search for: remoteaddress

...1+0200",Severity="Informational",Servic >> e="PJSIP",EventVersion="1",AccountID="<unknown>", >> SessionID="56b0ca9-d967a90d16411209-a1b0fae1 at 188.165.222.17",LocalAddress="IPV4/UDP/<MyAddress>/5060", >> RemoteAddress="IPV4/UDP/<attackerIP>/5213",Challenge="" >> >> We have a lot of such tries coming from IPs not allowed and fail2ban >> fail to ban them because of SecurityEvent not treated and Severity >> Informational. >> >> We add a fail2ban filter t...

...uot;2019-09-27T15:12:24.181+0200",Severity="Informational",Servic e="PJSIP",EventVersion="1",AccountID="<unknown>", SessionID="56b0ca9-d967a90d16411209-a1b0fae1 at 188.165.222.17",LocalAddress="IPV4/UDP/<MyAddress>/5060", RemoteAddress="IPV4/UDP/<attackerIP>/5213",Challenge="" We have a lot of such tries coming from IPs not allowed and fail2ban fail to ban them because of SecurityEvent not treated and Severity Informational. We add a fail2ban filter to ban those IPs which is OK on our side but also...

...et the local VPN IP ($NODE.myvpndomain), but this fails if DNS isn't ready when tinc-up is run. (DeviceStandby=yes fixes this, but then the subnet-up script is run before tinc-up). I notice that tinc runs the subnet-up script for the local subnet immediately after the tinc-up script, with $REMOTEADDRESS empty, so I tried putting some of the interface configuration there instead. This seemed to work fine. So tinc-up says only: #!/bin/bash ip link set dev $INTERFACE up and subnet-up says #!/bin/sh if [ -z "$REMOTEADDRESS" ]; then # local network     ip addr add $SUBNET dev $INTERFACE...

...: SecurityEvent="ChallengeSent",EventTV="1420750787-386840",Severity="Informational",Service="SIP",EventVersion="1",AccountID="sip:100 at 173.230.133.20",SessionID="0x169f528",LocalAddress="IPV4/UDP/173.230.133.20/5060",RemoteAddress="IPV4/UDP/63.141.229.58/5078",Challenge="770e84a3" [2015-01-08 15:20:20] SECURITY[21515] res_security_log.c: SecurityEvent="ChallengeSent",EventTV="1420752020-854997",Severity="Informational",Service="SIP",EventVersion="1",Accoun...

...220(log_json) JSON Authorization: {"timestamp": "2018-02-20T15:15:00.652489+0700", "type": "Authorization", "Authorization": {"version": {"major": 1, "minor": 0}, "localAddress": "ipv6::::0", "remoteAddress": "ipv6::::0", " serviceDescription": "DCE/RPC", "authType": "ncacn_np", "domain": "NT AUTHORITY", "account": "SYSTEM", "sid": "S-1-5-18", "logonServer": null, "transpor...

...on) JSON Authorization: {"timestamp": "2018-04-03T15:38:03.823066-0300", "type": "Authorization", "Authorization": {"version": {"major": 1, "minor": 0}, "localAddress": "ipv4:10.255.0.3:445", "remoteAddress": "ipv4: 10.255.1.104:63313", "serviceDescription": "DCE/RPC", "authType": "ncacn_np", "domain": "TESTE", "account": "Administrator", "sid": "S-1-5-21-3073023332-2932986482-1183422282-500&q...

...ity_log.c: SecurityEvent="ChallengeSent",EventTV="2019-11-27T06:16:05.566-0500",Severity="Informational",Service="SIP",EventVersion="1",AccountID="alex",SessionID="0x80ba54820",LocalAddress="IPV4/UDP/98.158.139.74/5060",RemoteAddress="IPV4/UDP/72.143.94.110/5060",Challenge="215351b4" [Nov 27 06:16:05] SECURITY[101222] res_security_log.c: SecurityEvent="SuccessfulAuth",EventTV="2019-11-27T06:16:05.591-0500",Severity="Informational",Service="SIP",EventVersion="1&quo...

...nnect(struct pxe_pvt_ino /* Re-use the existing local port number */ udata.StationPort = socket->net.efi.localport; - udata.UseDefaultAddress = TRUE; + /** + * Determine if this is remote or local subnet to set + * UseDefaultAddress. If ip (TFTP/MTFTP server or + * RemoteAddress) is on same subnet as client, + * which is stored in IPInfo.myip, this is local subnet. + */ + if (0 == IPInfo.myip || 0 == ip) { + /* if either address is NULL, enable default addresses */ + udata.UseDefaultAddress = TRUE; + } else { + if ((IPInfo.myip & IP...

...5-06-02 05:54:11.000000000 -0700 @@ -150,11 +150,15 @@ void core_udp_connect(struct pxe_pvt_ino /* Re-use the existing local port number */ udata.StationPort = socket->net.efi.localport; - udata.UseDefaultAddress = TRUE; + udata.UseDefaultAddress = FALSE; memcpy(&udata.RemoteAddress, &ip, sizeof(ip)); udata.RemotePort = port; udata.AcceptPromiscuous = TRUE; udata.TimeToLive = 64; + ip = IPInfo.myip; + memcpy(&udata.StationAddress, &ip, sizeof(ip)); + ip = IPInfo.netmask; + memcpy(&udata.SubnetMask, &ip, sizeof(ip)); status...

...-05T09:21:47.356848+0200", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 0}, "status": "NT_STATUS_WRONG_PASSWORD", "localAddress": "ipv4:192.168.0.100:445", "remoteAddress": "ipv4:192.168.0.54:49927", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": ".", "clientAccount": "ap31", "workstation": "AP31-PC", "becameAccount": null, &quot...

...2019 09:43:55.416239 CEST] status [Success] remote host [Unknown] SID [(NULL SID)] DN [@SAMBA_DSDB] attributes [add: backupDate [2019-07-04T09-43-55.413999]] {"timestamp": "2019-07-04T09:43:55.416491+0200", "type": "dsdbChange", "dsdbChange": {"remoteAddress": null, "version": {"major": 1, "minor": 0}, "operation": "Modify", "statusCode": 0, "sessionId": "bbfe57a0-da36-4bc8-8863-995ad1ea25c7", "dn": "@SAMBA_DSDB", "status": "Success&q...

...4+1200", > "type": "Authentication", "Authentication": {"version": {"major": 1, > "minor": 0}, "status": "NT_STATUS_NO_SUCH_USER", "localAddress": "ipv4: > 192.168.179.226:49153", "remoteAddress": "ipv4:192.168.179.229:50070", > "serviceDescription": "SamLogon", "authDescription": "network", > "clientDomain": "TESTHV", "clientAccount": "mtest", "workstation": > "TESTHV-DC1...

I need some help understanding SIP dialog. Some actor is trying to access my server, but I can't figure out what he's trying to do ,or how. I'm getting a lot of these warnings. [May 17 10:08:08] WARNING[1532]: chan_sip.c:4068 retrans_pkt: Retransmission timeout reached on transmission _zIr9tDtBxeTVTY5F7z8kD7R.. for seqno 101 With SIP DEBUG I tracked the Call-ID to this INVITE :

...-11-06T15:27:32.953861+0100", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 0}, "status": "NT_STATUS_WRONG_PASSWORD", "localAddress": "ipv4:127.0.0.1:0", "remoteAddress": "ipv4:127.0.0.1:0", "serviceDescription": "winbind", "authDescription": null, "clientDomain": "COMPANY", "clientAccount": "domainuser", "workstation": "DC1", "becameAccount": null...

...cation", "Authentication": {"version": {"major": 1, "minor": 2}, "eventId": 4624, "logonId": "28970a9c6c2edc2a", "logonType": 3, "status": "NT_STATUS_OK", "localAddress": null, "remoteAddress": "ipv4:192.168.1.23:62417", "serviceDescription": "Kerberos KDC", "authDescription": "ENC-TS Pre-authentication", "clientDomain": null, "clientAccount": "administrator at LOCAL.MYDOMAIN", "workstation&quot...

...; SecurityEvent="ChallengeSent",EventTV="1420750787-386840",Severity="Informational",Service="SIP",EventVersion="1",AccountID="sip:100 at 173.230.133.20",SessionID="0x169f528",LocalAddress="IPV4/UDP/173.230.133.20/5060",RemoteAddress="IPV4/UDP/63.141.229.58/5078",Challenge="770e84a3" > [2015-01-08 15:20:20] SECURITY[21515] res_security_log.c: > SecurityEvent="ChallengeSent",EventTV="1420752020-854997",Severity="Informational",Service="SIP",EventVersion="1&qu...

...-0800", "type": "KDC > > > Authorization", "KDC Authorization": {"version": {"major": 1, > > > "minor": 0}, "status": "NT_STATUS_NO_SUCH_USER", "localAddress": > > > null, "remoteAddress": "ipv4:172.19.2.130:62219", > > > "serviceDescription": null, "authType": "TGS-REQ with Ticket- > > > Granting Ticket", "domain": null, "account": null, "sid": null, > > > "logonServer":...

...can not get it with "doveadm who" doveadm who only gets the ones that are connect with clients. O use ipvs to balance betwaeen 2 servers does anyone have an ideia ? With ipvs i get this results: IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP XXX.XX.X.XX:143 lblcr -> 10.0.2.10:143 Masq 1 16 228 -> 10.0.2.11:143 Masq 1 16 184 There is others ports and stuff. Does any one have an ideia how to get this number ?...

...ic node-IPs to all other nodes, the following "host-up" script is used: ------------------------------------------------------------- snip -------------------------------------------------------------- #!/bin/bash FILE="/etc/tinc/$NETNAME/hosts/$NODE" ADDRESS="Address = $REMOTEADDRESS $REMOTEPORT" if grep -q Address $FILE; then ??? /bin/sed s:'^Address.*=.*$':"$ADDRESS": -i $FILE else ??? echo $ADDRESS >> $FILE fi ------------------------------------------------------------- snap -------------------------------------------------------------- Ple...

...ar in the ipvsadm output. Pulse says it started clean, and nothing in the syslog. The gratuitous arp gets made, and the correct IPs are assigned to the correct interfaces. [ddb at prcapp02 ~]$ sudo ipvsadm IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP prcvmod01.pinerivercapital.l wlc That's the write service name (the ".l" at the end is ".local" truncated). WLC is the right scheduling mode. But no remote addresses are listed. In lvs.cf, there are multiple servers...