Arno-iptables-firewall and logging

Hello, I have successfully set up arno-iptables and in logging options I have set the following option
FIREWALL_LOG="/var/log/firewall.log"
The log file is however totally empty and I was wondering if this was a problem with syslog-ng?   Does anyone have arnos iptables successfully logging traffic on their computer?  Any help and advice would be appreciated.

Your syslog is still configured to log to iptables.log. I don't see a big reason for changing it as well, Arch firewall service is called iptables etc. so you might as well keep it.

Similar Messages

  • Arno-iptables-firewall and CUPS

    Hello everyone.
    I'm having a problem with my firewall and CUPS. The thing is, when I try to print when the firewall is active the programs (kword, kcontrol, etc) can't contact cups daemon. But when the firewall is stopped I can print normally. The problem is obviously something with the firewall configuration.
    So, the question is, does anyone know how should I configure the firewall (Arno's iptables firewall) in order to solve this problem?. I thought about opening the cups port (631) but this wouldn't be the best solution. I don't want to open a port that shouldn't be open.
    The weird thing is that I can access cups thru localhost:631 using konqueror but incredibly slowly. I don't know why the firewall is blocking cups.
    I almost forget. Before you ask the printer is connected direcly to my computer. Is not a network printer. I have the needed module loaded (usblp) and the cups server is running.
    Thanks in advance,
    Gonza
    Last edited by Gonzakpo (2008-06-20 20:16:20)

    Hello.
    I tried the command iptables -F but nothing. The cups server is still unreacheable by kcontrol.
    After running arno's firewall, the iptables -vL output is:
    Chain INPUT (policy DROP 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    0 0 ACCEPT all -- lo any anywhere anywhere
    15 2568 ACCEPT all -- any any anywhere anywhere state ESTABLISHED
    0 0 ACCEPT tcp -- any any anywhere anywhere state RELATED tcp dpts:1024:65535
    0 0 ACCEPT udp -- any any anywhere anywhere state RELATED udp dpts:1024:65535
    0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED
    8 1515 HOST_BLOCK all -- any any anywhere anywhere
    8 1515 SPOOF_CHK all -- any any anywhere anywhere
    8 1515 VALID_CHK all -- eth0 any anywhere anywhere
    8 1515 EXT_INPUT_CHAIN !icmp -- eth0 any anywhere anywhere state NEW
    0 0 EXT_INPUT_CHAIN icmp -- eth0 any anywhere anywhere state NEW limit: avg 60/sec burst 100
    0 0 EXT_ICMP_FLOOD_CHAIN icmp -- eth0 any anywhere anywhere state NEW
    0 0 LOG all -- any any anywhere anywhere limit: avg 1/sec burst 5 LOG level info prefix `Dropped INPUT packet: '
    0 0 DROP all -- any any anywhere anywhere
    Chain FORWARD (policy DROP 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    0 0 ACCEPT all -- lo any anywhere anywhere
    0 0 TCPMSS tcp -- any eth0 anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
    0 0 ACCEPT all -- any any anywhere anywhere state ESTABLISHED
    0 0 ACCEPT tcp -- any any anywhere anywhere state RELATED tcp dpts:1024:65535
    0 0 ACCEPT udp -- any any anywhere anywhere state RELATED udp dpts:1024:65535
    0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED
    0 0 HOST_BLOCK all -- any any anywhere anywhere
    0 0 UPNP_FORWARD all -- eth0 !eth0 anywhere anywhere
    0 0 SPOOF_CHK all -- any any anywhere anywhere
    0 0 VALID_CHK all -- eth0 any anywhere anywhere
    0 0 LOG all -- any any anywhere anywhere limit: avg 1/min burst 3 LOG level info prefix `Dropped FORWARD packet: '
    0 0 DROP all -- any any anywhere anywhere
    Chain OUTPUT (policy ACCEPT 8 packets, 552 bytes)
    pkts bytes target prot opt in out source destination
    0 0 TCPMSS tcp -- any eth0 anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
    7 340 ACCEPT all -- any any anywhere anywhere state ESTABLISHED
    8 552 HOST_BLOCK all -- any any anywhere anywhere
    0 0 LOG all -f any any anywhere anywhere limit: avg 3/min burst 5 LOG level info prefix `FRAGMENTED PACKET (OUT): '
    0 0 DROP all -f any any anywhere anywhere
    8 552 EXT_OUTPUT_CHAIN all -- any eth0 anywhere anywhere
    Chain DMZ_INET_FORWARD_CHAIN (0 references)
    pkts bytes target prot opt in out source destination
    Chain DMZ_INPUT_CHAIN (0 references)
    pkts bytes target prot opt in out source destination
    Chain DMZ_LAN_FORWARD_CHAIN (0 references)
    pkts bytes target prot opt in out source destination
    Chain EXT_FORWARD_CHAIN (0 references)
    pkts bytes target prot opt in out source destination
    Chain EXT_ICMP_FLOOD_CHAIN (1 references)
    pkts bytes target prot opt in out source destination
    0 0 LOG icmp -- any any anywhere anywhere icmp destination-unreachable limit: avg 12/hour burst 1 LOG level info prefix `ICMP-unreachable flood: '
    0 0 DROP icmp -- any any anywhere anywhere icmp destination-unreachable
    0 0 LOG icmp -- any any anywhere anywhere icmp time-exceeded limit: avg 12/hour burst 1 LOG level info prefix `ICMP-time-exceeded flood: '
    0 0 DROP icmp -- any any anywhere anywhere icmp time-exceeded
    0 0 LOG icmp -- any any anywhere anywhere icmp parameter-problem limit: avg 12/hour burst 1 LOG level info prefix `ICMP-param.-problem flood: '
    0 0 DROP icmp -- any any anywhere anywhere icmp parameter-problem
    0 0 LOG icmp -- any any anywhere anywhere icmp echo-request limit: avg 12/hour burst 1 LOG level info prefix `ICMP-request(ping) flood: '
    0 0 DROP icmp -- any any anywhere anywhere icmp echo-request
    0 0 LOG icmp -- any any anywhere anywhere icmp echo-reply limit: avg 12/hour burst 1 LOG level info prefix `ICMP-reply(pong) flood: '
    0 0 DROP icmp -- any any anywhere anywhere icmp echo-reply
    0 0 LOG icmp -- any any anywhere anywhere icmp source-quench limit: avg 12/hour burst 1 LOG level info prefix `ICMP-source-quench flood: '
    0 0 DROP icmp -- any any anywhere anywhere icmp source-quench
    0 0 LOG icmp -- any any anywhere anywhere limit: avg 12/hour burst 1 LOG level info prefix `ICMP(other) flood: '
    0 0 DROP icmp -- any any anywhere anywhere
    Chain EXT_INPUT_CHAIN (2 references)
    pkts bytes target prot opt in out source destination
    0 0 LOG tcp -- any any anywhere anywhere tcp dpt:0 limit: avg 6/hour burst 1 LOG level info prefix `TCP port 0 OS fingerprint: '
    0 0 LOG udp -- any any anywhere anywhere udp dpt:0 limit: avg 6/hour burst 1 LOG level info prefix `UDP port 0 OS fingerprint: '
    0 0 DROP tcp -- any any anywhere anywhere tcp dpt:0
    0 0 DROP udp -- any any anywhere anywhere udp dpt:0
    0 0 LOG tcp -- any any anywhere anywhere tcp spt:0 limit: avg 6/hour burst 5 LOG level info prefix `TCP source port 0: '
    0 0 LOG udp -- any any anywhere anywhere udp spt:0 limit: avg 6/hour burst 5 LOG level info prefix `UDP source port 0: '
    0 0 DROP tcp -- any any anywhere anywhere tcp spt:0
    0 0 DROP udp -- any any anywhere anywhere udp spt:0
    4 1314 ACCEPT udp -- any any anywhere anywhere udp spt:bootps dpt:bootpc
    0 0 ACCEPT tcp -- + any anywhere anywhere tcp dpt:4872
    0 0 ACCEPT udp -- + any anywhere anywhere udp dpt:4875
    0 0 LOG icmp -- any any anywhere anywhere icmp echo-request limit: avg 3/min burst 1 LOG level info prefix `ICMP-request: '
    0 0 LOG icmp -- any any anywhere anywhere icmp destination-unreachable limit: avg 12/hour burst 1 LOG level info prefix `ICMP-unreachable: '
    0 0 LOG icmp -- any any anywhere anywhere icmp time-exceeded limit: avg 12/hour burst 1 LOG level info prefix `ICMP-time-exceeded: '
    0 0 LOG icmp -- any any anywhere anywhere icmp parameter-problem limit: avg 12/hour burst 1 LOG level info prefix `ICMP-param.-problem: '
    0 0 DROP icmp -- any any anywhere anywhere icmp destination-unreachable
    0 0 DROP icmp -- any any anywhere anywhere icmp time-exceeded
    0 0 DROP icmp -- any any anywhere anywhere icmp parameter-problem
    0 0 DROP icmp -- any any anywhere anywhere icmp echo-request
    0 0 DROP icmp -- any any anywhere anywhere icmp echo-reply
    0 0 LOG tcp -- any any anywhere anywhere tcp dpts:1024:65535 flags:!FIN,SYN,RST,ACK/SYN limit: avg 3/min burst 5 LOG level info prefix `Stealth scan (UNPRIV)?: '
    0 0 LOG tcp -- any any anywhere anywhere tcp dpts:0:1023 flags:!FIN,SYN,RST,ACK/SYN limit: avg 3/min burst 5 LOG level info prefix `Stealth scan (PRIV)?: '
    0 0 DROP tcp -- any any anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
    0 0 LOG tcp -- any any anywhere anywhere tcp dpts:0:1023 limit: avg 6/min burst 2 LOG level info prefix `Connection attempt (PRIV): '
    0 0 LOG udp -- any any anywhere anywhere udp dpts:0:1023 limit: avg 6/min burst 2 LOG level info prefix `Connection attempt (PRIV): '
    2 96 LOG tcp -- any any anywhere anywhere tcp dpts:1024:65535 limit: avg 6/min burst 2 LOG level info prefix `Connection attempt (UNPRIV): '
    1 57 LOG udp -- any any anywhere anywhere udp dpts:1024:65535 limit: avg 6/min burst 2 LOG level info prefix `Connection attempt (UNPRIV): '
    3 144 DROP tcp -- any any anywhere anywhere
    1 57 DROP udp -- any any anywhere anywhere
    0 0 DROP icmp -- any any anywhere anywhere
    0 0 LOG all -- any any anywhere anywhere limit: avg 1/min burst 5 LOG level info prefix `Other-IP connection attempt: '
    0 0 DROP all -- any any anywhere anywhere
    Chain EXT_OUTPUT_CHAIN (1 references)
    pkts bytes target prot opt in out source destination
    Chain HOST_BLOCK (3 references)
    pkts bytes target prot opt in out source destination
    Chain INET_DMZ_FORWARD_CHAIN (0 references)
    pkts bytes target prot opt in out source destination
    Chain LAN_INET_FORWARD_CHAIN (0 references)
    pkts bytes target prot opt in out source destination
    Chain LAN_INPUT_CHAIN (0 references)
    pkts bytes target prot opt in out source destination
    Chain MAC_FILTER (0 references)
    pkts bytes target prot opt in out source destination
    Chain POST_FORWARD_CHAIN (0 references)
    pkts bytes target prot opt in out source destination
    Chain POST_INPUT_CHAIN (0 references)
    pkts bytes target prot opt in out source destination
    Chain POST_OUTPUT_CHAIN (0 references)
    pkts bytes target prot opt in out source destination
    Chain RESERVED_NET_CHK (0 references)
    pkts bytes target prot opt in out source destination
    0 0 LOG all -- any any 10.0.0.0/8 anywhere limit: avg 1/min burst 1 LOG level info prefix `Class A address: '
    0 0 LOG all -- any any 172.16.0.0/12 anywhere limit: avg 1/min burst 1 LOG level info prefix `Class B address: '
    0 0 LOG all -- any any 192.168.0.0/16 anywhere limit: avg 1/min burst 1 LOG level info prefix `Class C address: '
    0 0 LOG all -- any any 169.254.0.0/16 anywhere limit: avg 1/min burst 1 LOG level info prefix `Class M$ address: '
    0 0 DROP all -- any any 10.0.0.0/8 anywhere
    0 0 DROP all -- any any 172.16.0.0/12 anywhere
    0 0 DROP all -- any any 192.168.0.0/16 anywhere
    0 0 DROP all -- any any 169.254.0.0/16 anywhere
    Chain SPOOF_CHK (2 references)
    pkts bytes target prot opt in out source destination
    8 1515 RETURN all -- any any anywhere anywhere
    Chain UPNP_FORWARD (1 references)
    pkts bytes target prot opt in out source destination
    Chain VALID_CHK (2 references)
    pkts bytes target prot opt in out source destination
    0 0 LOG tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG limit: avg 3/min burst 5 LOG level info prefix `Stealth XMAS scan: '
    0 0 LOG tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG limit: avg 3/min burst 5 LOG level info prefix `Stealth XMAS-PSH scan: '
    0 0 LOG tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG limit: avg 3/min burst 5 LOG level info prefix `Stealth XMAS-ALL scan: '
    0 0 LOG tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN limit: avg 3/min burst 5 LOG level info prefix `Stealth FIN scan: '
    0 0 LOG tcp -- any any anywhere anywhere tcp flags:SYN,RST/SYN,RST limit: avg 3/min burst 5 LOG level info prefix `Stealth SYN/RST scan: '
    0 0 LOG tcp -- any any anywhere anywhere tcp flags:FIN,SYN/FIN,SYN limit: avg 3/min burst 5 LOG level info prefix `Stealth SYN/FIN scan(?): '
    0 0 LOG tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE limit: avg 3/min burst 5 LOG level info prefix `Stealth Null scan: '
    0 0 DROP tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
    0 0 DROP tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG
    0 0 DROP tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
    0 0 DROP tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN
    0 0 DROP tcp -- any any anywhere anywhere tcp flags:SYN,RST/SYN,RST
    0 0 DROP tcp -- any any anywhere anywhere tcp flags:FIN,SYN/FIN,SYN
    0 0 DROP tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
    0 0 LOG tcp -- any any anywhere anywhere tcp option=64 limit: avg 3/min burst 1 LOG level info prefix `Bad TCP flag(64): '
    0 0 LOG tcp -- any any anywhere anywhere tcp option=128 limit: avg 3/min burst 1 LOG level info prefix `Bad TCP flag(128): '
    0 0 DROP tcp -- any any anywhere anywhere tcp option=64
    0 0 DROP tcp -- any any anywhere anywhere tcp option=128
    0 0 DROP all -- any any anywhere anywhere state INVALID
    0 0 LOG all -f any any anywhere anywhere limit: avg 3/min burst 1 LOG level warning prefix `Fragmented packet: '
    0 0 DROP all -f any any anywhere anywhere

  • New Package: Arno's iptables firewall scripts

    I made a PKGBUILD for Arno IPTABLES firewall script. This script has protected my home network for long time and I realized that some other Archers would also like to use it. Also, syslog-ng.conf example is included to get iptable logs into their own log file.
    Script has clear, easy and well commented configuration file. Nice list of
    Features
    Very secure stateful filtering firewall
    Both kernel 2.4 & 2.6 support
    It can be used for both single- and multi(eg. dual)-homed boxes
    Masquerading (NAT) and SNAT support
    Multiple external (internet) interfaces
    Support multiroute NAT & SNAT (load balancing over multiple (internet) interfaces)
    Port forwarding (NAT)
    Support MAC address filtering
    Support for DSL/ADSL modems
    Support for PPPoE, PPPoA and bridging modem setups
    Support for static and ISP assigned (DHCP) IPs
    Support for (transparent) proxies
    Full support for DMZ's and DMZ-2-LAN forwarding. You can also use it to isolate your eg. wireless LAN.
    (Nmap)(stealth) portscan detection
    Protection against SYN-flooding (DoS attacks)
    Protection against ICMP-flooding (DoS attacks)
    Extensive user-definable logging with rate limiting to prevent log flooding
    Includes options to optimize your throughput
    User definable open ports, closed ports, trusted hosts, blocked hosts etc.
    Log & protection options are both highly customizable
    Support for custom iptables rules in a seperate file
    It can be used with chkconfig runlevel system (eg. RedHat/Fedora)
    Main focus on TCP/UDP/ICMP but additional support for *ALL* IP protocols
    It works with Freeswan IPSEC (VPN) & SSH Sentinel (http://www.freeswan.org) (+virtual IP's)
    It works with PoPTop PPTP (http://www.poptop.org)
    It works with UPnP
    DRDOS protection/detection (experimental)
    It's easy to configure
    And much more...
    (edit) PKGBUILD is in the AUR.
    This is my first package ever so tell me what to fix. I will put this to AUR if supported and this really works.

    1c3d0g wrote:
    Is this similar to QuickTables?
    http://qtables.radom.org/
    Arno's iptables has a config file that will be edited as needed and script reads the config file everytime it is executed.
    I can put this pkgbuild to AUR. The init script is not Arch like. I decided to use Arno's script as is in /etc/rc.d/ because I want to see what happens. I could do a Arch type of init script that executes the firewall script arch way.
    What do you think?

  • Firewall and FTP

    I have failed in using a number of FTP apps. Cyberduck and Fetch will work but only if I turn off the firewall. I have tried toggling passive/active. I presume I must be missing a trick here. Is there a way to use these without switching off the firewall?
    Mike

    I have observed something similar tonight. I want to be able to access my iMac remotely using FTP. So, I have set up my System Preferences/Sharing/Services to enable FTP Access. That opens up port 21 through the OS X firewall. Following the instructions, I have confirmed that, in System Preferences/Network/AirPort/Proxies, the box for "Use Passive FTP Mode (PASV)" is checked. In my AirPort Base Station configuration, I have port 21 (and 20, for good measure) forwarded to my iMac (at 192.168.1.2).
    I have a Motorola SB5101 cable modem (no built-in router functionality), an AirPort Extreme Base Station (firmware version 5.7). My iMac is connected using AirPort, not an ethernet cable.
    Here's the interesting part: using Cyberduck, or using the command-line ftp client through terminal, I can connect to my "local" IP address (192.168.1.2, inside my local network) just fine. However, if I try to ftp to my "external" IP address (the address assigned to my AirPort Extreme base station by my ISP), which should be forwarded on ports 20 and 21 to my iMac, it doesn't work if the OS X firewall is on. I can reach the server and log in, but cannot get an 'ls' to work. It goes into "extended passive mode" and just hangs there. Cyberduck tells me there's a username/password problem, but I don't believe that based on what I've seen in the command line ftp client.
    If I turn the OS X firewall off completely, it works like a charm.
    I'm not really too worried, because I had someone else (outside my local network) create an ftp connection to my AirPort's IP address, and they were able to log in and see files using the ftp client built into Finder. So the port forwarding is working, and the firewall is not blocking them.
    Just to recap: Using several ftp clients, including two included with OS X, I can't create an ftp connection with the OS X ftp (tnftpd) server running on the same machine, if I ask the client to go out and come back in through the IP assigned to me by my ISP, as long as the OS X firewall is on. But, someone else can connect to my system from "the outside" when my firewall is on.
    Does this make sense to anyone? Why would this be, and could it be related to the issue raised by the original poster in this thread?
    Thanks.

  • Help needed with Firewall and pureftpd

    I am having trouble getting the Leopard Firewall to let through ftp connections with PureFTPD manager 1.7
    On a clean install of Leopard I set the firewall to "Set access for specific services and applications". For ssh, and apache (web sharing) this worked just fine.
    I then installed PureFTPD Manager 1.7 (The version that is supposed to work with Leopard).
    However I have been unable to get the firewall to let through connections to the pure-ftpd server.
    I selected "allow" when OSX prompted me whether ProFTPD should be permitted to open a port. That worked right after I installed ProFTPD Manager until I reset the computer. Then it stopped working.
    I tried adding the pure-ftpd application to the application list in the Firewall settings. That didn't work.
    I always get "Deny pure-ftpd connecting from ..." in the firewall log.
    Has anyone out there gotten pro-ftpd to work with the Leopard firewall set to "Set access for specific services and applications?"
    Please don't suggest to disable the firewall or to use ipfw. Disabling the firewall I don't consider a reasonable solution for a computer that is exposed to the internet, and I would prefer not to have to use ipfw for everything.
    Thank you

    I'm assuming that this works fine if you disable the firewall altogether, correct?
    ipfw won't help you here since the way that the leopard firewall is setup, it's already set as an 'allow all'.
    Rather than waiting for the 'do you want to allow...' dialog to come up, have you tried clicking the + in the firewall and adding the application directly?
    Also, can you describe how you are performing your tests? From the same system or a different system? From behind a router/firewall or on the same segment?
    You may also want to read through this post on how the firewall works. It sounds like you already understand 99% of it though. http://discussions.apple.com/thread.jspa?threadID=1337153&tstart=0#6317068
    One last resort option would be to delete the firewall preference file and reboot to start over.
    You'd want to nuke /Library/Preferences/com.apple.alf.plist

  • With OSX firewall and firewall on router, do you really need Netbarrier?

    With the native firewall and what the router provides do you really need to spend the extra money. I understand the need for anti virus but... do you really need something like Netbarrier from Intego?

    I agree with Roam, but if you are still in doubt, check these out...
    ClamXAV, free Virus scanner...
    http://www.clamxav.com/
    Little Snitch, stops/alerts outgoing stuff...
    http://www.obdev.at/products/littlesnitch/index.html
    HenWen/Snort combo, that is a free MAJOR Firewall...
    http://seiryu.home.comcast.net/henwen.html
    Then the venerable old Brickhoues/Flying Buttress Firewall...
    http://personalpages.tds.net/~brian_hill/downloads.html
    WaterRoof is a firewall management frontend with bandwidth tuning, NAT setup, port redirection, dynamic rules tracking, predefined rule sets, wizard, logs, statistics and other features.
    http://www.macupdate.com/info.php/id/23317

  • OSX Server Firewall Flush Log

    Hello,
    does anybody know how you clearout the firewall log once it has reached the set limit?
    I have a malicious spammer from 24.224.25.190 who has been trying to use my server for 24 hours. I have blocked the ip using the firewall but the 10000 log limi has been reached and so I can no longer see what is happening. Of course I could increase  the log limit to 100 000 but that seems like overdoing things
    -Paul-

    Best: Get an external gateway-firewall, and avoid filling your server logs with junk.
    Easiest: Bump your log to 100K, and see if that works.
    Slightly more effort: Launch Terminal.app and tail the log /var/log/ipfw.log directly,for starters.  Typical commands are:
    cat /var/log/ipfw.log
    tail /var/log/ipfw.log
    The Console.app tool can also be used here; in lieu of Terminal.app commands.
    Guessing that this is mail based on your reference to "spam": I'd check your Postfix server configuration and your server access credentials, as there's potentially a vulnerability or a weak password that this IP address is targeting.  Your mail server might be an open relay, for instance.

  • Leo's Firewall and allowing an application called 'JavaApplicationS'

    Hello all.
    I am having sort of a problem with my net connections and firewall, and didn't know who to ask about it. here it is:
    I recently was in a different country checking my CCTV camera on my macmini, and unfortunetly the computer that I was sitting on (in the net-cafe) had the Confiker-A worm distributed across the network hub (running XP). Anyhow, ever since then, I am being bombarded with DOS attacks. Called the ISP and changed my dynamic IP to something else. Now the DOS attacks are over - which my router used to block.
    Now, when i look at the my firewall log on my MBP running 10.5.8, it keeps telling me an application called JavaApplicationS is connecting to some IP address and some port number. Now on every single connection attempt, a different IP and port has been used and Firewall has allowed it.
    I am very frustrated at this fact. Also given the fact that I am a java developer using and leaving Netbeans open, would there be some sort of connections between that and this. Also given that the above connection attemps has <NEVER> happened before this Confiker incident.
    I highly appreciate your time and efforts.
    Thank you.
    Mo Firouz

    Don't worry. Found out. It is JavaApplicationStub. Used as the backend network implementation of Java by Apple.

  • Norton Firewall and BPC Admin

    Hi
    One of my client has problems with Norton Firewall (Version 8.7.4.79) and BPC Admin (v5.2). When the Firewall is on, even at the lowest security level and with OSoftAdminMain.exe in "secured progam" it does not want to log on!
    The solution is to turn off the firewall.
    I was just wondering if someone has this problem?
    Nic

    Hi Nicolas Argente,
    please setting the Norton Firewall and Antivirus to unblock the SAP BPC AddIn such as:
    EV4DMMPM, EV4Excel, Ev4ExcelPM,Ev4Excel.dll.
    You can find that files on client directory: C:\Program Files\BPC
    I hope my information can help you.
    Thanks,
    Wandi Sutandi

  • Please help with Firewall and/or other Settings to Chat (MSN Messenger).

    I've tried to chat on all (I think) the messenger programs available for Mac that use a hotmail account or .net passport - Adium, Fire, Mercury (current) and MSN itself - and I have the same problem with all of them: I keep getting cut off/disconnected from MSN! No problems with Yahoo messenger or Yahoo ID (although it can be a bit slow sometimes), just with .net passport account.
    I'm pretty sure it's got something to do with Firewall and/or related settings, but after months of trying to fix it, I'm about to give up... please help!
    Currently the following Firewall ports are all open:
    6891 – 6900
    1863
    80
    1080
    5060, 9000, 9010 (UDP – typed like that)
    including:
    Personal File Sharing
    Windows Sharing
    Remote Login - SSH
    and Printer Sharing.
    In my most recent disconnected conversation, Mercury logged a "socket fired exception" error.
    I'm on a broadband/adsl connection, shared with hubby's pc through ethernet (and he never gets disconnected from msn, btw).
    ANY suggestions would be welcome, but apart from the above, please tell me how/where to find what you tell me to look at or for, because I'm a new Mac user (six months), and on top of that I'm blonde
    Many Thanks!
    Mac Mini (PowerMac10,1)   Mac OS X (10.4.3)   1.42 GHz PowerPC G4 with 1 GB DDR SDRAM

    Update:
    Someone very kindly pointed out that my Firewall is actually Off (probably because I omitted to click on the Start button)... I did say I'm blonde
    So now I'm really stumped... anybody got any ideas? Please?

  • HT2589 when I try and log in my i-tunes account or my app store account on my i-phone it says "this apple I.D has not yet been used on the i-tunes store" it gives me 2 optins "cancel" or "review" I press review, enter my bank details but they decline..why

    Hi can anybody help or advise me? I've recently bought the i-phone 4s, I've set up my apple I.D and password but everytime I try and log in it says "this apple I.D has not yet been used on the i-tunes store" I click "review" follow the instructions and agree to the terms and condition's, enter my bank details but it declines every time? I've tried both my accounts and its declined both, this stops me from logging in so I can't download anything for free or buy anything, my sister had the option of skipping the bank details part when she created her apple I.D and just enters her's when buying something, why do I not have that option?? And why is it declining my bank details...please HELP!!!!!

    The details I'm entering are correct, I choose visa as my card type, enter my card number, enter my expiry date and my last 3 digts on the reverse of the card, enter my address and zip code plus my home telephone number, click continue and it says "the payment method you have selected has been declined, please enter another payment method". I've lost count how many times I've tried, I've typed my details in slowly making sure I put them in properlly and it still declines it, I've even tried makeing a new apple I.D and when I get to the bank details part it declines it again so I am forced to press cancel and all details are not saved so its just like I'm hitting a brick wall, its ******* me off!!! I can't even download any of the free app's because to do so you must log in but when I do it says "this apple I.D has not yet been used in the i-tunes store" review my details and can't get past the bank details part. So doesn't log me in, I'm honestly out of ideas

  • I used to share one apple ID/account with my ex but made a new one for myself recently and logged out of the old one but when I try to update my iBooks it asks for the old account's password(which my ex changed by now)

    I used to share one apple ID/account with my ex but made a new one for myself recently and logged out of the old one but when I try to update my iBooks (only happens with this app)it asks for the other account's password(which my ex changed by now). I don't understand why this happens when I'm logged into my account and it only happens with that app. Please help, I need to update. :/

    Content (apps, music, ibooks, films etc) is tied to the account that originally downloaded it, so if the iBooks app was downloaded using the account that you used to share with your ex then only that account can download updates to it. As it's a free app you could delete it and re-download it under your own account - and then re-download your ibooks into it (or copy the books to your computer's iTunes first via File > Transfer Purchases and then sync them back to the app).

  • Error message about firewall and internet sharing

    hello all i have a question regarding the use of firewall and internet sharing.
    I have a PMG5 connected to internet through Airport. I've linked an Xbox 360 via the built-in ethernet port in order to access Xbox Live. I had to open specific UDP ports on the OS X firewall but it now works fine. However, in the Sharing Preference Pane, Internet Tab, i still get an error message saying that my Internet Sharing is disturbed by the settings of the firewall and sharing services, it says that i did not activate "personal web sharing" in the first two tabs...but i DID ! And there's no way to get rid of this error message.
    I know I know some may consider it's not a real problem because it's just an error message while the connection actually works fine but well, I tend to hate error messages when they're not supposed to show up. So if anyone know the answer, thanks in advance...
    Good day to everyone
    Vince, Paris...

    sorry about the delay in replying, was kinda busy
    well trashing the pref files was useless and i tried with another user, same thing. As for the second opinion, the problem was not about which port was used cause as i said the connection sharing works fine and anyway it was the correct port that was checked, it's just that i get an error message while there is no apparent error and everything works fine, i'm told that personal web sharing is not enabled but it is...
    Anyway as i said, it's probably not a real matter, as long as it works...which brings me to another thing. I've created a special protocol in the firewall to enable a proper dialog with the xbox. it's basically the same thing you do for ichat AV when you have video connection problems, you track down the concerned UDP port using terminal, you allow traffic and all... The protocol for the xbox worked great for some days, but now it seems it's not enough, the game set keeps trying on another port and i constantly have to update the protocol or deactivate the firewall...and enabling back all UDP traffic is not enough to solve it.
    In a way i think everything is linked, the initial error message when everything was fine and the current trouble. Any idea?
    thanks
    Vince

  • 1. TACAS+ Accounting and Logged in Users report is not working on ACS 4.1(1

    Hi,
    I am facing problem with ACS 4.1 accounting, TACAS+ Accounting and Logged in Users report are not working, the csv file is been generated but nothing is showened in the file.
    I have checked the documents related to ACS 4.1, it says that there is a bug related to command accounting “CSCsg97429 - TACACS+ Command Accounting does not work in ACS 4.1(1) Build 23”.
    Tried upgrading the same with the patch applAcs-4.1.1.23.3.zip, still it is not working.
    Other reports are working fine.
    1. TACAS+ Accounting - not working
    2. Logged in Users - not working
    3. TACAS+ Administration - working
    4. Passed Authentication - working
    5. Failed Attempts - working
    Any suggestions or any idea, please revert.
    Regards
    Vineet

    Hi,
    Thanks
    Yes I have configured the command “aaa accounting exec default start-stop group tacacs+”
    As I have mentioned all the other reports are working. Which user and when he has logged in and what commands he has used. Only the TACAS+ Accounting and logned user is not working.
    Regards,
    Vineet

  • Adobe Flash can be installed, but must be install EVERY time I log out and log back in. Why doesn't it stay? How can I fix this? (I have Firefox 6.0.2 and Flash 10.3)

    I have searched through the FAQs and find stuff on "crashing". I have not had any trouble with flash crashing, but I can't keep it installed.
    If I install flash, then it stays as long as I am logged in, even if I close firefox. Once I log out and log back in, I lose Flash and have to re-install it.

    I was having the same issue with installing Flash player 10.3.183.10 in both Firefox 6.0.2 and Explorer 9 -- the Task Manager would show the installer running as a process, but it would never actually install anything. It would just sit there until I killed it or rebooted.
    It seems that there are multiple versions of the separate installers needed. The installer that worked for me in Firefox was
    install_flash_player_10.exe -- a 3,017KB file
    and for Explorer, it was:
    install_flash_player_10_active_x.exe -- a 3,054KB file.
    Neither of those files was sent by the main updater page, nor did that page offer the 239KB uninstall_flash_player.exe, which is needed to uninstall the previous Flash version before one can even begin to try to update it. I had to pound through the messages in the forums to find links to those "full" installers.
    It is working now in both browsers, but jeepers creepers, it shouldn't take all day to find the installers for something that gets updated as often as Flash does.

Maybe you are looking for

  • How to find out which queries are being used ?

    We have a number of InfoSet Queries which the users are calling from SQ00. Some of them are very old. I would like to find out which queries are being used, so we can have the idle queries decommissioned. How can this be done ? Best regards, Peter

  • Portal Runtime Error - java.lang.NullPointerException in Role Permissions

    Hello All: I am getting a runtime error while trying to bring up permissions for copies of SAP delivered roles. Any help much appreciated. ================= [EXCEPTION] #1#com.sapportals.portal.prt.component.PortalComponentException: Error in service

  • Is there a null operator/command in java?

    In a lot of languages there is a null statement that does nothing such as NOP in assembler. It's useful if you want to test for something and only perform some action if that test is not true. i.e. it can be cleaner than testing for something to not

  • Embedding YouTube file in flash project

    Hi guys, Could someone please advise me how to embed a YouTube video file in particular place of my Flash project, should I do this in action panel or in final html file. Here is exactly what I'd like to do: On this website www.aye-aye-media.com unde

  • To display status message more than 50 characters

    Hi Gurus, I want to display status messages (not as a pop-up message) holding more than 50 characters. Please suggest me some solution to achieve the same. Thanks, Asha