Search Results

Search found 8555 results on 343 pages for 'virtualbox networking'.

Page 186/343 | < Previous Page | 182 183 184 185 186 187 188 189 190 191 192 193  | Next Page >

• Disconnected from WiFi, Windows claims otherwise [closed]

  - by Manu

  I'm connected via wifi to my ISP's router/modem. While Windows says that I'm always connected, I keep getting messages from Netgear Genie that I've lost contact to the Internet, and I cannot access webpages until it comes back. There are two other computers in the house, one connected to the router via ethernet, the other via wifi, both seem to have no such problems. I've wondered if Netgear genie itself was the problem, but I am regularly disconnected even if I uninstall it. And I'd rather have it since it accurently tells me if I'm connected or not. Why does windows says I'm online if I can't access any online game, or website ? I've removed the connection, recreated it, I've even copied the settings to a usb key from the computer that has wifi access. Is there a tool that can tell me which program, if any, is disconecting me ?

  Read the article

• VMware server 2.0 SYN/ACK repeating issues

  - by user65579

  VMWare Server 2.0.0 Build 122956 I am having some issues with connecting into a guest VM (Ubuntu linux 4.4.3-4 lucid) running under VMware 2.0 on a windows server host. All connections to and from the VM's work fine, except for FTP. I thought the issue was the FTP daemon at first but it has been ruled out that it is not the daemon or the server itself. When you try to connect to the FTP server from outside of the host OS it fails with a "421 Service not available" but when you try and connect from the local VM or from the host OS the connection goes through fine. I have ran many packet sniffs using wireshark/tcpdump from the VM, the host OS, and the client connecting, the most informative is the host OS. I have attached a PNG of the relavant packets that were captured. I viewed some other network traffic that was sniffed (WWW specifically) and it seems to do the same syn/ack repeating but the user doesnt see any issues. I have disabled the firewall and the issues persisits, I have tried with specific allow rules to ensure the data is allowed and no changes. It appears like VMware attempts to do the ICMP redirect and it works, but then it vmware repeats the packets sent so you get 3 syn/ack's for every one syn from the client. Also VMWare appears to be attempting to establish an FTP connection between the HOST OS and the GUEST OS, because I see the second SYN sent from the HOST OS to the GUEST to initiate a new connection, and it get the appropriate SYN/ACK followed by an ACK, but the client never sees any of this from its end. EG. syn from client syn/ack from host OS to client syn/ack from guest OS to client syn/ack from host OS to client The same thing happens when the connection reset is attempted, RST's start being sent and repeated, the server responds with a valid header to continue the FTP handshake but the RST acknowledgement is allready issued and things are closed. I am not 100% if this is a bug in VMware or possibly a VMNetwork missconfiguration. Does anyone have any thoughts on where exactly the issue could be, things to try to verify or rule out? I have linked to a picture of the relevant packets sniffed from the host OS. http://img18.imageshack.us/img18/7789/vmwareftpconnection.jpg

  Read the article

• Ethernet 802.1x client -> WiFi AP on a Raspberry Pi?

  - by Martin Janiczek

  I have an Ethernet connection that requires 802.1x authentication (TTLS, MSCHAPv2, name+password). My goal is to connect that to something that would then act as an WiFi AP, so I can use the connection on more devices (iPhone, notebook, etc.) Would it be possible/good idea to use Raspberry Pi for this purpose? Or are there better-suited devices to do this? EDIT: found some alternatives but because of low rep can't post more than two links... OpenWRT + wpa_supplicant guide Carambola - works with OpenWRT (but probably not standalone?) Hornet-UB - works with OpenWRT Asus RT-N10+ + OpenWRT how-to EDIT 2: probably going to try TP-LINK TL-WR740N. It's a classic router, but can be flashed with OpenWRT, and the price beats everything else I've seen.

  Read the article

• Can Internet data be used by malware when PC off?

  - by Val

  I have noticed over the last month that my off peak data has been used at a rate of approx 350MB per hour - this has meant that I have gone over my quota and slowed down by my ISP to 256k. There is no one in the house using it (2am-8am is my ISPs off peak hours) at that time. My PC and other wireless devices (ipad and iphone) are turned off. I have changed the wireless password on my modem 3 times and it is now 30 digits long. So I don't think someone else is using my wireless access between 2-8am. It has been suggested by my ISP that I may have malware/spyware on my computer. Sorry for my ignorance, but can malware still run if the PC is off? I did look at my modem's log and followed an IP address to a service called Amazon Simple server Storage. Could this company possibly be the culprit? I am not too tech savvy, so any assistance appreciated. I have run a barrage of spyware cleaning software eg malware bytes; spy bot etc.... Cheers Val

  Read the article

• TCPDump and IPTables DROP by string

  - by Tiffany Walker

  by using tcpdump -nlASX -s 0 -vvv port 80 I get something like: 14:58:55.121160 IP (tos 0x0, ttl 64, id 49764, offset 0, flags [DF], proto TCP (6), length 1480) 206.72.206.58.http > 2.187.196.7.4624: Flags [.], cksum 0x6900 (incorrect -> 0xcd18), seq 1672149449:1672150889, ack 4202197968, win 15340, length 1440 0x0000: 4500 05c8 c264 4000 4006 0f86 ce48 ce3a E....d@[email protected].: 0x0010: 02bb c407 0050 1210 63aa f9c9 fa78 73d0 .....P..c....xs. 0x0020: 5010 3bec 6900 0000 0f29 95cc fac4 2854 P.;.i....)....(T 0x0030: c0e7 3384 e89a 74fa 8d8c a069 f93f fc40 ..3...t....i.?.@ 0x0040: 1561 af61 1cf3 0d9c 3460 aa23 0b54 aac0 .a.a....4`.#.T.. 0x0050: 5090 ced1 b7bf 8857 c476 e1c0 8814 81ed P......W.v...... 0x0060: 9e85 87e8 d693 b637 bd3a 56ef c5fa 77e8 .......7.:V...w. 0x0070: 3035 743a 283e 89c7 ced8 c7c1 cff9 6ca3 05t:(>........l. 0x0080: 5f3f 0162 ebf1 419e c410 7180 7cd0 29e1 _?.b..A...q.|.). 0x0090: fec9 c708 0f01 9b2f a96b 20fe b95a 31cf ......./.k...Z1. 0x00a0: 8166 3612 bac9 4e8d 7087 4974 0063 1270 .f6...N.p.It.c.p What do I pull to use IPTables to block via string. Or is there a better way to block attacks that have something in common? Question is: Can I pick any piece from that IP packet and call it a string? iptables -A INPUT -m string --alog bm --string attack_string -j DROP In other words: In some cases I can ban with TTL=xxx and use that should an attack have the same TTL. Sure it will block some legit packets but if it means keeping the box up it works till the attack goes away but I would like to LEARN how to FIND other common things in a packet to block with IPTables

  Read the article

• Routing application traffic through specific interface

  - by UnicornsAndRainbows

  Hello All! First question here, so please go easy: I have a debian linux 5.0 server with two public interfaces. I would like to route outbound traffic from one instance of an application via one interface and the second instance through the second interface. There are some challenges: both instances of the application use the same protocol both instances of the application can access the entire internet (can't route based on dest network) I can't change the code of the application I don't think a typical approach to load balancing all traffic is going to work well, because there are relatively few destination servers being accessed in the outbound traffic, and all traffic would really need to be distributed pretty evenly across these relatively few servers. I could probably run two virtualized servers on the box and bind each of them to a different external ip, but I'm looking for a simpler solution, maybe using iproute or iptables? Any ideas for me? Thanks in advance - and I'm happy to answer any questions.

  Read the article

• iptables question

  - by RubyFreak

  i have a small network, with one valid IP and a firewall with 3 network interfaces (LAN, WAN, DMZ). I want to enable PAT on this valid IP to redirect http traffic to a server in my DMZ. (done) I want to enable MASQ on this ip from traffic that comes from my LAN (done) I want from my LAN as well to access my http server at DMZ. (partially) Question: in the above scenario, i cannot from my LAN, to access my http server in the DMZ, since it has the IP used by the MASQ (the only valid ip that i have). What would be the best option to solve this problem? network interfaces: eth0 (WAN) eth1 (DMZ) eth2 (LAN) /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE /sbin/iptables -A FORWARD --o eth1 -d 2.2.2.2 -p tcp --dport 80 -j ACCEPT /sbin/iptables -t nat -A PREROUTING -i eth0 -d 1.1.1.1 -p tcp --dport 80 -j DNAT --to 2.2.2.2 /sbin/iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT /sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT /sbin/iptables -A FORWARD -i eth2 -o eth0 -j ACCEPT

  Read the article

• Unexpected multiple network connections on Windows Vista

  - by Jens

  My Network and Sharing Center shows multiple connections to the internet, where only one is expected: My internet access works fine, but since the "Unidentified Network" is set to public after each boot, sharing and network discovery don't work as well. Similar questions on Google point mostly to the Bonjour service, but I am sure that this is not, and never was, installed on this machine. So: How can I get rid of the unidentified network? Output of ipconfig /all: Windows IP Configuration Host Name . . . . . . . . . . . . : ***** Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : mySuffix Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : mySuffix Description . . . . . . . . . . . : Intel(R) 82567LF-3 Gigabit Network Connection Physical Address. . . . . . . . . : 00-19-99-65-F0-B2 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::c90:2d23:7651:42f%10(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.141.130(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : 13 November 2012 09:40:54 Lease Expires . . . . . . . . . . : 21 November 2012 09:45:01 Default Gateway . . . . . . . . . : 192.168.141.109 192.168.141.108 DHCP Server . . . . . . . . . . . : 192.168.141.120 DHCPv6 IAID . . . . . . . . . . . : 218110361 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-DD-00-AF-00-19-99-65-F0-B2 DNS Servers . . . . . . . . . . . : 8.8.8.8 8.8.4.4 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter Local Area Connection* 13: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : mySuffix Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes

  Read the article

• DNS not responding

  - by Born2win

  I have a Dlink DIR-615 router and I have it around six mounths. My internet connection is VPN (PPTP) based i.e. I have been give a username and password from my isp and my ip address is dynamic. But from few days I am experiencing a serious problem. My router connects normally (i can see yellow light) but my computer is giving "DNS not responding" error. I have tried everything (reset,reboot etc) but no sucess. Any help would be appreciated :)

  Read the article

• Best way to troubleshoot intermittent network outages?

  - by Ben Scheirman

  We have a Comcast 50/10 line into our office. We keep seeing very short but sometimes frequent drops in our internet service. It's enough to kick you off of skype and stop any websites from loading, which is obviously affecting our productivity. We've tried 4 different routers, we've tried moving everyone off of wireless and onto wired via a switch and so far nothing has helped. Right now we're on a Cisco SB WRP400-G1 router. Attached to the router is a 16 port switch going to the ports in all of the offices. We've moved to OpenDNS in the case that it was the comcast DNS servers going down. Today we tried putting the modem, router, and switch on a UPS to make sure it wasn't power fluctuations that was causing it. Every time we call Comcast, by the time they are here the internet is working fine. I'd like to somehow prove that the problem is with Comcast, so if that means plugging in a machine directly into their router and collecting data all day, I'm up for that. I just want to hear ideas on what tools to run and how to collect this data. I could just continuously ping google.com all day long but I'm not sure how valuable that data would be. Thoughts?

  Read the article

• Top ten security tips for non-technical users

  - by Justin

  I'm giving a presentation later this week to the staff at the company where I work. The goal of the presentation is to serve as a refresher/remidner of good practices that can help keep our network secure. The audience is made up of both programmers and non-technical staff, so the presentation is geared for non-technical users. I want part of this presentation to be a top list of "tips". The list needs to be short (to encourage memory) and be specific and relevant to the user. I have the following five items so far: Never open an attachment you didn't expect Only download software from a trusted source, like download.com Do not distribute passwords when requested via phone or email Be wary of social engineering Do not store sensitive data on an FTP server I have two questions: Do you suggest any additional items? Do you suggest any changes to existing items?

  Read the article

• Brocade 200E Switch - Fibre Channel

  - by Arthor

  What I have: Fujitsu-Siemens PRIMERGY BX600 Brocade 200E (16 port, 4gbit fibre). My question: Imagine a QNAP with a fiber 10GBIT card connected to the Brocade 200E (16 port, 4gbit fibre). Would this work; would the card drop down to 4GBIT? Are 10GBIT fiber cards backwards completable. Update. I have the specs of my server now.... Fujitsu-Siemens PRIMERGY BX600 S3 Blade Ecosystem Blade Chassis comprising; 2 x A3C40073243 Blade Management modules 2 x A3C40089238 GBE Switch Blade SB9F 30/12 2 x A3C40085736 4Gb 10 port pass through blades 1 x A3C40083767 Digital KVM Modules 2 x A3C40073245 Fan enclosures + cooling fans 4 x A3C40073262 Power Supplies My Goals and Objectives To have a blade system in place for 8 blades for video rendering, the other 2 for database and scripts etc The system will be built on VMWARE ESXi 5 Use ISCSI on the QNAP to support HA and vmotion if needed Users to access the qnap for video editing QANAP has 12 drive (2 x (6 HDD in RAID 10)

  Read the article

• HP dv6910 laptop no longer recognizes wireless adapter, dvd drive, and one usb port. What can I do about this?

  - by Joan H.

  In the last 3 weeks, my not even 3 year old HP laptop (vista) just seems to be failing. First, one of the usb ports stopped working. Next, the dvd drive all of a sudden was not recognized as even existing, so it is now useless. And as of today, I no longer seem to have a wireless adapter on my laptop. It doesn't show up in device manager, same as the dvd drive. I can connect to the internet by ethernet cable, but not wirelessly. It worked fine last night; now it doesn't even exist! I have tried a 'hard reset' I read about on HP's forum- no help. I am not sure what else to try. I read about the USB wifi dongle in another response, but I already have maxed our my usb ports even though I have bought a USB hub since the one port failed. Plus, I'd like my laptop to just work like it's supposed to instead of being jerry rigged with usb hubs, external dvd drives, and wifi dongles etc. Any ideas?

  Read the article

• What software is used by buy-side investment companies?

  - by user44995

  What software is used by buy-side investment companies? For educational purposes, could anyone describe IT infrastructure of a typical buy-side investment company: a hedge fund, a mutual fund or a wealth management company. No particular details are needed, just what type of software is used how different software modules interact with each other. Am I asking too much?

  Read the article

• How to configure traffic from a specific IP hardcoded to an IP to forward to another IP:PORT using i

  - by cclark

  Unfortunately we have a client who has hardcoded a device to point at a specific IP and port. We'd like to redirect traffic from their IP to our load balancer which will send the HTTP POSTs to a pool of servers able to handle that request. I would like existing traffic from all other IPs to be unaffected. I believe iptables is the best way to accomplish this and I think this command should work: /sbin/iptables -t nat -A PREROUTING -s $CUSTIP -j DNAT -p tcp --dport 8080 -d $CURR_SERVER_IP --to-destination $NEW_SERVER_IP:8080 Unfortunately it isn't working as expected. I'm not sure if I need to add another rule, potentially in the POSTROUTING chain? Below I've substituted the variables above with real IPs and tried to replicate the layout in my test environment in incremental steps. $CURR_SERVER_IP = 192.168.2.11 $NEW_SERVER_IP = 192.168.2.12 $CUST_IP = 192.168.0.50 Port forward on the same IP /sbin/iptables -t nat -A PREROUTING -p tcp -d 192.168.2.11 --dport 16000 -j DNAT --to-destination 192.168.2.11:8080 Works exactly as expected. IP and port forward to a different machine /sbin/iptables -t nat -A PREROUTING -p tcp -d 192.168.2.11 --dport 16000 -j DNAT --to-destination 192.168.2.12:8080 Connections seem to timeout. Restrict IP and port forward to only be applied to requests from a specific IP /sbin/iptables -t nat -A PREROUTING -p tcp -s 192.168.0.50 -d 192.168.2.11 --dport 16000 -j DNAT --to-destination 192.168.2.12:8080 Times out as well. Probably for the same reason as the previous entry. Does anyone have any insights or suggestions? thanks,

  Read the article

• Linux: prevent outgoing TCP flood

  - by Willem

  I run several hundred webservers behind loadbalancers, hosting many different sites with a plethora of applications (of which I have no control). About once every month, one of the sites gets hacked and a flood script is uploaded to attack some bank or political institution. In the past, these were always UDP floods which were effectively resolved by blocking outgoing UDP traffic on the individual webserver. Yesterday they started flooding a large US bank from our servers using many TCP connections to port 80. As these type of connections are perfectly valid for our applications, just blocking them is not an acceptable solution. I am considering the following alternatives. Which one would you recommend? Have you implemented these, and how? Limit on the webserver (iptables) outgoing TCP packets with source port != 80 Same but with queueing (tc) Rate limit outgoing traffic per user per server. Quite an administrative burden, as there are potentially 1000's of different users per application server. Maybe this: how can I limit per user bandwidth? Anything else? Naturally, I'm also looking into ways to minimize the chance of hackers getting into one of our hosted sites, but as that mechanism will never be 100% waterproof, I want to severely limit the impact of an intrusion. Cheers!

  Read the article

• Should I limit end-user gigabit ports to avoid saturating uplink/trunk connections?

  - by Joel Coel

  We have a campus with 16 buildings and older 850nm 1Gbps fiber links between the buildings, that all come to a core switch for our servers that also uses 1Gbps ports. We're finally starting to replace our aging 10/100 end-user switches, and much of what we're looking at are 1 Gbps units. My question is, since the trunk/uplink lines are still 1Gbps, if I were to install 1 Gbps switches for end users, should I limit the ports to 100Mbps until I can also upgrade the trunks to avoid allowing a bad-behaving host to saturate a trunk line (since we're a college, we have plenty of mis-behaving hosts) and thereby create a DoS situation for a building, or will TCP congestion control typically take care of that for me? What if we have a lot of UDP traffic (games, video chats, even a small amount of bittorrent)?

  Read the article

• How to set up my network/bridging using Apple Airport equipment?

  - by John

  I'd like to set up my network like this, and I want to make sure it's possible using the hardware I have. I think it should be... I've got my cable modem in one room. I want to plug it into an Apple Airport Express and create my wireless my wireless network here. The airport express will do the NAT and DHCP. By my TV there are a few things to be networked (Xbox and Tivo). I have an airport extreme here. I'd like to have the airport extreme join the wireless network and share the connection to the ethernet ports. Can anyone provide some assistance on the best way to configure to do this? Thanks!

  Read the article

• How to masked network directory with Active Directory & IIS7

  - by Zach Shallbetter

  Departments within our organization have file directories on our IIS7 2008 R2 server similar to \\apollo\marketing.oems, which are outward facing for clients. We would like to create masked directories for quicker access like \\marketing that would point to \\apollo\marketing.oems. I've done research and have not come across any real answers, although I know it's possible Any help would be appreciated.

  Read the article

• Is there a way to share a webradio on a network?

  - by Ivo Flipse

  At my work we try to limit the incoming bandwith from streaming webradio's. Therefore we want to stream a couple and then distribute/share them over our internal network. Any suggestions on how to make this possible?

  Read the article

• Keep source IP after NAT

  - by John Miller

  Until today I used a cheapy router so I can share my internet connection and keep a webserver online too, while using NAT. Users IP ($_SERVER['REMOTE_ADDR']) was fine, I was seeing class A IPs of users. But as traffic grown up everyday, I had to install a Linux Server (Debian) to share my Internet Connection, because my old router couldn't keep the traffic anymore. I shared the internet via IPTABLES using NAT, but now, after forwarding port 80 to my webserver, now instead of seeing real users IP, I see my Gateway IP (Linux Internal IP) as any user IP Address. How to solve this issue? I edited my post, so I can paste the rules I'm currently using. #!/bin/sh #I made a script to set the rules #I flush everything here. iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain iptables -F iptables -X # I drop everything as a general rule, but this is disabled under testing # iptables -P INPUT DROP # iptables -P OUTPUT DROP # these are the loopback rules iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # here I set the SSH port rules, so I can connect to my server iptables -A INPUT -p tcp --sport 513:65535 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp --sport 22 --dport 513:65535 -m state --state ESTABLISHED -j ACCEPT # These are the forwards for 80 port iptables -t nat -A PREROUTING -p tcp -s 0/0 -d xx.xx.xx.xx --dport 80 -j DNAT --to 192.168.42.3:80 iptables -t nat -A POSTROUTING -o eth0 -d xx.xx.xx.xx -j SNAT --to-source 192.168.42.3 iptables -A FORWARD -p tcp -s 192.168.42.3 --sport 80 -j ACCEPT # These are the forwards for bind/dns iptables -t nat -A PREROUTING -p udp -s 0/0 -d xx.xx.xx.xx --dport 53 -j DNAT --to 192.168.42.3:53 iptables -t nat -A POSTROUTING -o eth0 -d xx.xx.xx.xx -j SNAT --to-source 192.168.42.3 iptables -A FORWARD -p udp -s 192.168.42.3 --sport 53 -j ACCEPT # And these are the rules so I can share my internet connection iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -A FORWARD -i eth0:1 -j ACCEPT If I delete the MASQUERADE part, I see my real IP while echoing it with PHP, but I don't have internet. How to do, to have internet and see my real IP while ports are forwarded too? ** xx.xx.xx.xx - is my public IP. I hid it for security reasons.

  Read the article

• Servers / ram for social network- how many?

  - by Marty

  I am launching my social network soon an looking into hosting. The question i am lost is: Do i need separate servers for web vs database vs image handling since there is photo sharing? Or does 1 server handle it all? Also is more ram better? If i get 50GB ram is that better than having 8 gb ram? EDIT: It is PHP codeignitor and MySQL for now. (switch to NoSQL DB later if demand calls fr it.) I will be using memcache also. Concept wise it is similar to yelp, so geographic based with lots of user content and image sharing + live feeds an privacy levels. User plan is open question. Without testing the demand for this i cant give a number. But the concept is unique, no one out there with the set of features i am releasing so it could grow. Ideally I want to plan for handling about 1-2 million views / month from launch. If it goes more than that then I will upgrade.

  Read the article

• How Does EoR Design Work with Multi-tiered Data Center Topology

  - by S.C.

  I just did a ton of reading about the different multi-tier network topology options as outlined by Cisco, and now that I'm looking at the physical options (End of Row (EoR) vs Top of Rack(ToR)), I find myself confused about how these fit into the logical constructs. With ToR it also maps 1:1: at the top of each rack there is a switch(es) that essentially act as the access layer. They connect via fiber to other switches, maybe chassis-based, that act as the aggregation layer, that then connect to the core layer. With EoR it seems that the servers are connecting directly to the aggregation layer, skipping the access layer all together, by plugging directly into what are typically chassis switches. In EoR then is the standard 3-tier model now a 2-tier model: the servers go to the chassis switch which goes straight to the core switch? The reason it matters to me is that my understanding was that the 3-tier model was more desirable due to less complexity. The agg switch pair acts as default gateway and does routing; if you use up all of your ports in your agg layer pair it's much more complicated to add additional switches, than simply adding more switches at the access layer. Are there other downsides to this layout? Does this 3-tier architecture still apply in some way in EoR? Thanks.

  Read the article

• Finding spoofed IP address on network

  - by Jared

  I have a few IP spoof dropped messages coming out of my Sonicwall firewall, we'll call them Source A and Source B. Both of these sources have the same mac address indicating they're coming from the layer 3 switch behind my firewall. Source A has an ip within a valid subnet on my network and it shows up in the ARP table of my layer 3 switch. I was able to trace the exact location and fix the issue. Source B's ip however, is not within valid subnet on my network and it's not showing up in my layer 3 switches arp table. Any idea how I can trace the location of this device within my network? Thanks in advance.

  Read the article

• routing through multiple subinterfaces in debian

  - by Kstro21

  my question is as simple as the title, i have a debian 6 , 2 NICs, 3 different subnets in a single interface, just like this: auto eth0 iface eth0 inet static address 192.168.106.254 netmask 255.255.255.0 auto eth0:0 iface eth0:0 inet static address 172.19.221.81 netmask 255.255.255.248 auto eth0:1 iface eth0:1 inet static address 192.168.254.1 netmask 255.255.255.248 auto eth1 iface eth1 inet static address 172.19.216.3 netmask 255.255.255.0 gateway 172.19.216.13 eth0 is conected to a swith with 3 differents vlans, eth1 is conected to a router. No iptables DROP, so, all traffic is allowed. Now, passing the traffic through eth0 is OK, passing the traffic through eth0:0 is OK, but, passing the traffic through eth0:1 is not working, i can ping the ip address of that sub interface from a pc where this ip is the default gateway, but can't get to servers in the subnet of the eth1 interface, the traffic is not passing, even when i set the iptables to log all the traffic in the FORWARD chain and i can see the traffic there, but, the traffic is not really passing. And the funny is i can do any the other way around, i mean, passing from eth1 to eth0:1, RDP, telnet, ping, etc, doing some work with the iptable, i manage to pass some traffic from eth0:1 to eth1, the iptables look like this: iptables -t nat PREROUTING -d 192.168.254.1/32 -p tcp -m multiport --dports 25,110,5269 -j DNAT --to-destination 172.19.216.1 iptables -t nat PREROUTING -d 192.168.254.1/32 -p udp -m udp --dport 53 -j DNAT --to-destination 172.19.216.9 iptables -t nat PREROUTING -d 192.168.254.1/32 -p tcp -m tcp --dport 21 -j DNAT --to-destination 172.19.216.11 iptables -t nat POSTROUTING -s 172.19.216.0/24 -d 172.19.221.80/29 -j SNAT --to-source 172.19.221.81 iptables -t nat POSTROUTING -s 172.19.216.0/24 -d 192.168.254.0/29 -j SNAT --to-source 192.168.254.1 iptables -t nat POSTROUTING -s 172.19.216.0/24 -o eth0 -j SNAT --to-source 192.168.106.254 dong this is working, but,it is really a headache have to map each port with the server, imagine if i move the service from server, so, now i have doubts: can debian route through multiple subinterfaces?? exist a limit for this?? if not, what i'm doing wrong when i have the same setup with other subnets and it is working ok?? without the iptables rules in the nat, it doesn't work thanks and i hope good comments/answers

  Read the article

< Previous Page | 182 183 184 185 186 187 188 189 190 191 192 193  | Next Page >