Networking :: IPTables - Inspect / Modify DNS Requests?

May 10, 2010

I'm trying to work out a way to inspect/modify dns requests as an advertising filter. Iptables is a good place to do this, but I'm having some problems disassembling the packet. On my dev box, when a DNS reply is returned from a request made on the dev box. I use this rule to route the reply packet through a queue:

iptables -A INPUT -p udp --sport 53 -j NFQUEUE --queue-num 1

Will the rule catch the inbound udp packet with the dns reply in it? I get something in the queue, but it's unintelligible when attempting to disassemble the packet. I don't want to move onto looking at my program until I get some feedback on the rule.

Here's a primitive diagram of what I'm working towards:
host ->DNS request->iptables(no outbound rules)-> DNS Server
->DNS Answer ->iptables(queue udp 53 packets)
->inspect packet program-> Allow/Deny -> host processes allowed packets

View 1 Replies


ADVERTISEMENT

Server :: Use Iptables To Block Multiple Requests From The Same Ip Within A Certain Time Frame?

Oct 17, 2010

I run a small home server (Debian 4), which acts as my gateway to the internet (ie, firewall) and runs a web server, dhcp, dns, and acts as a file server to the rest of the machines on my home network. Now I know it's never a smart idea to have all those services running on the same machine that is acting as a firewall, but I don't fancy running multiple servers just for home use, as it's mainly allowing me to learn system administration.

I noticed a few days ago that my internet had become unbearably slow, to the point where I could sometimes not load web pages. I spent a while searching through log files on my gateway, to try and find out what was eating up all of my bandwidth. When I came to apache's access.log file, I was confronted with this:

Code:

204.45.41.82 - - [17/Oct/2010:06:25:10 +0100] "GET http://vewice6.nightmail.ru/marriott-grand-cayma.html HTTP/1.1" 200 36921 "-" "Mozilla/4.0 (compatible; M$
204.45.41.82 - - [17/Oct/2010:06:25:11 +0100] "GET http://malaysiapodcaster.blogspot.com/2006/05/blog-post_11.html HTTP/1.1" 200 58681 "-" "Mozilla/4.0 (com$

[code]........

Multiple requests to my server, for totally random websites. I didn't even know it was possible to make those types of queries to a webserver. The only thing that is on the web server is a browser based torrent client. I have only shown a small snippet of the log file, but there are around 90k lines to different web addresses, from many different IPs. What I want to know, is what is happening? :S Why is someone querying MY web server, for web sites totally unrelated to it? And most of all, how can I stop it. My initial was to try and use iptables to block multiple requests from the same ip within a certain time frame, which I think would work as the server shouldn't really get many queries from external networks.

View 9 Replies View Related

Networking :: Inspect SSL Traffic On LAN

Dec 1, 2010

I'm trying to inspect network traffic from my iPhone / iPad / Kindle / other wi-fi only consumer electronic device. To do this I man-in-the-middle myself (connect laptop to LAN via wire, create wireless Ad-hoc network, bridge the connections, then connect my device to the ad-hoc wi-fi network) and use Wireshark to watch the traffic.

In the past this has been adequate for my needs (just wanted to watch and see what potentially private info was being leaked about me / see that banking / amazon / etc apps were going over SSL). Now I've noticed that applications are almost all using SSL (which is great) but they are way to active for my taste. I'd like to use these apps but want to know what's happening in the background. I know that corporations dead-end SSL connections at their proxys to inspect the traffic and then re-establish the connection on behalf of the user for the trip across the internet. While I find the corporate use a bit distasteful, I think this is exactly what I'd need to do to myself. Any suggestions for how to do so or other ideas on how to get the packets in the clear?

View 3 Replies View Related

Networking :: Inspect Ports Or Packets For Outgoing Email?

Aug 2, 2010

My server ended up on 1 (just 1) block list and I'm finding it very difficult to convince myself that it was just an error of some kind.Can anyone think of any giveaways at the packet or port level that some program is sending spam from my server without using the normal MTA (nothing suspicious is showing up in the sendmail logs)

View 9 Replies View Related

Ubuntu Security :: Modify The Iptables Rules In Any Way?

Jul 9, 2011

what do the following two commands do? Do they modify the iptables rules in any way?

sudo /sbin/iptables -L -n
sudo /sbin/ip6tables -L -n

View 5 Replies View Related

General :: How To Compile Gstreamer - Gst-inspect Can't Cd

Dec 8, 2010

I am able to compile gstreamer just fine, but when I port it to the platform where I want to use gstreamer gst-inspect comes back with: "can't cd to /home/MY_HOME_FOLDER".

MY_HOME_FOLDER is the folder where gstreamer and all of its tools got compiled in.

So, how do I tell configure script (or whatever decides to remember this path) to use common Linux paths so when I port gst-inspect to /usr/bin it would work OK?

View 1 Replies View Related

Ubuntu Installation :: Inspect And Evaluate The Mbr On A Disk?

Aug 5, 2011

How can i inspect and evaluate the mbr on a disk in a computer?

I'm interested in how to do this in general.

I can use gparted to see the partitions on a disk, but i don't know how to use it, or any other tool, to see just what is in the mbr.

The particular situation i'm in is that i have two disks in my computer. One has ubuntu 10.10 on a single partition, and one has 11.04 on one of 4 partitions.

The 11.04 disk used to be bootable, but somehow i messed up the disk: longer story: i installed another os on another partition, and the other os redid the mbr and installed a different version of grub, and i tried to reinstall grub but ended up with a disk that wouldn't boot. So i put my old 10.10 disk back into the machine so that i could at least boot and look around on the 11.04 disk.

Now, there are probably ways that i could recover the 11.04, but i would like very much to be able to systematically analyze the 11.04 disk to determine its exact current state before modifying it.

Since the disk is not mounted it seems like this should be in reach: i want to be able to (a) capture the mbr from the 11.04 disk [into, say, a file on the 10.10 disk] (b) get an analysis of what the mbr would do (where it points to etc, and what is at where it points to) (c) get any high level information which can easily be determined from (a) and (b).

View 5 Replies View Related

Networking :: Redirecting Ssl Requests With Squid?

Feb 24, 2010

say i have an apache server configured for ssl/non ssl virtual hosts and a proxy configured as follows (see squid.conf)the ssl on each name based virtual host is configured on its own port (only 7 of the domains need this the rest are just media and other insignificant bits of data but domains 1-7 contain forms that require specific personal information that may be technically illegal to transmit without encryption)if any additional information is needed just let me know

domain1 is port 443
domain2 is port 444
domain3 is port 445

[code]....

View 2 Replies View Related

Software :: Program To Inspect Harddisk Location Of Files?

May 9, 2010

Does anybody here know a program (Linux-based or even Windows-based) which permits looking at the files structure of a harddisk in such a way that you can find out what file lies where on the harddisk?To specify further what I mean, back in the DOS days the Norton Utilities would show the distribution of files on a harddisk. It would show the harddisk as row upon row of rectangles, marked as used or not used, and the top left rectangles were the beginning of the harddisk while the lower right were the end of it.Now if a program put some files at the end of the harddisk it was possible to mark the filled rectangles and find out exactly which files were there.

View 9 Replies View Related

Networking :: HTTP Requests Always Go By TCP Connect Tunnel?

Aug 14, 2010

How do Http requests and responses go from a client to the server? IS a TCP Connect Tunnel always formed or is there some different mode ?

View 4 Replies View Related

Networking :: Balance The Internet Requests From LAN Using 2 Connections?

Feb 17, 2010

I have a firewall ( a pc with debian 5) with 2 internet connections. each connected to a ethernet card (the firewall has 2 ethernet pci cards so it has one connection per card)how can i balance the internet requests from my LAN using this 2 connections?

View 3 Replies View Related

Networking :: Forward All Http/https Requests ?

May 12, 2010

I have a server (Fedora 12) setup at a client's datacenter and the network is setup to allow me ssh access into the server, but prevents me from opening any connections from the server. However, I need to make http and https request from the server. What I'd like to do is forward all http/https traffic through another machine outside the network.

I've been looking at the documentation for ssh and the various options there and have gotten so far as to enable initiating an ssh connection from the client network back to my machine, but am not sure where to take it from there.

Here are some of the commands I've used so far:

Code:

I'm attempting to bind port 80 to be forwarded through the local machine. I assume I use "ssh -R" to create a dynamic tunnel to forward requests but I must be missing something.

By the way, root login via ssh is disabled.

View 5 Replies View Related

Networking :: TCP Crawler Network Not Working After Many TCP Requests?

Jun 11, 2011

I have a crawler on my VPS VMWare Server (also tried it on my dedicated server). After many requests about 200.000/6h my network is gone. I use lynx to get any website outside of local network and any site is not responding - also tried to obtain IP address instead of host name - no results. I can get every local site. For example when I am on 190.24.2.1 I can obtain a page which is placed on 190.24.2.5 but obtaining 191.54.23.34 is not possible.I tried many things such as changing TCP timeouts to less, restarting virtual machine and no results. After few hours - 4-5 hours I get network working. It is not working as fast as it should but it is ok.

I am wondering where is the problem. Have I got to configure linux? Am I missing something? Maybe some router stack is blocking my ip? (Other crawlers put on same VPS are working properly, but after 6 hours they also crashes)I also notices that I can get like 30.000 web sites per hour (some with errors, some with no response, some with timeout surely) but this number decreases hour by hour and finally reaches zero.Can you help me and suggest where may ba a problem?My system: Ubuntu 10.04 LTS Server, 1GHz, 512 MB RAM, 5 MB/s.

View 1 Replies View Related

CentOS 5 Networking :: DNS Requests Go To Localhost When Made By Apache / Php

Oct 7, 2009

I'm running wordpress and have gone to the painstaking effort of setting up the ftp server on my 5.3 machine so it can do its own updates and download plugins. However, I've found that if I try to download anything, I get a "unable to resolve host..." error from the script. If I watch Iptraf while making the request, I see all the port 53 requests going to 127.0.0.1. Pings are too.

However, if I ssh in, I can ping and wget and whatever I want all day long and all the DNS requests to go the router (Clarkconnect 3.2 gateway machine). The web browser in the terminal works fine too. What is it about the php scripts that is causing them to misdirect pings and dns requests? I've never seen anything like it and can't find anything on the web about it either.

[Code]....

View 2 Replies View Related

Fedora Networking :: NetworkManager Applet Requests Keyring Password?

Apr 11, 2009

I have a FC10 installation with GNOME and NetworkManager and a wireless card. Everything works ok. However, when I try and setup gdm to do autologon I get the NetworkManager applet asking for the password for the gnome-keyring to get the wireless details. Since I want to use this machine as a sever this is unacceptable as I won't be around to type in the password. I tried the solution at [URL] but this does not work. I still get the password being requested and the keyring password is the same as the logon password. Can anyone say if there is a workaround that works to get the NetworkManager to be able to read the gnome keyring without having to prompt me for it.

View 5 Replies View Related

Ubuntu Networking :: Get Wireless Router To Forward Ftp Requests To Computer?

May 18, 2010

I'm trying to make my wireless router always give me the same ip address every boot (192.168.1.100). I do not have a static ip address from my isp.

Everything I've tried from online help has made my internet break and I'm not even sure what exactly I should be searching for on google.

Ultimately, I'm trying to get my wireless router to forward ftp requests to my computer which shares the network with an xp machine. I think this is the way to go about it.

View 8 Replies View Related

Networking :: Forward Local HTTP Requests To Remote Proxy?

May 4, 2011

How to forward local HTTP requests to remote Proxy with IPTables ?

View 1 Replies View Related

Ubuntu Networking :: 2 NICs, Server Won't Respond To Requests But Internet Works

Apr 16, 2010

I recently set up a new web/file server with 9.10 server x64 with 2 NICs and I am trying to configure eth0 to respond to my LAN for internal samba filesharing and eth1 to handle website/ftp requests on my static IP, but whenever eth0 is up the server is not accessible at 173.XX.165.65 for web or ftp but both work fine at 10.1.10.100. When eth0 is down, public IP works fine. I have set /etc/network/interfaces like this:

Code:
# The primary network interface
auto eth0
iface eth0 inet static
address 10.1.10.100

[Code].....

View 1 Replies View Related

Ubuntu Networking :: Samba Server Stops Accepting Mount Requests?

Apr 21, 2011

I'm having an issue with a Samba server running on an Ubuntu "server". Technically, it's not a server, it's just an old desktop with Ubuntu 10.04 running it..and I have a few server processes running (ProFTP, Samba, etc.)The Ubuntu server is where I store all of my important files that get backed up to a separate hard drive. I shared folders via Samba, and I use two computers to access the shares. I access the shares with an .sh file I created that uses the mount cifs command to mount to those shares.

It has been working flawlessly for a long long time, up until recently. For the past few days to a week, I will try to mount the shares with no result. In the terminal, the commands just freeze, as if the command is trying to execute, but having network issues.The only way I can get it to work is if I reboot the Ubuntu server, then it maps flawlessly. But a day later, it's back to hanging up when trying to mount.

View 4 Replies View Related

Networking :: Port Forwarding - Router - Ssh Requests Time Out - Tomato Firmware

May 18, 2010

I've managed to confirm that I can reach my home network via ssh from a remote location through my SMC Barricade when it is directly connected to the desktop machine but when the second router is put back into the chain ssh requests time out. The second router is a Linksys WRT 54GL running the Tomato firmware. The chain looks like this: ISP's router (bridged) --> Barricade -->WRT54GL-->desktop

The Barricade has port 22 forwarded to the Linksys' WAN address and it in turn forwards to the desktop address. It appears that it is a setting on the Linksys firmware that is preventing the remote connection. I've looked through the various settings many times but cannot see anything that would cause the problem.

View 4 Replies View Related

Ubuntu Networking :: Modify Network Cards MTU?

Apr 12, 2010

So I am looking to modify my network cards MTU (for some testing purposes), and I only know how to do it it Windows (via command prompt ping command with special flags) and not in Ubuntu.

Any easy way to figure out proper MTU numbers in Ubuntu?

View 2 Replies View Related

Networking :: Make A Packet Modify Or Caputre Using Libnetfilter_queue?

Feb 26, 2010

I need to modify packet using libnetfilter_queue in c language,I tried to do that but I'm not found a good document to understand this library , any one make a packet modify or caputre using libnetfilter_queue

View 1 Replies View Related

Networking :: Modify Ftpd Source Code To Work With Xinetd?

Sep 23, 2010

I read that xinetd listens on the service port and passes incoming traffic to the service (ftpd) via stdin. However, the ftpd source code reads its input from a socket not from stdin.

Am I to conclude that in order to be managed by xinetd, the source code for ftpd (or telnetd etc..) must be modified or recompiled to take its input from stdin??

View 1 Replies View Related

Ubuntu Networking :: DHCP Server No Longer Responses To DHCP Requests - Can't Ping Gateway

Oct 22, 2010

Back in April I set up a Ubuntu DHCP server and a multiple VLAN network [URL] to migrate our various servers, workstations, etc off the 192.168.1.1 /24 network that everything was on because we where running out of address space. I built out the new network and everything worked great except our AD server would never get an IP address from the DHCP server (static reservation) and even if I set the IP statically on the AD server it couldn't ping the gateway and noone could log in. After several attempts to resolve this, including bringing in outside help, we where never able to figure out what the problem was.

Now 6 months later I have time to revisit the issue without effecting the live network. I used Acronis and imaged the AD server last Friday, cloned it on to another box with the same hardware, and put it up on the new network that's been sitting unused for the last 6 months. Today when I statically set the IP on the AD server (which is what I want) it connects and I can ping it's gateway 192.168.1.1 and all the way across vlans to a test sales agent workstation at 192.168.8.xxx on vlan 800 but only if I statically assign the agents station an IP address. When I try to get an IP address via DHCP it fails as destination unreachable. Nothing has changed in the last 6 months on the DHCP server but now it for some reason can't ping its default gateway 192.168.1.1. All of the config files are the same as they where left from the post linked above aside from the vlan id's used where changed from 1's to 100's (i.e. vlan 3 is now vlan 300) /etc/network/interfaces

Code:

auto lo
iface lo inet loopback
auto vlan100
iface vlan100 inet static

[code]....

why it can't reach the gateway, when I do a tcpdump I can see the DHCP requests come in on eth0 but the server never responds and I'm pretty sure its because it isn't "seeing" them since it thinks there isn't a network connection but I don't know how to trouble shoot to find out where the problem lies.

View 6 Replies View Related

Ubuntu Networking :: DHCP Server No Longer Responds To DHCP Requests - Can't Ping Gateway

Jul 1, 2010

Back in April I set up a Ubuntu DHCP server and a multiple VLAN network [URL] to migrate our various servers, workstations, etc off the 192.168.1.1 /24 network that everything was on because we where running out of address space. I built out the new network and everything worked great except our AD server would never get an IP address from the DHCP server (static reservation) and even if I set the IP statically on the AD server it couldn't ping the gateway and noone could log in. After several attempts to resolve this, including bringing in outside help, we where never able to figure out what the problem was.

Now 6 months later I have time to revisit the issue without effecting the live network. I used Acronis and imaged the AD server last Friday, cloned it on to another box with the same hardware, and put it up on the new network that's been sitting unused for the last 6 months. Today when I statically set the IP on the AD server (which is what I want) it connects and I can ping it's gateway 192.168.1.1 and all the way across vlans to a test sales agent workstation at 192.168.8.xxx on vlan 800 but only if I statically assign the agents station an IP address.

When I try to get an IP address via DHCP it fails as destination unreachable. Nothing has changed in the last 6 months on the DHCP server but now it for some reason can't ping its default gateway 192.168.1.1. All of the config files are the same as they where left from the post linked above aside from the vlan id's used where changed from 1's to 100's (i.e. vlan 3 is now vlan 300) /etc/network/interfaces

Code:

auto lo
iface lo inet loopback
auto vlan100

[code]....

why it can't reach the gateway, when I do a tcpdump I can see the DHCP requests come in on eth0 but the server never responds and I'm pretty sure its because it isn't "seeing" them since it thinks there isn't a network connection but I don't know how to trouble shoot to find out where the problem lies.

View 2 Replies View Related

Ubuntu Networking :: SSH Connection - Router Works To Except Connection Requests

Jul 28, 2010

I'm trying to do a SSH connection between my home and work PC both machines are running ubuntu 10.04. I have read all the comunity documentation at [URL] from Work PC. I went on to the web site what is my ip address and noted down the number, From Home i opened a terminal and typed: pnig (ip address). to which their was no reply, now i'm assuming i need to configure the works router to except connection requests, is this Correct?

Also what information do i need from my works network and how do i get it? I understand that I need the routers expernal ip address, but how do i referiance a specified computer after that address? What program do i use in ubunu and how is that information applied to it?

View 4 Replies View Related

Fedora Networking :: Modify The Script To Allow Non-root Users Similar Features?

Mar 28, 2011

I spent some time programming a useful script which presents the user with a UI of all the samba/W2K8 servers and shares on the domain and they check off the shares and the script maps them. The script can only be run as root because mount doesn't allow users to execute. I was asked to modify the script to allow non-root users similar features. I was able to get this working by running the commands:

Code:
# chmod +s /sbin/mount.cifs
# chmod +s /sbin/umount.cifs

Can someone please explain to me what the 's' option means? The man pages only go as far as to say that it allows for setting suid but I don't really know understand that means or what the implications are by doing this. In a perfect world I would like to create a security group and add users into that group and then grant that group permission to run mount.cifs/umount.cifs rather than making such a drastic global change to a core binary. how I might go about granting members of a group permission to run hand-selected commands like mount.cifs?

Post added at 07:07 PM Previous post was at 04:40 PM Ok, I read up on the /etc/sudoers man page and I think I have a more elegant solution to this problem of user mountable samba shares. I restored my mount.cifs back (chmod -s /sbin/mount.cifs) and I used visudo to grant the access.

Code:
%smbusers ALL=NOPASSWD:NOEXEC:/sbin/mount.cifs,/sbin/umount.cifs
This allows any users in the smbusers group to run mount.cifs/umount.cifs with sudo but without being prompted for a password.

View 2 Replies View Related

Fedora Servers :: Unable To Restore My Iptables From Iptables-save After Upgrading

Nov 26, 2010

I am unable to restore my iptables from iptables-save after upgrading Fedora. I cannot get iptables-restore to work, and I have resorted to entering rules manually using the GUI.

View 2 Replies View Related

General :: When Restart The Iptables Service Then The Firewall Entries Are Again Shown In Iptables?

Sep 17, 2010

I am facing a strange problem witht my iptables as there are some firewall entries stored somewhere which is displaying the below firewall entries even after flushing the iptables & when I restart the iptables service then the firewall entries are again shown in my iptables as shown below,

[root@myhome ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

[code]....

View 6 Replies View Related

Ubuntu :: Try `iptables -h' Or 'iptables --help' For More Information - ' Not Found.4.4: Host/network `98.200.58.73

Nov 3, 2010

I recently installed a new Ubuntu PC that runs iptables and PSAD. I had the same script on another Ubuntu PC, but when I copied the script onto the new PC, I got this error. I don't remember where I found the tutorial for this, all I know is that this is the script (Edited for my usage):

Code:

#!/bin/bash
# Script to check important ports on remote webserver
# Copyright (c) 2009 blogama.org
# This script is licensed under GNU GPL version 2.0 or above

[code]....

Safe.txt contains:

Code:

127.0.0.1
192.168.1.8
192.168.1.1
98.200.58.73
192.168.0.1

And the error message generated is:

Code:

root@NETWORK-SERVER:/var/ddosprotect# ./ipblock.sh
' not found.4.4: host/network `127.0.0.1
Try `iptables -h' or 'iptables --help' for more information.
' not found.4.4: host/network `192.168.1.8

[code]....

View 3 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved