similar to: Custom iptables rules to drop DNS Amplification Attacks

Greetings all, I''m sure there is probably a very obvious reason for the following problem. However, after much hair pulling, I am just not seeing it yet. As you can see from the trace below, I am not able to complete scaffold generation due to some problem between rails and mysql. I double checked MySQL to make sure both my Ruby user and Root user have full rights to the database.

How can I configure samba4 to be protected against DNS amplification attacks? Is there a way to set the network I want it to be recursive, like in bind9? My samba4 is receiving attacks and googling I found this: http://dnsamplificationattacks.blogspot.com.br/2014/02/domain-gerdar3ru.html -- --------------------------------------- Bruno Vane S.O. do Brasil Telecomunica??es +55 24 99306-8618 |

On 9/20/19 8:58 AM, Eric Blake wrote: > On 9/12/19 12:41 PM, Richard W.M. Jones wrote: >> We have discovered a potential Denial of Service / Amplification Attack >> in nbdkit. > > Unfortunately, our fix for this issue cause another potential Denial of > Service attack: > >> >> Lifecycle >> --------- >> >> Reported: 2019-09-11 Fixed:

https://bugs.freedesktop.org/show_bug.cgi?id=98657 Bug ID: 98657 Summary: Reproducible freeze when changing volume amplification in kodi Product: xorg Version: unspecified Hardware: x86-64 (AMD64) OS: Linux (All) Status: NEW Severity: normal Priority: medium

Hello, Lutz Donnerhacke implemented DNS-Dampening. http://lutz.donnerhacke.de/eng/Blog/DNS-Dampening The implementation is available as patch for BIND9 only. He told me that there is an other method preferred by the nsd developer. It's called "Response Rate Limiting". May one describe the idea behind rate limiting and compare it with Lutz' solution? Thanks. -- Andreas

Asterisk Project Security Advisory - AST-2008-011 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Traffic amplification in IAX2 firmware | | |

On 9/12/19 12:41 PM, Richard W.M. Jones wrote: > We have discovered a potential Denial of Service / Amplification Attack > in nbdkit. Unfortunately, our fix for this issue cause another potential Denial of Service attack: > > Lifecycle > --------- > > Reported: 2019-09-11 Fixed: 2019-09-11 Published: 2019-09-12 > > There is no CVE number assigned for this issue

I give up and need help! I won''t add to the confusion by showing all the combinations I have tried unsuccessfully... and yes, I''ve read FAQ2 and FAQ2a many times! When googling the subject of this post there are many answers that boil down to using the same three iptables rules, two of which use nat. I won''t repeat them here. I don''t want to risk mixing

Hi, I've noticed huge write amplification problem with thinly provisioned logical volumes and I wondered if anyone can explain why it happens and if and how can be fixed. The behavior is the same on Centos 6.8 and Centos 7.2. I have a NVME card (Intel DC P3600 -2 TB) on which I create a thinly provisioned logical volume: pvcreate /dev/nvme0n1 vgcreate vgg /dev/nvme0n1 lvcreate

Hi, I use shorewall-4.5.4 + lsm-0.143 and it does not seem to work as expected... When all providers are up, everything seems fine. When one goes down, lsm says "link <provider> down event"... and it seems ok but we then experience some problems such as a few unreachable sites, DNS problems... If I remove the downed provider from all confs and restart, everything works again.

Hi, I want to configure QoS in my shorewall conf but I have a doubt. Now I am using tcrules with prerouting and with the file providers, like this. 2:P 192.168.0.11 0.0.0.0/0 tcp 25 So, with this way I route my smtp traffic with my provider number 2. Well, now I want to configure QoS with tcclasses and tcdevices, but if I do that I need to use the MARK in the tcclasses So, how

Hi Has anybody tried to combine shorewall (instead of iptables) with packetfence? /Göran ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and

We have discovered a potential Denial of Service / Amplification Attack in nbdkit. Lifecycle --------- Reported: 2019-09-11 Fixed: 2019-09-11 Published: 2019-09-12 There is no CVE number assigned for this issue yet, but the bug is being categorized and processed by Red Hat's security team which may result in a CVE being published later. Credit ------ Reported and patched by Richard W.M.

hi, while stopping shorewall 4.5.21.2 on a debian7 box with the ADMINISABSENTMINDED set to no in shorewall.conf, the connections on vlan tagged interfaces that were active before the shorewall stop command was executed are not terminated as it is for the firewall and other interfaces! when the firewall is stopped as expected new connections on vlan tagged interface are refused but even

Hello, I''m using shorewall-4.5.16 with centos5. The dhclient stores the lease information on the /var/lib/dhclient/dhclient-<DEVICE>.leases file. The /var/lib/shorewall/firewall script has the function detect_dynamic_gateway that detects the gateway based on the leases file. The code in the function is: detect_dynamic_gateway() { # $1 = interface local interface

Hi, In log I get: ----------------------------------------------------------- Sep 30 16:19:03 host kernel: Shorewall:FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=ip1 DST=ip2 LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=27279 DF PROTO=TCP SPT=51501 DPT=25 WINDOW=8192 RES=0x00 SYN URGP=0 ---------------------------------------------------------- Even in /etc/shorewall/rules I have

Hi Tom and all, I started to play a bit with the AutoBL action on a CentOS 6 box and ran into the following problems: 1) The action.AutoBL doesn''t work for me until I patch it like so: --- /usr/share/shorewall/action.AutoBL.orig 2013-10-01 00:59:42.000000000 +0200 +++ /usr/share/shorewall/action.AutoBL 2013-10-07 14:44:31.530841099 +0200 @@ -22,6 +22,9 @@ DEFAULTS

I had to restart one of my routers tonight and since then shorewall on it has been dropping SIP packets coming in from one machine instead of forwarding them to the freebpx server. Shorewall:net2all:DROP:IN=eth0 OUT= MAC=<removed> SRC=<my home network external ip> DST=<server network external ip> LEN=575 TOS=0x00 PREC=0x20 TTL=78 ID=230 PROTO=UDP SPT=5061 DPT=5060

Hi all, A friend just sent me this: http://www.mathworks.com/company/events/webinars/index.html?id=&language=en <http://www.mathworks.com/company/events/webinars/index.html?id=&language=en>And asked me if there is something of the like in the R community. Does anyone know of such a think ? Cheers, Tal ----------------Contact

I''m trying to use my VPS server (single interface of course) as somewhat of a VPN gateway to my other location (which is not accessible directly from some places) where the openvpn server is running, and am kind of lost as to what to try next. I tried a redirect rule, but apparently shorewall didn''t like that (it just failed to start). I tried adding the rules via