blocking - Page 32 - Developer IT

PSAD Firewall/ UDP flood?

- by Asad Moeen

Well I'm actually trying to block a UDP Flood on the Application port because the string "getstatus" is causing my application to make large output due to a small input to the attacker's IP. I installed PSAD firewall to do the job. psad -S shows 3000,000 logged packets at the application port and top ports in Scan but does not block the IP of the attacker however other IP Addresses with small number of connections are dropped. I'm thinking that since output is also being made to the attacker, this is why its not getting blocked because iptables rate-limiting is also exactly doing the same thing and not blocking the IP where outgoing connection is also made. Any guesses why it won't work?

Read the article

MySQL port 3306 blocked in csf yet can still telnet to port 3306 from external host

- by Neek

We have a Centos 6 VPS that was recently migrated to a new machine within the same web hosting company. It's running WHM/cPanel and has csf/lfd installed. csf is set up with mostly vanilla config. I'm no iptables expert, csf has not let me down before. If a port isn't in the TCP_IN list, it should be blocked on the firewall by iptables. My problem is that I can telnet to port 3306 from an external host, yet I think iptables ought to be blocking 3306 because of csf's rules. We are now failing a security check because of this open port. (this output is obfuscated to protect the innocent: www.ourhost.com is the host with the firewall problem) [root@nickfenwick log]# telnet www.ourhost.com 3306 Trying 158.255.45.107... Connected to www.ourhost.com. Escape character is '^]'. HHost 'nickfenwick.com' is not allowed to connect to this MySQL serverConnection closed by foreign host. So the connection is established, and MySQL refuses the connection due to its configuration. I need the network connection to be refused at the firewall level, before it reaches MySQL. Using WHM's csf web UI I can see 'Firewall Configuration' includes a fairly sensible TCP_IN line: TCP_IN: 20,21,22,25,53,80,110,143,222,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096,8080 (lets ignore that I could trim that a little for now, my concern is that 3306 is not listed in that list) When csf is restarted it logs the usual slew of output as it sets up iptables rules, for example what looks like it blocking all traffic and then allowing specific ports like SSH on 22: [cut] DROP all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 [cut] ACCEPT tcp opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0 state NEW tcp dpt:22 [cut] I can see that iptables is running, service iptables status returns a long list of firewall rules. Here is my Chain INPUT section from service iptables status, hopefully that's enough to show how the firewall is configured. Table: filter Chain INPUT (policy DROP) num target prot opt source destination 1 acctboth all -- 0.0.0.0/0 0.0.0.0/0 2 ACCEPT tcp -- 217.112.88.10 0.0.0.0/0 tcp dpt:53 3 ACCEPT udp -- 217.112.88.10 0.0.0.0/0 udp dpt:53 4 ACCEPT tcp -- 217.112.88.10 0.0.0.0/0 tcp spt:53 5 ACCEPT udp -- 217.112.88.10 0.0.0.0/0 udp spt:53 6 ACCEPT tcp -- 8.8.4.4 0.0.0.0/0 tcp dpt:53 7 ACCEPT udp -- 8.8.4.4 0.0.0.0/0 udp dpt:53 8 ACCEPT tcp -- 8.8.4.4 0.0.0.0/0 tcp spt:53 9 ACCEPT udp -- 8.8.4.4 0.0.0.0/0 udp spt:53 10 ACCEPT tcp -- 8.8.8.8 0.0.0.0/0 tcp dpt:53 11 ACCEPT udp -- 8.8.8.8 0.0.0.0/0 udp dpt:53 12 ACCEPT tcp -- 8.8.8.8 0.0.0.0/0 tcp spt:53 13 ACCEPT udp -- 8.8.8.8 0.0.0.0/0 udp spt:53 14 LOCALINPUT all -- 0.0.0.0/0 0.0.0.0/0 15 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 16 INVALID tcp -- 0.0.0.0/0 0.0.0.0/0 17 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 18 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:20 19 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:21 20 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 21 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25 22 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53 23 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 24 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:110 25 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:143 26 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:222 27 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443 28 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:465 29 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:587 30 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:993 31 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:995 32 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2077 33 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2078 34 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2082 35 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2083 36 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2086 37 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2087 38 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2095 39 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2096 40 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8080 41 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:20 42 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:21 43 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53 44 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:222 45 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:8080 46 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8 47 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 0 48 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 11 49 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 3 50 LOGDROPIN all -- 0.0.0.0/0 0.0.0.0/0 What's the next thing to check?

Read the article

Can connect to shared folder on Windows Server 2012, but access denied when accessing

- by Cylindric

I have a Windows Server 2012 (non-domain) with a folder that's shared out as TestShare. The share permissions are Everyone has full access, and there is a local user TestUser that has full access to the actual folder. On GuestServer I can connect and/or map a drive to \HostServer\TestShare, specifying the username and password for TestUser. NTFS permissions: Share permissions Effective Access Report The problem is that when I try to access the folder, I get an "access denied" message. On the host server I can see the user connected to the share in the Sessions manager, so the password is correct and being recognised. If I use an incorrect password I don't get the "completed successfully" message, nor the 'open session'. What else can be blocking access to the shared files, when the share seems to be set, and the folder permissions seem to be set, and the connection seems to be okay? The network is recognised as "public", and the relevant firewall rules seem to be enabled - even disabling the firewall doesn't help.

Read the article

Removing emails from all mailbox with certain text in subject

- by Doug Luxem

So, we had an errant program kick off about 15,000 emails to our users. I have our spam filters now blocking these on the edge until that gets resolved, but now I would like to clean our our users' mailboxes for them. Is there anyway with Exchange 2007 to remove all emails with certain text in the subject line? It would need to be a partial match because the subject changes slightly for each email. I am trying to do this with Forefront's manual scan job + content filter, but it does not seem to like partial matches on the subject.

Read the article

Need help configurating my Tomcat server

- by gablin

I just reinstalled my entire server, and now I can't seem to get my JSP-based website to work on Tomcat anymore. I use the same server.xml file, which worked perfectly before the reinstallation, but no longer. Here's the content of the server.xml file which worked before:  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />  <Listener className="org.apache.catalina.core.JasperListener" />  <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" /> <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />  <GlobalNamingResources>  <Resource name="UserDatabase" auth="Container" type="org.apache.catalina.UserDatabase" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" pathname="conf/tomcat-users.xml" /> </GlobalNamingResources>  <Service name="Catalina">    <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" />      <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />   <Engine name="Catalina" defaultHost="localhost">      <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>        <Host name="www.rebootradio.nu"> <Alias>rebootradio.nu</Alias> <Context path="" docBase="D:/services/http/rebootradio.nu" debug="1" reloadable="true"/> </Host> </Engine> </Service> </Server> The JSP site doesn't use any WAR files or anything like that; there's just a default.jsp in the specified folder D:/services/http/rebootradio.nu which loads the site. As I said, this configuration worked before, but now with the latest verion of XAMPP and Tomcat it doesn't work anymore. All I get is a 404 message saying The requested resource () is not available.

Read the article

Making internal website available publicly (Win 2008 Server)

- by endigo

I have an IIS 7 web site that is running on a Windows 2008 Server (64-bit) VMWare on a Windows 2008 Server (64-bit) Host on my local network. My router is a Firebox XEdge and it has port 80 directed to the IP of the server on VMWare. I can reach the web site from inside the network, but I cannot reach the site from outside the network. I have other web sites that are working through the Firebox, and I am confident that it is configured correctly. I suspect that Windows 2008 server is blocking routed or public addresses, but I have shut down the firewall on the Server that is running on VMWare and the AVG Anti-virus to no avail. How can I make my site available publicly.

Read the article

How do you set rate limit access to your API using Iptables?

- by Cory

How can you set rate limit access to API using Iptables. Tried to set limit using port 80, but I don't want to set limit to the web access entirely. Is there a way to specified a subdomain rather than port. Example: set rate limit to api.example.com not example.com? If there is no way to set rate limit by subdomain, what is the suggested rate limit access to port 80 without risking blocking a legitimate web user? One connection per second would be enough?

Read the article

Removing emails from all mailboxes with certain text in subject

- by Doug Luxem

So, we had an errant program kick off about 15,000 emails to our users. I have our spam filters now blocking these on the edge until that gets resolved, but now I would like to clean our our users' mailboxes for them. Is there anyway with Exchange 2007 to remove all emails with certain text in the subject line? It would need to be a partial match because the subject changes slightly for each email. I am trying to do this with Forefront's manual scan job + content filter, but it does not seem to like partial matches on the subject.

Read the article

hosts.deny not working

- by Captain Planet

Currently I am watching the live auth.log and someone is continuously trying the brute force attack for 10 hours. Its my local server so no need to worry but I want to test. I have installed denyhosts. There is already an entry for that IP address in hosts.deny. But still he is trying the attacks from same IP. System is not blocking that. Firstly I don't know how did that IP address get entered in that file. I didn't enter it, is there any other system script which can do that. hosts.deny is sshd: 120.195.108.22 sshd: 95.130.12.64 hosts.allow ALL:ALL sshd: ALL Is there any iptable setting that can override the host.deny file

Read the article

qmail questions - whitelisting and relays

- by Richard

My new server runs qmail, which I've never used before. There is no inbound mail on the server (all the clients have mail hosted elsewhere, but some systems on the server send mail. I'm about to move a client there who has several parked domains, and looking at the smtp log, the server is already blocking many attempts to relay spam using one of the parked domain names (probably because a related domain is already hosted there). How do I ensure those mails stay blocked, while allowing legitimate addresses to send out? Server OS is CentOS and hosting software is Kloxo.

Read the article

Concurrent modification during backup: rsync vs dump vs tar vs ?

- by pehrs

I have a Linux log server where multiple applications write data. Data is written in bursts, and in a lot of different files. I need to make a backup of this mess, preferably preserving as much coherence between the file versions as possible and avoiding getting truncated files. Total amount of data on the server is about 100Gb. What I really would want (but can't) is to shut-down, backup the system cold and then start it up again. What kind of guarantees against concurrent modification does the various backup tools give? When do they "freeze" the file versions? I am looking at rsync, dump and tar at the moment, but I am open for other (open source) alternatives. Changing the application or blocking writing for backups is sadly not an option. System is not running LVM (yet), but I have considered that for rebuilding the system and then snapshots.

Read the article

Security measures for CentOS

- by cappuccinodrinker

I have been tightening up my web server security and wanted to know what else I can do. I am running CentOS 5 with these measures: - All passwords to FTP, MySQL etc are generated from grc.com/passwords.htm and microsoft.com/protect/fraud/passwords/create.aspx (for the ones which cannot be too long). - Running iptables with all ports shut off except for http mail and smtp, the important ports like FTP SSH are blocked to all except my static office IP. There is also no response to pings. - Rootkit Hunter running daily - The server is PCI compliant according to Comodo - Not running any crappy made php apps, we use Zend Framework for our stuff and do have kayako installed and keep them up to date. Can't really think of anything else I can do... I could implement a brute force measure, but I think I already have by simply changing my SSH port to a number above 10000 and blocking it off with iptables.

Read the article

Outlook connected to exchange does not send email

- by Thomas de Nooij

I have multiple machines with Outlook 2010 connected to RackSpace hosted exchange server. Everything works fine, but emails send after a while since outlook started will not leave the outbox. Clicking Send & Receive will display the progress bar at 100% completed with no errors, but is not really finishing. The Cancel All button is still active. The emails in the outbox are bold & italic, so ready to be send. When I close outlook and start it again, the mails are sent immediately without problems. I have tried the following: Checked if there are any third party addins: only Microsoft Add ins Checked if the virus scanner is blocking anything, but McAfee is not doing this. Checked and Repaired the .ost file Increased the server time-out from 30 seconds to 60 seconds Nothing helped. Any suggestions?

Read the article

Sending emails with remote mail server in ASP.NET blocked by Windows firewall?

- by Dave

I want to migrate a web application from a Windows Server 2003 to a Windows Server 2008 R2. All works fine except sending emails from the application. If I configure the application to use the smtp server on "localhost" it works, but changing it to the "real" host name (e.g. mail.example.org) no mail is sent. The error message says, that the remote server needs a secure connection or smtp authentication. But since it works when using "localhost" instead of the host name I doubt that this is the problem. Also it's unlikely a problem with the mail server, I also tried it with another one. So for me it seems like the firewall is blocking the outgoing connection to the mail server. I tried to open port 25, but it still did not work. Maybe I just did it the wrong way.

Read the article

Finding a private (NAT) host's IP using historic destination data

- by l0c0b0x

The issue: An unknown private (NAT) client is infected with malware and it's trying to access a Bot server at random times/dates. How we know about this: We receive bot traffic notices/alerts from REN-ISAC. Unfortunately, we don't receive those until the next day after it has happened. What they provide to us is: The source address (of the firewall) The destination addresses (it varies, but they're going to network subnet allocated to a German ISP) The source port (which varies--dynamic ports). Question: What would be the best approach to finding this internal host (historically) with a Cisco ASA as firewall? I'm guessing blocking anything to the destination address(es), and logging that type of traffic/access might allow me to find the source host, but I'm not sure which tool/command would be the most useful. I've seen Netflow thrown into a few responses when it comes to logging, but I'm confused with it's association of Logging, NAL, and nBAR, and how they relate to Netflow.

Read the article

Recommendation for a non-standard SSL port

- by onurs

Hey guys, On our server I have a single IP, and need to host 2 different SSL sites. Sites have different owners so have different SSL certificates, and can't share the same certificate with SAN. So as a last resort I have modified the web application to give the ability to use a specified port for secure pages. For its simple look I used port 200. However I'm worried about some visitors may be unable to see the site because of their firewalls / proxies blocking the port for ssl connections. I heard some people were unable to see the website, a home user and someone from an enterprise company, don't know if this was the reason. So, any recommendations for a non-standard SSL port number (443 is used by the other site) which may work for visitors better than port 200 ? Like 8080 or 8443 perhaps? Thanks!

Read the article

Large file copy from NFS to local disk performance drop

- by Bernhard

I'm trying to copy a 200GB file from an NFS mount to a local disk. The local disk is an XFS filesystem on a LVM on top of a RAID 5 system (hardware RAID controler). I'm using rsync to monitor the transfer speed. At the beginning the IO speed is about 200MB/s, stable for the first 18GB. But then the performance drops by a factor of 10-20 and never recovers to the initial rate. Sometimes it reaches about 50-100MB/s but just for a few seconds and then the process seems to hang for a bit. At the same time all file-stat operations on the target filesystem are blocking for a long time (minutes). Also interrupting the copy process blocks for several minutes, a sub-sequent delete of the partly copied file takes also several minutes. Any ideas what could be causing this?

Read the article

How to share malicious source code?

- by darma

I have a client whose site (not one i developed) is infected by a trojan/malicious code. I have asked him to send me the dirty files in a zip but either gmail or unzipping is blocking them. I've tried text files and word files, and i'm suspecting many different file types will be blocked the same way, either by my mail client, anti-malware software, browser etc. (which is normal). Do you know a way he could share those lines so i can read them and do some research about the malicious source code? An image/screenshot of his text editor would be an idea but the files are long + i'd prefer to be able to copy/paste from them. Thank you!

Read the article

Why do some web servers not respond to icmp requests?

- by John Himmelman

What is the purpose of blocking/dropping inbound ICMP traffic on a public web server? Is it common for it be blocked? I had to test if a server was accessible from various locations (tested on various servers located in different states/countries). I'd rely on ping as a quick & reliable method of determining if a server was online/network-accessible. After not receiving a response on a couple boxes, I tried using lynx to load the site, and it worked.

Read the article

How can I debug Cisco Firewall ASA "Dispatch Unit" very high CPU utilisation from ASDM?

- by Andy

I have recently had my first firewall installed so I am very new to this whole situation. I am finding that Dispatch unit is becoming overloaded and it would appear to be the reason I get serious bouts of lag on my server. The firewall has had little configuration apart from me blocking all the ports in "Access Rules" and allowing only the ones the server needs and from where it needs them. I guess what I am after is assistance with locating the issues causing "Dispatch Unit" to take up all the CPU Regards --Edit-- With ASDM statistics I found that packets inbound (peak of 70-100k/sec from <1k/sec normal), traffic inbound (peak of 40-50kbits/sec from <1kbits/sec normal) and CPU all peak at the same time so I am pretty sure it is an attack of some sort but as a beginner with ASA I am not sure how to resolve

Read the article

There is a porn domain pointing to my site

- by Nicolas Martel

Let's say example.com is my real site, and fooexample.com is the porn site. fooexample.com are pointing to my ip. Now you could think, just don't mind it right. Well the thing is that they are driving load of traffic. Not only that, but my main domain example.com become unavailable after a couple of minutes and the only domain that work is either fooexample.com or none of those 2. What i have done so far was using mod_rewrite to redirect the porn site to google but my domain still become unavailable. Blocking the ips served no result either. I hope someone will be able to help me because this is a huge problem right now. Thanks.

Read the article

Can't access LAN computers with SSH

- by endolith

I got a new Windows 7 machine, and was using VNC,SSH etc to connect to my Ubuntu machine, and it worked fine previously. Now it doesn't work if I use the machine's hostname or local IP, but if I use the DynDNS name, it works. I can also access it from my Android phone using the local hostname over SSH. If I try to connect with SSH to the hostname, it says "Host does not exist". VNC says "Failed to get server address". NX says "no address associated with name", and I don't see it in Windows' "Network" folder. I've rebooted everything. I've turned off Windows firewall. It was working fine a few days ago, but now it's not. How do I figure out what's blocking it?

Read the article

How would you measure the amount of atmospheric dust in a server room?

- by Tom O'Connor

We've been advised by our tape library vendor that one of the reasons we might be seeing lots of errors is if our server room is particularly dusty. It doesn't look dusty, but that's not to say it's not there. We've got an environment sensor cluster which measures Temperature, Airflow and Relative Humidity. I should probably point out that the low-hanging fruit solution I came up with is to use Sellotape (scotch tape) in a loop, one side stuck to the server cabinet, the other side free-hanging. I've also put a couple of other tape loops by the exit and intake fans of the hardware (not blocking airflow, naturally). How can we (electronically, ideally) measure dust levels?

Read the article

Recommend AntiVirus for Plesk 8.6.0 + CentOS 5

- by cappuccino

I am using a virtual server on Media Temple running CentOS 5 and Pleak 8.6.0, I have done all their security recommendations and more some, blocking everything except http and mail, string passwords and running Rootkit Hunter daily. But i'm thinking I should run a antivirus of some sort? I'm still new to Linux CentOS security so please forgive :)... Can you recommend a good antivirus/antispyware software for CentOS 5 and Plesk 8.6.0? I've been searching for some plesk modules and have come across a few like Kaspersky, not sure which one to use... Any tips on security would be good too.

Read the article

Hp Procurve Switch : port filtered

- by user117140

My HP Procurve switch is blocking port 22 and I dont know how to unblock it.Please let me know From the server, see port 22 is blocked [root@server ~]#nmap -p22,80,443 10.247.172.70 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2012-04-16 14:12 IST mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using --system-dns or specify valid servers with --dns_servers Interesting ports on 10.247.172.70: PORT STATE SERVICE 22/tcp filtered ssh ------------------> see 80/tcp filtered http 443/tcp filtered https This is blocked on cisco switch but I dont have any clue how this is done. I know that vlan is configured on switch. vlan 54 ip ospf 10.247.172.65 area 0.0.0.10 vrrp vrid 54 owner virtual-ip-address 10.247.172.65 255.255.255.192 priority 255 enable exit exit Please let me know how to unblock ssh port 22 access on this switch?

Search Results

Search found 1464 results on 59 pages for 'blocking'.

Page 32/59 | < Previous Page | 28 29 30 31 32 33 34 35 36 37 38 39 | Next Page >

- by Asad Moeen

- by Neek

- by Cylindric

- by Doug Luxem

- by gablin

- by endigo

- by Cory

- by Doug Luxem

- by Captain Planet

- by Richard

- by pehrs

- by cappuccinodrinker

- by Thomas de Nooij

- by Dave

- by l0c0b0x

- by onurs

- by Bernhard

- by darma

- by John Himmelman

- by Andy

- by Nicolas Martel

- by endolith

- by Tom O'Connor

- by cappuccino

- by user117140

< Previous Page | 28 29 30 31 32 33 34 35 36 37 38 39 | Next Page >