my Linux does not workDoes not accept incoming connectionsiptable disabledping is a network but cannot nor at 22 nor at any other connectsHow do I check what is blocking the connection
thnx alot.OS Ubuntu 9.4
i have a linux server runnig oracle applications. i need to access this server from putty using ssh through internet. i did by registering my static ip with the dnydns.org and i am able to connect to the server. but now there is no security to authenticate any user as any one knowing the password can login to it.
i thought of configuring the firewall of linux server but the client ip`s are not static and they change continiously. so thought of keeping one more pc between the server and the router which will do the work of authenticating. but i am confuse as how to configure it to allow the packets coming from the internet after authenticating and to by pass the packets generated from internal LAN?
i need to write a program in c that can sniff packets from Ethernet and distinguish RTP packets from Non-RTP packets, i have no idea what should i do
View 9 Replies View RelatedWhile reading some papers on securing apache with selinux, I have tried to bind httpd to port 3000 expecting to be blocked by the selinux, since port tcp 3000 isn't on the http_port_t list. However I was able to start the service...
I'm preety sure selinux is enforcing. Also, if I bind httpd to tcp 81 selinux denies the start of the service, as expected!Did I miss something? Why is httpd allowed to start binded to a port that's not explicitly allowed?
Basically i have no idea to provide proper information in the setup wizerd.
View 4 Replies View RelatedI have a hardware device with two ethernet ports, eth0 and eth1 running Centos 5. Basically my goal is to forward packets from eth0->eth1 and eth1->eth0 as well as get a copy of these packets for analysis. If I set IP routing to do the forwarding then I won't get a copy of the packets for analysis.
View 3 Replies View RelatedI have a sitution that I am trying to set up.
I have 2 email servers that run on Windows: one is for internal purposes, the other is external purposes.
The external one will receive e-mail from the outside world, clean it up and forward it to the internal one.
There are 2 Windows Vista machines and 2 Unix (OpenSuse Linux) machines.
Since there can be only 1 email server per domain, I thought I would:
-> set up a local domain with ALL of the machines in it
-> set up a DNS server for the local domain
-> set up a MX record in the DNS server for the email
For the external machine, just have a Dynamic IP point to the Windows machine holding the external email server.
Does this sound plausible? Does this make sense?
As waht it says above. I can't access public wifi as any browser on every single distro i've tried (15+) won't load just stuck in perpetual loading. No error message or nothing.
Also the browser wouldn't work until i disabled ipv6 in about:config. All browsers do this. is there something i could do to disable it completely so i have a browser choice?
I had firefox having an inability to download addons, so I edited the dhclient.conf file by entering the following into a terminal:
Code:
sudo gedit /etc/dhcp3/dhclient.conf
When the document opened, I edited the line that starts prepend domain-name-servers to read:
Code:
8.8.8.8,8.8.4.4;
Saved and closed the file. I went back to the terminal and opened the nsswitch.conf file by entering:
Code:
sudo gedit /etc/nsswitch.conf
When the document opens, I edited the line hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 to read:
Code:
hosts: files dns
Saved and exited the document. To be on the safe side, I restarted my computer after making the edits. [/QUOTE]
This was done following the thread someone wrote on a similar error: [URL]. Still does not allow addons...
I installed and configured a squid transparent proxy on my linux os at work. Also it is veryslow but every thing is ok while I do not try to use port 443,so when I try to use sites like mail.yahoo.com or other which are using https(443) port and the method used is CONNECT I see some errors in access.log like:
"NONE/400 xxxxx CONNECT error:method-not-allowed - NONE/- text/HTML"
and in cache.log somthing like:
""WARNING CONNECT method received on http Accelerator port 3128"
""WARNING for request: connect CONNECT login.yahoo.com:443 HTTP/1.1"
.
.
""ClientProcessRequest: Invalid Request"
[Code].....
As I view it, Ubuntu has a great security risk in that it still allows internet access when the VPN connection has been lost, for whatever reason. As it is now, when the VPN connection fails you get bumped back to using your regular IP, and whatever you are doing becomes transparent to anyone watching. This is simply unacceptable for an allegedly secure platform. Does anyone know of a way to fix this with a script/program, or is there a distribution/OS that allows this? Windows re-dials the vpn automatically, but still allows internet access in the mean time.
View 1 Replies View RelatedI have downloaded and installed Fedora 10.Now I am setting up the network and in the 'network configuration' it finds the wireless device (ralink) in the 'hardware' section of the configuration - I set this to eth0 (it originally set itself to wan0 and I still had the same problems, now it doesn't give me the option to put it back to wan0).Now I goto the devices tab and try to set up the device with eth0 - which it seems to find.But when I goto activate the device it tells me that eth0 cannot be found
View 2 Replies View RelatedMy setup is...I have a wireless access point using laptop as a gateway. The AP is also connected to a switch as is the laptop. So the laptop has two interfaces one wireless and one wired. A third device is using the AP to connect to a server on the internet. The AP sends the packets to my laptop where they are dropped. I've been looking for a solution to this problem without success. Basically is there a way for my laptop to forward all packets it sees from a certain IP address to whatever destination address they have?To clarify, my laptop is just the gateway of the AP and none of the packets are addressed to it at all, it just picks them up using a sniffer or similar tool.
View 1 Replies View Relatedusing layer 7 filtering how to block the ftp packets?..
In My router i am going to add a below rule.... iptables -A OUTPUT -m layer7 --l7proto tcp --dport 20 -j DROP
above statement will it work in my router?.
1) i have to find the source and destination address in the ip and ethernet headers of a packet that go from my machine to the router.2) Then i have to do the same for the packet that goes from the router to my partner's machine.Then I have to answer the above questions but now for the echo replay.How could i see these address?The result could be found in the output of a tcpdump?
[guest@shakti guest]$ sudo tcpdump -en host 128.238.62.101 and 128.238.61.101
tcpdump: listening on eth0
20:27:36.662737 0:4:75:b5:20:bc 0:3:e3:2a:4a:60 ip 42: 128.238.61.101 > 128.238.62.101: icmp: echo request
[code]....
I've a ssh server on FEDORA 12. It was going well but now it's overloaded with ARP traffic and is unable to run ssh. normally i'm getting about 150 packets in just 3 second
View 1 Replies View Relatedwe are using Red hat enterprise 5.4 for our internet connection with following ip's
eth0: 192.168.1.2 (local lan)
eth1: 114.143.28.240 (static ip address for 1st isp)
eth2: 192.168.100.149 (2nd isp modem connected with lan cable)
first isp i.e tata internet connected to the internet and working very well
now i want 2nd isp to work when the first isp goes down, i had configured all dns in the resolve.conf and squid.conf, when i switch off the 1st isp for checking that failover is working or not i cannot get internet packets from the second isp.
One of our RHEL 5.3 servers has trouble about 30% of the time with TCP-based communications, but it does not seem to be firewall issues. From another computer on the same switch, you can SSH to the server sometimes and other times the SSH command will just hang. When it hangs, you can often just Ctrl+C and try it again and it works. Same with HTTP connections. You'll get part of a web page and then FireFox will just hang waiting for the rest and eventually time out. Same goes for communication initiated FROM the server. SSH'ing from the server to any outside server or connecting to any web site works sometimes, but most times not. iptables if off. No other firewalls are running. Tcpdump shows communication gets so far and then stops. It does not matter whether tou run tcpdump on that server or the client connecting to it. Either way you see the connection stops working. MEANWHILE, pinging with small or large packets works flawlessly. 10,000 packets, zero drops.
View 5 Replies View RelatedI've recently installed Ubunter 9.10 Server Edition to use as a NAT firewall for the lab I run. I'm using iptables to do NAT forwarding and everything works great except that, occasionally, connections seem to break. Ssh connections close with "Connection reset by peer" and HTTP connections just stall out.I believe this has to do with the firewall's internal network interface occasionally dropping packets.
View 2 Replies View RelatedI have two NIC's interfaces on my linux machine(eth1 and eth2). Each have different IP addresses(10.0.0.1, 10.67.7.1). These two interfaces are connected together through hub. Here is the my question?
1) If I 'ping 10.0.0.1', it should go out through network interface eth2 and through hub and enter on eth1 and response also travel through similar direction.
2) If I 'ping 10.67.7.1', it should go out through network interface eth1 and through hub and enter on eth2.
How can setup routing table for this,I have tried setting up routing and iptables, etc.. nothing helped.
If any one good router/networking guy, you should know this one.I am doing a project, I want this way to handle this.
I have a network like
Node A to Vlan Switch
Node B to Vlan Switch
Node C to Vlan Switch
Node B is set up to be a middle man between A and C.
All nodes have 1 NIC.
They are all linux boxes. Node B can ping Node C. When I try to ping Node C from Node A, the ping just hangs forever.
When I use Wireshark to sniff What's going on with Node B during a ping from Node A to Node C, I can see an ICMP request with src = Node A and dest = Node C. I'd like to know if that ICMP packet was received by B from A or if it is going out. If it's going out, that makes no sense since B knows how to send to C. If B is only getting the requests but not forwarding them, then I know there is something wrong with B's configuration.
So I'd like to be able to sniff incoming packets only, or outgoing packets only. Is there a way to do this?
I have a legacy application that communicates status to a remote server over UDP. The server app replies back to the client with UDP as well, using the IP address it obtains from the sockaddr parameter of the recvfrom() method.
Code:
[----------------] [----------------]
[ client <->(udp)]<----- Ethernet -----> [(udp)<-> server ]
[----------------] [----------------]
I'm trying to replace the underlying use of ethernet, with a RS232 based radio/modem device - without making any src changes to the legacy apps. i.e. apps would still create and transmit UDP packets addressed to a remote IP address and listening port, and the receiver wouldn't know any difference. I'm relatively new to this level of network programming, but my first attempt has been to write an app that sniffs out outbound raw UDP packets (using pcap), transmit that data over the radio, and re-injects the UDP unchanged on the remote end.
Code:
[----------------] [----------------]
[ client <->(udp)] [(udp)<-> server ]
[ | ] [ ^ ]
[ v ] [ | ]
[ /capture/]<---- Radio XMIT ----> [/reinject/ ]
[----------------] [----------------]
My 'capture' app intercepts the UDP packets just fine when the machine is 'plugged' in, but as soon as I disconnect my network cable to test wireless, outbound packets addressed to a remote IP (ie. the server) are no longer captured (tho local UDP packets are picked up ok). Wireshark also does not report the original outbound packet, but it does show an ICMP packet reporting 'Host Unreachable'. I understand the host isn't reachable, but I'm confused as to why the packet isn't at least making it to the interface/network card. Is there anyway to get the force the kernel to 'transmit' the UDP packet anyway so that my capture app can intercept it? or is there a better/easier solution (again, w/o making source changes to the client/server)?
I have question regarding netstat? When performing a "netstat -s" I receive the following information regarding dropped packets under IP:
IP:
93978695 total packets received
0 forwarded
0 incoming packets discarded
79472157 incoming packets delivered
65235033 requests sent out
29527 outgoing packets dropped
However if I run a "netstat -i" I have no dropped packets whatsoever: (apologies for the table format):
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
bond0 1500 0 34326528 0 0 0 72755307 0 0 0 BMmRU
bond0:1 1500 0 - no statistics available - BMmRU
bond1 1500 0 28605491 0 0 0 20948952 0 0 0 BMmRU
eth0 1500 0 34199550 0 0 0 72755278 0 0 0 BMsRU
eth1 1500 0 126978 0 0 0 29 0 0 0 BMsRU
eth2 1500 0 97911 0 0 0 1 0 0 0 BMsRU
eth3 1500 0 28507580 0 0 0 20948951 0 0 0 BMsRU
lo 16436 0 34094225 0 0 0 34094225 0 0 0 LRU
I am new to Ubuntu almost installed it after windows showed blue screen 4 ever n ever. However after installing ubuntu whenever I log in windows it doesnt detect any network connection but when I use Ubuntu it automatically does can it be that Ubuntu is causing any problem? And how to check how many packets are being sent and received through my wired network and do I have to install any drivers for my modem in Ubuntu.
View 5 Replies View RelatedI am using ubuntu 9.10. Configuring my firewall using guarddog. I have setup a rule to allow traffic OUT on port 7078 UDP, and just because i'm having problems i added an IN rule.
# Create the filter chains
# Create chain to filter traffic going from 'Internet' to 'Local'
ipchains -N f0to1
[code]....
is there any way to point certain packets from my outgoing traffic to a LAN : port ?
can iptables do this ? if yes how ?some like this [URL] ?
I am not a networking expert by any means (in fact I have never taken a networking course), but I have taken several security courses, and generally we wind up discussing replay attacks. For example, the Needham-Schroeder protocol (using symmetric-key cryptography anyway) is flawed because it allows for replay attacks, and I understand why.
I guess my question is actually how someone would perform a replay attack. I know I can sniff network traffic by downloading wireshark. I also have downloaded winpcap and npg on my WinXP virtual machine. I'm trying to use this guide to help me, but I'm quite lost:[URL]What I did was to post a "link" to my facebook profile and I sniffed the traffic using wireshark. What I would ultimately like to accomplish is to copy that packet out of the wireshark output, and then use a tool like npg to transfer the raw packet back to facebook, which should result in a second, redundant post. I just can't figure out how to do that.
I'm pretty sure this should be possible. Facebook only uses an SSL session for authentication during login. After that, the information is just sent in the clear, so I'm pretty sure this should be possible.Can anyone explain how to do such a thing? It would really help my research paper that I'm working on this semester if you can. As of right now the attack we are trying to demonstrate/defend against is using a Windows VM, which is why I'm using winpcap/npg. The attack is actually possible using just about any OS (depending on the exploit used), but our POC is Windows only at the moment
Suppose I have computer A with ip address on eth0 of 192.168.0.1 and ip address on eth1 of 192.168.1.1. If I send packets to 192.168.1.1 from computer A, it automatically uses the loopback interface. Is it possible to modify the routing table some how to send these packets out on eth0 instead and have them route around the network and come back on eth1.I've tried 'route add -host 192.168.1.1 dev eth0' but it seems to completely ignore this entry.
View 5 Replies View RelatedOn our webhosting servers, where is primary running apache, sometimes starts huge outgoing traffic to random IP addressess (each time of attack is it just one IP). It's always UDP,and according to my investigation tcpdump, it looks like p2p. The problem is in big outgoing traffic, and secondly in filling ip_conntract table /proc/net/ip_conntrack. I think, that one of our webhosting users has some virus uploaded on his FTP, which is time to time ran. I think, that if I can map outgoing traffic to particular process ID, it will be easy to find the PID in access log of webserver and than see what URL it causes.
What I have checked already:
- outgoing UDP connections are not listed in netstat - so cannot get PID from there
- Apache with PHP is in safe mode - cannot exec binaries, cgi is disabled
- I can see tons of records in tcpdump, but from the dump I'm not able to get PID
- In time of attack I was trying to run `lsof`, but nothing to see - didn't found the attacker
- I went through apache access log - I took time of attack -i.e. 02:22 am - grep from access log all hits between 02:20 and 02:29 am and try to call all them again - problem didn't occured
- checked the POST records from access log - nothing
- grepped all php files for keyword 'fsockopen' and 'torrent'
- from iptables --log-uid I have found user nobody (under apache is ran)
I think that the key is able to match outgoing connection to PID, than it will be easy.
I'm using madwifi linux driver (ath1) in monitor mode to capture some wireless traffic. I can see that all wireless traffic is coming well through the wireless interface (checked using TCPDUMP). What I want to know is how I can forward the captured wireless packets to a different Ethernet interface (e.g. eth2) in the same machine to send those captured packet out to a different computer.
I set 1 for /proc/sys/net/ipv4/ip_forward
for iptables, I tried this rule: iptables -A FORWARD -i ath1 -o eth2 -j ACCEPT
However, I coudn't read any packet from eth2 via TCPDUMP.
