I want to prevent code from making http connections to other, specific hosts. My understanding is this can be done in /etc/hosts.deny. What would that look like?
View 5 Replies(centos 5.5 86*64 with cpanel) I am trying to set up a php script.
The script requires an outbound connection to project honeypot and when I go to the honeypot.php on my server I get an error asking if outbound connections are disabled.
They could be...I am not sure where to check, I have checked csf and outbound tcp is allowed on port 80, but I am not sure if I should be looking somewhere else.
Obviously I dont want to make the server insecure, so I am wondering how I can allow this outbound connection.
I'm having a problem that seems to plague a lot of people judging from my research on the web. I have a hosting provider that limits the number of incoming connections to the shared host to 50 per IP.
I have a single IP for outbound connections and I use Squid as a proxy server.
Lately I've tripped across the 50 connection limit frequently - and that's with only 1 user. It seems the problem is related to the performance you can get out of a desktop these days. Its not impossible to have several browsers open with several connections to different sites on the same server - and boom - locked out!
So it occurred to me that there must be some way to limit the number of outbound connections in the kernel - but I've not found it. I did find that Microsoft had been limiting the number of outbound connections in XP to 10 to address the virus problem, and I've found countless hosting complaints and dialog on the subject with no easy solution.
So my question is simply, does anyone know how to limit the number of OUTBOUND connections to a single IP in the kernel?
I have problem on VPS running opensuse. When I enable firewall outbound connections stop working. I have tried everything I know (not much when it comes to firewall (iptables)) but could not solve this.
Here is my ifconfig:
Code:
I used xxx.xxx.xxx.xxx to hide real address.
I'm having an issue where a server in CA (1000/full) and in VA (100/full) have very lopsided data transfer.
CA -> VA with iperf shows ~20Mbps
VA -> CA with iperf shows ~93Mbps
If we change the CA server to 100/FULL, transfer speed is 93Mbps both ways.
Some tuning was done to TCP window scaling parameters, but it won't correct the issue, just improve the CA -> VA numbers to what is listed above. I will say, turning TCP window scaling OFF will lower the transfer speed both ways to < 20Mbps.
The only clue I have when looking at wireshark dumps is that the window scale going OUT would never go past 10240 (scale is 8, so 2^8 x 40bytes). In the opposite direction, the window size will go above 3MB (scaled).
It is not a bandwidth problem as iperf with UDP shows 93Mbps both ways. Local transfers (CA 1000/full to CA 100/full) show full speed both ways, so I feel it is strictly related to TCP window scaling.
RedHat 5 64-bit on both sides. Any ideas why it won't scale above 10240?
Looking at the results of both `lsof | grep IPv4` and `netstat -tp` I noticed that I have a lot of connections open from a program called 'gvfsd-http'.
Using google, I found that this was a Filesystem something from Gnome, that would also be used If I drag something from my browser to my desktop.
Though I wonder, how I activated it, because I didn't do that...
After a bit of searching, I noticed that `screenshots.debian.net` uses the same IP address as the one noted (hades.car.gr).
PING screenshots.debian.net (78.46.20.5) 56(84) bytes of data.
64 bytes from hades.car.gr (78.46.20.5): icmp_req=1 ttl=56 time=55.4 ms
Question: Do I have some tool enabled that maybe sends statistics to debian or so? Where to find it and kill it.
I have troubels with internet, on different Linux x64 systems on my laptop(Lenovo ThinkPad sl510), but if I load WindowsPE all is OK ( what coud it be? where to search?There is an hardwere firewall/nat/gateway in my local network, it allows only connections to dst ports tcp 80 (http), udp 53 (dns) and no frags, no icmp, deny in and etc. But Windows Internet (the same Firefox) works fine , and under Linux sites doesn't loding full or "connetion timed out"...But if I have can start downloading any file it would be downloaded full (I have downloaded DVD iso of SuSe)Dns throu nslookup responce not evry time...Decreasing of MTU to 1372 didn't help (( Deactivating ip v6 also....What coud it be? What is different betwin Windows and Linux in DNS clients is any alternative dns client in SuSe? Is the trouble only in DNS?
View 1 Replies View RelatedSo we have DNS round robin set up for 4 servers. If we ping dns name (basically an alias) server_connect it resolves with different IP address in round robin format. I.E. x.x.x.1 x.x.x.2 for the 4 different server IP addresses. When we do nslookup server_connect it will come back first time as server1_connect server2_connect through server4_connect so the server is able to resolve through ping and nslookup resolving the initial dns name (alias) to the dns name associated in the round robin. Problem is when we try to connect with http or telnet it comes back host unrecognized. I can put one of the 4 round robin servers in /etc/hosts and it connects fine so I'm thinking that either one of three things.
1) ttl
2) It does double connection first to identify itself to the round robin server and then handshake but second time it hits for the handshake the IP and dns name is different than what it expected so it fails.
3) Since we are trying to telnet to dns alias and it is returning different dns name it fails.
2 and 3 seem most promising but now I'm at a stand still.Anyone else come across this issue and if so how did you resolve.
I've noticed that when I open firefox I get really strange HTTP and HTTPS connections showing up in firestarter (which as I understand it is just a GUI for IPtables). They connect to various bits of a site listed as 1e100.net (when you use "lookup hostnames") such as wy-in-f18.1e100.net, they stay connected all the time as far as I can see unless I close firefox. I've heard people say they are connected to Google, but I can close all tabs after loging out of google and still see them... it's very odd.
View 3 Replies View RelatedThere is a segmentation fault error while receiving http request side program. Following is the code:
Code:
#include<iostream>
#include <sys/types.h>
[code]...
I am trying to connect to the web interface found at [URL] using curl. This first requires login information to be entered at [URL], but I am having an issue with the login process. I am trying to submit the following form via POST:
Code:
<form action="j_security_check" method="post" id="login_form" name="login_form">
<center> <table style="background: #cac1cf;FONT-SIZE: 12px;">
<tr> <td align="center" colspan="2">Please enter your username and password:</td>
</tr> <tr> <td align="right">Username</td>
<td> <input name="j_username" style="width: 250px" id="j_username" type="text"/> </td>
</tr> <tr>
<td align="right">Password</td>
<td> <input style="width: 250px" name="j_password" id="j_password" type="password"/> </td>
</tr> <tr> <td colspan="2" align="center">
<input value="Enter" name="enter" type="submit"/>
<input value="Clear" name="Clear" type="reset"/>
</td> </tr> </table> </center> </form>
The command that I am using for this is the following:
Code:
curl -c cookies -b cookies -L -d "j_username=user%40domain.com&j_password=pass" [URL]
The command is properly formatted as far as I can tell. I tested it with another website using a similar authentication scheme using different POST variables specific to the form and it worked fine.
When I run the above command with the -v tag, it reveals this:
Code:
* Connected to lcl.uniroma1.it (151.100.4.74) port 80 (#0)
> POST /sso/j_security_check HTTP/1.1
> User-Agent: curl/7.21.0 (i686-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18
> Host: lcl.uniroma1.it
> Accept: */*
> Content-Length: 44
> Content-Type: application/x-www-form-urlencoded
>
} [data not shown]
< HTTP/1.1 408 The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser
< Date: Sat, 29 Jan 2011 15:26:41 GMT
< Server: Apache-Coyote/1.1
< Content-Type: text/html;charset=utf-8
< Content-Length: 1554
< Connection: close
<
{ [data not shown]
103 1554 100 1554 0 52 5081 170 --:--:-- --:--:-- --:--:-- 10223*
Closing connection #0
I cannot tell why the login timeout is expired when I try to do this, and my investigation toward this end has been fruitless. I saw a brief snippet on Google that vaguely suggested that the underscores in the domain name were at fault, but replacing these with their encoded counterparts did nothing to resolve the issue (that, and underscores should be fine when sent unencoded according to the standards). I have extensively perused the man pages and have come up with nothing to adequately explain this behavior. I also talked to a friend who has worked with curl in his line of work, but he mostly has experience in the context of PHP and has not dealt with this issue before. I am running GNU/Linux 2.6.35-22-generic-pae.
I was having a problem with the keyring asking me for a password after I changed my user password. I googled it and found that since the password changed, I will get asked for the keyring password until I delete ~/.gnome2/keyrings/login.keyring. What happened was that I wasn't paying attention that you had to generate a new keyring password before rebooting.
Now, whenever I try to login via gdm, I get this message: error initiating conversation with authentication system - general failure
How do I get it working again? I can still login from the terminal.
I need to log outbound (server -> remote) ssh traffic, but am unsure of the best way to do this.
I added this to iptables, but nothing is being written to the logs when I ssh from the server to another system.
iptables -A OUTPUT -m state --state NEW -j LOG --log-uid iptables-save
I wish to prevent some programs from "phoning home", and to allow other programs to access only specific web servers.Is there any way to interactively allow or decline outbound communication from individual programs on Ubuntu?
View 4 Replies View RelatedMy setup is local install so I don't expect it to receive emails from the internet.However I do expect it to be able send messages to the internet, but it doesn't seem like it. I have tried setting up on FreeBSD before and it was able to do so but I wasn't involved in the setting of the machine though. I was just tasked to setup Horde
View 3 Replies View Relatedhave a problem with my network-manager in ubuntu 10.10.when I dial one of my vpn connections, my other vpn connections be disabled and I can't use them!I tried to restart network-manager and gnome-panel, but it does't seem to solve this problem.
View 1 Replies View RelatedTried to make the /etc/pam.d/gdm mod to auto-auth keyring. Now when I boot up it says "error initiating conversation with authentication system - general failure" preventing me from logging in.
So I read that I can enter recovery mode by pressing Esc on boot up to boot to a root shell. However no amount of button mashing Esc on boot up seems to have any effect, always bringing me to the graphical login. I could boot to a liveUSB but this has all started when I got to work this morning, and don't have a USB key handy, and I'd like to get this sorted so I can do some work today!
And why does the /etc/pam.d/gdm tweak seem to be causing so many issues (googling reveals the technique has a lot of other users finding the same problem as me, however they seem to be able to get to recovery mode)?
EDIT: If I hold down or mash Esc fast enough, the computer will beep at me once or twice, but nothing changes on screen
EDIT 2: Ok found out that holding SHIFT is the new way of doing things, reverted pam.d/gdm to the backup and things are back to normal!
I have a VPN account and have been running it perfectly on windows without any problems but I deleted my windows OS because I wanted to force myself to learn a Linux OS. I have installed the configuration package through the terminal and have followed this guide exactly
[URL]
The VPN was giving me a no secrets error to start off but I managed to fix and now it connects for about 40seconds but whilst it is connected, the internet is completely useless and I can't get on anything... It then disconnects after 40 seconds saying it has failed.
I installed firestarter to see if I could tweak it there to work but it was beyond me and I could also see from the data being sent that none of it was going through tap0 whilst the VPN was connected..
I've just installed Ubuntu 11.04 on my Early 2008 Macbook Pro and am trying to initiate some form of right click functionality. A mapped key is fine. Apple's ctrl+click is fine too. I do use a usb or bluetooth mouse quite often, but I really need right click functionality for those times that I just grabbed the laptop and ran with it.
I've browsed the forums, ran into a couple of solutions, but they were a bit older and I could not get them to work properly. Also a hindrance here is my relative unfamiliarity with Linux/Ubuntu.
I installed 11.3 first as update from 11.2. The later described error occured.My first approach was to install 11.3 as full install from scratch, the following error did not disappear.System boots fine when doing boot option "confirm" and answer "no" to haldaemon service. Subsequently no usb devices are recognized by the system.
If i do not skip the haldaemon, either in normal as in failsafe mode,haldaemon reports a "NULL Pointer dereference", which is repeated very often.The system finally stops booting, the screen is full with the following three lines, which seemed to be repeated for about a minute.
"BUG: Cannot handle NULL Pointer dereference at 000000049.
IP: [<c02250bc>] no_context+0x6c/0x150
*pde = 000000000
i removed old unused hardware, as i read in a older thread, that this was the cause for a boot up failure with the haldaemon, but nothing changed.
I've bougt a new pc (i5-2050k, Nvidia GeForce 560Ti) and wanted to install Linux beside Windows.But each Linux-distribution (exept the old ones from Mandriva) fails installing/starting als livecd/checking for installation errors/..... while initiating udev.Is there any known bugfix for this problem? Remind, there is just Windows, so don't give me any shellcode to execute
View 5 Replies View RelatedUsing netcat, nc(1), craft a valid http/1.1 request for getting http headers (not the html file itself!) for the main index page of www dot aalto dot fi. What request method did you use? Which headers did you need to send to the server? What was the status code for the request? Which headers did the server return? Explain the purpose of each header.
nc -v www dot aalto dot fi 8080
HEAD / HTML/1.1
host: www dot aalto dot fi
And it returns:
200 OK
Content-Length: 858
Content-Type: text/html
Last-Modified: Thu, 02 Sep 2010 12:46:01 GMT
[Code]....
I really don't know what does it mean. Question 2: Using netcat, nc(1), start a bogus web server listening on the loopback interface port 8080. Verify with netstat(, that the server really is listening where it should be. Direct your browser to the bogus server and capture the User-Agent: header "Direct your browser to the bogus server and capture the User-Agent: header" I don't understand this question.
I installed Nagios on my Ubuntu 10.04 server using apt-get and when I accessed the web console, everything was OK. I made some changes to apache (creating some new virtual sites) and since then Nagios gives me a warning message for HTTP with the message, HTTP WARNING: HTTP/1.1 404 Not Found. The sites that I created are working perfectly. I noticed that the attemps are 4/4. Does this need to be reset or does Nagios automatically reset that once it detects the issue is resolved?
View 1 Replies View RelatedWhen I go to log out or switch user. it takes me to the screen where it asks me to choose user then password...
I get this error message: Error initiating conversation with authentication system..
Is it fair to say that connLimit and hashlimit are very similiar on Linux i.e. while hashlimit caters to limits for groups of ports, they both set the connection rate limit per host? How in IPTables, do I configure a policy that limits connections on a port that encapsulates the total sum of all connections from all hosts? i.e. I do not want to allow more than 6000conn/minute for port range that is the sum of all connecting hosts?
View 3 Replies View RelatedI recently installed Fedora 15 now, and during installation I set the internet connection manually, then did update and after reboot, the internet connection settings have been removed. Now I can not set because the network connection to the Internet Connection is inactive. I mention that before the update was functional internet connection.
View 5 Replies View RelatedLooking at the output of netstat, I'm not seeing a definitive way to tell which torrent connections are clients reaching in to my machine vs my machine reaching out to the world. Is there a clear way to determine which is which?
View 1 Replies View RelatedI have internal-only email server that has internal BIND9 running. Thought it only has its IP address defined in /etc/resolv.conf, it is still resolving outside addresses.
View 2 Replies View RelatedI have just built an internal postfix server for sending mail only, it's not accessible outside our network. I will be sending from our domain, Rewriting the from field to abc.com is turned on in the postfix config. A friend is telling me this will not work as they will do reverse lookups on our domain. What does this mean? Obviously the domain the email is sent from is a valid domain. If they do a lookup from the IP the mail came from it would be global crossing, our internet provider? These outbound emails are critical client reports, I want to make sure they are not seen as spam.
View 1 Replies View RelatedI'm sending files to a remote server by way of FTP via a PHP script. With the firewall turned on these files are getting to the remote server with 0kb and the remote server is timing out before all the files are received. When the firewall is turned off the all files are received in tact. There are no outbound rules set in the iptables, looking for ideas on what to check next.
View 4 Replies View Related