How to block an ip address from mikrotik so that when a fake user use this ip he doesn't get internet but in the mean time real user gets internet. Real user will not harm if fake user trying to access.
View 3 RepliesI hv Cent OS 5.3 installed as server. I hv a network of approx 100 desktops and laptops. For a security purpose i want to block certain laptops from gaining a the network access using dhcp. Can we block the ip address leasing if a specific MAC address request for a ip lease?
View 7 Replies View RelatedI have a lifttime premium account at Megaupload.com. Recently I found that megaupload has blocked all IPs in my area. I have sent emails to their tech but nothing has returned!!I have tried to use proxies to download stuff from megaupload, however, none of them works for suspected bandwidth reason, not to mention that it might be slow too.
View 5 Replies View RelatedI would like to COMPLETELY block a specific IP address using iptables. I found this one:
Code:
iptables -A INPUT -p tcp -s xxx.xxx.xxx.xxx -j REJECT --reject-with tcp-reset
Will this work? How do I undo the changes later?
I need to block mac address in my network then i foolowed as below acl's but am getting output as follows I tried as in /etc/squid/squid.conf acl block arp aa:aa:yy:yy:xx:xx http_access deny block but it give me error as like: - (This is the output of # squid -k parse) aclParseAclLine: Invalid ACL type 'arp' FATAL: Bungled squid.conf line 1234: acl block arp aa:aa:yy:yy:xx:xx squid Cache (Version 2.5.STABLE6): Terminated abnormally.
View 7 Replies View RelatedI have a problem with sendmail. I am using the zen.spamhaus.org dnsbl, and it is doing a wonderful job of blocking incoming spam from open relays. But it is blocking my users who are on a dynamic ip range from any isp remotely. They should be able to authenticate and send messages no matter where they are as long as they authenticate right? I just want to use the blacklist to block incoming mail to my server that is being distributed to our email addresses.
I want to block people that are hosting mail servers and sending mail to my domain from isp sub-nets. But I don't want to block my users that are sitting on isp subnets using their mail client to authenticate over smtp and send an email from my mail servers.
I have UBUNTU server 10.04 LTS with 3 NIC "eth0" local and eth1,2 as internet connection and it acts as firewall, http proxy and samba file server ,I installed Zentyal panel manager for my server for easier management I did not configure any specific rule for my firewall but I have some problem with my clients who wants to connect to my server as gateway or as file server even my self experienced these problems too. these problems are as follow:
1. some time for a few minutes (maximum 10 minutes) my server block some of my clients to access it or internet but just for minutes but it is very annoying.
2. all of my clients those who login to an https servers or login to their mail or those who has some software like team viewer say that they are logging out from their session randomly I mean some of them logging out from their mail(yahoomail or googlemail ) or disconnecting from teamviewer connection or as I saw team viewer disconnecting for a few seconds and then comes back again. but I did not set any thing in my firewall or other services. this is my complete iptable rules:
I would like to block downloading for my LAN users through squid or other.
View 2 Replies View RelatedI want to ask about securing the FTP connection... I have one server that Installed with Redhat Linux Fedora 6.
And now, i want to securing the FTP access, so only the selected IP will be allowed to connect. Do anyone know how to do this?
Another thing is, my server using Webmin 1.3 to manage the server and there not installed / not configured yet with Frox FTP, ProFTPD Server, WU-FTP Server... even there is such thing in my Webmin...
Can i make use one of the three FTP i mention above, and if yes, will it be affecting the current FTP access?
I'm assuming that the following should block the complete 178.123.xxx.xxx address range.
Code:
iptables -I INPUT -s 178.123.0.0/24 -j DROP
Then I believe that I need to save this change.
Code:
service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
However, I'm not so sure that it is actually working based on the fact that there continues to be access to my wiki from that address range. The following is after I made the firewall change.
Quote:
178.123.177.61 - - [31/Dec/2010:04:24:40 -0500] "GET /mywiki/Opera%20Web%20Browser?action=edit&editor=text HTTP/1.1" 200 6346 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
code....
Let me state that I'm new at this iptables thing. I did some reading and decided that I need to make the above change to the firewall but it doesn't seem to make a difference.
I am setting up a iptables firewall on one of our servers, and I would like to block a range of addresses from getting into the system. I am using a script that does a BLACKIN and BLACKOUT methodology for specific addresses. One example is the following:
Code:
$IPTABLES -A BLACKIN -s 202.109.114.147 -j DROP
...
$IPTABLES -A BLACKOUT -d 202.109.114.117 -j DROP
What would be the correct syntax to use if I wanted to block an entire remote subnet from getting into the server?
I have one server that has Asterisk running.On front of that, I use DD-WRT router as gateway. As I have checked the log files, I saw that there is a specific IP Address that is continuously accessing the application and trying to authenticate to SIP with a series of extensions. This is like DoS attack for SIP. What I did was to block/drop the IP in DD-WRT using the iptables. I can see from the /proc/net/ip_conntrack that it is being "UNREPLIED". But my concern is that does it still uses a lot of bandwidth even though it is already being blocked?
View 14 Replies View RelatedIn our organization we use Static IP addressing scheme(Some departments have DHCP which is not related to this thread). We use Squid as proxy.
We assign each machine its IP address and make entry in our TinyDNS database, and provide those details to users, which they manually enter in their config and then access the network. We assign different range of IPs to different departments. This we consider as the "proper way" for our organization.
But we have found that lot many users are simply guessing some IPs and using them without having any entry in our DNS record. Though this works for some, most of the time we end up having IP conflicts and disorganization in our organizational allocation policy.
So, my question is, How do I block the specific IPs whose entry is not explicitly defined in our DNS record. In other word if the IP 192.168.20.15(lets say he is jack.ourorganization.com) is defined in our DNS, we should allow access... where as if IP 192.168.20.16(this does not translate to any user as it is not defined in our DNS) is not defined in our DNS we should not allow it access to our network.
how to set up a fake ROOT dns that I would be using inside my virtual test environment with private address range. Basically, I want to create a ROOT server that will only contain information to two separate dns servers that are authoritative for its respective domains/zones.
I can't seem to find anything on the net about this subject. Basically, how is a ROOT server configured and how should the fake hint-file for authoritative dns-servers be configured?
I want basically domain.xx and domain.yy to be able "find eachother" by using response from ROOT server. I know I could set up forwarders to respective domain on each of the virtual DNS server instead, but I want to experiment a bit the way I stated above - with a "real" (fake) ROOT server, if it is possible!
For system calls, is blocking or non-blocking default in C? Simple question, just am not seeing the answer super quickly.
View 4 Replies View RelatedI have a device that is working on modbus protocol andI have written a small program(with block TCP read method ) to read its registers via modbus protocol.my program is working very well but except those times that I unplug the Ethernet cable or turning off the modbus gateway during programs work.at this time my program stops on recv system call (if it reach this system call exacly when I unplug Ethernet cable or turning off the modbus gateway during programs work).I changed my source to work in nonblock TCP method, at this time with the same situation my program does not stop/block on recv system call but after pluging back the Ethernet cable or resuming the connectivity situation back it reads data incorrectly .this is my code:Quote:
#define DEBUG
#include <fcntl.h>
#include <string.h>
[code]...
I want to find out ip addresses and also mac addressed of users connected to the same wifi router as me! how can I do that?
View 5 Replies View RelatedI've got a Samba server (CentOS)(I swear all my non-work boxes are Ubuntu) that has been working fine in our Active Directory environment for a long time, now that Windows 7 has been forced upon us, we've noticed that Win 7 users aren't able to authenticate to this server unless they access it using the IP address, e.g. \192.168.1.22. We've tried the different Windows 7 registry hacks and nothing makes a difference. We were advised to update Samba and we did to 3.3.8. However, this being a virtual machine, upgrading a clone of this machine did work, the configuration was identical, except the hostname
View 9 Replies View Relatedscript which can add a secondary group to all existing users except system users in linux.
View 5 Replies View RelatedIf I give "ifconfig" in my laptop I get eth0,lo,wlan0.In that where do I find my Ip address in Ubuntu in 10.04. In eth0 I dont find inet address.Where can I find it?
View 2 Replies View RelatedI have an Ubuntu 10.04 server/router with IPv6 internet connectivity (I have an internet routable /64 subnet). Since I have this abundance of IPv6 addresses I wanted to try and assign v6 addresses to specific users on the local system. I've been looking at ip6tables with packet mangling but I don't seem to be able to find out how to do this or if this is even possible.
Current configuration: eth0: Local network, has the /64 IPv6 public range active and the IPv4 LAN range. tun0: 6in4 tunnel with a ISP assigned public v6 address. eth1: Standard IPv4 internet connection.
All users on my system use the v6 address configured on tun0. I want to force them to use the /64 range which is configured on eth0. If I can force users to use a specific v6 address, I'll configure more then one v6 address on this interface based on the users userID on the system.
i am pretty much brand new to ubuntu i have messed around with it a little and have gotten my apache2 server up and running what i have some questions on is
1. How can i give my server a actual address and not my ip address?
2. Is there any way i can put like forum software on part of it? if so how?
3. What is the best way to write web pages i know some html so thats how i was able to write what i have now just wondering what best way is
I want to know how to bind Ip addresses to its mac addresses in Squid Proxy
View 5 Replies View RelatedIm trying to setup dhcpd to put certain systems witch have mac address starting with 08:00:* in a certain ip class. How can this be done?So any system with mac address starting with 08:00 to get an ip from this range 192.168.12.2-192.168.12.99.
View 11 Replies View RelatedI've a CentOS Box with no control panel.. I used to manage it via SSH. Any way, I've installed CSF/LFD on it.. and it seemed to be working just fine. The only problem I've encountered is that when I start and enable CSF, messages and emails keeps stocked in the mail queue.. I've double checked and made sure needed ports are opined.. But, I still have the problem.
View 2 Replies View RelatedI have a Debian server running at the gateway level on a LAN. This runs squid for creating block lists of websites - for eg. blocking social networking on the LAN. Also uses iptables.
I am able to do a lot of things with squid & iptables, but a few things seem difficult to achieve.
1) If I block http://www.facebook.com, people can still access https://www.facebook.com because squid doesn't go through https traffic by default. However, if the users set the gateway IP address as proxy on their web browser, then https is also blocked. So I can do one thing - using iptables drop all outgoing 443 traffic, so that people are forced to set proxy on their browser in order to browse any HTTPS traffic. However, is there a better solution for this.
2) As the number of blocked urls increase in squid, I am planning to integrate squidguard. However, the good squidguard lists are not free for commercial use. Anyone knows of a good squidguard list which is free.
3) Block yahoo messenger, gtalk etc. There are so many ports on which these Instant Messenger softwares work. You need to drop lots of outgoing ports in iptables. However, new ports get added, so you have to keep adding them. And even if your list of ports is current, people can still use the web version of gtalk etc.
4) Blocking P2P. Haven't been able to figure out how to do this till now.
Ok so, buddy of mine has his ssh server setup and upon checking his logs he sees a ton of failed attempts. Now obviously these are people that are scanning him and trying to brute force him. So is there a way to block them? We know you can block each IP but is there a way to block ALL connections except for certain ones, such as his and mine? Maybe a couple others.
View 6 Replies View RelatedI configured squid in oracle enterprise linux 5.I want to block skype access.i configured the following to block skype.but it is not blocking.acl skype_blocking urlpath_regex [0-9]+.[0-9]+.[0-9]+.[0-9]+ http_access deny skype_blocking
View 3 Replies View RelatedI've set up an email server as per this howto: [url]
In a nutshell, it uses a combinatio of postfix, dovecot, amavis (ClamAV and SpamAssisan) and mysql.
However, with this setup, authenticated users are able to spoof outgoing message by simple changing the "from" tag.
Does anyone have any ideas on how I could implement some address mapping to users?
In this setup, postfix users are NOT system users, by are stored in the database.
I dont know for what reason, I started having this message whenever I try to start httpd.
I commented "Listen 443", restarted httpd started correctly.
I issued "lsof -iTCP:443", I get
Quote:
I can not understand where this come from and why. It seems that it is IPV6 protocol which is in fact not enabled on the network card.
Also, I can not find or dont know where 443 is configured apart from ssl.conf or httpd.conf
Today, I have added xrdp applications in order to be able to connect using RDP.