DOS Attack Behavior and CSS11506

Similar Messages

• Drop outs and - [DoS attack: ACK Scan RST Scan, Teardrop attack....]

  Hi all Dropped a little excerpt of my router status log below.Basically the internet keeps dropping out, making streaming a pain in the a##....If anyone could offer advice, suggestions etc, Itd be greatly appreciated.  Our internet was flawless for three days at our new address, no drop outs stable, fair speed. however the last two days all of a sudden we are getting continual drop outs...?? I have done the usual basics, >Checked lines, Replaced and tested Cables, replaced with new filter and tested without filters.>Tested using three different modems (known working), Netcomm, Netgear, Telstra technicolour... All perform the exact same.>Updated modem firmwares, and powercycled all modems.>Factory reset each modem, >We dont have a static ip, so each time it drops there is a new ip, However after a while the DOS rubbish happens again and the internet drops out.)> Tested using PPPOA and PPPOE, might be luck, but pppoe seems better?>Tested using different line noise profiles. No change.Recently I also changed all the Wifi Security options so that only one pc is on the network, in case one pc is causing the drama?? >Now using a netgear DGND3700v2 (like it best lol)
    Connection stats:ADSL LinkDownstreamUpstreamLink Rate5442 Kbps923 KbpsLine Attenuation47.0 dB28.0 dBNoise Margin6.4 dB6.7 dB    Todays Status log:<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>[admin login] from source 192.168.0.3 Wednesday, July 15,2015 02:43:09
  [DoS attack: ACK Scan] from source: 216.189.219.70:17005 Wednesday, July 15,2015 02:41:30
  [DoS attack: ACK Scan] from source: 27.252.96.71:62655 Wednesday, July 15,2015 02:39:23
  [DoS attack: ACK Scan] from source: 122.52.119.31:17560 Wednesday, July 15,2015 02:37:55
  [DoS attack: RST Scan] from source: 179.184.140.115:16884 Wednesday, July 15,2015 02:30:12
  [DoS attack: ACK Scan] from source: 17.132.254.11:5223 Wednesday, July 15,2015 02:29:46
  [DoS attack: ACK Scan] from source: 17.132.254.17:5223 Wednesday, July 15,2015 02:29:11
  [DoS attack: ACK Scan] from source: 17.132.254.17:5223 Wednesday, July 15,2015 02:28:48
  [DoS attack: ACK Scan] from source: 17.132.254.17:5223 Wednesday, July 15,2015 02:28:27
  [DoS attack: ACK Scan] from source: 104.16.21.35:443 Wednesday, July 15,2015 02:23:35
  [DoS attack: ACK Scan] from source: 104.16.21.35:443 Wednesday, July 15,2015 02:23:04
  [DoS attack: RST Scan] from source: 27.111.254.110:5223 Wednesday, July 15,2015 02:22:00
  [DHCP IP: (192.168.0.2)] to MAC address F0:25:B7:18:BF:90 Wednesday, July 15,2015 02:21:24
  [DoS attack: ACK Scan] from source: 60.240.152.126:443 Wednesday, July 15,2015 02:18:07
  [DoS attack: ACK Scan] from source: 27.111.254.110:5223 Wednesday, July 15,2015 02:16:46
  [DoS attack: ACK Scan] from source: 27.111.254.110:5223 Wednesday, July 15,2015 02:14:46
  [DHCP IP: (192.168.0.3)] to MAC address DC:85E:02:CE:18 Wednesday, July 15,2015 02:14:25
  [DoS attack: ACK Scan] from source: 207.46.11.151:443 Wednesday, July 15,2015 02:13:56
  [DoS attack: ACK Scan] from source: 173.252.102.16:443 Wednesday, July 15,2015 02:13:33
  [DoS attack: ACK Scan] from source: 27.111.254.110:5223 Wednesday, July 15,2015 02:12:46
  [Time synchronized with NTP server time-g.netgear.com] Wednesday, July 15,2015 02:12:46
  [DoS attack: ACK Scan] from source: 27.111.254.110:5223 Wednesday, July 15,2015 02:11:45
  [DoS attack: ACK Scan] from source: 27.111.254.110:5223 Wednesday, July 15,2015 02:11:15
  [DoS attack: ACK Scan] from source: 27.111.254.110:5223 Wednesday, July 15,2015 02:10:45
  [Internet connected] IP address: 123.211.78.198 Wednesday, July 15,2015 02:10:12
  [DSL: Up] Wednesday, July 15,2015 02:10:07
  [admin login] from source 192.168.0.3 Wednesday, July 15,2015 02:09:49
  [UPnP set event:AddPortMapping] from source 192.168.0.3 Wednesday, July 15,2015 02:09:27
  [UPnP set eventeletePortMapping] from source 192.168.0.3 Wednesday, July 15,2015 02:09:27
  [UPnP set event:AddPortMapping] from source 192.168.0.3 Wednesday, July 15,2015 02:09:27
  [UPnP set eventeletePortMapping] from source 192.168.0.3 Wednesday, July 15,2015 02:09:27
  [UPnP set event:AddPortMapping] from source 192.168.0.3 Wednesday, July 15,2015 02:09:22
  [UPnP set event:AddPortMapping] from source 192.168.0.3 Wednesday, July 15,2015 02:09:22
  [UPnP set event:AddPortMapping] from source 192.168.0.3 Wednesday, July 15,2015 02:09:22
  [UPnP set event:AddPortMapping] from source 192.168.0.3 Wednesday, July 15,2015 02:09:22
  [DHCP IP: (192.168.0.3)] to MAC address DC:85E:02:CE:18 Wednesday, July 15,2015 02:09:22
  [DHCP IP: (192.168.0.2)] to MAC address F0:25:B7:18:BF:90 Wednesday, July 15,2015 02:09:14
  [Initialized, firmware version: V1.1.00.23_1.00.23 ] Wednesday,   YESTERDAYS: I removed the ADSL password from the modem last night so that it wouldnt connect? If that makes any diference>>>>>>>>>>>>>>Status Log<<<<<<<<<<<<<<<< [UPnP set eventeletePortMapping] from source 192.168.0.4 Tuesday, July 14,2015 12:53:36
  [DoS attack: ACK Scan] from source: 181.208.125.20:51345 Tuesday, July 14,2015 12:39:23
  [DoS attack: Teardrop Attack] from source: 173.169.23.13:56601 Tuesday, July 14,2015 12:39:08
  [DoS attack: Teardrop Attack] from source: 173.169.23.13:56601 Tuesday, July 14,2015 12:39:08
  [DoS attack: Teardrop Attack] from source: 77.163.26.201:59976 Tuesday, July 14,2015 12:35:41
  [DoS attack: Teardrop Attack] from source: 77.163.26.201:59976 Tuesday, July 14,2015 12:35:41
  [DoS attack: Teardrop Attack] from source: 77.163.26.201:59976 Tuesday, July 14,2015 12:35:19
  [DoS attack: Teardrop Attack] from source: 77.163.26.201:59976 Tuesday, July 14,2015 12:35:19
  [DoS attack: Teardrop Attack] from source: 77.163.26.201:59976 Tuesday, July 14,2015 12:35:17
  [DoS attack: ACK Scan] from source: 178.167.254.109:55704 Tuesday, July 14,2015 12:35:16
  [DoS attack: ACK Scan] from source: 197.89.134.91:54291 Tuesday, July 14,2015 12:33:14
  [DHCP IP: (192.168.0.4)] to MAC address DC:85E:02:CE:18 Tuesday, July 14,2015 12:26:04
  [DoS attack: Teardrop Attack] from source: 23.119.204.188:48371 Tuesday, July 14,2015 12:21:34
  [DoS attack: Teardrop Attack] from source: 23.119.204.188:48371 Tuesday, July 14,2015 12:19:40
  [DoS attack: Teardrop Attack] from source: 23.119.204.188:48371 Tuesday, July 14,2015 12:19:40
  [DoS attack: Teardrop Attack] from source: 23.119.204.188:48371 Tuesday, July 14,2015 12:19:39
  [DoS attack: Teardrop Attack] from source: 23.119.204.188:48371 Tuesday, July 14,2015 12:19:39
  [DoS attack: Teardrop Attack] from source: 23.119.204.188:48371 Tuesday, July 14,2015 12:19:39
  [DoS attack: Teardrop Attack] from source: 23.119.204.188:48371 Tuesday, July 14,2015 12:19:38
  [DoS attack: RST Scan] from source: 174.16.237.129:51413 Tuesday, July 14,2015 12:16:09
  [UPnP set event:AddPortMapping] from source 192.168.0.4 Tuesday, July 14,2015 12:13:30
  [UPnP set event:AddPortMapping] from source 192.168.0.4 Tuesday, July 14,2015 12:13:30
  [DHCP IP: (192.168.0.4)] to MAC address DC:85E:02:CE:18 Tuesday, July 14,2015 12:13:24
  [DoS attack: ACK Scan] from source: 106.10.198.32:443 Tuesday, July 14,2015 12:11:54
  [DoS attack: ACK Scan] from source: 23.53.154.185:443 Tuesday, July 14,2015 12:10:51
  [DoS attack: ACK Scan] from source: 23.53.154.185:443 Tuesday, July 14,2015 12:10:20
  [DHCP IP: (192.168.0.3)] to MAC address 48:5A:3F:62:F2:E9 Tuesday, July 14,2015 12:09:38
  [DHCP IP: (192.168.0.2)] to MAC address F0:25:B7:18:BF:90 Tuesday, July 14,2015 11:54:14
  [DoS attack: ACK Scan] from source: 94.23.38.22:25565 Tuesday, July 14,2015 11:52:04
  [DoS attack: RST Scan] from source: 54.192.133.206:443 Tuesday, July 14,2015 11:50:57
  [DoS attack: ACK Scan] from source: 167.114.0.26:51127 Tuesday, July 14,2015 11:44:05
  [DoS attack: RST Scan] from source: 54.192.132.41:443 Tuesday, July 14,2015 11:39:42
  [DoS attack: RST Scan] from source: 179.60.193.52:443 Tuesday, July 14,2015 11:36:55
  [DoS attack: RST Scan] from source: 54.192.134.28:443 Tuesday, July 14,2015 11:36:27
  [DHCP IP: (192.168.0.2)] to MAC address F0:25:B7:18:BF:90 Tuesday, July 14,2015 11:29:31
  [DoS attack: ACK Scan] from source: 178.32.34.50:80 Tuesday, July 14,2015 09:04:57
  [DoS attack: ACK Scan] from source: 52.68.183.36:5223 Tuesday, July 14,2015 08:53:04
  [DoS attack: ACK Scan] from source: 52.68.183.36:5223 Tuesday, July 14,2015 08:52:25
  [DoS attack: ACK Scan] from source: 17.132.254.15:5223 Tuesday, July 14,2015 08:38:45
  [DoS attack: ACK Scan] from source: 17.132.254.15:5223 Tuesday, July 14,2015 08:38:10
  [DoS attack: ACK Scan] from source: 17.132.254.15:5223 Tuesday, July 14,2015 08:37:37
  [DoS attack: ACK Scan] from source: 167.114.0.26:51227 Tuesday, July 14,2015 08:22:34
  [DoS attack: ACK Scan] from source: 179.60.193.2:443 Tuesday, July 14,2015 08:11:56
  [DoS attack: ACK Scan] from source: 179.60.193.2:443 Tuesday, July 14,2015 08:11:33
  [DoS attack: ACK Scan] from source: 179.60.193.2:443 Tuesday, July 14,2015 08:04:20
  [DoS attack: ACK Scan] from source: 179.60.193.2:443 Tuesday, July 14,2015 08:02:20
  [DoS attack: ACK Scan] from source: 179.60.193.2:443 Tuesday, July 14,2015 08:00:19
  [DoS attack: ACK Scan] from source: 179.60.193.2:443 Tuesday, July 14,2015 07:58:19
  [DoS attack: ACK Scan] from source: 202.108.23.105:5287 Tuesday, July 14,2015 07:56:03
  [DoS attack: ACK Scan] from source: 66.135.213.210:443 Tuesday, July 14,2015 07:54:45
  [DoS attack: ACK Scan] from source: 179.60.193.2:443 Tuesday, July 14,2015 07:54:21
  [Time synchronized with NTP server time-g.netgear.com] Tuesday, July 14,2015 07:54:03
  [DoS attack: ACK Scan] from source: 66.135.211.97:443 Tuesday, July 14,2015 07:54:00
  [Internet connected] IP address: 121.222.126.130 Tuesday, July 14,2015 07:53:32
  [DSL: Up] Tuesday, July 14,2015 07:53:27    

  We have had same issues over last 3 days and now. We are in Tamborine Village QLD.

• Protect against DOS attack on NIO Server

  I have a NIO server which recently underwent a DOS attack. The attack was very simply a packet flood in which a rogue engineered client sent a packet request to the system 80,000 times in about 5 seconds.
  The packet was successfully ignored in the application code (it just logged it). Logging usually take the IP address but in this case using getInetAddress() on the socket channel returned null every time.
  However, as far as future protection goes how could I modify the system to be able to withstand such attacks? Under normal operation the server would establish TCP socket connection with client on a public port. Then client sends login packet and if authorized client can send other request packets to get data and perform user actions (like chatting).
  In this attack user did not bother to attempt to login and instead just sent many of the same data request packets over and over, causing the system to use up the thread pool and block other legitimate clients from now connecting. I am not expert in security like this, so what is best practice for making code stand up?
  Some general questions I can think of:
  - would using SSL help?
  - some way to throttle client requests to a certain frequency or byte limit per second?
  - should have one port for login and another for data requests after login succeed?
  Thanks In Advance.

  You can't use SSL with non-blocking NIO unless you want tackle the complexities of the SSLEngine (or use my Scalable SSL product), and in any case I'm not sure it would really help - it would just move the DOS attack into the SSLEngine handling. Separate ports won' t help either as there is nothing to stop the attacker using either of them, or both.
  Maybe your best defence is to identify rogue packets as quickly as possible, and drop the entire connection if you get a bad packet (e.g. one where getInetAddress() returns null, although in fact I don't see how that is actually possible). You might proceed from there to logging rogue source addresses and dropping connections from them immediately.
  I would also investigate what can be done in the firewall configuration.

• DoS attacks in java(urgent)

  I am an undergraduate student and currently working on network security project based on denial of service attacks in java. I have established a client/server connection and now want to capture all incoming packets at the receiving end(server) and then monitor them for DoS attack..Is it possible if anybody could help me a little bit in this as soon as possible. I know JPCap class would be a better option but i don't know how to deploy it in my current code..Thanks
  Please email me on [email protected]
  Regards,
  Sameen Khan

  Dear Salpeter,
  Ok if you think i'm not close to it then u can help
  and guide...I have been through several books on DOS
  attacks. I know about its theory but don't know how to
  code in java.....actually this is my term proj, which
  is due in a week or so.......just couldn't do it
  although i'm good at simple java but not java in
  networking security....if you know any website where i
  could get its complete code for help then plz tell
  me...thanksWhat have you been doing all term? Due in a week? And you don't know Java? Sounds like you're screwed.
  How will your prof feel about you downloading someone else's complete code and turning it in as if it were yours? Where I come from we call that "cheating".

• Solution to Prevent the DOS Attack

  Hello Experts,
  We  have our Production Servers placed at ISP DC where we are using Cisco  ASA firewall model 5505 and all the servers placed behind the  firewall.The bandwidth we have 100 MBPS and there is no IPS device in  between.
  Since  long time, we have been experiencing some network issues and recently  we detected the D-DOS attack affecting our Prod Services and now we are  looking to have a solution to mitigate the attack.
  Can somebody please suggest the solution which must be cheapest in the terms of COST to get this attack stopped?
  We contacted to Radware on this but the solution that they are recommending is too expensive.
  Can we achieve the solution by implementing the Cisco IPS module/appliance and will it work to prevent the D-DOS attack?
  Whatever  best solution you can recommend then please suggest and an early  response on this would be highly appreciated as we need to have a quick  solution.
  Thanks.

  Hello Ray,
  Hope you are doing fine.
  Okay the less expensive:
  1- Using the MPF on the ASA set the limits for the amount of connections open to a server or the embryonic connections.
  http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s8.html#wp1414075
  One a little bit more expensive:
  2- Get the IPS module and prevent that by enabling the required signatures.
  Side note: I would recommend you talking about this problem with your ISP so you can avoid getting this overload of traffic on your outside interface so bandwith can be used on the right traffic and connections.
  Regards,
  Julio Carvajal      

• Solution to Prevent the D-DOS Attack

  Hello Experts,
  We have our Production Servers placed at ISP DC where we are using Cisco ASA firewall model 5505 and all the servers placed behind the firewall.The bandwidth we have 100 MBPS and there is no IPS device in between.
  Since long time, we have been experiencing some network issues and recently we detected the D-DOS attack affecting our Prod Services and now we are looking to have a solution to mitigate the attack.
  Can somebody please suggest the solution which must be cheapest in the terms of COST to get this attack stopped?
  We contacted to Radware on this but the solution that they are recommending is too expensive.
  Can we achieve the solution by implementing the Cisco IPS module/appliance and will it work to prevent the D-DOS attack?
  Whatever best solution you can recommend then please suggest and an early response on this would be highly appreciated as we need to have a quick solution.
  Thanks.

  Ray,
  The only real option you have with the 5505 is the Cisco ASA AIP SSC-5 module. It should also help with the DDOS problem you find yourself with. You do need to understand that the 5505's and the AIP SSC-5 are EOL now.
  You probably need to consider budgeting for upgrading this equipment in the near future....

• Getting logs for DOS Attack:Sync Attack on cisco CSS 11501 frequently.

  Hi ,
  Since couple of weeks , i am getting below DOS attack logs on cisco CSS.Can anyone help me out about how can we avoid this? and how to deal with it.
  04/23/2011 17:27:28:Enterprise:DOS Attack:SYN Attack -> 10 times
  04/23/2011 17:30:15:Enterprise:DOS Attack:SYN Attack -> 10 times
  04/24/2011 11:20:32:Enterprise:DOS Attack:SYN Attack -> 11 times
  04/24/2011 11:24:48:Enterprise:DOS Attack:SYN Attack -> 12 times
  04/24/2011 15:30:42:Enterprise:DOS Attack:SYN Attack -> 10 times
  Thanks
  Manish

  Hi Nicolas,
  Why i am asking about DOS attack as i am facing some issues for the 2 VIPs configured in cisco CSS 11501.
  Can you help me troubleshooting the issue?
  I have coming across some Load Balancing issues for the 2 VIPS configured on Cisco CSS11501.
  We  have cisco CSS 11501. We have 2 VIPs configured on it for FE and BE  servers.Now Client calls to FE VIP and LB forwarding it to server and  then FE server calls the BE VIP which goes through the same LB and  forward to BE server under the VIP.When we start load test, we have  observed after 2 hour test, application team getting HTTP timeout.As  this application is used by Call center so getting timeout is bad.
  Need to troubleshoot this issue if there is any problem from LB End.
  Please find the attached file for VIP configs.

• Generated some Dos attacks: no correponding IDS event is generated

  I installed and configured a Cisco IDS 4250 sensor.
  Actually the sniffing interface has been placed on a lan segment residing on the internal network, so, by monitoring IEV logs, I could see lots of events, but all belonging to a few category of signatures, and quite all informational. That's why, In order to generate some more significant network activity to verify correct sensor behaviour, I placed my workstation running a vulnerability assessment tool (ISS Internet Scanner) on the outside vlan (where the sniffing interface resides), and issued several common dos attacks against one workstation residing on one of the inside vlans.
  Some example of attacks generated are : SYN flood, Ping of death, UDP bomb, Land, Teardrop. I also generated a lot of tcp scan activity. Using Internet Scanner logs I verified that those attacks reached the destination machine.
  The fact is that neither IEV default view nor "sh ev" sensor commands showed any event related to my activity. The only events generated by my workstation during my tests, matched signatures "NET FLOOD UDP" (maybe signame 6910) and signature with sig number 1107 (I don't remember the name). In both cases destination ip is multicast or broadcast address.
  I verified that those signatures I was expected to match my attack packets were enabled (I verified so by "sh conf" command), so I don't see any reason why the sensor did not register any event related to the attacks I perpetrated.
  Am I missing something ? Have anyone any idea to make me understand why the results are not the ones expected?
  Thanks in advance and Regards
  Marina

  When a user complains that they are only seeing alarms with multicast or broadcast addresses, then this usually points to a sensor connected to a switch where Span has not been configured.
  When the sensor is connected to a switch, the switch will normally only send broadcast and multicast (with an occasional unicast) packet to the sensor.
  So the sensor is not being sent the packets created by your ISS scanner.
  The switch must be configured to copy these packets to your sensor. This switch configuration is normally done through the Span or Monitor command. Check your switch configuration to see how to configure these commands on your switch.
  If you are not connecting the sensor to the switch or believe that the Span configuration is correct, then the next step is to run tcpdump on the sensor and verify whether or not the packets are actually being sent to the sensor.
  1) In older versions of the sensor you need to configure the sensor to monitor the interface (I think was changed in version 4.1(4) so the interface can still be monitored while tcpdump is used)
  2) Create a service account
  3) Login to the service account
  4) Switch to user root (using same password as service account).
  5) Type "ifconfig -a" and determine which interface is your sniffing interface.
  6) Run "tcpdump -i " to start seeing packets coming in that interface.
  7) Execute the ISS scan.
  8) Look through the output of tcpdump to see if those packets are making it to the sensor.
  9) If the tcpdump does not see the ISS packets, then either span is misconfigured or the switch is not plugged in where you think it is.
  10) If the tcpdump is seeing the packets, then reconfigure the sensor to watch the interface again.
  If you have verified that the sensor IS receiving the packets then the next step is to try and generate traffic that triggers specific signatures.
  A side note:
  Often times scanners can tell you about a vulnerability without actually executing the attack. The scanner checks OS version and patches to see if it is vulnerable, but does not send packets to actually attack the machine. Especially in cases where sending the attack itself would have caused the target machine to crash.
  This type of reconaissance is often considered benign and will not trigger the alarm. An actual attack has to be executed against the vulnerability to fire the alarm.
  So for your ISS scanner you should see some alarms, but will not likely see alarms for every vulnerability that the ISS notifies you about.

• Can anyone explain this behavior and tell me how to fix it?

  Using NetBeans 6.5 on Windows, Glassfish v2.1
  I have a JSF application with a page that has a tab set.
  On one of the tabs I have a panel with company information.
  One of the components on the page is an InputText field with the value bound to a session bean variable.
  The tab also has an Add button.
  Here is what the JSP looks like for the input text and button components
     <h:inputText binding="#{MainPage.companyNameTF}" id="companyNameTF" readonly="#{SessionBean1.readOnlyFlag}"
     <h:commandButton action="#{MainPage.mainAddBtn_action}" disabled="#{SessionBean1.disableEdit}" id="mainAddBtn"
          style="font-family: Arial,Helvetica,sans-serif; font-size: 14px; font-weight: bold; left: 425px; top: 380px; position: absolute; width: 75px" value="Add"/>
       This is all plain vanilla stuff and I would expect that when the Add button is pushed, the session bean property would be filled with
  the value entered in the input text field.
  In the java code for the page, I have a method to process the Add button push.
  Originally, it just called a method in the session bean to check that a value was entered in the input text field by checking the bound
  session bean property.
  For some reason, that was not getting filled and I was getting either a null or empty string rather than the value in the text field.
  I added some checking in the method that processes the Add button push so I could check the values in the debugger.
  Here is a sample of that code:
      public String mainAddBtn_action() {
          String s = sb1.getCompanyName();
          s = (String)this.companyNameTF.getValue();
          s = (String)this.companyNameTF.getSubmittedValue();I check this in the debugger and NONE of the variants that I have listed have the value that was entered into the text field.
  The submittedValue is null and the others are empty strings (that is what they were initalized to).
  This is all pertty straight forward stuff and I am at a loss to explain what is happening.
  Can anyone expain this behavior, and, most important, how can I force the values to be present when the Add button is pushed.
  I have never experienced this problem before, and have no clue what is causing it.
  Thanks.

  Basically, the component bindings are just being used in plain vanilla get/set modes.
  I set them to "" when I do a clear for the fields and they are set to a value via the text field.
  No other action other than to read the values via get to insert them into the database.
  And, I always use the get/set methods rather than just setting the value directly.
  This is what is so strange about this behavior - I have created dozens of database add/update/delete pages using this same model and have not had a problem with them - even in a tab context.
  Not a clue why this one is different.
  I did notice that I had an error on the page (in IE7, you get a small triangle warning sign when something is not right).
  I figured that might be the problem - maybe buggering up the rendering process.
  I tracked that down and do not get that anymore (it had to do with the PDF display I was trying to get working a while back), but that did not resolve the problem.
  I don't think there are any tab conflicts - none of the components are shared between tabs, but I will see what happens when I move a couple of the components out of the tab context.
  I noticed that it seems to skip a cycle. Here is what I can do.
  1) Fill in text fields and add a record - works fine the first time.
  2) Clear the text fields
  3) Enter new data in the text fields and push Add
  4) I get an error saying fields are blank from my data check process.
  5) Enter new data and push Add - the record is added with the new data.
  My work around is to not enter data in step 3 and just accept the error message in step 4, then go ahead and enter the real data in step 5.
  Very ugly, but it works every time.

• When I click PDF file, the file does not open and  installation software for creative suite automatically begin to start. Even after re-installation of creative suite 5.5, only acrobat reader dose not work and the same phenomena occurs.

  When I click PDF file, the file does not open and  installation software for creative suite automatically begin to start. Even after re-installation of creative suite 5.5, only acrobat reader dose not work and the same phenomena occurs.

  Did you ever install Acrobat? It is not installed automatically with CS, but requires an extra installation step.

• At certain times I get a Red Square bos. It says that this so and so page are attack pages and tells me to install an update from Firefox. Not being sure what to do I immediately close Firfox without installing the update it says I needed to do.

  It's a Red box with a Policeman on it, saying this is a reported attack site and says I need to install a Firefox update. I immediately close my History on Firefox, and then close the browser. Don't install the update it says I need to, since Red usually means STOP. Have gone to the Firefox website to see about new updates. Should I go ahead and install the update?

  Thanks. You confirmed my suspicions, and I hope others do not fall for this. It usually happens with the site:
  1Channel
  or
  PrimeWire.ag (This is the name for the new 1 Channel due to its being hijacked)

• Could firefox developers use some other company besides google to block attack sites and web forgeries. Google are leaving zombie cookies.

  Google is using the the "Block reported attack sites" and "Block reported web forgeries" to leave a zombie cookie. This setting is under Menu/Preferences/Security. https://addons.mozilla.org/en-US/firefox/addon/self-destructing-cookies/reviews/676076/
  Could the developers please use some other service besides google to perform this function? I want to block these issues but I don't trust google. What has google done for firefox anyway?

  If you discover anyone else offering reputation data that Mozilla could use, I'm sure someone would look into it. But I think Microsoft and the security companies might not be inclined to offer theirs for free...

• Insert record behavior and multiple dynamic lists

  I have a complex form that contains an insert record
  behavior. Some of the fields are dynamic lists. My database has a
  table to hold the static fields from the form and a number of
  tables to hold the results from each dynamic list. I have the first
  form and another form for review purposes. On the review form I am
  getting an "Invalid argument supplied for foreach()" for each table
  I try to insert the dynamic list results into. My investigation
  leads me to believe that the arrays from the first form are being
  subsumed by the actual insert action and that when my review form
  is called, the arrays ($_POST) are no longer there. How do I ensure
  that the arrays being set in part 1 of the Insert record behavior
  will still be around for the review form? Any time I try to insert
  code into the actual insert code, Dreamweaver duplicates the
  behavior and tells me it can't decide which one to use.

  So it appears that I'm not the only person with this problem.  One of the solutions I found was to use a Server.Transfer     Server.Transfer("thank_you.asp")
  instead of a Redirect.
  This works however, now my form validation is broken.

• A error ocourred (0xe8000065) what dos that mean and how can i fix it?

  a error ocourred (0xe8000065) what dos that mean and how can i fix it?

  See this article.
  http://support.apple.com/kb/TS3221
  B-rock

• Negative offset detected, what dose it mean and how to delete it?

  hi there,
  i'm using FMS4.5.1 x64 on redhat5.7 x64, and came into an issue, that large files on storage lead to storage breakdown often, screenshot is as below while in fact my local disk is only 50GB.
  and i found info in core.00.log as follows:
  2012-04-20 03:38:04 22547 (i)2581173 Negative offset detected (/opt/adobe/fms/applications/liveTest/streams/q0zMo5g/live) : offset=-507374138652348382711520804962356974692518660038953004926260333415884728326174302 890304320038885215498198753334804692186466314664151670746002929865085836375544673427508409 682193412203496985536544362336214981856211063971185660760696718376693690811125567146445634 05586620533964800.000000
  any idea on what dose that mean and what should i try to delete the offset so that my storage can work fine again?
  Many thanks.

  Not much sure on this, but is your system time in sych with current time. Also, how are these files created? Can you explain the scenario when you get "Negative offset detected" in core logs?