Search Results

Search found 98 results on 4 pages for 'spoofing'.

Page 3/4 | < Previous Page | 1 2 3 4  | Next Page >

• JMeter - successfull HTTPS recording?

  Greetings, I'm utilizing Jmeter 2.3, which now supports "attempt HTTPS spoofing" under the Proxy Server element. I've tried on several different servers, and have had no success. Has anyone been able to successfully record from an HTTPS source with this setting? Or barring successfully recording, can anyone share a work-around? When available, I simply have HTTPS turned off at the server level, but this is not always feasible. THoughts?

  Read the article

• How to send emails with a Return Path in .net 3.5

  - by Haroon

  Can any one guide me on how i can send emails with a return path in ASP.net 3.5 / C# 3.5. I know this was possible few years back but now due to spoofing issues this is not possible. I have been looking on internet but no use. I want the emails if bounced, should reach my bounce mail box, which could be like [email protected]. Please guide. Really stuck ... Best regards, Haroon

  Read the article

• Bridging VirtualBox over OpenVPN TAP adapter on Windows

  - by Sean Edwards

  I'm trying to configure a virtual machine (VirtualBox guest running Backtrack 4) with a bridged adapter over a VPN connection. The VPN is is hosted by the cybersecurity club at my university, and connects to a sandboxed LAN designed for penetration testing against various servers that the club has built. My host (Windows 7 Ultimate) connects to the VPN fine and is assigned an IP through DHCP, but for some reason the VM can't do the same thing, and I'm not sure why. It's like OpenVPN is filtering out packets from the MAC address it doesn't recognize. I want the virtual machine to bridge over the VPN connection, because our IT office has very strict policies about what you can and can't do on the network. I want to be able to run active attacks (ARP spoofing, nmap, Nessus scans) in the sandbox environment without risking the traffic accidentally going over the university network and getting my internet access revoked. Bridging over the VPN connection and running all attacks from inside the VM would solve that problem. Any idea why the host can use this interface, but the VM can't?

  Read the article

• DNS Server Spoofed Request Amplification DDoS - Prevention

  - by Shackrock

  I've been conducting security scans, and a new one popped up for me: DNS Server Spoofed Request Amplification DDoS The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer which is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server. General Solution: Restrict access to your DNS server from public network or reconfigure it to reject such queries. I'm hosting my own DNS for my website. I'm not sure what the solution is here... I'm really looking for some concrete detailed steps to patch this, but haven't found any yet. Any ideas? CentOS5 with WHM and CPanel. Also see: http://securitytnt.com/dns-amplification-attack/

  Read the article

• Bridging VirtualBox over OpenVPN TAC adapter on Windows

  - by Sean Edwards

  I'm trying to configure a virtual machine (VirtualBox guest running Backtrack 4) with a bridged adapter over a VPN connection. The VPN is is hosted by the cybersecurity club at my university, and connects to a sandboxed LAN designed for penetration testing against various servers that the club has built. My host (Windows 7 Ultimate) connects to the VPN fine and is assigned an IP through DHCP, but for some reason the VM can't do the same thing, and I'm not sure why. It's like OpenVPN is filtering out packets from the MAC address it doesn't recognize. I want the virtual machine to bridge over the VPN connection, because our IT office has very strict policies about what you can and can't do on the network. I want to be able to run active attacks (ARP spoofing, nmap, Nessus scans) in the sandbox environment without risking the traffic accidentally going over the university network and getting my internet access revoked. Bridging over the VPN connection and running all attacks from inside the VM would solve that problem. Any idea why the host can use this interface, but the VM can't?

  Read the article

• Detecting man-in-the-middle attacks?

  - by Ilari Kajaste

  There seem to be many possible ways to create man-in-the-middle attacks on public access points, by stealing the access point's local IP address with ARP spoofing. The possible attacks range from forging password request fields, to changing HTTPS connections to HTTP, and even the recently discovered possibilit of injecting malicious headers in the beginning of secure TLS connections. However, it seems to be claimed that these attacks are not very common. It would be interesting to see for myself. What ways are there to detect if such an attack is being attempted by someone on the network? I guess getting served a plain HTTP login page would be an obvious clue, and of course you could run Wireshark and keep reading all the interesting ARP traffic... But an automated solution would be a tiny bit more handy. Something that analyzes stuff on the background and alerts if an attack is detected on the network. It would be interesting to see for myself if these attack are actually going on somewhere.

  Read the article

• Bridge virtual machines out WLAN interface

  - by Thomas

  It seems that my wlan card (intel 5100 AGN) firmware doesn't allow "spoofing" MAC addresses. This has the side effect of destroying the capability to bridge out my virtual machines on that interface. Apparently this is a common thing on wlan cards. I can see the incoming traffic just fine in my virtual machines, but their DHCP queries don't get bridged out of the WLAN card. It works perfectly well when using the wired ethernet port. Is there a workaround for this? MAC-NAT or something? I don't want to route my virtual machines out to the Internet because I don't want my host OS to even have an IP address. I'm using Linux and KVM for virtualization.

  Read the article

• change ip address verizon fios [closed]

  - by John Smith

  One well documented way to change a dynamically assigned ip address is to log into the router configuration settings and change the mac address , disconnect the router and modem, and to turn it all back on. This actually worked with a basic modem connected by ethernet directly to a laptop, spoofing laptop mac address, with a cable internet provider. Now this question is specific to fiber optic internet providers who bundle with tv and internet (verizon fios, comcast xfinity). Verizon fios installation comes with an actiontec router, and there is a built in way to clone the mac address in the router configuration settings. What will happen if the mac address changes from what verizon installed it as? Will they get angry and disconnect service? Will other services other than internet stop working (tv or phone)?

  Read the article

• Bridging VirtualBox over OpenVPN TAP adapter on Windows

  - by Sean Edwards

  I'm trying to configure a virtual machine (VirtualBox guest running Backtrack 4) with a bridged adapter over a VPN connection. The VPN is is hosted by the cybersecurity club at my university, and connects to a sandboxed LAN designed for penetration testing against various servers that the club has built. My host (Windows 7 Ultimate) connects to the VPN fine and is assigned an IP through DHCP, but for some reason the VM can't do the same thing, and I'm not sure why. It's like OpenVPN is filtering out packets from the MAC address it doesn't recognize. I want the virtual machine to bridge over the VPN connection, because our IT office has very strict policies about what you can and can't do on the network. I want to be able to run active attacks (ARP spoofing, nmap, Nessus scans) in the sandbox environment without risking the traffic accidentally going over the university network and getting my internet access revoked. Bridging over the VPN connection and running all attacks from inside the VM would solve that problem. Any idea why the host can use this interface, but the VM can't?

  Read the article

• Bridge virtual machines out WLAN interface

  - by Thomas

  It seems that my wlan card (intel 5100 AGN) firmware doesn't allow "spoofing" MAC addresses. This has the side effect of destroying the capability to bridge out my virtual machines on that interface. Apparently this is a common thing on wlan cards. I can see the incoming traffic just fine in my virtual machines, but their DHCP queries don't get bridged out of the WLAN card. It works perfectly well when using the wired ethernet port. Is there a workaround for this? MAC-NAT or something? I don't want to route my virtual machines out to the Internet because I don't want my host OS to even have an IP address. I'm using Linux and KVM for virtualization.

  Read the article

• RDP failing due to Audit Failure on the IPSec driver

  - by paulwhit

  I am trying to RDP into a Windows 7 Hyper-V image connected to a corporate network that publishes IPSec policies via Active Directory. I am seeing this error in the log: IPsec dropped an inbound clear text packet that should have been secured. If the remote computer is configured with a Request Outbound IPsec policy, this might be benign and expected. This can also be caused by the remote computer changing its IPsec policy without informing this computer. This could also be a spoofing attack attempt. Remote Network Address: XXX.XXX.XXX.XXX Inbound SA SPI: 0 How do I change my settings on the computer using RDP to something suitable for the domain-joined Hyper-V image?

  Read the article

• What free Remote Desktop (server) solutions are there?

  - by Tao

  I know Ubuntu comes with a "Remote Desktop" option that appears to be a straightforward VNC server, and I'm trying to understand the alternatives. Here are the possibilities I've heard about so far: VNC VNC + SSH Tunnelling NX Server, free edition FreeNX NeatX X2Go X11 Forwarding over SSH xrdp I'm coming at this from a Windows user's perspective: To the best of my experience, RDP (aka Terminal Services) is a reasonably secure (barring mitm/server spoofing), efficient desktop sharing protocol with well-supported clients, that can be exposed to the internet when necessary without major fears of intrusion. To the best of my knowledge straight VNC is none of those things, which is where I get confused - why wouldn't a better desktop sharing technology be developed or used in the open-source world? I know VNC can be wrapped with SSH, but that seems beyond the reach of a casual user. X11 forwarding over SSH may be more or less efficient, I have no idea, but is definitely even more complicated, and doesn't (as far as I know) give you access to already-running stuff (no desktop sharing as such, just remote application running). So, I'd like any feedback/preferences amongst these or any other "Free" desktop sharing options, using these criteria and/or any others: Security (esp. for access across internet) Efficiency (bandwidth usage, responsiveness, etc) Free-ness, as in Speech (not sure where RDP or FreeNX lie for this) Free-ness, as in Beer (are there any commercial solutions with usable dependable free offerings?) Ease of use (server and client side) Cross-OS Client availability Cross-OS Server availability Support for independent sessions and shared (and/or "Console") sessions Ongoing support/maintenance/development Thanks!

  Read the article

• Hardening network with sysctl settings made Wi-fi downloading speed extremely slow

  - by Rohit Bansal

  I just followed up following steps to harden network security The /etc/sysctl.conf file contain all the sysctl settings. Prevent source routing of incoming packets and log malformed IP's enter the following in a terminal window: sudo vi /etc/sysctl.conf Edit the `/etc/sysctl.conf` file and un-comment or add the following lines : # IP Spoofing protection net.ipv4.conf.all.rp_filter = 1 net.ipv4.conf.default.rp_filter = 1 # Ignore ICMP broadcast requests net.ipv4.icmp_echo_ignore_broadcasts = 1 # Disable source packet routing net.ipv4.conf.all.accept_source_route = 0 net.ipv6.conf.all.accept_source_route = 0 net.ipv4.conf.default.accept_source_route = 0 net.ipv6.conf.default.accept_source_route = 0 # Ignore send redirects net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0 # Block SYN attacks net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_max_syn_backlog = 2048 net.ipv4.tcp_synack_retries = 2 net.ipv4.tcp_syn_retries = 5 # Log Martians net.ipv4.conf.all.log_martians = 1 net.ipv4.icmp_ignore_bogus_error_responses = 1 # Ignore ICMP redirects net.ipv4.conf.all.accept_redirects = 0 net.ipv6.conf.all.accept_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 net.ipv6.conf.default.accept_redirects = 0 # Ignore Directed pings net.ipv4.icmp_echo_ignore_all = 1 To reload sysctl with the latest changes, enter: sudo sysctl -p But, after applying the changes I found "Wi-fi" downloading speed and terminal downloading speed extremely slow (less than 1KB/s) however surfing speed through browser was good. But, using direct ethernet cable was giving a good speed. Then, I reverted back the above changes and things fall back in line once again.... Could you please let me know what possibly in above script is affecting such behaviour [and why] ? How could I still maintain hardening of network security without disturbing Wi-fi downloading speed ?

  Read the article

• What's a good Minimal Server-Side Javascript Framework?

  - by Nick Retallack

  So I was writing a web app with web.py that uses plenty of client-side javascript, and my database is on couchdb so the queries are in javascript too, and eventually I just got to thinking, why not skip the python and go all javascript? Besides, some functions need to run once on the client and again on the server to make sure you're not spoofing, so why translate between javascript and python? So I'm looking for a simple lightweight javascript web framework. All I really need is the url routing, request and response stuff (standard wsgi?), and a way to hook into a big http server like nginx. What do you guys recommend?

  Read the article

• Restful authentication between two GAE apps.

  - by user259349

  Hello everyone, i am trying to write a restful google app engine application (python) that accepts requests only from another GAE that i wrote. I dont like any of the ways that i thought of to get this done, please advice if you know of something better than: Get SSL setup, and simply add the credentials on the request that my consuming app will send. I dont like it cause SSL will slow things down. Security by obsecurity. Add a random number in my request that is in Xmod0, where X is a secret number that both applications know. I just,,,, dont like this. Check the HTTP header to see where is the request coming from. This option is the one that i hate the least, not alot of processing, and spoofing an HTTP request is not really worth it, for my application's data. Is there any other clean solution for this?

  Read the article

• How do you detect a website visitor's country (Specifically, US or not)?

  - by BigDave

  I need to show different links for US and non-US visitors to my site. This is for convenience only, so I am not looking for a super-high degree of accuracy, and security or spoofing are not a concern. I know there are geotargeting services and lists, but this seems like overkill since I only need to determine (roughly) if the person is in the US or not. I was thinking about using JavaScript to get the user's timezone, but this appears to only give the offset, so users in Canada, Mexico, and South America would have the same value as people in the US. Are there any other bits of information available either in JavaScript, or PHP, short of grabbing the IP address and doing a lookup, to determine this?

  Read the article

• Restfull authentication between two GAE apps.

  - by user259349

  Hello everyone, i am trying to write a restful google app engine application (python) that accepts requests only from another GAE that i wrote. I dont like any of the ways that i thought of to get this done, please advice if you know of something better than: Get SSL setup, and simply add the credentials on the request that my consuming app will send. I dont like it cause SSL will slow things down. Security by obsecurity. Pass a long number by my consuming app that is in Xmod0, where X is a secret number that both applications know. I just,,,, dont like this. Check the HTTP header to see where is the request coming from. This option is the one that i hate the least, not alot of processing, and spoofing an HTTP request is not really worth it, for my application's data. Is there any other clean solution for this?

  Read the article

• What is the current standard for authenticating Http requests (REST, Xml over Http)?

  - by CodeToGlory

  The standard should solve the following Authentication challenges like- Replay attacks Man in the Middle Plaintext attacks Dictionary attacks Brute force attacks Spoofing by counterfeit servers I have already looked at Amazon Web Services and that is one possibility. More importantly there seems to be two most common approaches: Use apiKey which is encoded in a similar fashion like AWS but is a post parameter to a request Use Http AuthenticationHeader and use a similar signature like AWS. Signature is typically obtained by signing a date stamp with an encrypted shared secret. This signature is therefore passed either as an apiKey or in the Http AuthenticationHeader. I would like to know weigh both the options from the community, who may have used one or more and would also like to explore other options that I am not considering. I would also use HTTPS to secure my services.

  Read the article

• sudo changes PATH - why?

  - by Michiel de Mare

  This is the PATH variable without sudo: $ echo 'echo $PATH' | sh /opt/local/ruby/bin:/usr/bin:/bin This is the PATH variable with sudo: $echo 'echo $PATH' | sudo sh /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin As far as I can tell, sudo is supposed to leave PATH untouched. What's going on? How do I change this? (This is on Ubuntu 8.04). UPDATE: as far as I can see, none of the scripts started as root change PATH in any way. From man sudo: To prevent command spoofing, sudo checks ``.'' and ``'' (both denoting current directory) last when searching for a command in the user's PATH (if one or both are in the PATH). Note, however, that the actual PATH environment variable is not modified and is passed unchanged to the program that sudo executes.

  Read the article

• Can you iterate over chunks() with request.POST in Django?

  - by Sebastian

  I'm trying to optimize a site I'm building with Django/Flash and am having a problem using Django's iterate over chunks() feature. I'm sending an image from Flash to Django using request.POST data rather than through a form (using request.FILES). The problem I foresee is that if there is large user volume, I could potentially kill memory. But it seems that Django only allows iterating over chunks with request.FILES. Is there a way to: 1) wrap my request.POST data into a request.FILES (thus spoofing Django) or 2) use chunks() with request.POST data

  Read the article

• Preventing dictionary attacks on a web application

  - by Kevin Pang

  What's the best way to prevent a dictionary attack? I've thought up several implementations but they all seem to have some flaw in them: Lock out a user after X failed login attempts. Problem: easy to turn into a denial of service attack, locking out many users in a short amount of time. Incrementally increase response time per failed login attempt on a username. Problem: dictionary attacks might use the same password but different usernames. Incrementally increase response time per failed login attempt from an IP address. Problem: easy to get around by spoofing IP address. Incrementally increase response time per failed login attempt within a session. Problem: easy to get around by creating a dictionary attack that fires up a new session on each attempt.

  Read the article

• Obtaining the correct Client IP address when a Physical Load Balancer and a Web Server Configured With Proxy Plug-in Are Between The Client And Weblogic

  - by adejuanc

  Some Load Balancers like Big-IP have build in interoperability with Weblogic Cluster, this means they know how Weblogic understand a header named 'WL-Proxy-Client-IP' to identify the original client ip.The problem comes when you have a Web Server configured with weblogic plug-in between the Load Balancer and the back-end weblogic servers - WL-Proxy-Client-IP this is not designed to go to Web server proxy plug-in. The plug-in will not use a WL-Proxy-Client-IP header that came in from the previous hop (which is this case is the Physical Load Balancer but could be anything), in order to prevent IP spoofing, therefore the plug-in won't pass on what Load Balancer has set for it.So unfortunately under this Architecture the header will be useless. To get the client IP from Weblogic you need to configure extended log format and create a custom field that gets the appropriate header containing the IP of the client.On WLS versions prior to 10.3.3 use these instructions:You can also create user-defined fields for inclusion in an HTTP access log file that uses the extended log format. To create a custom field you identify the field in the ELF log file using the Fields directive and then you create a matching Java class that generates the desired output. You can create a separate Java class for each field, or the Java class can output multiple fields. For a sample of the Java source for such a class, seeJava Class for Creating a Custom ELF Field to import weblogic.servlet.logging.CustomELFLogger;import weblogic.servlet.logging.FormatStringBuffer;import weblogic.servlet.logging.HttpAccountingInfo;/* This example outputs the X-Forwarded-For field into a custom field called MyOriginalClientIPField */public class MyOriginalClientIPField implements CustomELFLogger{ public void logField(HttpAccountingInfo metrics,  FormatStringBuffer buff) {   buff.appendValueOrDash(metrics.getHeader("X-Forwarded-For");  }}In this case we are using 'X-Forwarded-For' but it could be changed for the header that contains the data you need to use.Compile the class, jar it, and prepend it to the classpath.In order to compile and package the class: 1. Navigate to <WLS_HOME>/user_projects/domains/<SOME_DOMAIN>/bin2. Set up an environment by executing: $ . ./setDomainEnv.sh This will include weblogic.jar into classpath, in order to use any of the libraries included under package weblogic.*3. Compile the class by copying the content of the code above and naming the file as:MyOriginalClientIPField.java4. Run javac to compile the class.$javac MyOriginalClientIPField.java5. Package the compiled class into a jar file by executing:$jar cvf0 MyOriginalClientIPField.jar MyOriginalClientIPField.classExpected output is:added manifestadding: MyOriginalClientIPField.class(in = 711) (out= 711)(stored 0%)6. This will produce a file called:MyOriginalClientIPField.jar This way you will be able to get the real client IP when the request is passing through a Load Balancer and a Web server before reaching WLS. Since 10.3.3 it is possible to configure a specific header that WLS will check when getRemoteAddr is called. That can be set on the WebServer Mbean. In this case, set that to be X-Forwarded-For header coming from Load Balancer as well.

  Read the article

• RouterOS on Hyper-V (v3/2012) - any way to get it working?

  - by TomTom

  Trying to set up a small VPN point to connect into a remote Hyper-V cluster using ROuterOS. Anyone got it working ON Hyper-V with the latest builds of RouterOS? It seems the legacy network adapter is not supported anymore either (or just broken). The platform is a Windows Server 2012 RC. This is not a high performance setup - the RouterOS wont do the routing for more than the backend administrative access, and the only real traffic we will see there is when ISO images for new operating systems are uploaded. Otherwise we will have possibly RDP traffic as well as web / http traffioc, but this is internal only (dashboards, some control panel). The server has no public business. So the price for non virtualized network cards is ok for me. After hooking up - ping just does not work. After some time I see in windows (arp -a on the command line), so I know that the Hyper-V side is set up properly. Just no packets arrived. I have turned off all protection on Hyper-V (or : not turned them on), so no MAC spoofing protection etc. in the Advanced page for the legacy adapters. Unless I can get it work I will have to resort to using a windows install as router / VPN endpoint, which introduces another OS into the fabric (we run all routers etc. so far on mikrotik in hardware, which is why I want this one to be RouterOS, too). And no, putting hardware there is NOT an option - the cost would be significant.

  Read the article

• Why do I have untrusted certificates for Google, Yahoo, Mozilla and others?

  - by jackweirdy

  In the HTTPS/SSL section of chrome://chrome/settings, I see the following: What does this mean, and is there something wrong? I have a basic understanding of SSL/TLS - I'm not claiming to be completely familiar, but I'm fairly confident I know my way around it - but I don't understand why I have certificates installed on my machine specifically for these sites. From my understanding, I should have the certificates for Certificate Authorities, and any site I visit and use SSL/TLS should have a certificate signed by one of these trusted CAs for me to trust the site. My worry is that if someone has maliciously installed a certificate for these sites on my machine, they could perform a DNS spoofing attack (or a number of other attacks) to hijack my connection to my email account without me knowing, and as they've got the private counterpart to the certificate on my machine, decrypt the communication. NB: I'm also aware that CA certificates aren't just within Chromium and are used system wide as part of libssl - they're stored in /etc/ssl/certs. What I'd like to know is: Is this correct? - The big red boxes make me think no Is this malicious or benign? What can I do to resolve this problem? (If indeed it is a problem) Thanks :)

  Read the article

• Struggling to set-up NLB cluster

  - by Chris W

  I'm trying to set up NLB on a couple of Windows 2008 R2 virtual servers running on top of Hyper V R2. The servers each have a single vNIC for LAN access (and a second vNIC for SAN access). I'm setting up the cluster to use Multicast mode. The vNICs are each set to allow MAC spoofing. Essentially I'm finding that i can add SERVER1 as a host and it will pick up and respond to the cluster IP from a remote subnet. If I then 'stop' the node in NLB manager it still responds when I would expect it to stop answering on that IP. If I recreate the cluster and add SERVER2 as the first host, the wizard completes correctly and an IPCONFIG on the server shows that it now has the cluster IP but I can't ping the cluster IP from a remote subnet but I can from another machine on the same subnet. As a final test - with both servers in the cluster, pinging from another machine on the same subnet I still get a response from the cluster IP when both nodes are stopped according to the NLB manager. The two VMs are sat on the same physical blade and are built up exactly the same as they'll be used as SharePoint web front end servers. I'm at a loss as to what could be wrong with the second VM that prevents it taking on the address just as the sole node in the cluster, never mind the strange behaviour of the cluster when I stop/start nodes.

  Read the article

< Previous Page | 1 2 3 4  | Next Page >