similar to: SipVicious scans getting through iptables firewall - but how?

Hi, Got some great news a few days ago from Sandro Gauci (@SandroGauci) and we'll be talking about this with him this Friday at 1PM. SIPVicious, the free security tools for SIP scanning, now include a new tool: svcrash. It is aimed at helping system administrators stop bandwidth consuming scans making use of svwar and svcrack. Here is the announcement on SIPViscious blog:

... using it as a tool and understanding what it does... So one part of it's toolset identifys valid SIP accounts - and I was under the impression that alwaysauthreject=yes was supposed to stop this... However, it sends a request for a highly probably non-existent account, then sends requests for probably existing accounts and I guess compares the results - account not found vs. bad

Hi, I remember back in the days, there was a neat trick to recover a lost root password, or more exactly, redefine a new password for root. 1. In the bootloader, boot the system with the 'init=/bin/bash' kernel argument. 2. Remount the root partition in read-write mode: # mount -o remount,rw / 3. Set the password for root: # passwd 4. Remount the root partition in read-only

Hi, I've recently had a fairly prolonged SIP registration attack, 18 hours in this case and often with 200 attempts per second, and suspect I've had a number of these in the past. The main symptom I noticed previously was, because Asterisk was responding to each registration request it received, it was very quickly using up my 448 kbps upload limit for my home ADSL connection: any

Hi, Given the recent increase in SIP brute force attacks, I've had a little idea. The standard scripts that block after X attempts work well to prevent you actually being compromised, but once you've been 'found' then the attempts seem to keep coming for quite some time. Older versions of sipvicious don't appear to stop once you start sending un-reachables (or straight

I have do a classicupdate from a NT4 style domain to Samba DC 4.10.7 BIND_DLZ without (apparently) problem All seem work fine, access to PC work, join or re-join a PC to domain work, access from a Linux samba member server to Win7 PC work, access from Win7 to samba member server work. But I cannot access from a PC with win7 to another PC with win7. If I try to access from win7-0 to win7-1 via

Hi I would like to add rules into the iptables of the Hosted Engine VM in Ovirt. the version is oVirt Engine Version: 4.1.1.8-1.el7.centos I have tried using the normal process for iptables (iptables-save etc), but it seems that the file /etc/sysconfig/iptables this is ignored in the Ovirt Engine VM. How can I add permanent rules into the Engine VM? Kind regards Andrew

Hi?guys. There is a wierd problem with iptables recently, hopes somebody can help me. I have installed Centos 7.2.1511 on a bare metal Dell server these days, disabled firewalld and enabled iptables.services, and setup a group of very simple rules, as the following: # iptables-save # Generated by iptables-save v1.4.21 on Tue Apr 23 09:15:14 2019 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT

I don't know what has changed with Catalina But I just tried my tk console from the shell command tkcon And got the following error. Here is my shell: $ tkcon dyld: Library not loaded: /usr/local/lib:/opt/X11/lib/libtk8.6.dylib Referenced from: /usr/local/bin/wish Reason: image not found Abort trap: 6 I don't know whether this is a red herring or not, but the

Greetings all, I have been seeing a lot of [Jan 2 16:36:31] NOTICE[7519]: chan_sip.c:23149 handle_request_invite: Sending fake auth rejection for device 100<sip:100 at 108.161.145.18>;tag=2e921697 in my logs lately. Is there a way to automatically ban IP address from attackers within asterisk ? Thank you

Rowland, Did some editing in smb.conf that I had to reverse. Now I'm back to being able to connect with the firewall disabled. When I enable the firewall I get as far as windows network -> workgroup but no connection. I have only the rules you recommended in your last email. Louis, The information you requested is below: martin at radio:~$ dpkg -l|egrep "iptables|ufw" ii 

Hello everyone I am not sure when this appeared (sometime post R 3.5.0 and after I switched to Mac OS Catalina). I do not think it happens on all platforms (e.g. seems to work on windows). But it seems that tkimage.create() no longer works on a Mac for all png files. (It does work for *some* old png files I have on disk but I have not been able to determine what is different about the

Hello, Stephen, thank you for input. Yes, these servers have the same firewall rules, and both of them have the same problem from time to time, most of time they are good. Actually, these servers are newly installed to be used as the Glusterfs storage server, so not much data flowing at this time. >From the sysctl output, I suppose it can't be a conntrack table overflow :

Rowland, OK. Should I delete these lines? diff yours mine 63d62 yours# -A ufw-after-logging-output -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " 85,87d83 yours# -A ufw-before-logging-forward -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW AUDIT] " yours# -A ufw-before-logging-input -m conntrack

Reindl, I will check that. Not sure how fix it. Will look on internet. Would you give some more information on the subject. Thanks Sent from my iPad Marty (843)-546-4822 > On Jan 29, 2019, at 10:43 AM, Reindl Harald <h.reindl at thelounge.net> wrote: > > > >> Am 29.01.19 um 16:39 schrieb Marty via samba: >> Here is the ufw.log after enabling logging medium and

Dear Simon, > On Jun 11, 2020, at 9:00 PM, Simon Urbanek <simon.urbanek at r-project.org> wrote: > > Wayne, > > that one is unrelated, but interesting - you can fix it with > > sudo install_name_tool -change \ > /usr/local/lib:/opt/X11/lib/libtk8.6.dylib \ > /usr/local/lib/libtk8.6.dylib \ > /usr/local/bin/wish8.6 > > There is a bug in tcltk with

Louis, Made the changes. Still unable to mount office. Firewall also blocks Thunderbird mail and maybe internet. Will check that more fully later.Any thoughts ob Tony's response? Outputs: martin at radio:/etc$ sudo apt-get install ufw Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no

Hi- this is slightly off topic, but is anyone aware of a WORKING ruby library that reads EXIF data from JPEG files? It has to run on both Windows and *nix, so wrappers around unix libs won''t do. So far I tried rexif, ruby-exif (both throwing exceptions when presented with a JPEG) and RMagick (at least able to get the date from EXIF, however it adds a ''.'' at the end for

I am in the process of designing a photo synchronization application - basically I want to be able to copy all of the images captured throughout my home's infrastructure to a central repository. The problem that I foresee is that there may be collisions between filenames between the various computers where my family members sync their photos, movies, etc. So doing a simple rsync won't

Hello, I came across an interesting problem in my home lab a few weeks ago as I'm prepping for my RHCE exam using Michael Jang study guide. I've been at this for days now, and I still can't wrap my head around how two or more virtual networks in default NAT configuration are even allowed to communicate with each other despite what the libvirt documentation said. Here's the