} | select -ExpandProperty Name;     $ips += $ips1; $ips += $ips2; $ips = $ips | where {$_ -ne "10.0.0.1"} | Sort-Object | Get-Unique;         foreach ($ip in $ips) {       if (-not ($blacklist -contains $ip)) {        "Found attacking IP on FTP: " + $ip;        $blacklist = $blacklist + $ip;       }     }  }        #Firewall change <# $current = (netsh advfirewall firewall show rule name="MY BLACKLIST" | where {$_ -match "RemoteIP"}).replace("RemoteIP:", "").replace(" ","").replace("/255.255.255.255",""); #inside $current there is no \r or \n need remove. foreach ($ip in $blacklist) { if (-not ($current -match $ip) -and -not ($ip -like "10.0.0.*")) {"Adding this IP into firewall blocklist: " + $ip; $c= 'netsh advfirewall firewall set rule name="MY BLACKLIST" new RemoteIP="{0},{1}"' -f $ip, $current; Invoke-Expression $c; } } #>    foreach ($ip in $blacklist) {    $fw=New-object –comObject HNetCfg.FwPolicy2; # http://blogs.technet.com/b/jamesone/archive/2009/02/18/how-to-manage-the-windows-firewall-settings-with-powershell.aspx    $myrule = $fw.Rules | where {$_.Name -eq "MY BLACKLIST"} | select -First 1; # Potential bug here?    if (-not ($myrule.RemoteAddresses -match $ip) -and -not ($ip -like "10.0.0.*"))      {"Adding this IP into firewall blocklist: " + $ip;         $myrule.RemoteAddresses+=(","+$ip);      }  }    Wait-Event -Timeout 30 #pause 30 secs    } # end of top while loop.   Further points: 1, I suppose the server is listening on port 3389 on server IP: 192.168.100.101 and 192.168.100.102, you need to replace that with your real IP. 2, I suppose you are Remote Desktop to this server from a workstation with IP: 10.0.0.1. Please replace as well. 3, The threshold for 3389 attack is 20, you don’t want to block yourself just because you typed your password wrong 3 times, you can change this threshold by your own reasoning. 4, FTP is checking the log for attack only to the last 5 mins, you can change that as well. 5, I suppose the server is serving FTP on both IP address and their LOG path are C:\inetpub\logs\LogFiles\FPTSVC2 and C:\inetpub\logs\LogFiles\FPTSVC3. Change accordingly. 6, FTP checking code is only asking for the last 200 lines of log, and the threshold is 10, change as you wish. 7, the code runs in a loop, you can set the loop time at the last line. To run this code, copy and paste to your editor, finish all the editing, get it to your server, and open an CMD window, then type powershell.exe –file your_powershell_file_name.ps1, it will start running, you can Ctrl-C to break it. This is what you see when it’s running: This is when it detected attack and adding the firewall rule: Regarding the design of the code: 1, There are many ways you can detect the attack, but to add an IP into a block rule is no small thing, you need to think hard before doing it, reason for that may include: You don’t want block yourself; and not blocking your customer/user, i.e. the good guy. 2, Thus for each service/port, I double check. For 3389, first it needs to show in netstat.exe, then the Event log; for FTP, first check the Event log, then the FTP log files. 3, At three places I need to make sure I’m not adding myself into the block rule. –ne with single IP, –like with subnet.   Now the final bit: 1, The code will stop working after a while (depends on how busy you are attacked, could be weeks, months, or days?!) It will throw Red error message in CMD, don’t Panic, it does no harm, but it also no longer blocking new attack. THE REASON is not confirmed with MS people: the COM object to manage firewall, you can only give it a list of IP addresses to the length of around 32KB I think, once it reaches the limit, you get the error message. 2, This is in fact my second solution to use the COM object, the first solution is still in the comment block for your reference, which is using netsh, that fails because being run from CMD, you can only throw it a list of IP to 8KB. 3, I haven’t worked the workaround yet, some ideas include: wrap that RemoteAddresses setting line with error checking and once it reaches the limit, use the newly detected IP to be the list, not appending to it. This basically reset your block rule to ground zero and lose the previous bad IPs. This does no harm as it sounds, because given a certain period has passed, any these bad IPs still not repent and continue the attack to you, it only got 30 seconds or 20 guesses of your password before you block it again. And there is the benefit that the bad IP may turn back to the good hands again, and you are not blocking a potential customer or your CEO’s home pc because once upon a time, it’s a zombie. Thus the ZEN of blocking: never block any IP for too long. 4, But if you insist to block the ugly forever, my other ideas include: You call MS support, ask them how can we set an arbitrary length of IP addresses in a rule; at least from my experiences at the Forum, they don’t know and they don’t care, because they think the dynamic blocking should be done by some expensive hardware. Or, from programming perspective, you can create a new rule once the old is full, then you’ll have MY BLACKLIST1, MY  BLACKLIST2, MY BLACKLIST3, … etc. Once in a while you can compile them together and start a business to sell your blacklist on the market! Enjoy the code! p.s. (PowerShell is REALLY REALLY GREAT!)

    Read the article

  • Mnemonic external IP

    - by Click Ok
    When diagnosing networking problems, I ping to: My local IP My gateway IP An external IP An external domain name Usually, when troubleshooting, the internet is unaccessible, then I need to remember an external IP address. I need any (easy to remember) IP address. By example, google ip is 72.14.204.147. Cool, but it's hard to remember... What external IP you use? Do you have an mnemonic external IP address, then will be easy to remember?

    Read the article

  • Why is my eth0 getting a dynamic ip when it is configured to be static?

    - by sdek
    For some reason our office linux box is being assigned an ip address via dhcp and I don't know why. What is confusing to me is that when I check system-config-network it shows that my eth0 is setup to be a static ip address. And /etc/sysconfig/network-scripts/ifcfg-eth0 also shows it is setup to be a static ip, yet it is getting a different ip address than the one specified in the ifcfg-eth0. Let me know if you have any suggestions on or ideas on where I can look next. Here are a few details that might help you figure out what an idiot I am :) Fedora 11 Router in front of this box is running dhcp, starting at 10.42.1.100 This box is configured to be 10.42.1.50 (at least I think it is!), subnet 255.255.255.0 (which is same as the router's lan subnet) Instead of having the static IP, this box is getting assigned 10.42.1.100. Here are the ifcfg-eth0 details DEVICE=eth0 BOOTPROTO=none ONBOOT=yes TYPE=Ethernet USERCTL=no NM_CONTROLLED=no NETMASK=255.255.255.0 IPADDR=10.42.1.50 GATEWAY=10.42.1.1

    Read the article

  • Two routers, one off-site, same ISP-assigned static IP. A recipe for conflict?

    - by boost
    This is the situation I've inherited: There are two routers, one off-site. Both are connected to the ISP. The ISP assigns both of them the same static IP (or so it seems). Presumably, the network problems we're having are related to the idea that you can't have two instances of the same IP. So we rang up the folk off-site and told them to turn off the router. Now everything's working okay here. How do I get around this? Get another static IP? Figure out how to get the router to ask for a dynamic IP (as we're not using the static IP for anything)?

    Read the article

  • How to get nginx to serve up on an elastic IP

    - by geekbri
    I have an EC2 instance which is serving up PHP pages with nginx and php-fpm. This works perfectly fine when accessed through the public DNS for the instance. However if I try to access the site with the Elastic IP which is bound to it, it serves up a generic "Welcome to nginx" page, even though in my server block i have listen 80 (which i thought listened on all incoming IPs on port 80). Here is my nginx config. server { listen 80; access_log /var/log/nginx/access.log; root "/var/www/clipperz/"; index index.html index.php; # Default location location / { try_files $uri $uri/ index.html; } # Parse all .php file in the $document_root directory location ~ .php$ { include fastcgi_params; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; } }

    Read the article

  • Elastic beanstalk access private git repo

    - by user221676
    I am trying to currently add an ssh key to my elastic beanstalk instances using .ebextensions commands. The keys I have stored are in my application code and I try to copy them to the root .ssh folder so I can access them when doing a git+ssh clone later here is an example of the config file in my .ebextensions folder packages: yum: git: [] container_commands: 01-move-ssh-keys: command: "cp .ssh/* ~root/.ssh/; chmod 400 ~root/.ssh/tca_read_rsa; chmod 400 ~root/.ssh/tca_read_rsa.pub; chmod 644 ~root/.ssh/known_hosts;" 02-add-ssh-keys: command: "ssh-add ~root/.ssh/tca_read_rsa" the problem is that I get is an error when attempting to clone the repo Host key verification failed. I have tried many ways of try to add the host to the known_hosts file but none have worked! The command that is doing the clone is npm install as the repo points to a node module

    Read the article

  • Shared hosting with dedicated IP

    - by JP19
    Hi, Can you please mention here if you know any shared hosting providers who give option to get a dedicated IP? So far I know of one - Netfirms. Please list others if you know. Notes: 1) If mods feel enough people might be interested in this, we can make it community wiki. 2) The reason why someone would want shared hosting with dedicated IP is: i) In most shared hosting plans, you end up getting better CPU/burst RAM than a VPS provided you don't abuse. ii) Dedicated IP is good for SEO. For example, many times, you may get up getting an IP where some p*** sites are also hosted in shared hosting.

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >