Search Results

Search found 5612 results on 225 pages for 'communication protocol'.

Page 112/225 | < Previous Page | 108 109 110 111 112 113 114 115 116 117 118 119 | Next Page >

PCI scan findings and problems with week ciphers on ports 993,443,995,465

- by user64991

From PCI scan results: Synops is : The remote service encrypts traffic using a protocol with known weaknesses . Description : The remote service accepts connections encrypted using SSL 2.0, which reportedly suffers from several cryptographic flaws and has been deprecated for several years. An attacker may be able to exploit these issues to conduct man-in-the-middle attacks or decrypt communications between the affected service and clients . See also : http://www.schneier.com/paper-ssl.pdf Solution: Consult the application's documentation to disable SSL 2.0 and use SSL 3.0 or TLS 1.0 instead. Risk Factor: Medium / CVSS Base Score : 2 (AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N) I have tried to change SSLProtocol all -SSLv2 to SSLProtocol -ALL +SSLv3 +TLSv1 And SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW To SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:!MEDIUM:!LOW:!SSLv2:!EXPORT But using SSLdigger, it shows the same result. Is this the right way to do something like this?

Read the article
Ubuntu and mysql server. Something isnt allowing me to connect

- by acidzombie24

I have a question about mysql settings http://serverfault.com/questions/94054/remote-connections-and-mysql-on-ubuntu/94088#94088 now i want to figure out why i cannot connect. I made sure bind-address was commented out. I can ping the server within the VM but i cannot ping it from within the VM using mysqladmin --protocol=tcp --host=self_ip ping. I also followed along and check if my ports were open and they look like they are. I setup samba on that VM and can access that with no problem as well. It looks like ubuntu does not have a firewall either (i figured this out before) so i am stumped why the server isnt allowing my connection. Apparently the config file works on another person side http://www.pastie.org/742545 I am using Ubuntu 6.06 LTS just because of 'support' reasons. So hopefully this will be 'easy'?

Read the article
Difference between tcp recv buffer and tcp receive window size?

- by pradeepchhetri

The command shows the tcp receive buffer size in bytes. $ cat /proc/sys/net/ipv4/tcp_rmem 4096 87380 4001344 where the three values signifies the min, default and max values respectively. Then I tried to find the tcp window size using tcpdump command. $ sudo tcpdump -n -i eth0 'tcp[tcpflags] & (tcp-syn|tcp-ack) == tcp-syn and port 80 and host google.com' tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 16:15:41.465037 IP 172.16.31.141.51614 > 74.125.236.73.80: Flags [S], seq 3661804272, win 14600, options [mss 1460,sackOK,TS val 4452053 ecr 0,nop,wscale 6], length 0 I got the window size to be 14600 which is 10 times the size of MSS. Can anyone please tell me the relationship between the two.

Read the article
Automatically updating routing table on server

- by bramp

I have a LAN with three routers on it, one connected to the Internet, one VPN router connected to a few remote sites, and a final route connected to a private network (using BGP to get prefix advertisements). On the same LAN I have multiple Linux servers which needs access to the networks behind each router. I have achieved this by configuring static routes on the server, pointing the different network prefixes to the correct router. This has worked well, but every time we connect to a new remote VPN, we have to change all the servers to be aware that the network is now accessible via the VPN, and not via the default Internet route. What I want is a way to automatically update the routes on all of the servers, when the route is added to a routers. Now, I could install Quagga or something similar on all the servers to receive router advertisements, but that seems like overkill. So my question is what is the easiest/simpliest way to update the routing tables on the server automatically, and what protocol is best suited for this purpose. thanks

Read the article
Monit can't detect MySQL, but I can

- by Matchu

Monit is configured to watch MySQL on localhost at port 3306. check process mysqld with pidfile /var/lib/mysql/li175-241.pid start program = "/etc/init.d/mysql start" stop program = "/etc/init.d/mysql stop" if failed port 3306 protocol mysql then restart if 5 restarts within 5 cycles then timeout My application, which is configured to connect to MySQL via localhost:3306, is running just fine and can access the database. I can even use MySQL Query Browser to connect to the database remotely via port 3306. The port is totally open and possible to connect to. Therefore, I'm pretty darn certain that it's running. However, running monit -v reveals that Monit cannot detect MySQL on that port. 'mysqld' failed, cannot open a connection to INET[localhost:3306] via TCP This happens consistently, until Monit decides not to track MySQL anymore, as configured. How can I begin to troubleshoot this issue?

Read the article
Accept incoming L2TP connections on Windows 7

- by Greg

Windows 2003 can be configured as a VPN server that uses L2TP with a preshared key. Windows 7 can be configured to accept incoming VPN connections, presumably using PPTP. Is there a way to configure Windows 7 to accept incoming L2TP connections? The configuration settings for incoming connections is extremely sparse; I don't see any place to enter a preshared key or specify the protocol to use. Perhaps it is beyond the capabilities of Win 7, but I hold out hope that I'm overlooking some Group Policy settings or registry edits that allow it.

Read the article
Using both domain users and local users for Squid authentication?

- by Massimo

I'm working on a Squid proxy which needs to authenticate users against an Active Directory domain; this works fine, Samba was correctly set up and Squid authenticates users via ntlm_auth. Relevant lines in squid.conf: auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 5 auth_param ntlm keep_alive on acl Authenticated proxy_auth REQUIRED http_access allow Authenticated http_access deny all Now, I need a way to allow access to users which don't have a domain account. I know I could create an "internet user" account in the domain, but this would allow access, although limited, to domain resources (file shares, etc.); I need something that will allow only Internet access. The ideal solution would be using a local account on the proxy server, either a Linux account or a Squid one; I know Squid supports this, but I'm unable to have it use both domain authentication and Squid/local authentication if domain auth is unsuccesful. Can this be done? How?

Read the article
keepalived questions (requirements, abilities, limitations)

- by Poni

1) What are keepalived's (physical/network) requirements? Does the two (or more) keepalived' nodes need to be connected to the same switch? (something related to broadcasting maybe). 2) Can keepalived nodes run on different networks, "internet" networks? 3) Is keepalived depend on the router? (as far as I understand, the virtual IP should point to the real router/switch that connects both nodes). 4) Is keepalived "service-independent"? - What is keepalived's involvement domain? IPs only? Or is it service/protocol oriented? - Does it deal ONLY with IP, or is it designed for HTTP for example? - In other words, can I use it for custom (network-based) app? 5) Have more than one failover server? If the answer for question #4 is "yes", i.e it depends on the service type, then is there any general alternative? Preferably easy to install/configure :)

Read the article
Netboot Intel Macs without BSDP

- by notpeter

I have a netboot setup with DeployStudio that works great in my lab, but doesn't work on our main network. After some digging, I believe it's because our network admins are filtering BSDP (Boot Service Discovery Protocol) on our subnet at the switch level. Is it possible to hard code which server my clients (early 2007 iMac Core2Duos) should boot from without relying on BSDP? Perhaps relevant details: I do not have control over switch configs or DHCP settings. Client and server are running 10.6 Snow Leopard. The clients see the netboot server advertising itself in the 'Startup Disk' system preferences pane, but when I go to netboot it just leaves me with a flashing globe.

Read the article
How to get two seperate remote domain controllers with same IP to work?

- by Mr. Mister

Hi, I have a VPN setup between multiple locations. Between each location and the central point (me), is a trust between our domain controllers. It all works great.. A new location wants to join, but their AD controller is using an IP address that is already in use by another AD in a separate location. Neither locations can change their IP addresses, but apparently there is a NAT rule that could be used to allow communication between each AD controller? The central site has a Cisco 5510 firewall which could perform the NAT, but I am unsure of the logic behind the NAT rule. Is anyone able to explain or help out? Thanks.

Read the article
Network monitoring solution

- by Hellfrost

Hello Serverfault ! I have a big distributed system I need to monitor. Background: My system is comprised of two servers, concentrating and controlling the system. Each server is connected to a set of devices (some custom kind of RF controllers, doesnt matter to my question), each device connects to a network switch, and eventually all devices talk to the servers, the protocol between the servers and the devices is UDP, usually the packets are very small, but there are really a LOT of packets. the network is also somewhat complex, and is deployed on a large area physically. i'll have 150-300 of these devices, each generating up to 100+ packets per second, and several network switches, perhaps on 2 different subnets. Question I'm looking for some solution that will allow me to monitor all this mess, how many packets are sent, where, how do they move through the network, bandwidth utilization, throughput, stuff like that. what would you recommend to achieve this? BTW Playing nice with windows is a requirement.

Read the article
Does an SMTP request contain host header information (or just the IP of the targeted SMTP server)?

- by Olaf

We are using an external commercial smtp server for our newsletters (sending them through .NET components), and they offer two smtp URLs - smtp.critsend.com and fast.critsend.com -, and the second one is reserved for sending singular emails, the first one for bulk. Using nslookup shows that both resolve to the same 4 IP addresses (fast.critsend.com being an Alias). Question: (how) is it possible for the smtp relay to distinguish between different names? Is there something in the headers that can be compared to host headers in http protocol (I didn't find any intelligible information for a non-sysadmins)? The reason I'm asking is because we would like to use one of the IPs in our newsletter script (which works) rather than a name (in order to save DNS requests), and we are wondering about potential problems.

Read the article
How can I share a Windows 7 library with anonymous access without using a Homegroup?

- by Triynko

The "homegroup" feature is useless, because it requires a password, and therefore doesn't support anonymous, no-hassle access to shares from devices such as my Sony Bravia TV and non-Windows7 machines. So I turned off homegroup and reverted to the standard shared folders protocol. I'd like to share my Music "Library", so I can play files from my TV through the Surround Sound System, but there seems to be no option to share a library folder other than through a homegroup. I don't want to have to individually share the folders that belong to the library, because that would defeat the purposes of the library, which is to manage which folders are included in the library while also providing an easily accessible view of them all at once. Does anyone know how to share a Windows 7 library without that useless homegroup feature?

Read the article
How can i get SSO for alfresco on windows-7 to work?

- by Maarten

domain AD on windows 2008 R2, linux server alfresco 3.4c, windows-7 client. I'm trying to get automatically logged into alfresco from the windows-7 client. I've looked with wireshark to see what happens: 1. Client goes to /alfresco 2. Server sends Redirect to page 3. Client goes to Redirected page 4. Server sends a WWW-Authenticate: Negotiate header 5. Client DOES NOT respond to this how can i configure the windows-7 client (or the AD domain) so that the client will in fact engage with the SPNEGO protocol? instead of just asking for user credentials? (the user is logged in through kerberos in the domain.)

Read the article
Parameters for selection of Operating system, memory and processor for embedded system ?

- by James

I am developing an embedded real time system software (in C language). I have designed the s/w architecture - we know various objects required, interactions required between various objects and IPC communication between tasks. Based on this information, i need to decide on the operating system(RTOS), microprocessor and memory size requirements. (Most likely i would be using Quadros, as it has been suggested by the client based on their prior experience in similar projects) But i am confused about which one to begin with, since choice of one could impact the selection of other. Could you also guide me on parameters to consider to estimate the memory requirements from the s/w design (lower limit and upper limit of memory requirement) ? (Cost of the component(s) could be ignored for this evaluation)

Read the article
What port does OpenLink ODBC Driver use?

- by user36737

I use Avaya Reporting Services and OpenLink ODBC Drivers for db connection. I know that it uses port 5000 for handshaking but after that I believe it uses an random port for communication. I want to deploy my application and it will communicate with the client's system in their datacenter. They are asking what ports should they open on their firewalls. I can't obviously give them a range above 50,000 that I know OpenLink ODBC Drivers use. Can someone tell me what port should I tell my client to open?

Read the article
How to supply parameters in URI schema?

- by abhishekgarg

I just started working with URI schema and successfully created one in Windows and Linux as well, but I am not able to parse any parameters to it. In Linux I am trying to open a file "test.py" in gedit, so for schema part I used these commands: gconftool -2 -t string /desktop/gnome/url-handlers/geditapp/command "gedit %s" gconftool -2 -t bool/desktop/gnome/url-handlers/geditapp/enabled true This is creating the URI protocol and I'm able to open the application with the Web-browser, but its not taking the parameters for the file I want to open, so I'm using the following command: <a href="geditapp:/opt/test/myfile.py">open</a> Which opens the gedit but without the file. Can someone please help me with this?

Read the article
OpenBSD ftp-proxy behind NAT itself

- by Manuel Faux

Is it possible to change the PASV IP ftp-proxy of OpenBSD sends to clients, without changing the listen address of redirection control (-b <address>)? I have the following setup: FTP client --> 1:1 NAT router --> OpenBSD router --> FTP server The 1:1 NAT router has a NAT rule to forward everything to the OpenBSD router, the OpenBSD router runs the ftp-proxy -R <FTP server IP>. When the FTP client sends the PASV command, the proxy answers with the Entering Passive Mode (227) message with his own source IP on the interface to the 1:1 NAT router (obviously). Since the 1:1 NAT router is not protocol aware, it forwards this message and the client receives the message with the PASV IP of the OpenBSD router, which it does not have a route to. Is there a way, that I can tell ftp-proxy to send the Entering Passive Mode message with a different source IP?

Read the article
IIS NLB Web Farm to front Single Tomcat Instance

- by Brent Pabst

I've got a single Tomcat 6 server that hosts a JSP app. We just spun up a new IIS 7.5 web farm to host our other internal apps. Currently the machine that hosts Tomcat is also running IIS 7 with the ISAPI filter loaded to provide front-end handling for the JSP app. I'd like to move the IIS portion to the web farm to consolidate our IIS presence and let the Tomcat server just serve and run Java and Tomcat. Has anyone done this, is it even possible while ensuring session state is properly maintained? I had it up and running using the IIS Tomcat Connector http://tomcatiis.riaforge.org/ but after a while the communication between the boxes slowed and pages would not load. In addition it seemed like some of our authentication tickets were timing out. Thanks for any ideas or reference material!

Read the article
How do I access an Ubuntu VirtualBox guest at a static IP from an OS X host?

- by David Siegel

How does one configure an Ubuntu guest to use a static IP that's visible to an OS X host, and ensure that the static IP is independent of the host's network configuration? I previously used bridged networking for my guest, but I'm constantly moving my host between networks so the guest IP is always different. First, I tried setting the guest network configuration to NAT and forwarding host port 1022 to guest port 22, so I could at least ssh to a fixed address (localhost:1022): $ VBoxManage setextradata "Ubuntu Server" "VBoxInternal/Devices/e1000/0/LUN#0/Config/SSH/Protocol" "TCP" $ VBoxManage setextradata "Ubuntu Server" "VBoxInternal/Devices/e1000/0/LUN#0/Config/SSH/GuestPort" 22 $ VBoxManage setextradata "Ubuntu Server" "VBoxInternal/Devices/e1000/0/LUN#0/Config/SSH/HostPort" 1022 Then, $ ssh localhost -p 1022 ssh: connect to host localhost port 1022: Connection refused But this didn't work (guest has no network access with NAT and OS X refused the connection, as you can see). I'd love a general solution that would let me communicate with my guest at a fixed IP.

Read the article
GDM login screen is not displayed with VNC

- by niboshi

Hi, I set up VNC server with xinetd. Also configured GDM so that XDMCP is enabled. VNC connection seems okay, but GDM login screen is not shown. Instead I can only see old bare X screen (gray meshed background and X-shaped mouse pointer), which I can't do any interaction with it. What can I do to fix the problem? No log is written below /var/log/. Server distribution: Ubuntu marverick /etc/xinetd.d/vnc is like below: service vnc1024 { disable = no socket_type = stream protocol = tcp wait = no user = nobody server = /usr/bin/Xvnc server_args = -inetd -query localhost -geometry 1024x768 -depth 24 -once securitytypes=none port = 12345 } /etc/gdm/custom.conf: [daemon] [security] DisallowTCP=false [xdmcp] Enable=true [gui] [greeter] [chooser] [debug] [servers] /etc/services is also configured. Thanks

Read the article
error on remote connection to mysql

- by Ahmet vardar

Hi, I ve been trying to connect my dedicated server mysql db from my computers localhost my code is here; $dbhost = 'domain.com'; $dbuser = 'username'; $dbpass = 'pass'; $conn = mysql_connect($dbhost, $dbuser, $dbpass) or die('Could not connect: ' . mysql_error()); $dbname = 'dbname'; mysql_select_db($dbname); I get that error Could not connect: Lost connection to MySQL server at 'reading initial communication packet', system error: 61 Dedicated server is Linux centos 64 bit, php 3.2.4, mysql 5.1.54 Is there any workaround that ? Thanks

Read the article
Sftp via shell - how it is possible

- by Tomasz Zielinski

(Moved from StackOverflow: http://stackoverflow.com/questions/4589725/sftp-via-shell-how-it-is-possible) How is it possible for tools like http://mysecureshell.sourceforge.net/ to provide SFTP access by merely specifying them as shell by typing: usermod -s /bin/MySecureShell myuser ? I'm on Debian Lenny, with default sshd/OpenSSH. Is this e.g. a feature of SSH protocol that allows user shell to handle sftp commands? I can't wrap my head around this because usually OpenSSH needs sftp-server module (or the internal one in newer versions) - and this makes me think that sftp commands don't even hit the shell and are handled earlier or by different code path..

Read the article
Sftp via shell - how is it possible?

- by Tomasz Zielinski

(Moved from StackOverflow: http://stackoverflow.com/questions/4589725/sftp-via-shell-how-it-is-possible) How is it possible for tools like http://mysecureshell.sourceforge.net/ to provide SFTP access by merely specifying them as shell by typing: usermod -s /bin/MySecureShell myuser ? I'm on Debian Lenny, with default sshd/OpenSSH. Is this e.g. a feature of SSH protocol that allows user shell to handle sftp commands? I can't wrap my head around this because usually OpenSSH needs sftp-server module (or the internal one in newer versions) - and this makes me think that sftp commands don't even hit the shell and are handled earlier or by different code path..

Read the article
vPopmail / xinetd.

- by Lorren Biffin

I'm attempting to setup vpopmail on my CentOS server (Media Temple). Everything is working like a charm, with the exception that I cannot login to the server from any pop3 client. Upon trying to login I get the following error: Sending of password did not succeed. Mail server mail.(mydomain).com responded: Login failed. I'm running qmail (of course) with xinetd (not tcpserver). I've placed a file called pop3 into the folder /etc/xinetd.d with the content: service pop3 { disable = no socket_type = stream protocol = tcp wait = no user = root server = /var/qmail/bin/qmail-popup server_args = mail.(mydomain).com /home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir log_type = FILE /var/log/xinetd.log log_on_success = HOST log_on_failure = HOST RECORD } Can anybody offer any guidance here? I've been unsuccessfully trying to make this happen for over a week.

Read the article

< Previous Page | 108 109 110 111 112 113 114 115 116 117 118 119 | Next Page >