So what is the term used when your web site is getting spammed from many different ip addresses, hits are minutes apart?
View 14 RepliesI want to capture all packets from site "www.examplesite.com" so I checked its ip address in an ip address look up and it was 123.456.abc.def.So I set my filter to "dst host 23.456.abc.def"However I then realised that multiple ip address point to ww.examplesite.com, for example say the following ips also go to987.654.321.000111.222.333.444So is there a filter that will automatically capture all traffic going to www.examplesite.com or do I have to go and manually find all it's ip addresses and pass them all to the filter?
View 2 Replies View RelatedI've been on a quest to enable full routing through my openvpn tunnel between my office and the colo. Masquerading will work, however it will throw off anything key based and makes a lot of things just more difficult and vague in general. Is there an easy way to do this via iptables? I tried using quagga hoping it would magically solve my problems, however it does not seem to do my routing for me . I just did a basic static route within zebra...
View 3 Replies View RelatedI have three locations with a central office connected to two remote locations. At the central office I run on a cisco asa 5505 two site to site vpns. The remote end of the first site is a checkpoint firewall , and the remote end of the second site is racoon on debian. Both sites are up and working. However, where at the first site traffic goes both ways, at the second site it only works from the central office to the remote office.
For example, I can ssh from a host in the central office to a host in the first remote site (through checkpoint firewall,) then ssh back from that host at the remote office to any host in the central office. In contrast, after I ssh from a host in the central office to a host in the second remote office (through racoon), I cannot see the central office hosts (ping the ip address of a central office host, ssh, etc. all fail.) The vpn settings at the central office (the cisco asa 5505) are identical. So it seems to me that some routing magic is missing on the host running racoon at the second remote office. Where would such setting reside? racoon config files? iptables?
I have connected my computer to network. Computers in network have dynamic ip address which is assigned by ADSL modem's DHCP. Besides this I want to have static IP address for same NIC. So is it possible to have both static and dynamic IP address for single NIC? If so how can I assign it using command and also in GUI?
View 7 Replies View RelatedI installed Fedora 13 on my laptop today after deleting a badly screwed up Windows XP partition. Everything installed smoothly even my Broadcom drivers but I can't seem to figure out how to get Firefox to access the web with a URL.
I can ping Google, and can get to it in Firefox if I use the IP address from the ping, but going to [url] in Firefox will give me an error message about not being able to find the server at the web address. I was also able to update from the terminal with yum update just fine. I've tried searching Google for some answers, and maybe I just can't phrase my query right, but I found nothing that I could use to try and fix my problem.
I've attached a HardInfo report which I hope could be useful if you need to know what my hardware is (an HP Pavilion zv5000 laptop).
I installed fedora lastnight, but any addresses I type in the field is returning server error, but if I type the IP address it will work, I reinstalled Fedora 11 about 3 times, samething.
View 1 Replies View RelatedI am trying to configure my IPv6 network. My computers are behind a Fedora gateway IPv6-configured, which is working great. But for computers inside my network, it seems I am getting only internal addresses from DHCP. Here is my ifconfig for an internal computer:
Quote: em1 Link encap:Ethernet HWaddr F4:6D:04:34:92:2B inet addr:192.168.0.184 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::f66d:4ff:fe34:922b/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:744250 errors:0 dropped:0 overruns:0 frame:0 TX packets:548987 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:841392242 (802.4 MiB) TX ytes:60384500 (57.5 MiB) Interrupt:18 Memory:f7100000-f7120000
he-ipv6 Link encap:IPv6-in-IPv4 inet6 addr: 2001:470:1c:611::3/64 Scope:Global inet6 addr: fe80::cea7:b778/128 Scope:Link UP POINTOPOINT RUNNING NOARP MTU:1480 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:61 dropped:0 overruns:0 carrier:61 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
[Code]....
I've got a user getting heavily spammed but other users on the same domain are fine, it all started last night here's some info...
-rwsr-xr-x 1 root root 700492 Jun 8 18:18 exploit
I've got loads of these in 'top'
5975 dovecot 15 0 3712 1712 1432 S 0.0 0.2 0:00.00 imap-login
and these in ps dovecot
dovecot 5250 5533 0 13:05 ? 00:00:00 pop3-login
root 5533 1 0 11:21 ? 00:00:00 /usr/sbin/dovecot
root 5534 5533 0 11:21 ? 00:00:00 dovecot-auth
dovecot 5663 5533 0 12:15 ? 00:00:00 pop3-login
ps exim i've got
Code:
mail 19725 32303 0 15:03 ? 00:00:00 /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
mail 19732 19725 0 15:03 ? 00:00:00 [exim] <defunct>
mail 20142 19725 0 15:03 ? 00:00:00 [exim] <defunct>
[code]....
I need to set both my font size and my term ($TERM=vt220) from the command for a /usr/bin/terminal. Is there a way for me to do this?
View 2 Replies View RelatedHas anybody else seen this kind of attack? I see those messages on 2 exim mailservers. Looks as if someone sends a 50MB big mail header :S What is their goal except from increasing my traffic?
Code:
2011-02-12 07:48:53 SMTP protocol synchronization error (input sent without waiting for greeting): rejected connection from H=ns33.medialook.net [91.121.108.5] input="GET / HTTP/1.1
Accept: */*
Accept-Language: en-us
[Code].....
I have to ubuntu machine (9.10 and 10.4) with a openvpn tunnel between them.This is the situation:
Code:
NetworkA 192.168.0.0/24
|
UbuntuA br0:192.168.0.3 (openvpn bridge between eth0 and tap0)[code].....
UbuntuA has one only interface etho and there are two openvpn instance: one bridge istance with br0 and another instance with tun0.
UbuntuA is not the gateway for networkA. UbuntuB is the gateway for NetworkB.I need to comunicate between pc on networkB e those on networkA.This is the "ping situation" (no pc tested has an active firewall):
ubuntuA vs ubuntuB: OK
ubuntuB vs ubuntuA: OK
pc on NetworkA vs ubuntuA and ubuntuB: OK[code].....
I have been running Fedora Core 6 for about a year and a half with no problems. But now here is one that has me stumped. When I boot the system (IBM T30 laptop) and log in with my user name every thing works iike it should. I get my desk top and tool bars. If I click on my tool bar and open a terminal session (xterm according to echo $TERM ) the t key does not work. I have tried to open a VI editior session and the t key still does not work. However if I open any other application, (text processor, web browser, spread sheet, etc.) the t key now works. Also if I log out of the system and log in as root the t key now works in a terminal sessiion. I have tried to find my .profile file to find out if a key binding has gone bonkers but no luck.
View 4 Replies View RelatedDoes anyone know a good program to log ip addresses when visited or connecting to your machine? Something like tcpdump but for ip addresses, I forgot what its called.
View 3 Replies View RelatedIs it possible to configure two IP addresses using one NIC? I'm implementing a VPN server on network 192.168.1.0, ultimately to be accessed over the Internet and through an ADSL router with port-forwarding to the server. Right now I'd like to test it on the LAN, but with the VPN client and server both on the 192.168.1.0 network, that test would not be be valid.
If I had a spare NIC I could put the server on both the 192.168.1.0 network and, say, a 10.0.0.0 network, configure the client on 10.0.0.0 and test. Not having a spare NIC, I'm wondering if it is possible to configure the server with two IP addressese NIC.Virtualising hosts are able to do something similar when running guests with NICs in bridged mode. Log files show they switch eth0 into promiscuouse.In case it matters the server OS is Slackware 13.0.
Maybe a site-to-site Ouija board connection.
View 5 Replies View RelatedCan I set 2 addresses for the *1* Ethernet card that I have on my motherboard? How would this scenario work?
View 5 Replies View RelatedI've used two internet services to show me my IP address, and I get different results:1. Whatsmyip.org : ***.**.109.***2. ipchicken.com : ***.**.111.***All the * numbers are same, except 109 and 111. (or link me to explanation) of which one's which?
View 8 Replies View RelatedHow can I get two ip addresses to communicate with each other which are not in the same 255 range?
Like:
192.168.0.1
and
192.168.1.1
My machine has ONE ethernet card and is on a LAN.IP address is assigned to hosts using DHCP.I can have more than one MAC address on LAN by running Virtual Machine and setting network to bridged. This way, my virtual machine simply acts like there is one more machine in the network.Running VMWare for this job is a a bit heavy on resources. Is there a way so that I can I can have 2 or more ip addresses with different MAC address on the same machine without having to run VirtualBox.
By googling, I think its related to bridging and tap. And, I am sure thatts NOT IP-ALIASING because in ip-aliasing both the ip addresses have the same MAC address.Basically, I want my system to have interfaces like:-eth0 - which was originally presentlo- thats always present :|newint0 - New interface with new MAC address and IP addresses which can access my LAN directly. Its like if I bind, let us suppose curl to this interface, its like a different connection
I have a Dell Inspiron 1545 with Ubuntu Karmic that was working like a charm until last week.When I'm using my college's wireless I can browse just fine, but when I'm in my home's network the web addresses cannot be resolved.I was suspecting of DNS error, but it's the same DNS address in all the other computers, and the whole network is working just fine.The thing is that if I use the IPs, for instance 64.233.163.104 for Google, it works fine, both pinging and browsing. So the problem is in resolving the addresses...
View 9 Replies View RelatedI am running a dual boot PC, Ubuntu 10.10 & Win7. I do sticky static IPs on my local network, but it doesn't work cause the Ethernet adapter gets a different MAC address in Windows 7 (EF:9F:E9:F7:F7:F7) than it shows for Ubuntu 10.10 (00:13:74:00:5C:3. I am not sure if this is a Windows problem or something up with Ubuntu. The card is an on-board Atheros L2 fast Ethernet adapter. I have tried updating the drivers in Windows & nothing is working.
View 8 Replies View RelatedI would like to know if a rule has been applied to the iptables.active file to accept direct connections on port 22 through an IP address, can I also add a mac address/addresses to the rules such that if I am not on the network with the accepting IP address, that my MAC address will still get me in?
View 4 Replies View RelatedI would like have a password for accessing my web site which works fine. I also want for the specific site to allow access only for a specific range of ips. Right now the following config should forbid my access, as my ip is different from 200.200.200.*
View 6 Replies View RelatedI am looking for a command which, when typed from the command line, returns the ip-addresses of the DNS nameservers that my ISP is using.I think is should be technically possible to write a program that does this, because linux installers set up /etc/resolv.conf correctly (as does knoppix). But I've been unable to find a command that does it. Is there one, and if so, what is it called?
View 14 Replies View RelatedI do not currently fully understand relationship between binary numbers and ip addresses and subnet addresses; nor am I asking for an explanation here at LQ, when there are plenty at wikipedia and other places...
Even after reading the wikipedia article on it, I still don't grasp it completely, so I was hoping that someone who grasps it in its entirety could answer a simple question.
How can I express the range of ip addresses from 172.22.22.200 - 172.22.22.230 ?
I was trying to make a rule for iptables that only did nat on that specific range of ips, and when i tried used the "-s" flag followed by 172.22.22.200/11 it always changes to 172.0.0.0/11 in the actual rule that is created and displayed by iptables -t nat -L.
I already have many hosts defined on my network, and rather than going through each one and changing its ipaddress to 172.0.0.#, I was hoping to learn a way to represent them in the iptables rule.
I am using DHCP on my home network. There could be as many as 5 computers logged in at any given time. Their IP addresses change depending on the sequence they log in.I want to be able to connect to them from any of them (some wired, some wireless) and share files by issuing a mount command for the appropriate shared drive.My question is how to get the IP of each computer when I only know the names of the computers. Pinging the computer name succeeds, but it does not give the IP.In other words I am looking for a Linux command that will come back with a list of IP's with their corresponding computer names so I can issue the right mount command. I would like to issue this command from a Linux terminal, but would also be happy to issue it from a Windows XP station.
View 14 Replies View RelatedI'm on Fedora core 14 linux. and I'm online with the HSPDA modem. My modem is /dev/ttyUSB0 and when it's dialed it creates the interface /dev/ppp0 , My question is when I hit ifcofig it shows two IP addresses in the ppp0 interface.
Code:
[nature@localhost ~]$ ifconfig
eth0 Link encap:Ethernet HWaddr 20:6A:8A:12:CF:53
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
[code]....
when I get the routing table, the gateway is setten to the 10.64.64.64 and when I look my Ip address global I found it's 175.157.64.119.
I noticed when looking at visitor stats for a web page, most users IP address resolves to a city. But for some visitors, the city is "location not available". How can someone get an IP address that's off the map? Where I'm seeing this is in the stats for an awurl.com link.
View 1 Replies View RelatedMy Linux gateway has multiple address to internet:
eth0 = 76.148.200.3
eth0:0 = 76.148.200.4
eth0:1 = 76.148.200.5
and it's own gateway which is 76.148.200.2 (probably not relevant) and I also have which is not internet, but local:
eth0:2 = 192.168.0.1 netmask 255.255.255.0
They all work fine and tested. Now I am sharing the internet through eth0 (76.148.200.3) to 192.168.0.1/24 and that's working fine. The script I use to do that is here...
Code:
#!/bin/sh
echo 1 >/proc/sys/net/ipv4/ip_forward
echo 1 >/proc/sys/net/ipv4/ip_dynaddr
iptables -t nat --flush
iptables -A FORWARD -i eth0 -d 192.168.0.1/24 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -s 192.168.0.1/24 -o eth0 -j ACCEPT
iptables -A FORWARD -j LOG
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Now all I want to change in the script is to share it through 76.148.200.4 (eth0:1) instead of what is already sharing through 76.148.200.3 (eth0). I am sure this is easy but can't work it out and iptables doesn't accept 'aliases'. How I can do this by modifying this script?