Security :: SSL Handshake - Record Packet With Illegal Version Received
Nov 10, 2010
I'm posting an E-Mail I sent to Pidgin Support, which didn't get answered. I'm doing this because I believe it is a general SSL problem. I've even tried a different chat client (Instantbird) - same error message. Since a week or so I'm not able to securely login to ICQ any longer with one of my accounts. Only if I disable "Use SLL" in the advanced settings, it works. With SSL I get the error message "Unable to connect to BOS server: SSL Handshake Failed". In the debug window the reason for the failure is "A record packet with illegal version was received". If I enable the setting "Use clientLogin", I get a different error: "Received invalid data on connection with server".
I get this error for all of my ICQ accounts if I enable this, but the other ones work just fine using only "Use SLL". I can login to the ICQ website with the "bad" account too, the settings are exactly the same for all 3 accounts. I was using Pidgin 2.7.3 when this happened first, upgraded to 2.7.5, but no change. I'm running RHEL 5.5 x86_64. I've attached the Pidgin debug messages for the "bad" case of the not working account and for the "good" case of one of the working accounts. I've tried a lot of things, like deleting the account and adding it again. I deleted the cached certificates. I changed the password on the ICQ website.
From the attachment I'm only pasting the most important part - the error message:
(20:27:14) gnutls: Starting handshake with bos.oscar.aol.com
(20:27:14) gnutls: Handshake failed. Error A record packet with illegal version was received.
(20:27:14) oscar: unable to connect to FLAP server of type 0x0002
(20:27:14) connection: Connection error on 0x9bf19f0 (reason: 0 description: Unable to connect to BOS server: SSL Handshake Failed)
I doesn't get into my head why 2 accounts work perfectly, but one doesn't. The login-server is exactly the same, so also the used certificate should be the same.
View 2 Replies
ADVERTISEMENT
Feb 12, 2010
How to get the length of received UDP packet? Using wireshark I could see the correct length of datagram. How can I print this value in my simple udp server program? I am receiving binary data (Non printable ascii characters as a data) So I can not use strlen(buf) which throws incorrect length.
Code:
if (ret=recvfrom(s, buf, BUFLEN, 0, (struct sockaddr *)&si_other, &slen)!=-1){
error = ioctl(s, FIONREAD, &value);
printf(" from ioctl UDP packet length is : %d error is : %d
", value, error);
code....
View 1 Replies
View Related
Oct 15, 2010
I am trying to remotely wake up my computer. I am using the wakeonlan tool as follows wakeonlan -i 146.x.x.x 00:0f:.I have used wireshark on the remote computer and verified it was getting the magic pack. wireshark sees the packet, and immediately the remote computer sends an ICMP dest. unreachable (port unreachable) packet back, although I assume that is normal.On the remote computer, I used ethtool so I am enable to verify that suports wake-on is set to "g" or magic packet.
I believe that wake-on-lan is enabled in the bios. I have a hp dc5000, so I turned on S5 wake on lan in the bios. However, the computer does not wake up.My assumption is that once the computer is off, the router doesn't know where to send to packet because that ip is not there anymore. Does that make any sense? What other troubleshooting steps can I take? I don't have control over the routers though.
View 2 Replies
View Related
May 29, 2010
I'm working on an application that makes http requests using HttpRequest and it's been doing what I need so far without a problem. Now I need to make https requests as well and when I try to make the request, i get this error message:
Code:
Fatal error: Uncaught exception 'HttpInvalidParamException' with message 'Empty or too short HTTP message: ''' in /home/antoranz/waneesia/html/index.php:0 inner exception 'HttpRequestException' with message 'SSL connect error; gnutls_handshake() failed: A TLS packet with unexpected length was received. (https://www.paypal.com/)' in /home/antoranz/waneesia/html/index.php:104 Stack trace: #0 /home/antoranz/waneesia/html/index.php(0): HttpRequest->send() #1 {main} thrown in /home/antoranz/waneesia/html/index.php on line 0
What's going on?
The project: url
View 1 Replies
View Related
Feb 21, 2010
i made a video and i wanted to put it on my myspace(video upload) and it justs fade to grey and becomes unresponive. that it goes back to normal but no progress. so then i tried going to image shack and uploading a picture. can't do that either. tried mediafire, videos, vimeo, nothing.
so i tried on my desktop(desktop running 9.10 32 bit. laptop(the first one i tried) running 9.10 64 bit. it didn't work on that either. i know it's not my isp because it works on my ps3(no ubuntu). not my firewall and tried without without my router. didn't work either. i tried upgrading flash on both of them and on my desktop i can upload some pictures to imageshack now. nothing else though. i have tried using both firefox and opera.
i pinged yahoo and this is what i got:
6 packets transmitted, 6 received, 0% packet loss, time 5007ms
rtt min/avg/max/mdev = 72.732/73.437/75.024/0.761 ms
View 1 Replies
View Related
Feb 22, 2010
I',m executing ping, but it didn't work, in order to find the mistake in my network I would like to know how to see the errors:
Code:
18 packets transmitted, 0 received, +12 errors, 100% packet loss, time 17038ms, pipe 4 I want to see this +12 errors. Could I do that?
View 2 Replies
View Related
Jan 24, 2011
I'm looking for a script that can look for illegal scripts/services that are being run on OpenVZ VPS from the host node. Things like IRC, EggDrop, Brute Force scripts and such.
View 7 Replies
View Related
Mar 8, 2011
internal system mail revealed an error. Part of the mail is the below:
Feb 25 00:00:01 mbdba crond[1025]: PAM (system-auth) illegal module type: ccount
Feb 25 00:00:01 mbdba crond[1027]: PAM (system-auth) illegal module type: ccount
Feb 25 00:01:01 mbdba crond[1122]: PAM (system-auth) illegal module type: ccount
Feb 25 00:02:01 mbdba crond[1152]: PAM (system-auth) illegal module type: ccount
Feb 25 00:04:01 mbdba crond[1275]: PAM (system-auth) illegal module type: ccount
Feb 25 00:06:01 mbdba crond[1397]: PAM (system-auth) illegal module type: ccount
i have check /etc/pam.d/system-auth for the "ccount" entry, but it does not exist. "ccount" existed before in /etc/pam.d/system-auth but i managed to change it back to "account." i have grepd for the "ccount" string in all files under /etc/pam.d and i was not able to find it.
it seems that the system-auth is not able to take the now "account" string insted of "ccount" altough i have restarted crond
here is my system-auth file on the affected server:
auth required /lib/security/$ISA/pam_env.so
auth required /lib/security/$ISA/pam_tally.so onerr=fail no_magic_root
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so
code....
View 1 Replies
View Related
Jun 18, 2010
I installed the Centos 5.5 and after the Xen. After I put a virtual machine named VM01.Initially it worked properly, I tried everything and it worked.When rebooted, I had problems with the network.I have two network cards eth0 and eth1, but eth1 does not have any ip and I use only eth0.The error that appears is:
vif0.0: received packet with own address the source address
View 3 Replies
View Related
May 3, 2010
After reading everything that says you don't need an anti-virus for Linux. OR Linux doesn't get viruses. Guess what I have a Virus. I don't know which one, but it is sending out spam emails from my webmail, MSN, account. I do not have a local client installed. I am guessing it is linking into MSN through Pidgin, getting the addresses there, and sending the spam, somehow, through MSN. Actually one MSN and one Hotmail account. I also have not been able to find an anti-virus program for Ubuntu. There do not seem to be any listed in the software repositories that Ubuntu links into. How do I get rid of it? My contacts are starting to get upset.
View 9 Replies
View Related
May 3, 2010
I keep finding packets that appear to be whois on port 44. they appear to originate from me to whois.arin.net (2 packets each time) and 199.212.0.43 (also 2 packets each time) when I put 199.212.0.43 in the URL box it says "Failure To Connect To Web Server". when I whois it it says:
Quote:
Available at [url] And yes, I did get the same packets when I used whois. Why is my computer randomly whoising stuff?
View 3 Replies
View Related
Aug 1, 2010
Recently a friend received a couple of emails from someone she knows with web links that purported to be about health issues. She clicked through on two of them; one gave an error, and the other went to a ****** site, so she believes these are "virus" sites. And the person who "sent" the email has just confirmed that his account was "hacked" (I'm guessing actually a virus on his computer). So, two questions:
1) She's running ubuntu 10.04. Is there any reason she should have concerns about her system's security? rkhunter gives no warnings.
2) She is also concerned that it could have compromised her email account (on gmail). I don't see how this is possible, but can anyone confirm about that?
View 1 Replies
View Related
Jan 29, 2010
I am using bind for DNS services on RHEL 5. The forward lookup is working fine. When I try to do a reverse lookup at the server, it shows the correct output but when I try lookup from Internet it shows something like - "mysite.com points to a.b.c.d, which has no d.c.b.a.in-addr.arpa PTR record"
Here are the files:
/etc/named.conf
options {
directory "/var/named";
statistics-file "/var/named/data/named_stats.txt";
};
controls{
inet 127.0.0.1 allow {localhost;} keys {rndckey;};
};
// Declaring reverse lookup zone
// Declaration of domain name resolution
view intranet {
zone "mysite.com" {
type master;
file "/var/named/mysite.com.intranet.hosts";
}; .....
View 6 Replies
View Related
Oct 5, 2010
i am trying to install the extras of anjuta which are v.2.3.2 but the current version supported from synaptic packet manager is only 2.3.0.. what can i do ? Is there a repository that has anjuta 2.3.2 for ubuntu ? Or anywhere i can find the extras for 2.3.0? if yes then give me the complete link to add to sources.
View 1 Replies
View Related
Jul 8, 2011
I recently installed Fedora 15 on a new laptop (after, of course, deleting the pre-installed virus that came with the laptop). I installed the normal suite of tools using yum, including gcc. However, I cannot even build and run Hello World, so now I really feel like I don't know what's going on.
Code: #include <iostream>
int main (int argc, const char *argv []) {
std::cout << "Hello, world ";
} Build: Code: g++ -o main.o main.cc -g -Wall -pedantic
g++ -o hello main.o -g -Wall -pedantic -nostartfiles
/usr/bin/ld: warning: Cannot create .note.gnu.build-id section, --build-id ignored.
/usr/bin/ld: warning: Cannot create .eh_frame_hdr section, --eh-frame-hdr ignored.
/usr/bin/ld: error in main.o(.eh_frame); no .eh_frame_hdr table will be created.
That doesn't look too promising, but they are warnings, and an executable was created, so try running it:
Code: ./hello
./hello: error while loading shared libraries: ./hello: unsupported version 30277 of Verneed record. I have not had any success understanding what is wrong from googling, so I am now trying it here.
Let's see:
Code:
> uname -a
Linux readingj 2.6.38.8-32.fc15.x86_64 #1 SMP Mon Jun 13 19:49:05 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux
> g++ --version
g++ (GCC) 4.6.0 20110530 (Red Hat 4.6.0-9)
Copyright (C) 2011 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is No warranty; not even for merchantability or fitness for particular purpose. I ran 'yum -y update' just before producing all this.
View 1 Replies
View Related
Mar 29, 2010
OpenPGP Standard RFC 4880, not really a Linux Question, but as may be using GnuPG on Linux I thought I would ask here
The Modification Detection Code Packet is defined to use SHA-1, even though it does state in section 13.11. that this can be altered, and gives example methods. However this would cause interoperability, (q1)so I assume there is no standard method of doing this??
- How much of a threat do you believe this to be? Even though the SHA-1 hash is encrypted within the symmetrically encrypted integrity protected data packet.
View 1 Replies
View Related
Sep 18, 2010
How do i check for updates to the current version of rkhunter and if possible upgrade to a new version?
View 2 Replies
View Related
Jul 8, 2010
I've just started learning how to use kismet and aircrack. I'm sniffing my own network to see how vulnerable it is. I'm using aireplay to inject packets, but the number of packets per second in airodump is only about 30 to 50. Is there something that can speed this up a little more? Shouldn't it be able to go faster than this? It's going to take forever to collect at least 300,000 IVs for a 64 WEP key let alone the amount needed for 128 WEP.
wireless card intel iwl3945. Everything works great except for the extremely slow speed of gathering IVs. Also, how can I monitor my network? If someone was using aircrack on me and sending packets, how could I observe that? What should I Google?
View 4 Replies
View Related
Apr 25, 2011
So, the NSA puts out some handy documentation on locking down a RHEL server (running centos 5.6 x64 myself) here, [url]. Under "Ensure System is Not Acting as a Network Sniļ¬er" on page 63, it says that if any numbers below the first line in /proc/net/packet, that it is acting as a network sniffer.
I get the following output:
Code:
Unless I've been pwned, I don't know exactly what could be causing this. Besides samba, nmap (compiled from source, not from yum), screen, and rtorrent, there's nothing I've installed beyond the fresh install I did a few days ago. I was not running nmap when looking at /proc/net/packet.
View 8 Replies
View Related
Jul 26, 2010
I'm looking to possibly need to make use of snort and its packet filtering/inspection abilities to help cover for PCI. I've searched Amazon, but nothing really stand out, there is a new one (2007 - Snort Intrusion Detection and Prevention Toolkit), or slightly older ones... Managing Security with Snort & IDS Tools - 2004, Snort Cookbook - 2005, Snort for Dummies - 2004.
Now i'm tempted in just going for the latest one, but i'm completely new to snort so perhaps it needs another book like snort for dummies to get started ;-P
View 5 Replies
View Related
Jun 20, 2010
Ive being digging around the net for some clarification about the Off-The-Record plugin for Pigdin (and other IM's). Basically i want to know if it uses the SHA-1 or SHA-2 hash function. Some might say im wearing my tin foil hat but the SHA-1 was cracked in 2005 and as far as i know SHA 2 is much more secure.
Wikipedia states it's SHA 1 and the authors of the OTR plugin mention both SHA-1 and SHA-2 in their documentation, and i couldnt find an active pidgin forum (could only find the archived pigdin forums on sourgeforge)
View 1 Replies
View Related
Jul 12, 2010
I am the new user to ns-2. I would like to know is it possible to send the keys or some value as the packet data (content of the packet) in ns-2 (for wireless environment).
View 1 Replies
View Related
Sep 17, 2009
I got a problem with my CentOS server. Somebody told me OpenVPN Requires different changes inside my firewall settings. That could be the problem why openvpn wont load..I receive this error on my CentOS panel when im trying to connect into the centos openvpn (with my winxp pc):
Thu Sep 17 20:31:36 2009 TLS Error: incoming packet authentication failed from 84.xx.62.122:2622
Thu Sep 17 20:31:38 2009 Authenticate/Decrypt packet error: packet HMAC authentication failed
Thu Sep 17 20:31:38 2009 TLS Error: incoming packet authentication failed from 84.xx.62.122:2622
[code]....
View 5 Replies
View Related
Jul 29, 2010
In our organization we use Static IP addressing scheme(Some departments have DHCP which is not related to this thread). We use Squid as proxy.
We assign each machine its IP address and make entry in our TinyDNS database, and provide those details to users, which they manually enter in their config and then access the network. We assign different range of IPs to different departments. This we consider as the "proper way" for our organization.
But we have found that lot many users are simply guessing some IPs and using them without having any entry in our DNS record. Though this works for some, most of the time we end up having IP conflicts and disorganization in our organizational allocation policy.
So, my question is, How do I block the specific IPs whose entry is not explicitly defined in our DNS record. In other word if the IP 192.168.20.15(lets say he is jack.ourorganization.com) is defined in our DNS, we should allow access... where as if IP 192.168.20.16(this does not translate to any user as it is not defined in our DNS) is not defined in our DNS we should not allow it access to our network.
View 6 Replies
View Related
Jul 15, 2010
I have a dual boot computer. The WindowsXP "side" has been infected with a rootkit virus. So far UBUNTU has not been affected to my knowledge. I have not yet been able to remove the virus from the WindowsXP "side". I am thinking of deleting the NTFS partition and have the computer fully dedicated to UBUNTU.
Now for my question. Is there a possibility that the virus resides in the MBR and that I need to "rebuild" the MBR to actually remove the virus? Even more extreme, should I totally re-install UBUNTU in the name of safety and precaution.
View 10 Replies
View Related
Sep 12, 2010
I am having a problem with my Revo 3610 which is connected to my TV via HDMI.
For some reason it will not do the HDMI handshake with the TV, so my TV does not think that there is anything in the HDMIport.
I have tested the TV and it works fine with my laptop and DVD player.
It does work sometimes, but this time it's failed for two days in a row. I've tried rebooting and turning the TV off and on, but nothing helps.
I can trick the TV to listen to the HDMI by connecting with my laptop and then changing the HDMI back to my revo; this results in the image going through nicely but there is a big fat "Check signal cable." message on the screen.
I have also tried changing the resolution in the revo but this does not help either.
View 1 Replies
View Related
Jun 16, 2010
I'm having a problem with Subversion. When I try an "svn up" it gives me this error message:
SSL handshake failed: Secure connection truncated
I'm running Ubuntu 10/4 but I also had this problem with 9/10. Does anyone know what this error message means? It appears to be an SSL problem but it's not clear to me what exactly the problem is. I do not have this problem with svn on my other office computer, nor my home computer. FYI, I'm running subversion on the Regina project.
The full error message is this:
Code:
svn up
svn: OPTIONS of '[URL]': SSL handshake failed: Secure connection truncated [URL]. Although I don't think there's anything specific to Regina about this svn problem, as I mentioned, I can "svn up" from home, or from my other office computer.
View 9 Replies
View Related
Mar 21, 2011
I'm trying to connect to a webdav server with very poor luck. My preference would be to mount it to my file system, but simply connecting with Cadaver would be fine too.
I've tried:
Code:
mparks@mparks:~$ sudo mount -t davfs https://<host>:<port>/<path> /media/webdrives/<mount-dir>
[sudo] password for mparks:
Please enter the username to authenticate with server
[Code]....
View 2 Replies
View Related
Oct 19, 2010
I have OpenVPN set up on my server at home to allow me into my home network when I'm away from home. When I set it up, I tested it using my friend's wifi so I know it works on a local geographic scale.Now I'm away from home, the TLS handshake fails to complete within 60 seconds. I assume it's timing out, as I can tracepath to the server on port 1194 successfully.From reading the OpenVPN documentation, I thought that adding "tls-timeout=120" to the client's config file would double the time allowed,but the handshake still fails with the same error message:
Code:
Tue Oct 19 10:45:17 2010 us=930956 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Oct 19 10:45:17 2010 us=931012 TLS Error: TLS handshake failed
Why is the option not being read correctly from the file - does it need to be in the server's config file also?
View 1 Replies
View Related
May 9, 2011
I need to trust a new Verisign Root cert, I have uploaded it to the /etc/ssl/certs store but I am still getting the Handshake failure error when WorldPay call back to my site..
Quote:
I believe I still need to create a sym link? So I followed this article but I get an error..
Quote:
I have also tried update-ca-certificates.
I'm using Ubuntu 8.04 LTS.
View 6 Replies
View Related
