Search Results

Search found 16822 results on 673 pages for 'custom protocol'.

Page 313/673 | < Previous Page | 309 310 311 312 313 314 315 316 317 318 319 320 | Next Page >

PCI scan findings and problems with week ciphers on ports 993,443,995,465

- by user64991

From PCI scan results: Synops is : The remote service encrypts traffic using a protocol with known weaknesses . Description : The remote service accepts connections encrypted using SSL 2.0, which reportedly suffers from several cryptographic flaws and has been deprecated for several years. An attacker may be able to exploit these issues to conduct man-in-the-middle attacks or decrypt communications between the affected service and clients . See also : http://www.schneier.com/paper-ssl.pdf Solution: Consult the application's documentation to disable SSL 2.0 and use SSL 3.0 or TLS 1.0 instead. Risk Factor: Medium / CVSS Base Score : 2 (AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N) I have tried to change SSLProtocol all -SSLv2 to SSLProtocol -ALL +SSLv3 +TLSv1 And SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW To SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:!MEDIUM:!LOW:!SSLv2:!EXPORT But using SSLdigger, it shows the same result. Is this the right way to do something like this?

Read the article
Sftp via shell - how it is possible

- by Tomasz Zielinski

(Moved from StackOverflow: http://stackoverflow.com/questions/4589725/sftp-via-shell-how-it-is-possible) How is it possible for tools like http://mysecureshell.sourceforge.net/ to provide SFTP access by merely specifying them as shell by typing: usermod -s /bin/MySecureShell myuser ? I'm on Debian Lenny, with default sshd/OpenSSH. Is this e.g. a feature of SSH protocol that allows user shell to handle sftp commands? I can't wrap my head around this because usually OpenSSH needs sftp-server module (or the internal one in newer versions) - and this makes me think that sftp commands don't even hit the shell and are handled earlier or by different code path..

Read the article
visio alternatives

- by Jason S

I need an alternative to Visio for making diagrams (particularly signal processing block diagrams) that includes some kind of custom stencils + connection points. I just spent 2 hrs learning bits and pieces of Dia only to find that it has no rotational capabilities, not even 90 degree rotations. Otherwise it's great. Any suggestions?

Read the article
MS SQL 2000 and SSL Certificate

- by smoak

I'm trying to set up a MS SQL 2000 server to use an already existing SSL certificate installed on the server. I verified that the certificate shows up in the Personal/Certificate folder of the account that is running the MSSQLSERVER service using the Certificate MMC snap-in. I also verified that the certificate for the CA is installed under the Trusted Root Certificate Authorities. Additionally, to make sure that it is using this specific certificate I created a Certificate registry value of type REG_BINARY in: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer\MSSQLServer\SuperSocketNetLib and I set it to the certificates thumbprint like it mentions in: http://support.microsoft.com/kb/276553 Finally, I opened up the Server Network Utility, checked Force protocol encryption, clicked OK, and restarted the MSSQLSERVER service. Unfortunately, it fails to start and looking at the event log it's failing with: 19015: Encryption requested but no valid certificate was found. SQL Server terminating. I'm at a loss. Any ideas? Where did I go wrong?

Read the article
In TCP/IP terms, how does a download speed limiter in an office work?

- by TessellatingHeckler

Assume an office of people, they want to limit HTTP downloads to a max of 40% bandwidth of their internet connection speed so that it doesn't block other traffic. We say "it's not supported in your firewall", and they say the inevitable line "we used to be able to do it with our Netgear/DLink/DrayTek". Thinking about it, a download is like this: HTTP GET request Server sends file data as TCP packets Client acknowledges receipt of TCP packets Repeat until download finished. The speed is determined by how fast the server sends data to you, and how fast you acknowledge it. So, to limit download speed, you have two choices: 1) Instruct the server to send data to you more slowly - and I don't think there's any protocol feature to request that in TCP or HTTP. 2) Acknowledge packets more slowly by limiting your upload speed, and also ruin your upload speed. How do devices do this limiting? Is there a standard way?

Read the article
Does an SMTP request contain host header information (or just the IP of the targeted SMTP server)?

- by Olaf

We are using an external commercial smtp server for our newsletters (sending them through .NET components), and they offer two smtp URLs - smtp.critsend.com and fast.critsend.com -, and the second one is reserved for sending singular emails, the first one for bulk. Using nslookup shows that both resolve to the same 4 IP addresses (fast.critsend.com being an Alias). Question: (how) is it possible for the smtp relay to distinguish between different names? Is there something in the headers that can be compared to host headers in http protocol (I didn't find any intelligible information for a non-sysadmins)? The reason I'm asking is because we would like to use one of the IPs in our newsletter script (which works) rather than a name (in order to save DNS requests), and we are wondering about potential problems.

Read the article
OpenBSD ftp-proxy behind NAT itself

- by Manuel Faux

Is it possible to change the PASV IP ftp-proxy of OpenBSD sends to clients, without changing the listen address of redirection control (-b <address>)? I have the following setup: FTP client --> 1:1 NAT router --> OpenBSD router --> FTP server The 1:1 NAT router has a NAT rule to forward everything to the OpenBSD router, the OpenBSD router runs the ftp-proxy -R <FTP server IP>. When the FTP client sends the PASV command, the proxy answers with the Entering Passive Mode (227) message with his own source IP on the interface to the 1:1 NAT router (obviously). Since the 1:1 NAT router is not protocol aware, it forwards this message and the client receives the message with the PASV IP of the OpenBSD router, which it does not have a route to. Is there a way, that I can tell ftp-proxy to send the Entering Passive Mode message with a different source IP?

Read the article
How can I share a Windows 7 library with anonymous access without using a Homegroup?

- by Triynko

The "homegroup" feature is useless, because it requires a password, and therefore doesn't support anonymous, no-hassle access to shares from devices such as my Sony Bravia TV and non-Windows7 machines. So I turned off homegroup and reverted to the standard shared folders protocol. I'd like to share my Music "Library", so I can play files from my TV through the Surround Sound System, but there seems to be no option to share a library folder other than through a homegroup. I don't want to have to individually share the folders that belong to the library, because that would defeat the purposes of the library, which is to manage which folders are included in the library while also providing an easily accessible view of them all at once. Does anyone know how to share a Windows 7 library without that useless homegroup feature?

Read the article
how to limit upload bandwidth per user in linux?

- by Gihan Lasita

Can anyone provide the tc command to limit upload bandwidth per user in Debian Lenny? I found that to mark packets per user with iptables I can use the following command iptables -t mangle -A OUTPUT -p tcp -m owner --uid-owner testuser -j MARK --set-mark 500 but I have no idea how to use tc update by running following commands, i managed to limit testuser upload bandwidth to 10Mbit iptables -t mangle -N HTB_OUT iptables -t mangle -I POSTROUTING -j HTB_OUT iptables -t mangle -A HTB_OUT -j MARK --set-mark 30 iptables -t mangle -A HTB_OUT -m owner --uid-owner testuser -j MARK --set-mark 10 tc qdisc replace dev eth0 root handle 1: htb default 30 tc class replace dev eth0 parent 1: classid 1:1 htb rate 10Mbit burst 5k tc class replace dev eth0 parent 1:1 classid 1:10 htb rate 10Mbit ceil 10Mbit tc qdisc replace dev eth0 parent 1:10 handle 10: sfq perturb 10 tc filter add dev eth0 parent 1:0 prio 0 protocol ip handle 10 fw flowid 1:10 now the problem is, i do not want to limit testuser's FTP bandwidth but by running above commands FTP speed also limited to 10Mbit. Regards

Read the article
How can i get SSO for alfresco on windows-7 to work?

- by Maarten

domain AD on windows 2008 R2, linux server alfresco 3.4c, windows-7 client. I'm trying to get automatically logged into alfresco from the windows-7 client. I've looked with wireshark to see what happens: 1. Client goes to /alfresco 2. Server sends Redirect to page 3. Client goes to Redirected page 4. Server sends a WWW-Authenticate: Negotiate header 5. Client DOES NOT respond to this how can i configure the windows-7 client (or the AD domain) so that the client will in fact engage with the SPNEGO protocol? instead of just asking for user credentials? (the user is logged in through kerberos in the domain.)

Read the article
Windows 7 connect to Lion file sharing

- by McKvack

Trying to access my Mac from a Windows 7 computer, I fail with the infamous error 86 incorrect password. Now this appears to be a well-known problem with countless threads on the internet giving as many "solutions" as there are discussion threads about it (mostly ranging from installing third-party commercial samba servers, to switching to some other protocol, to compiling a plain-vanilla Samba installation - the latter which I will probably do when I give up this :) ) I am stubborn, and I believe there must be some problem here that can be solved or worked around, but there is surprisingly little detail about this problem. It appears to have something to do with a mismatch of authentication methods. Trying to run samba in debug mode: sudo /usr/sbin/smbd -debug -stdout gets me this output when trying to access it from Win 7 ... smb1_dispatch_one [smb_dispatch.cpp:377] dispatching SMB_COM_SESSION_SETUP_ANDX smb1_dispatch_session_setup [session_setup.cpp:261] FIXME erase existing sessions log_gss_error [gssapi_mechanism.cpp:97] gssapi: gss-code: Miscellaneous failure (see text) log_gss_error [gssapi_mechanism.cpp:113] gssapi: mech-code: unknown mech-code 22 for mech unknown What is the problem here, and how do I fix it?

Read the article
IMCEMAILTO and exghost

- by Steve

One of my associates sent an email to me that was also sent to a client. The client's email address appears to be mangled, however. He says he sent it twice---the first one bounced and the second did not. The email address he sent it to was: [email protected] My searches on Google indicate that the MAILTO could be a bad protocol but I didn't know how the email address would be interpreted by exchange server. What email address was the email sent to, how did IMCEMAILTO get there, and does it have any change of getting delivered?

Read the article
Network monitoring solution

- by Hellfrost

Hello Serverfault ! I have a big distributed system I need to monitor. Background: My system is comprised of two servers, concentrating and controlling the system. Each server is connected to a set of devices (some custom kind of RF controllers, doesnt matter to my question), each device connects to a network switch, and eventually all devices talk to the servers, the protocol between the servers and the devices is UDP, usually the packets are very small, but there are really a LOT of packets. the network is also somewhat complex, and is deployed on a large area physically. i'll have 150-300 of these devices, each generating up to 100+ packets per second, and several network switches, perhaps on 2 different subnets. Question I'm looking for some solution that will allow me to monitor all this mess, how many packets are sent, where, how do they move through the network, bandwidth utilization, throughput, stuff like that. what would you recommend to achieve this? BTW Playing nice with windows is a requirement.

Read the article
Kernel-mode Authentication: 401 errors when accessing site from remote machines

- by CJM

I have several Classic ASP sites that use Integrated Windows Authentication and Kerberos delegation. They work OK on the live servers (recently moved to a Server 2008/IIS7 servers), but do not work fully on my development PC or my development server. The IIS on both machines were configured through an IIS web deployment tool package which was exported from an old machine; the deployment didn't work perfectly, and I had to tinker a bit to get the sites working. When accessing the apps locally on either machine, they work fine; when accessing from another machine, the user is prompted by a username/password dialog, and regardless of what you enter, ultimately it results in a 401 (Unauthorised) error. I've tried comparing the configuration of these machines against similar live servers (that all work fine), and they seem generally comparable (given that none of the live servers are yet on IIS7.5 (Windows 7/Server 2008 R2). These applications run in a common application pool which uses a special domain user as it's identity - this user has similar permissions on the live and development machines. On IIS6 platforms, to enable kerberos delegation, I needed to set up some SPNs for this user, and they are still in place (even though I don't believe they are needed any longer for IIS7+ due to kernel-mode authentication), Furthermore, this account is enabled for Kerberos delegation in Active Directory, as is each machine I am dealing with. I'm considering the possibility that the deployment might have made changes/failed to make changes to the IIS configuration thus causing this problem. Perhaps a complete rebuild (minus another web deployment attempt) would solve the problem, but I'd rather fix (thus understand) the current problem. Any ideas so far? I've just had another attempt at fixing this issue, and I've made some progress, but I don't have a complete fix...yet. I've discovered that if I access the sites via IP address (than via NetBIOS name), I get the same dialog, except that it accepts my credentials and thus the application works - not quite a fix, but a useful step. More interestingly, I discovered that if I disable Kernel-mode authentication (in IIS Manager Website Authentication Advanced Settings), the applications work perfectly. My foggy understanding is that this is effectively working in the pre-IIS7 way. A reasonable short-term solution, but consider the following explicit advice from IIS on this issue: By default, IIS enables kernel-mode authentication, which may improve authentication performance and prevent authentication problems with application pools configured to use a custom identity. As a best practice, do not disable this setting if Kerberos authentication is used in your environment and the application pool is configured to use a custom identity. Clearly, this is not the way my applications should be working. So what is the issue?

Read the article
where does https on apache get it's configuration?

- by Matthew

So originally my host (mediatemple dv) has two default directories for the roots: 1)httpdocs/ 2)httpsdocs/ In the conf directory I changed the vhosts.conf and httpd.include and others to change from httpdocs to custom folders. Now I installed a new ssl certificate and https://example.com goes to the default page located at httpsdocs. I'm just wondering where configurations for apache are stored for ssl. Ideas?

Read the article
Using both domain users and local users for Squid authentication?

- by Massimo

I'm working on a Squid proxy which needs to authenticate users against an Active Directory domain; this works fine, Samba was correctly set up and Squid authenticates users via ntlm_auth. Relevant lines in squid.conf: auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 5 auth_param ntlm keep_alive on acl Authenticated proxy_auth REQUIRED http_access allow Authenticated http_access deny all Now, I need a way to allow access to users which don't have a domain account. I know I could create an "internet user" account in the domain, but this would allow access, although limited, to domain resources (file shares, etc.); I need something that will allow only Internet access. The ideal solution would be using a local account on the proxy server, either a Linux account or a Squid one; I know Squid supports this, but I'm unable to have it use both domain authentication and Squid/local authentication if domain auth is unsuccesful. Can this be done? How?

Read the article
external pop email relay

- by Pixman

I want to offer to my customer this possibility : get her pop3 emails from external pop3 server forward the news emails to the new external pop3 server I have find lot of tools for sync imap accounts, or sync pop to imap, but i just want get pop and send to another email adress ! I search a answer for linux ( if i can make a simple daemon for make it's it's good ). Thanks a lot for your help. edit for more detail : For simplify my question, in my use case, it's just want to connect as client via pop protocol ( like a mail app ). And i check news emails, and forward to other email adress. I search about an app or code for create this on linux. In this situation have no access to mailbox dirs, or server configuration ( in this case i have already the answer by create a qmail hook ) Maybe, it's not the good website ? my question must be post on the stackoverflow part ?

Read the article
Public DNS Server fails on Windows Amazon EC2

- by Adroidist

I have started a new Windows server instance on Amazon EC2. The security group has the following rules: Ports Protocol Source 22 tcp 0.0.0.0/0 80 tcp 0.0.0.0/0 443 tcp 0.0.0.0/0 3389 tcp 0.0.0.0/0 53 udp 0.0.0.0/0 -1 icmp 0.0.0.0/0 I am able to ping the public DNS server of the machine and i can connect to it using Windows Remote Desktop connection. However, when i put in my web browser the public DNS server, it fails to connect. Morever, I used filezilla and putty (and in both I loaded the private key .pem) but i receive connection timed out. I disabled the firewall on both my pc and the instance (which I entered using Remote desktop connection). Can you please tell me what I am missing?

Read the article
Sharepoint : send alert when field is empty : bug ?

- by mathieu

Is it possible to send an email alert when a field of a list is empty ? I've tried the following : Create a custom list, add a field named "TestField" Create a personal view named "TestView", filter : Show when column "TestField" is equal to "" (leave the box empty) Create an alert, immediate email when items appearing in "TestView" are modified Create an item with both fields filled Create an item with only title filled Now you should receive two alert emails, but in the view "TestView" there is only one item. Is it a bug ?

Read the article
Powerpoint 2003, change picture

- by Tom Gullen

I have a picture in Powerpoint 2003, how do I change the picture without having to delete it and re-add it? I need to save all the animations and it's going to take about 5 hours to re add them, but only like 20 mins if I change the pictures. Or if there is anyway to copy a custom animation set to another picture that would also be ace

Read the article
PDAnet on Android IP on PC is not public IP. Where does the NAT take place, PDAnet or Verizon?

- by lcbrevard

When using PDAnet on a PC (Win7 ultimate) to USB tether a Motorola Droid on Verizon 3G the IP address of the PC appears to be public - 64.245.171.115 (64-245-171-115.pools.spcsdns.net) - but connections show as coming from another public IP - 97.14.69.212 (212-sub-97.14.69.myvzw.com). Someone is performing Network Address Translation - either PDAnet or within the Verizon 3G network. Can someone tell me who is doing the NAT? Is it PDAnet or is it at Verizon? Is there any possibility of setting up port forwarding, such that connections to the public IP 97.14.69.212 (212-sub-97.14.69.myvzw.com) are forward to the PC? We are testing a network protocol that requires either a true public IP or forwarding a range of ports from the public Internet to the system on which the software runs (actually Linux hosted by VMware Player or Workstation on a PC running Windows).

Read the article
TFTP PUT Failing Across Hosts

- by Jason

I have a TFTP server installed on a CentOS host. /etc/xinetd.d/tftp: service tftp { disable = no socket_type = dgram protocol = udp wait = yes user = root server = /usr/sbin/in.tftpd server_args = -c -s /var/lib/tftpboot per_source = 11 cps = 100 2 flags = IPv4 } If I try to PUT a file from a remote host to the host running the TFTP server, I get Transfer Timed Out - however, it does create the file in /var/lib/tftpboot but the file is empty. If I tftp from the tftp server to itself (localhost) and PUT a file, it works fine. I have verified that SELinux is disabled and IPTables are turned off. I can connect from the remote hosts with no issue - just seems to be the PUT I have issue with: [root@SVR01 TEST]# tftp 10.100.2.15 tftp> status Connected to 10.100.2.15. Mode: netascii Verbose: off Tracing: off Literal: off Rexmt-interval: 5 seconds, Max-timeout: 25 seconds tftp>

Read the article
How can I figure out color hex codes from a screen capture?

- by user13743

I have a screen capture of some colors I'd like to use. I need to learn their hex codes. I have the screen shot in MS paint. I can see where I can pull the color with the dropper, and where I can define custom colors, but I don't see any place where it tells me the hex code of the color. Can I do this in mspaint, or gimp?

Read the article
Disable IPv6 on Loopback address (Localhost, Computer name, ...)

- by Greg Bray

We tried installing a 3rd party software product on a new Windows 2008 R2 server and found that everything works except for accessing local services through loopback addresses such as localhost or the computer name (ex: VPS-Web which resolves to localhost). We are not using IPv6 and would like to disable it until the software is compatible. I tried using these instructions for disabling IPv6 on Windows 2008 R2 but it did not disable the protocol for localhost. Pinging localhost or VPS-Web will still return ::1: instead of 127.0.0.1. I can use ping localhost -4 to get the correct address, but IPv6 takes precedent over IPv4 so the 3rd party software only gets the IPv6 address.

Read the article
Sftp via shell - how is it possible?

- by Tomasz Zielinski

(Moved from StackOverflow: http://stackoverflow.com/questions/4589725/sftp-via-shell-how-it-is-possible) How is it possible for tools like http://mysecureshell.sourceforge.net/ to provide SFTP access by merely specifying them as shell by typing: usermod -s /bin/MySecureShell myuser ? I'm on Debian Lenny, with default sshd/OpenSSH. Is this e.g. a feature of SSH protocol that allows user shell to handle sftp commands? I can't wrap my head around this because usually OpenSSH needs sftp-server module (or the internal one in newer versions) - and this makes me think that sftp commands don't even hit the shell and are handled earlier or by different code path..

Read the article

< Previous Page | 309 310 311 312 313 314 315 316 317 318 319 320 | Next Page >