Search Results

Search found 7073 results on 283 pages for 'liam block'.

Page 208/283 | < Previous Page | 204 205 206 207 208 209 210 211 212 213 214 215  | Next Page >

• Windows Server 2008 ignores any change made to firewall

  - by Maurice Courtois

  I have been trying for the last 2 hours to make my Windows Server 2008 answer ping. I have tried almost every single solution I have found on the web, so far nothing work. My current setup: 2 NIC (1x Internet connection, 1x Local network) Server act as VPN server. So I set the corresponding NIC as either Public or Private. I also enable the rule for "File and Printer Sharing (Echo Request...)" for all Nic and from any IPs. I always been able to ping from the local network or the local ip while connected to the VPN. I also tried to create a specific rule for ICMP ping and disabling the firewall for all but the public nic. Regardless of all this, I still can't ping that server from Internet. Any idea suggestion what could cause this? I have the impression that when you set the server as VPN (I switch the box on when setting it up to block everything else than VPN connection) that changing anything to the firewall setting thought mmc is pointless !?!?

  Read the article

• I get "An error occurred while Windows was synchronizing with [name of time server]." when trying t

  - by ChrisF

  Prompted by the answers to this question I decided to give the Windows built in time synchronisation another go. However, no matter what time server I use I get this error: "An error occurred while Windows was synchronizing with [name of time server]." The help suggests the following as reasons for failure: You are not connected to the Internet. Establish an Internet connection before you attempt to synchronize your clock. Your personal or network firewall prevents clock synchronization. Most corporate and organizational firewalls will block time synchronization, as do some personal firewalls. Home users should read the firewall documentation for information about unblocking network time protocol (NTP). You should be able to synchronize your clock if you switch to Windows Firewall. The Internet time server is too busy or is temporarily unavailable. If this is the case, try synchronizing your clock later, or update it manually by double-clicking the clock on the taskbar. You can also try using a different time server. The time shown on your computer is too different from the current time on the Internet time server. Internet time servers might not synchronize your clock if your computer's time is off by more than 15 hours. To synchronize the time properly, ensure that the date and time settings are set close to your current time in the Date and Time Properties in Control Panel. Now the first reason is clearly wrong - I am connected to the internet. I can see the 2nd being the most likely cause. I have Sygate Personal Firewall running, but it normally asks if something it trying to connect for the first time. Does anyone know I can unblock the NTP protocol - or at least check if it is blocked?. I don't think it's #3 or #4 as I've tried a number of different servers including the one currently used by Atomic Clock Sync. Though if someone knows the address of a UK time server I can double check this.

  Read the article

• On linux, what does it mean when a directory has size 0 instead of 4096?

  - by kdt

  Here's a strange thing I haven't seen before -- a directory whose size is reported by ls as 0 instead of 4096, and I can't create any files within it. # ls -ld lib home drwxr-xr-x. 2 root root 0 Feb 7 03:10 home <-- it has zero size dr-xr-xr-x. 11 root root 4096 Feb 4 09:28 lib # touch home/foo touch: cannot touch `home/foo': No such file or directory <-- and I can't create files in it # rm home rm: cannot remove `home': Is a directory <-- look, it really is a dir So what does it mean for a directory to have size 0 instead of 4096? Filesystem is ext4 on fedora core 14. The output of mount is: /dev/mapper/vg_dev-lv_root on / type ext4 (rw) proc on /proc type proc (rw) sysfs on /sys type sysfs (rw) devpts on /dev/pts type devpts (rw,gid=5,mode=620) tmpfs on /dev/shm type tmpfs (rw,rootcontext="system_u:object_r:tmpfs_t:s0") /dev/vda1 on /boot type ext4 (rw) none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw) sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw) Output of du -s /home: 0 /home Output of stat /home: File: `/home' Size: 0 Blocks: 0 IO Block: 1024 directory Device: 15h/21d Inode: 34913 Links: 2 Access: (0755/drwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2011-02-07 03:45:46.188995765 -0800 Modify: 2011-02-07 03:11:59.980995019 -0800 Change: 2011-02-06 07:58:45.874995002 -0800

  Read the article

• Why are ISP's installing routers on my site when the feed is a form of ethernet already?

  - by Cosmin Prund

  I'm connected to 3 ISP's right now. Two of them already have routers at my site, the third one announced me "they need to install some equipment" when I requested BGP session. I can only assume they need to install a Router, since that connection is now working fine, using the usual /30 net block for the connection, and the "last-mile" solution is not going to change since they only installed it last week and the BGP was in the contract from the beginning. I simply don't understand this: the "feed" is already a form of ethernet. Even those they're using different technologies for the last mile, they're all entering the ISP router using an RJ45 WAN port. I assume the ISP router does something really important that can't be done by the Big Router on the other end of the connection. It must also be something that can hurt them if miss-configured, since they don't trust us (the client) to do the stuff on our router. And I'm not talking cheap throw-away routers here: One of the routers is Cisco 2800. Edit to add network details: I'm connected to 3 ISP's, two over Radio links, one over Fiber Optic. One of the radio links is going to get dropped and the other radio link will be turned into fiber sometime next year. The fiber is 20 Mbit, radio 1 is 40 Mbit and radio 2 is 2 Mbit. I've got a /24 of provider independent address space. I'm not doing out-of-the ordinary stuff with my network, I'm overly connected because my network needs to be "up" all the time.

  Read the article

• Large, high performance object or key/value store for HTTP serving on Linux

  - by Tommy

  I have a service that serves images to end users at a very high rate using plain HTTP. The images vary between 4 and 64kbytes, and there are 1.300.000.000 of them in total. The dataset is about 30TiB in size and changes (new objects, updates, deletes) make out less than 1% of the requests. The number of requests pr. second vary from 240 to 9000 and is dispersed pretty much all over, with few objects being especially "hot". As of now, these images are files on a ext3 filesystem distributed read only across a large amount of mid range servers. This poses several problems: Using a fileysystem is very inefficient since the metadata size is large, the inode/dentry cache is volatile on linux and some daemons tend to stat()/readdir() it's way through the directory structure, which in my case becomes very expensive. Updating the dataset is very time consuming and requires remounting between set A and B. The only reasonable handling is operating on the block device for backup, copying, etc. What I would like is a deamon that: speaks HTTP (get, put, delete and perhaps update) stores data it in an efficient structure. The index should remain in memory, and considering the amount of objects, the overhead must be small. The software should be able to handle massive connections with slow (if any) time needed to ramp up. Index should be read in memory at startup. Statistics would be nice, but not mandatory. I have experimented a bit with riak, redis, mongodb, kyoto and varnish with persistent storage, but I haven't had the chance to dig in really deep yet.

  Read the article

• Almost All Xenserver Logical Volumes Disappeared - Recovery?

  - by Alex

  We had a hard disc crash of one of two hard discs in a software raid with a LVM on top. The server is running Citrix xenserver. On the hard disk which is still intact, the volume group gets detected well, but only one LV is left. (some hashes replaced by "x") # lvdisplay --- Logical volume --- LV Name /dev/VG_XenStorage-x-x-x-x-408b91acdcae/MGT VG Name VG_XenStorage-x-x-x-x-408b91acdcae LV UUID x-x-x-x-x-x-vQmZ6C LV Write Access read/write LV Status available # open 0 LV Size 4.00 MiB Current LE 1 Segments 1 Allocation inherit Read ahead sectors auto - currently set to 256 Block device 253:0 root@rescue ~ # vgdisplay --- Volume group --- VG Name VG_XenStorage-x-x-x-x-408b91acdcae System ID Format lvm2 Metadata Areas 1 Metadata Sequence No 4 VG Access read/write VG Status resizable MAX LV 0 Cur LV 1 Open LV 0 Max PV 0 Cur PV 1 Act PV 1 VG Size 698.62 GiB PE Size 4.00 MiB Total PE 178848 Alloc PE / Size 1 / 4.00 MiB Free PE / Size 178847 / 698.62 GiB VG UUID x-x-x-x-x-x-53w0kL I could understand if a full physical volume is lost - but why only the logical volumes? Is there any explanation for this? Is there any way to recover the logical volumes? EDIT We are here in a rescue system. The problem is that the whole server does not boot (GRUB error 22) What we are trying to do is to access the root filesystem. But everything was in the LVM. We have only this: (parted) print Model: ATA SAMSUNG HD753LJ (scsi) Disk /dev/sdb: 750GB Sector size (logical/physical): 512B/512B Partition Table: msdos Number Start End Size Type File system Flags 1 32.3kB 750GB 750GB primary boot, lvm And this 750GB LVM volume is exactly what we see on top. edit2 Output of vgcfgrestore, but from the rescue system, as there is no root to chroot to. # vgcfgrestore --list VG_XenStorage-x-b4b0-x-x-408b91acdcae File: /etc/lvm/archive/VG_XenStorage-x-x-x-x-408b91acdcae_00000.vg VG name: VG_XenStorage-x-x-x-x-408b91acdcae Description: Created *before* executing '/sbin/vgscan --ignorelockingfailure --mknodes' Backup Time: Fri Jun 28 23:53:20 2013 File: /etc/lvm/backup/VG_XenStorage-x-x-x-x-408b91acdcae VG name: VG_XenStorage-x-x-x-x-408b91acdcae Description: Created *after* executing '/sbin/vgscan --ignorelockingfailure --mknodes' Backup Time: Fri Jun 28 23:53:20 2013

  Read the article

• Server 2003 and XP Client; Why are HTTP connections being silently dropped.

  - by Asa Yeamans

  On my network, my edge-router, a windows 2003 r2 server router with all the latest updates, will drop packets, but only under specific circumstances. I have troubleshot and isolated it down to the most simple configuration i can. There is NO NAT involved. Only fully-public IP addresses. No Firewalls are running either, all ahve been disabled. no packet filters on any interfaces anywhere either. I have a single Windows XP virtual machine and my edge-router(the windows 2003 r2 server, and also a virtual machine) running on a windows 2008 x64 r2 system (running virtual server 2005 as i dont have Intel-VT compatible chip yet). The edge router can access any external http site just fine, no issues. However the windows XP machine is only able to access certain sites. These work: www.google.com www.txstate.edu www.workintexas.com www.thedailywtf.com . These Dont: www.yahoo.com www.utexas.edu en.wikipedia.org slashdot.org www.bing.com. I have removed all possibility of DNS issues by connecting with net-cat from the XP box and sending GET /\r\nHost: \r\n\r\n and that connection replicates the issue as well. The network setup: My statically assigned IP block: x.x.x.168/29 DSL Modem -----PPPoE Connection---- x.x.x.169[EdgeRouter] [EdgeRouter]x.x.x.170 -----Virtual Ethernet----- x.x.x.174 [Test2] Test2's Default gateway is x.x.x.170 and test2 can ping any and every valid, accessible, public IP address with no packet loss what-so-ever. If i connect directly over PPPoE from test2 (the XP box) everything works just fine... Im at my wits end, i have NO IDEA whats causing this.

  Read the article

• Formula-based Excel page headers

  - by Jake Krohn

  I'm using the "Rows to repeat at top" function in Excel's "Page Setup" dialog to ensure that a multi-row header block appears on every printed page of my worksheet. However, I'd like to be able to change certain bits of the header based on the content of the current page. I would simply like to display the value of one cell in the first row that is printed on the page. If this is my header: Section: xx And the data looks like this (columns are Section and Name): 1 Foo 1 Bar 2 Baz I want the "xx" in the header to be "1". If, further down on the next page, the value in the Section column is "3", I want that printed in the header of the next page. I originally thought that using the "OFFSET" function might help, e.g. ="Section: "&OFFSET(A2, 1, 0) But it only shows the offset from the original placement of the header, thus only working on page 1. The end document is a PDF, so right now I'm able to go back in with the "TouchUp Text Tool" in Acrobat and add the numbers page by page. But it gets to be a tedious process with 70+ page reports. Anyone have any better ideas that don't require me mucking up the original Excel document with inserted headers every N lines? This is Excel 2008 for Mac, if it makes a difference.

  Read the article

• Trouble Letting Users Get to Certain Sites through Squid Proxy

  - by armani

  We have Squid running on a RHEL server. We want to block users from getting to Facebook, other than a couple specific sites, like our organization's page. Unfortunately, I can't get those specific pages unblocked without allowing ALL of Facebook through. [squid.conf] # Local users: acl local_c src 192.168.0.0/16 # HTTP & HTTPS: acl Safe_ports port 80 443 # File containing blocked sites, including Facebook: acl blocked dst_dom_regex "/etc/squid/blocked_content" # Whitelist: acl whitelist url_regex "/etc/squid/whitelist" # I do know that order matters: http_access allow local_c whitelist http_access allow local_c !blocked http_access deny all [blocked_content] .porn_site.com .porn_site_2.com [...] facebook.com [whitelist] facebook.com/pages/Our-Organization/2828242522 facebook.com/OurOrganization facebook.com/media/set/ facebook.com/photo.php www.facebook.com/OurOrganization My biggest weakness is regular expressions, so I'm not 100% sure about if this is all correct. If I remove the "!blocked" part of the http_access rule, all of Facebook works. If I remove "facebook.com" from the blocked_content file, all of Facebook works. Right now, visiting facebook.com/OurOrganization gives a "The website declined to show this webpage / HTTP 403" error in Internet Explorer, and "Error 111 (net::ERR_TUNNEL_CONNECTION_FAILED): Unknown error" in Chrome. WhereGoes.com tells me the URL redirects for that URL goes like this: facebook.com/OurOrganization -- [301 Redirect] -- http://www.facebook.com/OurOrganization -- [302 Redirect] -- https://www.facebook.com/OurOrganization I tried turning up the debug traffic out of squid using "debug_options ALL,6" but I can't narrow anything down in /var/log/access.log and /var/log/cache.log. I know to issue "squid -k reconfigure" whenever I make changes to any files.

  Read the article

• How to connect computers to a network printer behind a router?

  - by kokbira

  General question: How to connect computers to an IP printer behind a router? Particular question: How to connect C-1 and C-2 to PRI? What? Where? [ISP] | | -> IPs:200.X.X.X/other configs:DC | [R-1] | | -> IPs:10.1.X.X locked by MAC,M:255.0.0.0,G:10.1.0.1 |¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯| | | [PRI] IP:10.1.7.7 [R-2] IP: 10.1.0.1,MAC:A | | -> IPs:192.168.1.X,M:255.255.255.0,G:192.168.1.1 |¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯| | | [C-1] IP:192.168.1.2 [C-2] IP:192.168.1.3,MAC:A Glossary and details: ------------------------------------------------------------------------------------ - IP: IP. - IPs: Some IP range. - M: Mask. - G: Gateway. - MAC:A: A MAC address that I will not inform you :) - DC: Don't care. - ISP: Internet Service Provider (not so much details about it on that case). - R-1: A real router or some concatenated so IP range bellow that block is 10.1.X.X and above is ISP. The provided IPs are provided by MAC. As all available addresses are in use, you must clone an existing one to join with a new device (and to disconnect the cloned one). - PRI: An network printer (some people here call that IP printer). - R-2: A TP-LINK TL-WR340G, mine wireless router (since my computer does not have ethernet input, it is my ethernet-wifi adapter :), admin access, MAC address cloned from C-2 (MAC:A). I've to configure 10.0.1.1 and 10.0.1.2 as DNS addresses, other wise I cannot connect C-1 and C-2 to Internet. - C-1: My computer, a CCE XLE-425 (remember: no ethernet input), with Windows 7, admin access. - C-2: another computer with better configs than mine, MAC:A, Windows XP. Requirements: I want to print, to access Internet and to do it myself (no need to call network admin men in black people). Pay attention to MAC clones and DNS info.

  Read the article

• Windows thinks outgoing connections are incoming connections?

  - by Slayer537

  I have a rather weird issue.. I'm trying to configure Windows Firewall to block all outgoing connections to a certain app, but allow all incoming. This app is used to transfer files across a network. The reason for this type of setup is to only allow certain users (IP Address) access to the files I have, but to still allow others to see what's available. Since Windows Firewall defaults to allowing all outgoing connections, I made a rule to deny all outgoing connections that were not in the IP ranges I specified. For the incoming connections, I'd like to leave it at allow all, but at the moment it is set to only allow the connections that also have outgoing permissions set. If I blanket say allow all incoming connections, I observe that unauthorized IP Address are able to actually download files, even though their IP was blocked in the outgoing connections. To shed a little more visibility on this, I used NetLimiter to see what was going on. NetLimiter showed me that the connection was an incoming connection. Shouldn't this be an outgoing connection, as I am uploading files to them, not the other way around? Is there a way to make the connection type be correct and show up as outgoing instead of incoming?

  Read the article

• Unable to resize ec2 ebs root volume

  - by nathanjosiah

  I have followed many of the tutorials that pretty much all say the same thing which is basically: Stop the instance Detach the volume Create a snapshot of the volume Create a bigger volume from the snapshot Attach the new volume to the instance Start the instance back up Run resize2fs /dev/xxx However, step 7 is where the problems start happening. In any case running resize2fs always tells me that it is already xxxxx blocks big and does nothing, even with -f passed. So I start to continue with tutorials which all basically say the same thing and that is: Delete all partitons Recreate them back to what they were except with the bigger sizes Reboot the instance and run resize2fs (I have tried these steps both from the live instance and by attaching the volume to another instance and running the commands there) The main problem is that the instance won't start back up again and the system error log provided in the AWS console doesn't provide any errors. (it does however stop at the grub bootloader which to me indicates that it doesn't like the partitions(yes, the boot flag was toggled on the partition with no affect)) The other thing that happens regardless of what changes I make to the partitions is that the instance that the volume is attached to says that the partition has an invalid magic number and the super-block is corrupt. However, if I make no changes and reattach the volume, the instance runs without a problem. Can anybody shed some light on what I could be doing wrong? Edit On my new volume of 20GB with the 6GB image,df -h says: Filesystem Size Used Avail Use% Mounted on /dev/xvde1 5.8G 877M 4.7G 16% / tmpfs 836M 0 836M 0% /dev/shm And fdisk -l /dev/xvde says: Disk /dev/xvde: 21.5 GB, 21474836480 bytes 255 heads, 63 sectors/track, 2610 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x7d833f39 Device Boot Start End Blocks Id System /dev/xvde1 1 766 6144000 83 Linux Partition 1 does not end on cylinder boundary. /dev/xvde2 766 784 146432 82 Linux swap / Solaris Partition 2 does not end on cylinder boundary. Also, sudo resize2fs /dev/xvde1 says: resize2fs 1.41.12 (17-May-2010) The filesystem is already 1536000 blocks long. Nothing to do!

  Read the article

• Wifi antenna extension with F-connector/RG-6(RG-59) cable?

  - by rjz2000

  In an older house, the wire mesh in walls surrounding the furnace behave like a Faraday cage and block wifi signals. It is also difficult to lay new cable, however there is television cable to multiple locations due to there once having been a roof-installed, television antenna. It would be relatively trivial to install the wifi router at the center distribution point, then have the antenna broadcasting/receiving the signal plugged in at each of the old television outlets. I assume that it would not be too difficult to find an adapter for SMA <- F-type connectors. The cable is actually RG-59 rather than RG-6, but I assume that it still has relatively good RF isolation along its length, which is no more than a couple hundred feet in any direction. Does anyone know a problem with the idea? Will a router get confused if there is /too little/ interference between the two antenna? Is that length of cable (~100ft) too long for the signal a router broadcasts? I have seen that it is also possible to use old ~$30/each FiOS cable modems available on eBay to extend a network over television cable. However, that seems like a less elegant solution, and might interfere with upnp and dlna services I'd like to have work on a single network. Thanks if anyone has answers or suggestions before I try this project!

  Read the article

• Wifi antenna extension with F-connector/RG-6(RG-59) cable?

  - by rjz2000

  In an older house, the wire mesh in walls surrounding the furnace behave like a Faraday cage and block wifi signals. It is also difficult to lay new cable, however there is television cable to multiple locations due to there once having been a roof-installed, television antenna. It would be relatively trivial to install the wifi router at the center distribution point, then have the antenna broadcasting/receiving the signal plugged in at each of the old television outlets. I assume that it would not be too difficult to find an adapter for SMA <- F-type connectors. The cable is actually RG-59 rather than RG-6, but I assume that it still has relatively good RF isolation along its length, which is no more than a couple hundred feet in any direction. Does anyone know a problem with the idea? Will a router get confused if there is /too little/ interference between the two antenna? Is that length of cable (~100ft) too long for the signal a router broadcasts? I have seen that it is also possible to use old ~$30/each FiOS cable modems available on eBay to extend a network over television cable. However, that seems like a less elegant solution, and might interfere with upnp and dlna services I'd like to have work on a single network. Thanks if anyone has answers or suggestions before I try this project!

  Read the article

• reverse proxying with NGINX to two back-end servers

  - by aag

  I am trying to learn how to configure the Nginx proxy. All requests from external (www.external.com) should go to internal server 10.10.10.16:2080, except for www.external.com/nagios requests, which should go to internal 10.10.10.18. My location block looks as follows: location ~* / { proxy_buffers 16 4k; proxy_buffer_size 2k; proxy_buffering off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Accept-Encoding ""; proxy_pass http://10.10.10.16:2080; } # # nagios server location ~* /nagios/ { proxy_buffers 16 4k; proxy_buffer_size 2k; proxy_buffering off; # proxy_set_header Host $host; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header Accept-Encoding ""; proxy_pass http://10.10.10.18; } The first location seems to work fine. However, any request to www.external.com/nagios sends the browser into the eternal pastures. Of course, 10.10.10.18/nagios was tested and works fine. What am I missing?

  Read the article

• Can't mount Linux usb disk. It just create /dev/sg device but no /dev/sd

  - by MTilsted

  I have a Corsair R60 ssd disk which is a disk with both sata and usb connectors. But the usb thing seems to be a bit non-standard, or maybe its just my fedora linux. When I insert the disk using a usb cabel to a running Fedora 14 linux system, a device called /dev/sg3 is added but that is all. No new /dev/sd* device is created so I can't mount the disk. If I look at cat /proc/scsi/sg/device_strs I get ATA Hitachi HTS54321 FB2O HL-DT-ST DVDRAM GSA-T50N RP05 Seagate Desktop 0130 Corsair CSSD-R60GB2 So the disk is there. (The last entry) but my linux will for some reason not see it as a usb hard disk. When I insert other usb disks they work fine. It is only this specific disk which causes problems. I have tried on 3 different computers with the same result. A hint to the problem may be that if I add the disk to a windows system(With usb) the disk is called "A fixed disk" and not a portable disk as expected. The disk works fine with linux If i connect it with the sata cabel, but I would really like to have it working with usb too. (To mount it on computers without sata). Added: I did try to mount /dev/sg3 but mount say that its not a block device. (File say Its a character special device). Added output from dmesg: [ 97.454073] usb 7-1: USB disconnect, address 2 [ 105.913055] hub 2-0:1.0: unable to enumerate USB device on port 3 [ 107.048054] usb 2-3: new high speed USB device using ehci_hcd and address 5 [ 107.162900] usb 2-3: New USB device found, idVendor=1b1c, idProduct=1ab8 [ 107.162903] usb 2-3: New USB device strings: Mfr=1, Product=2, SerialNumber=5 [ 107.162906] usb 2-3: Product: CSSD-R60GB2 [ 107.162908] usb 2-3: Manufacturer: Corsair [ 107.162910] usb 2-3: SerialNumber: 10111441000000990069 [ 107.167651] scsi7 : usb-storage 2-3:1.0 [ 108.195543] scsi 7:0:0:0: Direct-Access Corsair CSSD-R60GB2 PQ: 1 ANSI: 0 [ 108.197732] scsi 7:0:0:0: Attached scsi generic sg3 type 0

  Read the article

• Prevent Linux from processing incoming ICMP Host unreachable packets

  - by bbc

  I have a test setup with one host on a network (10.1.0.0/16) talking via TCP to another one on another network (10.2.0.0/16) and a gateway in the middle. Sometimes, the TCP connection is lost and while scanning the trace (pcap), I looks like it's because of just one ICMP Host unreachable message sent by the gateway to 10.1.0.1 at some point. 10.1.0.1 then sends a TCP RST to 10.2.0.1. In my opinion, the gateway (pfSense) is broken or not configured correctly but anyway, for testing purposes, I'd like to block this kind of ICMP on the host (10.1.0.1) before it has an influence on my TCP connection (or does it? I'm not even sure). I've tried iptables: iptables -I INPUT -i eth0 -p icmp --icmp-type host-unreachable -j DROP but while it does a good job at preventing userpace applications like ping from receiving these ICMP messages, my TCP connection still comes to an end when the alleged "killer ICMP packet" is sent by the gateway. Am I right about how it is processed? If yes, then what can I do to achieve my goal?

  Read the article

• Restrict access to one SVN repository (overwrite default)

  - by teel

  I'm trying to set up our SVN server so that by default the group developers will have access to all repositories, but I want to override that setting on some certain repositories where I want to allow access only to single defined users (or separate groups) The current configuration is SVN + WebDAV on Apache2. All my repositories are located at /var/lib/svn/ In dav_svn.authz I currently have [/] @developers = rw @users = r Now I want to add one repository (let's call it secret_repo) that would only allow access to one user who is also a member of the developers group.¨ I tried to do [secret_repo:/] * = secret_user = rw Where secret_user is the user I'd like to give access to the repository, but it doesn't seem to work. Currently the server is using Apache's LDAP module to authenticate users from our active directory domain and I'd like to keep it that way if possible. Also I seem to be able to browse all my repos freely with any web browser, which I'd like to block. Second problem is that I have webSVN on the server, which is using Apache's LDAP authentication. Everyone who is a member of our domain can access it, so I'd like to hide this secret_repo from websvn listing. It's configured not with parentPath("/var/lib/svn");. Do I really need to remove that and add every repository separately, except the ones I want to hide?

  Read the article

• Ubuntu 9.04: Ripping CDs with grip?

  - by chris

  I tried to rip a CD tonight, and couldn't figure out how to configure grip - /dev/cdrom doesn't seem to be the mount point for music CDs any more. How can I configure grip to find CDs? Update: /etc/fstab has /dev/scd0 /media/cdrom0 udf,iso9660 user,noauto,exec,utf8 0 0 But there's nothing visible in /media/cdrom0 (or /media/cdrom, which is a symlink to cdrom0) There's an icon on the desktop labeled "Audio Disk" and opening it shows the .wav files on the CD. The location is cdda://sr0/, but grip doesn't like that either. Trying to manually mount /dev/sr0, I get $ sudo mount -t auto /dev/sr0 foo/ mount: block device /dev/sr0 is write-protected, mounting read-only mount: you must specify the filesystem type Update 2: Tried to change the media handling preferences (From a file browser, Edit-Preferences, Media, CD Audio) to "Do Nothing". CD Still doesn't mount. Update 3: With an audio CD in the drive: $ ls -l /dev/ | grep cd lrwxrwxrwx 1 root root 3 2009-09-15 22:13 cdrom1 -> sr0 lrwxrwxrwx 1 root root 3 2009-09-15 22:13 cdrw1 -> sr0 drwxr-xr-x 2 root root 60 2009-09-15 22:13 pktcdvd lrwxrwxrwx 1 root root 3 2009-09-15 22:13 scd0 -> sr0 crw-rw----+ 1 root cdrom 21, 2 2009-09-15 22:13 sg2 brw-rw----+ 1 root cdrom 11, 0 2009-09-15 22:13 sr0

  Read the article

• Can't mount hard drive. Ubuntu 12.04

  - by Sam

  I am trying to recover some pictures on my 320 GB Hard Disk, so I put in a Live Ubuntu CD and am in that right now. In the devices list, it shows my USB drive, but not my 320 GB Hard Disk. I can see the disk in Disk Utility (it says it's on /dev/sda), but it's not mounted, and it says it has a few bad sectors but it is OK. In Disk Usage Analyzer, it says my maximum capacity is 13.4 GB, so it's definitely not using the 320 GB Hard Disk. I tried the following: sudo mkdir /media/newhd (worked) sudo mount /dev/sda /media/newhd (didn't work. it says I must specify the filesystem type) I then tried: fsck.ext4 -f /dev/sda (didn't work. Said: Superblock invalid, trying to backup blocks. then: Bad magic number in super-block while trying to open /dev/sda. The superblock could not be read or does not describe a correct ext2 filesystem. If the device is valid and it contains an ext2 filesystem (and not swap or ufs or something else), then the superblock is corrupt, and you might try running e2fsck with an alternate superblock) Does anyone have any ideas? The whole problem started when my Windows Vista said "Can't find operating system". Any ideas on how I can get on to my hard drive at /dev/sda?

  Read the article

• How to minimize the risk of employees spreading critical information?

  - by Industrial

  Hi everyone, What's common sense when it comes to minimising the risk of employees spreading critical information to rivalling companies? As of today, it's clear that not even the US government and military can be sure that their data stays safely within their doors. Thereby I understand that my question probably instead should be written as "What is common sense to make it harder for employees to spread business critical information?" If anyone would want to spread information, they will find a way. That's the way life work and always has. If we make the scenario a bit more realistic by narrowing our workforce by assuming we only have regular John Does onboard and not Linux-loving sysadmins , what should be good precautions to at least make it harder for the employees to send business-critical information to the competition? As far as I can tell, there's a few obvious solutions that clearly has both pros and cons: Block services such as Dropbox and similar, preventing anyone to send gigabytes of data through the wire. Ensure that only files below a set size can be sent as email (?) Setup VLANs between departments to make it harder for kleptomaniacs and curious people to snoop around. Plug all removable media units - CD/DVD, Floppy drives and USB Make sure that no configurations to hardware can be made (?) Monitor network traffic for non-linear events (how?) What is realistic to do in a real world? How does big companies handle this? Sure, we can take the former employer to court and sue, but by then the damage has already been caused... Thanks a lot

  Read the article

• Network Security Device/Software

  - by Campo

  We currently run Symantec Antivirus Corporate 10.2. The software is really easy to manage on a network but the actual virus detection isn't bad but the malware detection is crap. We recently were infected with a email bot that got us put on some block lists. This has been resolved. I cannot have that happen again. I would like to find a program as easy to manage as symantec that I can install on all the user's workstations as well as the servers. We run a windows 2003 domain. We have a couple 2008 test servers in the environment. Most of the workstations are xp though I am using windows 7 and symantect is not compatible with this OS... So we need a solution that would cover all those operating systems. If it could be installed on macs too that would be a bonus though not necessary at all. This software must detect: Viruses AND Malware I am looking for something that combines the features in anti-malware programs like malwarebytes or spybot with an antivirus program like symantec or AVG. Alternatively if there is a piece of hardware that is a firewall, router, and packet inspection for virus/spam that would be the most ideal solution. I then could supplement with a piece of software that could pickup what the hardware misses. Thank you for your suggestions.

  Read the article

• Possible attack on my SQL server?

  - by erizias

  Checking my SQL Server log I see several entries like this: Date: 08-11-2011 11:40:42 Source: Logon Message: Login failed for user 'sa'. Reason: Password did not match for the login provided. [CLIENT: 56.60.156.50] Date: 08-11-2011 11:40:42 Source: Logon Message: Error: 18456. Severity: 14. State: 8. Date: 08-11-2011 11:40:41 Source: Logon Message: Login failed for user 'sa'. Reason: Password did not match for the login provided. [CLIENT: 56.60.156.50] Date: 08-11-2011 11:40:41 Source: Logon Message: Error: 18456. Severity: 14. State: 8. And so on.. Is this a possible attack on my SQL Server from the chineese???! I looked up the IP adress, at ip-lookup.net which stated it was chineese. And what to do? - Block the IP adress in the firewall? - Delete the user sa? And how do I protect my web server the best?! :) Thanks in advance!

  Read the article

• Windows Server 2012 licensing issue preventing RDP connections?

  - by QF_Developer

  I am witnessing an unusual behaviour on 1 of 5 Windows Server 2012 R2 machines (clean install) that is preventing any remote connections from being established via RDP. I have run through the prerequisites for RDP here but I am finding that any remote connection attempt instantly stops the "Windows Protection Service". When I check the event logs I see the following entry. The Software Protection Service has stopped Event ID: 903 Source: Security-SPP From what I have read Security-SPP is tasked with enforcing activation and licensing, it appears that RDP requires this service to be in the running state. Is it possible that I have inadvertently activated this instance of Windows with a key that has already been associated to another instance (We have 5 keys as part of an MSDN subscription)? Would this be sufficient to block RDP access? When I look under System Properties (Windows Activation) it states that Windows is activated and there are no other obvious indicators that there's a licensing issue. EDIT 1: I ran a Powershell script to display the product keys for all servers in order to check for any duplication. For the problematic server I am getting the message The RPC server is unavailable.

  Read the article

• What are ways to prevent files with the Right-to-Left Override Unicode character in their name (a malware spoofing method) from being written or read?

  - by galacticninja

  What are ways to avoid or prevent files with the RLO (Right-to-Left Override) Unicode character in their name (a malware method to spoof filenames) from being written or read in a Windows PC? More info on the RLO unicode character here: http://www.fileformat.info/info/unicode/char/202e/index.htm http://en.wikipedia.org/wiki/Bi-directional_text Info on the RLO unicode character when used by malware: http://www.ipa.jp/security/english/virus/press/201110/E_PR201110.html Mirror link: http://webcache.googleusercontent.com/search?q=cache:KasmfOvbVJ8J:www.ipa.jp/security/english/virus/press/201110/E_PR201110.html+&cd=1&hl=en&ct=clnk You can try this RLO character test webpage: http://www.fileformat.info/info/unicode/char/202e/browsertest.htm The RLO character is also already pasted in the 'Input Test' field in that webpage. Try typing there and notice that the characters you're typing are coming out in their reverse orders (right-to-left, instead of left-to-right). In filenames, the RLO character can be specifically positioned in the filename to spoof or masquerade as having a filename or file extension that is different than what it actually has. (Will still be hidden even if 'Hide extensions for known filetypes' is unchecked.) The only info I can find that has info on how to prevent files with the RLO character from being run is from the Information Technology Promotion Agency, Japan website: http://www.ipa.jp/security/english/virus/press/201110/E_PR201110.html (Mirror link). They adviced to use the Local Security Policy settings manager to block files with the RLO character in its name from being run. Can anyone recommend any other good solutions to prevent files with the RLO character in their names from being written or being read in the computer, or a way to alert the user if a file with the RLO character is detected? My OS is Windows 7, but I'll be looking for solutions for Windows XP, Vista and 7, or a solution that will work for all those OSes, to help people using those OSes too.

  Read the article

< Previous Page | 204 205 206 207 208 209 210 211 212 213 214 215  | Next Page >