Defeat denial of service attacks: New feature in WLS 5.1 SP9
Hi all,
SP 9 for WLS 5.1 provides 2 new properties to prevent denial of service attacks
(ISSUE 31269).
The properties are weblogic.httpd.maxPostSize and weblogic.httpd.maxPostTimeSecs.
However I miss more detailed information about the use of the properties, for
example: Aer there default values
whcih are used when I don't set the properties? Is there a geberal recommendation
for values to which the properties could be set?
What is the unit for the properties (bytes or kbytes for maxPostSize)?
Has anybody used the new feature already?
Thanks in advance
Dieter
in WLS 6.0 I believe the default is -1, which means infinite post size and
secs. I don't think there's any recommended values for these. It all depends
on how large your post size may be.
"Dieter Arnold" <[email protected]> wrote in message
news:3afa4fcb$[email protected]..
>
Hi all,
SP 9 for WLS 5.1 provides 2 new properties to prevent denial
of service attacks (ISSUE 31269). The properties are
weblogic.httpd.maxPostSize and
weblogic.httpd.maxPostTimeSecs.
However I miss more detailed information about the use of the
properties, for example: Aer there default values whcih are
used when I don't set the properties? Is there a geberal
recommendation for values to which the properties could be
set? What is the unit for the properties (bytes or kbytes for
maxPostSize)?
Has anybody used the new feature already?
Thanks in advance
Dieter
Similar Messages
-
Defeat denialof service attack: New feature in WLS 5.1 SP9
Hi all,
SP 9 for WLS 5.1 provides 2 new properties to prevent denial
of service attacks (ISSUE 31269). The properties are
weblogic.httpd.maxPostSize and
weblogic.httpd.maxPostTimeSecs.
However I miss more detailed information about the use of the
properties, for example: Aer there default values whcih are
used when I don't set the properties? Is there a geberal
recommendation for values to which the properties could be
set? What is the unit for the properties (bytes or kbytes for
maxPostSize)?
Has anybody used the new feature already?
Thanks in advance
Dieterin WLS 6.0 I believe the default is -1, which means infinite post size and
secs. I don't think there's any recommended values for these. It all depends
on how large your post size may be.
"Dieter Arnold" <[email protected]> wrote in message
news:3afa4fcb$[email protected]..
>
Hi all,
SP 9 for WLS 5.1 provides 2 new properties to prevent denial
of service attacks (ISSUE 31269). The properties are
weblogic.httpd.maxPostSize and
weblogic.httpd.maxPostTimeSecs.
However I miss more detailed information about the use of the
properties, for example: Aer there default values whcih are
used when I don't set the properties? Is there a geberal
recommendation for values to which the properties could be
set? What is the unit for the properties (bytes or kbytes for
maxPostSize)?
Has anybody used the new feature already?
Thanks in advance
Dieter -
Denial of Service attacks and Java
Im in the process of doing my final year project. Im very interested in internet security and I am proposing to do a project on denail of service attacks and building some sort of software in java to handle them
As I understand it java has security features but it doesnt have many provisions for denial of service attacks...
Im just wanting to hear peoples views on this subject and see how I could posssibly start this project. I dont have many resources atm, and am currently trying to find information so I can better approach this project
Any help/suggestions would be useful!
ThanxYou won't be able to block a DoS-attack from Java.
Some DoS principle examples:
Just a few machines with high upstreams could generate a huge amount of data with random ip numbers (using simple IP spoofing techniques) and can use different types of packages (e.g ACK or SYN packages) causing some software programs to crash. Besides the DoS attacks don't have to even be routed to an open port, it can also be addressed for a closed port, but if there are enough packets comming over the line to the closed port (assuming the closed port drops the packets on arrival) the line will still be filled.
Java on the other hand does not work on low level networking therefor it has no influance on what does make it to the operating system's kernel and the services.
In short, I can't think of a way that Java will be able to block a DoS attack, even the best hardware firewalls/routers i know have problems blocking big ones (if it is possible at all).
Sorry to pop your bubble, but i think you should look into another subject.
Good luck,
Barre -
Hi ,
Our router has suffer a huge denial of service attacked originate from Russia on yesterday 26 Sep 12 and apparently Cisco has release a few patches
yesterday.
Could someone direct me to right place so I could read more about these patches.
Thanks
Ql.Steven
I started a new topic to cover this. This report is new, and is still being investigated. Here is a link to Cisco's current response:
http://www.cisco.com/warp/public/707/cisco-sr-20081017-tcp.shtml
And here is the latest from CERT (also linked in the Cisco response):
https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html]
I am working with the IronPort Security Team to get a response. I will post here, and in the Security section of the IronPort Support Portal as soon as I have more information.
Karl Young
Email Security Product Support Engineer
IronPort Systems
Hi Karl,
last week we received the following threath warning (from a reliable source):
Threat:
Outpost24 announced a threat two weeks ago about the TCP/IP stack, the impact of this threat is very high and involving all TCP/IP network based systems.
This information is confirmed by organizations as Govcert, Fox-IT, etc.
On the 17th of October 2008 detailed information will be presented to the world on a technology conference and there could be a higher change of exploitation (based on the amount of information which will be released).
Major vendors like Microsoft, Cisco, IBM, etc. are informed and are working on a solutions, until now there are no patches or solutions available.
Impact:
Systems which are attacked will go down, this includes all TCP/IP related environments
Worst case scenario:
The exploit will be available before patching. If we are attacked this could result in a Denial Of Service (DOS) most likely on our internet infrastructure.
Is this threat know by Ironport and do is there a roadmap for patching?
Thanks!
Steven -
Is there any way to harden Dovecot against POP/IMAP denial of service attacks?
It doesn’t happen very often, but every so often a script kiddie on the Internet hits Dovecot's POP ports on our mail server hard enough to bring mail service to a crawl such that legit users can’t log in to retrieve their mail. I would say that with our 2.66GHz Intel Core 2 Duo Mac Mini Server, when we receive sustained POP login attacks that exceed ten logins per second, then eventually Dovecot gets swamped with so many requests that legit users are excluded. [Our server runs runs OS X Server 10.6.8-10K549, by the way, and Dovecot 1.1.2apple0.5 is installed as determined by running “dovecotd --version”. We keep the mail sever up to date with all available Apple software updates on a weekly basis, so we have the latest and greatest security updates.]
Here’s the problem: I’ve been studying the Dovecot 1.x Wiki at http://wiki1.dovecot.org/ and finding a number of parameters that *sort* of address this denial-of-service vulnerability, but none that appear to harden Dovecot in a similar fashion as ssh or sftp are hardened. By this, I mean that when ssh or sftp detect multiple login attempts originating from the same address above some threshold, then future login attempts are ignored for a solid fifteen minutes no matter what the login name was in the attempts. I’d like something similar for Dovecot.
I am aware of the “mail_max_userip_connections” setting which can be set independently for POP and IMAP service (see http://wiki1.dovecot.org/MainConfig?highlight=%28mail_max_userip_connections%29). This almost does what I want in that it indeed restricts the number of logins for a particular user coming from a single IP address. The problem is that the script kiddies typically scatter their attacks over hundreds of different login names and they may only attempt three or four logins per user name. What I really want is a parameter which starts to ignore logins no matter what the user name if too many come from a single IP address at the same time. Against this, I also need to balance my mail server restrictions to allow perhaps five or ten of my users with laptops to be behind a remote firewall, so all of their legit logins may hit my server perhaps three to ten at a time which could potentially look like an attack if my tuning parameter is set too low. What I’d really like to find is a tuning parameter that excludes concerted attacks without excluding my legitimate users. I also don’t want to invest in extremely expensive (>$10,000) “smart” firewalls that adaptively look for this type of attack, such as are offered by Netgear and other networking equipment manufacturers.
By examining /etc/dovecot/dovecot.conf on my mail server, it seems that Apple’s defaults are to set IMAP mail_max_userip_connections to 20, and for POP to leave the mail_max_userip_connections parameter commented out. Would there be any downside to enabling POP's mail_max_userip_connections to 20 as well? Offhand I can’t see how this would affect my users. Unfortunately, I also think that if I set the POP mail_max_userip_connections to 20 this won’t have any effect on the attackers since they typically won’t try 20 different passwords for the same login name in a given attack. I’ll post a segment of a log showing an actual attack that occurred today from the San Bernadino School District that I’ve since blocked in my network’s firewall, but it will illustrate the type of hard-core denial-of-service attack that I’m referring to. The login attempts were coming in fast, around forty-per-second, and my mail service went down in a matter of minutes as a result. [Yes: I will report this user… I haven’t gotten around to it yet with other issues.]
Any thoughts?Here’s a ten second snippet from my mail server's log, showing how intense the login frequency was from the attacker, and also how (s)he was "scattering" the login names used which I suspect would be quite hard to filter out using POP's mail_max_userip_connections parameter. The attack lasted from 1:43:39 through a server restart at 1:50:18, and even about a minute later. The attack stopped at 1:51:36 before I was able to add a firewalling rule to my router or to exclude logins from the 163.150/16 subnet from my router [FYI — that's the San Bernadino Country School District, according to http://whois.arin.net/rest/net/NET-163-150-0-0-1/pft ].
Any thoughts on how to block this type of POP attack in Dovecot?
[FYI — I changed my actual server name to 'myserver' and the actual admin name to 'Administrator'.]
Jan 13 13:43:39 myserver dovecot[72]: auth(default): od(root,163.150.246.27): user account: root not enabled for mail
Jan 13 13:43:39 myserver dovecot[72]: auth(default): od[getpwnam_ext](admin,163.150.246.27): No record for user
Jan 13 13:43:39 myserver dovecot[72]: auth(default): od(admin,163.150.246.27): lookup failed for user: admin
Jan 13 13:43:39 myserver dovecot[72]: auth(default): od(webmaster,163.150.246.27): Credentials could not be verified username or password is invalid.
Jan 13 13:43:39 myserver dovecot[72]: auth(default): od[getpwnam_ext](user,163.150.246.27): No record for user
Jan 13 13:43:39 myserver dovecot[72]: auth(default): od(user,163.150.246.27): lookup failed for user: user
Jan 13 13:43:39 myserver dovecot[72]: auth(default): od[getpwnam_ext](test,163.150.246.27): No record for user
Jan 13 13:43:39 myserver dovecot[72]: auth(default): od(test,163.150.246.27): lookup failed for user: test
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od[getpwnam_ext](web,163.150.246.27): No record for user
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od(web,163.150.246.27): lookup failed for user: web
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od(www,163.150.246.27): user account: _www not enabled for mail
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od(administrator,163.150.246.27): user account: Administrator not enabled for mail
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od[getpwnam_ext](oracle,163.150.246.27): No record for user
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od(oracle,163.150.246.27): lookup failed for user: oracle
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od(root,163.150.246.27): user account: root not enabled for mail
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od[getpwnam_ext](admin,163.150.246.27): No record for user
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od(admin,163.150.246.27): lookup failed for user: admin
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od[getpwnam_ext](sybase,163.150.246.27): No record for user
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od(sybase,163.150.246.27): lookup failed for user: sybase
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od[getpwnam_ext](informix,163.150.246.27): No record for user
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od(informix,163.150.246.27): lookup failed for user: informix
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od(root,163.150.246.27): user account: root not enabled for mail
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od(webmaster,163.150.246.27): Credentials could not be verified username or password is invalid.
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od[getpwnam_ext](oracle8,163.150.246.27): No record for user
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od(oracle8,163.150.246.27): lookup failed for user: oracle8
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od(backup,163.150.246.27): user account: backup not enabled for mail
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od(root,163.150.246.27): user account: root not enabled for mail
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od(webmaster,163.150.246.27): Credentials could not be verified username or password is invalid.
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od[getpwnam_ext](lizdy,163.150.246.27): No record for user
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od(lizdy,163.150.246.27): lookup failed for user: lizdy
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od[getpwnam_ext](test,163.150.246.27): No record for user
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od(test,163.150.246.27): lookup failed for user: test
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od[getpwnam_ext](user,163.150.246.27): No record for user
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od(user,163.150.246.27): lookup failed for user: user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](web,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(web,163.150.246.27): lookup failed for user: web
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](admin,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(admin,163.150.246.27): lookup failed for user: admin
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(www,163.150.246.27): user account: _www not enabled for mail
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](server,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(server,163.150.246.27): lookup failed for user: server
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](test,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(test,163.150.246.27): lookup failed for user: test
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](data,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(data,163.150.246.27): lookup failed for user: data
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(administrator,163.150.246.27): user account: Administrator not enabled for mail
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](web,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(web,163.150.246.27): lookup failed for user: web
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(webmaster,163.150.246.27): Credentials could not be verified username or password is invalid.
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](user,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(user,163.150.246.27): lookup failed for user: user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](account,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(account,163.150.246.27): lookup failed for user: account
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(www,163.150.246.27): user account: _www not enabled for mail
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](oracle,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(oracle,163.150.246.27): lookup failed for user: oracle
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](sybase,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(sybase,163.150.246.27): lookup failed for user: sybase
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](test,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(test,163.150.246.27): lookup failed for user: test
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](access,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(access,163.150.246.27): lookup failed for user: access
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(administrator,163.150.246.27): user account: Administrator not enabled for mail
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](web,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(web,163.150.246.27): lookup failed for user: web
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](pwrchute,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(pwrchute,163.150.246.27): lookup failed for user: pwrchute
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](oracle,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(oracle,163.150.246.27): lookup failed for user: oracle
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](informix,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(informix,163.150.246.27): lookup failed for user: informix
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(www,163.150.246.27): user account: _www not enabled for mail
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](sybase,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(sybase,163.150.246.27): lookup failed for user: sybase
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](oracle8,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(oracle8,163.150.246.27): lookup failed for user: oracle8
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(administrator,163.150.246.27): user account: Administrator not enabled for mail
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](informix,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(informix,163.150.246.27): lookup failed for user: informix
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](test,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(test,163.150.246.27): lookup failed for user: test
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](admin,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(admin,163.150.246.27): lookup failed for user: admin
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(backup,163.150.246.27): user account: backup not enabled for mail
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](user,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(user,163.150.246.27): lookup failed for user: user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(webmaster,163.150.246.27): Credentials could not be verified username or password is invalid.
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(root,163.150.246.27): user account: root not enabled for mail
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](oracle,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(oracle,163.150.246.27): lookup failed for user: oracle
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](lizdy,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(lizdy,163.150.246.27): lookup failed for user: lizdy
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](oracle8,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(oracle8,163.150.246.27): lookup failed for user: oracle8
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](sybase,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(sybase,163.150.246.27): lookup failed for user: sybase
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(backup,163.150.246.27): user account: backup not enabled for mail
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](server,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(server,163.150.246.27): lookup failed for user: server
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](user,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(user,163.150.246.27): lookup failed for user: user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(root,163.150.246.27): user account: root not enabled for mail
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](admin,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(admin,163.150.246.27): lookup failed for user: admin
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](informix,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(informix,163.150.246.27): lookup failed for user: informix
Jan 13 13:43:42 myserver dovecot[72]: auth(default): od[getpwnam_ext](lizdy,163.150.246.27): No record for user
Jan 13 13:43:42 myserver dovecot[72]: auth(default): od(lizdy,163.150.246.27): lookup failed for user: lizdy
Jan 13 13:43:42 myserver dovecot[72]: auth(default): od[getpwnam_ext](admin,163.150.246.27): No record for user
Jan 13 13:43:42 myserver dovecot[72]: auth(default): od(admin,163.150.246.27): lookup failed for user: admin
Jan 13 13:43:42 myserver dovecot[72]: auth(default): od[getpwnam_ext](data,163.150.246.27): No record for user
Jan 13 13:43:42 myserver dovecot[72]: auth(default): od(data,163.150.246.27): lookup failed for user: data
Jan 13 13:43:42 myserver dovecot[72]: auth(default): od[getpwnam_ext](oracle8,163.150.246.27): No record for user
Jan 13 13:43:42 myserver dovecot[72]: auth(default): od(oracle8,163.150.246.27): lookup failed for user: oracle8
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(webmaster,163.150.246.27): Credentials could not be verified username or password is invalid.
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(backup,163.150.246.27): user account: backup not enabled for mail
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od[getpwnam_ext](user,163.150.246.27): No record for user
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(user,163.150.246.27): lookup failed for user: user
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od[getpwnam_ext](access,163.150.246.27): No record for user
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(access,163.150.246.27): lookup failed for user: access
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od[getpwnam_ext](pwrchute,163.150.246.27): No record for user
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(pwrchute,163.150.246.27): lookup failed for user: pwrchute
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od[getpwnam_ext](server,163.150.246.27): No record for user
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(server,163.150.246.27): lookup failed for user: server
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od[getpwnam_ext](server,163.150.246.27): No record for user
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(server,163.150.246.27): lookup failed for user: server
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od[getpwnam_ext](data,163.150.246.27): No record for user
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(data,163.150.246.27): lookup failed for user: data
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od[getpwnam_ext](lizdy,163.150.246.27): No record for user
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(lizdy,163.150.246.27): lookup failed for user: lizdy
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(root,163.150.246.27): user account: root not enabled for mail
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od[getpwnam_ext](account,163.150.246.27): No record for user
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(account,163.150.246.27): lookup failed for user: account
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od[getpwnam_ext](test,163.150.246.27): No record for user
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(test,163.150.246.27): lookup failed for user: test
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od[getpwnam_ext](web,163.150.246.27): No record for user
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(web,163.150.246.27): lookup failed for user: web
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od[getpwnam_ext](access,163.150.246.27): No record for user
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(access,163.150.246.27): lookup failed for user: access
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od[getpwnam_ext](admin,163.150.246.27): No record for user
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(admin,163.150.246.27): lookup failed for user: admin
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od[getpwnam_ext](account,163.150.246.27): No record for user
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(account,163.150.246.27): lookup failed for user: account
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od[getpwnam_ext](data,163.150.246.27): No record for user
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(data,163.150.246.27): lookup failed for user: data
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(www,163.150.246.27): user account: _www not enabled for mail
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od[getpwnam_ext](admin,163.150.246.27): No record for user
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(admin,163.150.246.27): lookup failed for user: admin
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(administrator,163.150.246.27): user account: Administrator not enabled for mail
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(www,163.150.246.27): user account: _www not enabled for mail
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od[getpwnam_ext](oracle8,163.150.246.27): No record for user
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(oracle8,163.150.246.27): lookup failed for user: oracle8
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od[getpwnam_ext](oracle,163.150.246.27): No record for user
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(oracle,163.150.246.27): lookup failed for user: oracle
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(administrator,163.150.246.27): user account: Administrator not enabled for mail
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od[getpwnam_ext](oracle8,163.150.246.27): No record for user
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(oracle8,163.150.246.27): lookup failed for user: oracle8
Jan 13 13:43:46 myserver dovecot[72]: auth(default): od(webmaster,163.150.246.27): Credentials could not be verified username or password is invalid.
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od[getpwnam_ext](oracle,163.150.246.27): No record for user
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(oracle,163.150.246.27): lookup failed for user: oracle
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od[getpwnam_ext](data,163.150.246.27): No record for user
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(data,163.150.246.27): lookup failed for user: data
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od[getpwnam_ext](lizdy,163.150.246.27): No record for user
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(lizdy,163.150.246.27): lookup failed for user: lizdy
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od[getpwnam_ext](admin,163.150.246.27): No record for user
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(admin,163.150.246.27): lookup failed for user: admin
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(backup,163.150.246.27): user account: backup not enabled for mail
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od[getpwnam_ext](user,163.150.246.27): No record for user
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(user,163.150.246.27): lookup failed for user: user
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od[getpwnam_ext](admin,163.150.246.27): No record for user
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(admin,163.150.246.27): lookup failed for user: admin
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od[getpwnam_ext](test,163.150.246.27): No record for user
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(test,163.150.246.27): lookup failed for user: test
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od[getpwnam_ext](web,163.150.246.27): No record for user
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(web,163.150.246.27): lookup failed for user: web
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od[getpwnam_ext](account,163.150.246.27): No record for user
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(account,163.150.246.27): lookup failed for user: account
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(www,163.150.246.27): user account: _www not enabled for mail
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od[getpwnam_ext](admin,163.150.246.27): No record for user
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(admin,163.150.246.27): lookup failed for user: admin
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(backup,163.150.246.27): user account: backup not enabled for mail
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od[getpwnam_ext](oracle8,163.150.246.27): No record for user
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(oracle8,163.150.246.27): lookup failed for user: oracle8
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od[getpwnam_ext](web,163.150.246.27): No record for user
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(web,163.150.246.27): lookup failed for user: web
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od[getpwnam_ext](web,163.150.246.27): No record for user
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(web,163.150.246.27): lookup failed for user: web
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od[getpwnam_ext](informix,163.150.246.27): No record for user
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(informix,163.150.246.27): lookup failed for user: informix
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od[getpwnam_ext](oracle,163.150.246.27): No record for user
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(oracle,163.150.246.27): lookup failed for user: oracle
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od[getpwnam_ext](test,163.150.246.27): No record for user
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(test,163.150.246.27): lookup failed for user: test
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od[getpwnam_ext](lizdy,163.150.246.27): No record for user
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(lizdy,163.150.246.27): lookup failed for user: lizdy
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(backup,163.150.246.27): user account: backup not enabled for mail
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(www,163.150.246.27): user account: _www not enabled for mail
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od[getpwnam_ext](sybase,163.150.246.27): No record for user
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(sybase,163.150.246.27): lookup failed for user: sybase
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(administrator,163.150.246.27): user account: Administrator not enabled for mail
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(root,163.150.246.27): user account: root not enabled for mail
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od[getpwnam_ext](sybase,163.150.246.27): No record for user
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(sybase,163.150.246.27): lookup failed for user: sybase
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od[getpwnam_ext](informix,163.150.246.27): No record for user
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(informix,163.150.246.27): lookup failed for user: informix
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od[getpwnam_ext](sybase,163.150.246.27): No record for user
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(sybase,163.150.246.27): lookup failed for user: sybase
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od[getpwnam_ext](server,163.150.246.27): No record for user
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(server,163.150.246.27): lookup failed for user: server
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(www,163.150.246.27): user account: _www not enabled for mail -
Preventing Denial of Service attacks.
Hi.
I'm concerned about Denial of Service attacks on my SOAP service. It would be
quite easy for a user to send massive messages to my service and cause my server
to run out of memory. What I would like to do is put a filter in front of the
SOAP service that could authenticate based on the client's session before the
SOAP message was handled. I can't, however, see any mechanism for putting filters
in front of SOAP services (I'm using Weblogic 7.0). The documentation does mention
that if I enable HTTP sessions then requests are forwarded through a servlet,
so it should theoretically be possible (if a bit of a hack possibly) to put a
filter in front of this, right?
An alternative is to authenticate in a SOAP request handler, although my understanding
is that by this stage the entire message has been parsed, so this doesn't really
solve my problem (does it?)...
I'm aware that I could use Basic or SSL authentication to control access to the
service, but I'm trying to avoid these approaches. Am I stuck with them though?
Thanks.
Neil.Hi Neil,
Yes, for security and "isolation" reasons.
I'm finding it more and more that the OA&M guys, are wanting to isolate Web service
J2EE applications from other "traditional" J2EE applications, because what they
do is well -- unpredictable :-)
Setting up virtual hosts, allows you to set MaxPostSizes, independently. It also
has some other perks, but that's a whole other story.
If you are concerned about "concurrent posts", you should invest in putting a
load balancer (or WLS Proxy) in front of the Web service.
Regards,
Mike Wooten
"Neil Ferguson" <[email protected]> wrote:
>
Oh yeah, another thought. It probably won't do me much good restricting
the size
of HTTP posts if I can't also restrict the number of concurrent posts
that are
made. Do you know of any way to do this for my service?
"Michael Wooten" <[email protected]> wrote:
Hi Neil,
Yes, DOS attacks are definitely a concern for enterprise-class Web services
Ironically, some of these can happen "unintentionally", with thingslike
SOAP
attachments. You publish a WSDL that says your WLS Web service accepts
"binary"
attachments, and the next thing you know someone is sending you disk2.zip
(571,687KB),
of Oracle 9i Enterprise Edition :-) This was propably a "mistake", of
course,
but that doesn't matter because you're probably going to have bounce
your J2EE
app server to "recover", anyway.
However, using a Servlet Filter won't really help you. You need to limit
the size
of HTTP POST requests that the J2EE Web Container accepts. I would even
go one
step further, and create a Virtual Host to run the WLS Web Service in.
In WLS
8.1, you do this by following the instructions at this links:
http://e-docs.bea.com/wls/docs81/ConsoleHelp/virtual_hosts.html#1104939
http://e-docs.bea.com/wls/docs81/ConsoleHelp/domain_virtualhost_config_http.html
These links tell you how to target the Web Service (actually the .war
for it)
to the Virtual Host. They also tell you how to set the MaxPostSize and
MaxPostTimeSecs
attributes, to avoid "intentional" and "unintentional" DOS attacks :-)
Regards,
Mike Wooten
"Neil Ferguson" <[email protected]> wrote:
Hi.
I'm concerned about Denial of Service attacks on my SOAP service. It
would be
quite easy for a user to send massive messages to my service and cause
my server
to run out of memory. What I would like to do is put a filter in front
of the
SOAP service that could authenticate based on the client's session
before
the
SOAP message was handled. I can't, however, see any mechanism for putting
filters
in front of SOAP services (I'm using Weblogic 7.0). The documentation
does mention
that if I enable HTTP sessions then requests are forwarded througha
servlet,
so it should theoretically be possible (if a bit of a hack possibly)
to put a
filter in front of this, right?
An alternative is to authenticate in a SOAP request handler, although
my understanding
is that by this stage the entire message has been parsed, so this doesn't
really
solve my problem (does it?)...
I'm aware that I could use Basic or SSL authentication to control access
to the
service, but I'm trying to avoid these approaches. Am I stuck withthem
though?
Thanks.
Neil. -
Safari denial of service attack
Hi all,
We have a Linux server running the Moodle 2.x Learning Management System that authenitcates against a CAS (Central Autentication Service) server and we have an issue only with Safari browsers where they send continuous https requests to the Moodle server. We are having a hard time figuring out what is triggering it but it is happening in these operating systems that we have seen
10.8.5
10.9.1
10.9.2
10.6.8
With these versions of Safari.
6.1.3, 7.02, 5.1.10
There could be other OS and Safari versions, we are not sure. We are doing a "tail -f /var/log/httpd/ssl_request_log" on the Moodle server and we'll see periodic entries like this.
[11/Apr/2014:11:39:32 -0400] 155.47.38.8 TLSv1 AES128-SHA "GET /login/index.php HTTP/1.1" 484
[11/Apr/2014:11:39:32 -0400] 155.47.38.8 TLSv1 AES128-SHA "GET /login/index.php HTTP/1.1" 484
[11/Apr/2014:11:39:32 -0400] 155.47.38.8 TLSv1 AES128-SHA "GET /login/index.php HTTP/1.1" 484
[11/Apr/2014:11:39:32 -0400] 155.47.38.8 TLSv1 AES128-SHA "GET /login/index.php HTTP/1.1" 484
[11/Apr/2014:11:39:32 -0400] 155.47.38.8 TLSv1 AES128-SHA "GET /login/index.php HTTP/1.1" 484
[11/Apr/2014:11:39:32 -0400] 155.47.38.8 TLSv1 AES128-SHA "GET /login/index.php HTTP/1.1" 484
[11/Apr/2014:11:39:32 -0400] 155.47.38.8 TLSv1 AES128-SHA "GET /login/index.php HTTP/1.1" 484
[11/Apr/2014:11:39:32 -0400] 155.47.38.8 TLSv1 AES128-SHA "GET /login/index.php HTTP/1.1" 484
[11/Apr/2014:11:39:32 -0400] 155.47.38.8 TLSv1 AES128-SHA "GET /login/index.php HTTP/1.1" 484
[11/Apr/2014:11:39:32 -0400] 155.47.38.8 TLSv1 AES128-SHA "GET /login/index.php HTTP/1.1" 484
[11/Apr/2014:11:39:32 -0400] 155.47.38.8 TLSv1 AES128-SHA "GET /login/index.php HTTP/1.1" 484
[11/Apr/2014:11:39:32 -0400] 155.47.38.8 TLSv1 AES128-SHA "GET /login/index.php HTTP/1.1" 484
[11/Apr/2014:11:39:32 -0400] 155.47.38.8 TLSv1 AES128-SHA "GET /login/index.php HTTP/1.1" 484
[11/Apr/2014:11:39:32 -0400] 155.47.38.8 TLSv1 AES128-SHA "GET /login/index.php HTTP/1.1" 484
[11/Apr/2014:11:39:32 -0400] 155.47.38.8 TLSv1 AES128-SHA "GET /login/index.php HTTP/1.1" 484
[11/Apr/2014:11:39:33 -0400] 155.47.38.8 TLSv1 AES128-SHA "GET /login/index.php HTTP/1.1" 484
[11/Apr/2014:11:39:33 -0400] 155.47.38.8 TLSv1 AES128-SHA "GET /login/index.php HTTP/1.1" 484
[11/Apr/2014:11:39:33 -0400] 155.47.38.8 TLSv1 AES128-SHA "GET /login/index.php HTTP/1.1" 484
[11/Apr/2014:11:39:33 -0400] 155.47.38.8 TLSv1 AES128-SHA "GET /login/index.php HTTP/1.1" 484
Some systems have logged a quarter of a million requests per day so it is really kicking the server's butt!
What is even crazier is I found a professor who's computer was actively hitting the server like this and I checked his computer and he did not have any Moodle or CAS server windows or tabs open. I went through his cookies and deleted any that were related to those system and the https requests continued. Once I closed out of Safari completely the requests stopped but here is where it got even crazier, when I brought up Safari again the requests started up again and the Safari window was not even pointing to the Moodle server, it was to his default web page (Google). It makes zero sense to me.
Almost all of our students and faculty have Macs so it is causing a mini denial of service attack. We haven't seen any issues with Chrome or Firefox.
Any thoughts?You would have to instruct your users to exclude the site from their Top Sites.
You can permanently exclude a site from your Top Sites. From the Safari menu bar, select
History ▹ Show Top Sites
The Top Sites window will open. Position the cursor over the preview of the site you want to exclude. After a moment, an X icon and a pushpin icon will appear in the upper left corner of the preview. Click the X icon.
The only way to reverse this action is to reset Top Sites. To do that, select
Safari ▹ Reset Safari...
In the dialog that opens, check the box marked
Reset Top Sites
and uncheck all other boxes. Then click the Reset button. This action will remove all Top Sites and all exclusions. -
Tomcat Denial of Service Attack
The signature id 5648 (Tomcat Denial of Service Attack) seams to be prone to false positives....
We have seen in a number of incidents, that when the destination of this attack uses the ephemeral port of 8007 with an established connection on TCP port 80, the signature is often triggered. The signature looks for the content \xfe\x0f
Is anyone else seeing this problem?Can you please send me some more information and we can look into refining this signature.
An IPLog dmp file or a traffic capture would help me dig into the cause of the false positive.
-jonathan -
Hi,
We have 2 Databases (PROD and TEST) on same machine. If any users continuously hacking the TEST System due to Denial of Service Attacks..at the same time, this will cause performance problems in PROD instance also which are on same machine...How to rectify this type of problems ( Denial of Service Attacks)....Hi,
How to rectify this type of problems ( Denial of Service Attacks).... This is not an Oracle question really, but DOS attacks are detected and the IP's are ignored. Today, I hear that DOS attacks are "script kiddie" level, and easily detected and stopped. Try here for details:
http://www.google.com/search?&q=prevent+%22dos+attacks%22+ip+detection
Some shops implement Egress Filtering:
http://searchsecuritychannel.techtarget.com/tip/0,289483,sid97_gci1246849,00.html
Hope this helps. . . .
Don Burleson
Oracle Press author -
Hashing denial-of-service attack -- is CF vulnerable?
The recent announcement of major vulnerabilities in many web application platforms to a hashing DOS attack has much of the internets abuzz:
http://arstechnica.com/business/news/2011/12/huge-portions-of-web-vulnerable-to-hashing-de nial-of-service-attack.ars
I haven't seen or heard anything regarding various versions of ColdFusion and whether it's vulnerable.
Can someone shed some light on this -- preferably someone from Adobe -- and whether a fix is forthcoming?
Thanks,
David-==cfSearching==- wrote:
... that article specifically states that Oracle have said Java is not affected by it.
Adam
No, the article says java is vulnerable. Oracle just said they "decided nothing .. needs to be fixed within Java itself". Sounds more like they are saying it is the responsibility of the application server to provide a better hash implementation if needed (or choose a different method of prevention).
Sorry, you're quite right. I definitely misread that, didn't I! ;-)
Adam -
PEAP - NT Domain Denial Of Service Attack
I'm looking for some feedback on the following percieved issue.
Assumptions:
1) A PEAP implementation where PEAP authentication is configured to use a static NT user/pass combination as credentials.
2) The ACS has an unknown user policy to check the NT Domain
3) Your NT Domain security Policy locks accounts after 5 failed attempted logings
Queation:
Given that PEAP does not enforce client side verification and that any XP SP1 (perhaps the CISCO ACU depending on configuration) client can attempt a PEAP login. If a client maliciously attacks by entering wrong passwords they could create a Denial Of Service (legitimate users will be locked out) attack against the NT Domain
Thoughts?PEAP does not provide credential caching. Any logins to Windows NT file systems will be separate and subsequent to PEAP login.
PEAP supports silent session resume (upon RADIUS session timeout) when only the first phase of PEAP is executed. In the second phase, the previous authentication state is reused. Hence, users will not be required to re-authenticate until the PEAP session timeout expires. The duration time of the PEAP session timeout is configurable from Cisco Secure ACS graphical user interface (GUI).
You can find more information in this URL:
http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_qanda_item09186a008010018c -
ITunes Store -MAYBE Denial-of-service attack- During Sat 4th Dec& Sun 5th
Dear Srs,
It's really too slow or coud not connect with !
Maybe this problem is because a Denial-of-service (DoS) attack, or low capacity of iTunes Store SERVERS or the bandwidth of the internet links to the Servers.
Best regards,ERROR MESSAGE:
We could not complete your iTunes Store request.
The iTunes Store is temporarily unavailable. Please try again later.
That is the message I get when clicking on iTunes Store in iTunes. I am able to get into the store, by doing a search. But when I click on Music within the store, it sends the same message. Using other links (movies, tv shows)no issue.
By searching on an artist, I can get to music, so there is a workaround, but it shouldn't be this way.
This is NOT an issue using iTunes 10 on another system. All software just updated.
Problem existed initially using iTunes 8, carried over with 9.2. -
We have a Mac Laptop running Leopard 10.5.1. which was last updated with Quicktime 7.4.1. Since Thursday afternoon, if this Mac is connected to our network (about 50 clients) it prevents all access to the internet and stops Exchange server sending and receiving e-mails. As soon as we disconnect this MAC from the network, internet and e-mail is restored to all the other clients. The anti-virus on the MAC is up to date and the scan has found nothing.
Any suggestions on what is wrong with this MAC and how to fix it?What do the logs say?
My guess would be that this machine has an incorrect IP address - maybe the IP address of your router, for example, which would confuse all other network clients who'd think that this machine was now the router rather than the real router.
There should be something obvious in the logs if that's the case. /var/log/system.log, specifically. -
Problem started with download of Firefox 5. It is now almost impossible to follow a link or perform a search with any search engine without being redirected to other sites.
How could you have upgraded your IOS and be on IOS 7.0.6? I'm skeptical about your movie claim - my guess is that you were unknowingly streaming them from the getgo unaware that they weren't on your iPad. I suppose there may be an "escape clause" in Apple's update routine that is invoked when a device doesn't have enough memory to carry out an update whereby movies are swapped out to hoover up more memory. Personally I've never heard of this occurring In Apple World. Why does your cheap phone outperform your iPad "in every category"? There's no good reason - you obviously have numerous issues that are easily resolvable if you follow Philly's advice.
-
Denial of Service through Airport Extreme
Hi,
I am seeing what appears to be a denial of service attack when I connect to the internet via the airport extreme wireless card. Every site I enter in Safari has this bogus Comcast sign-up page. I also cannot receive email via my airport express.
However, when I connect to my DSL modem via CAT5 cable, everything works fine. Has anyone encountered this problem?LOL.
Then turn your iPhone off and get to a pay phone or neighbor. Or email them. Or drive to them.
I would copy and paste what you just typed so you can show it to AT&T. Hopefully they will understand. I mean that would some pretty fast typing for anyone and they should notice it was a glitch. We can Hope.
Maybe you are looking for
-
What is the best codec to edit with in Premiere? I use a Canon 7D.
With Adobe Premiere I read that you don't have to transcode your footage to edit, but is it BETTER to? In final cut people say that it is best to transcode your footage from h.264 to apple pro res in order to get higher quality footage. Is the same t
-
Essbase login failed & Cluster not available in Shared Services
Hi, I have installed & configured the EPM 11.1.2.2 in compact deployment mode i.e. deployed to Embedded weblogic server. Shared Services, Essbase, Planning & Reporting are installed successfully. I am able to login to Shared Services, Workspace & EAS
-
How can i fix my itunes when its not working
my itune isnt opening...i tried everything, nothing worked.........PPPPLLLLLLZZZZ HELP ME
-
In an interactive report, after going to 5th list, can you come back to 2nd
Hi guys, I am having a simple doubt, can you clarify me. In an interactive report, after going to 5th list, can you come back to 2nd list? how?
-
SSIS in VS 2012 -- Set 32-bit mode permanently?
I am using BIDS in Visual Studio 2012. I need my SSIS packages to run in 32-bit mode. I set the debugging property for Run64BitRuntime to "false," but the next time I start Visual Studio it's set back to "true." Is there a way to set VS to use 32-bit