Netbeans 6.1 SMS NON-Brute force ability listen to multiple ports

Similar Messages

• OSx Server 3.1.2 - Wiki (collabd) Authentication Vulnerable to Brute Force?

  Hello Team,
       I have been using OSx Servers (3.1.2 - Build 1354517) 'wiki' or Collaborative suite to host some personally created wiki's and documentation. Upon having this open to external (WAN) connections, as was my eventual goal; I noticed a potential problem. I found that I could continually attempt authenticate against the website, without any timeout or anything else to slow down my attempts.
       To elaborate briefly, I don't mean authentication against .htpassword as maybe configured in OSX Servers Website hosting setup. I mean against the wiki software itself. The only way around this, that I can find, would be to use .htpassword for an additional layer of security.
       Given that there are MANY ways to gain usernames against the wiki server (Profiles, default 'alias', activity logs - etc), and the fact that this authenticates against local system accounts, is this a genuine security threat?
       I appreciate any feedback from other users or perhaps Apple.

  Hello Linc,
       I appreciate your reply, though I feel it misses the core content of my enquiry. It's not unnecessary to expose this service, but I would like the ability to. I don't think the service accessibility limitations should be defined on whether the application is secure or not.
       And either way, even if run in a secure environment; it's still a compromise.
       In the end, I'm still not sure; Do you acknowledge that this is vulnerable to brute force?
       Thanks,

• What the heck is brute-forcing our exchange server?

  Hello all,
  We have been getting FLOOODED with (what seems like) brute force attacks on our server. We use RDP a lot for remote connecting but our firewall (Sonicwall) is setup to block IPs that aren't ours (I've seen this resolve RDP brute-force attacks first-hand).
  The problem is that i'm used to seeing the "Failure Audit" logs with "Logon Type 10" and an IP that was attempting the connection, but now we're being flooded with "Logon Type 8". The issue that has me concerned is that i'm now
  seeing a LARGE amount (438 entries) of failed login attempts with no IP address to indicate where it's coming from.
  Now, as much as I love Batman, I know for a fact noone on our end was trying to login under this account (or the hundreds of other accounts that attempted logins). I copied one of the event viewer logs below and literally ALL of the events are identical
  with the exception of the Account Name (the acct name is different and always something blatantly fake).
  My guess is that there is some type of bot trying to authenticate using OWA to get email access, however I could be 100% wrong (the logic comes from the fact that an exchange file is listed on every event). ANNNNY input / advice on this matter is appreciated!!!
  An account failed to log on.
  Subject:
  Security ID: NETWORK SERVICE
  Account Name: <serverHostname, Edited out for security>
  Account Domain: <our domain>
  Logon ID: 0x3e4
  Logon Type: 8
  Account For Which Logon Failed:
  Security ID: NULL SID
  Account Name: baseball <This is different across the events>
  Account Domain:
  Failure Information:
  Failure Reason: Unknown user name or bad password.
  Status: 0xc000006d
  Sub Status: 0xc0000064
  Process Information:
  Caller Process ID: 0x2f3c
  Caller Process Name: C:\Program Files\Microsoft\Exchange Server\V14\Bin\EdgeTransport.exe
  ^this is what leads us to believe it's coming from OWA / email login attempts
  Network Information:
  Workstation Name: <servername>
  Source Network Address: -
  Source Port: -
  Detailed Authentication Information:
  Logon Process: Advapi
  Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
  Transited Services: -
  Package Name (NTLM only): -
  Key Length: 0
  This event is generated when a logon request fails. It is generated on the computer where access was attempted.
  The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
  The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
  The Process Information fields indicate which account and process on the system requested the logon.
  The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
  The authentication information fields provide detailed information about this specific logon request.
  - Transited services indicate which intermediate services have participated in this logon request.
  - Package name indicates which sub-protocol was used among the NTLM protocols.
  - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

  Hi,
  logontype 8 is the same as logontype 3 -network logon except for the fact the password is sent in clear text.
  I think your OWA is publicly available and someoen is trying to access it. The fact the logontype is 8 indicates you might use basic authentication on the website- which is quite insecure. it migh lso be some other servcies (like smb) are available from
  the internet and abused.
  make sure the server is only reachable on the web on the needed ports 443 for the website, 25 for smtp. You firewall should block all the rest!
  For rdp (and other management tools) I would recommend blocking access over the internet and configuring some vpn solution.
  MCP/MCSA/MCTS/MCITP
  Thank you! This goes along with what we were thinking so it's very nice to see someone else saying it. We are looking more into the firewall rules and most likely getting an updated firewall altogether. With any luck we will be ok after setting up the new
  wall with all fresh Rules while keeping the threat in mind. Lots of rules currently and limited security options since it's ancient.
  Thanks for the response!

• Brothers credit journey of BRUTE FORCE (cont)UPDATE

  UPDATE: Brother got AA on his Barclays Apple card today. They called him and said that even though he pays statement in full and on time, over 100 inquiries is simply too much and closed his account. On another note, he raised his Lowes to 12k and Exon&Chevron to 4k each today. If anyone doesn't remember my last post about my brothers "spree", here it is: http://ficoforums.myfico.com/t5/Credit-Cards/Brothers-crazy-credit-journey-PART-II/td-p/3815607 I no longer consider his journey to be a spree, it's more like brute force. He applies for about 20+ cards daily (including any prime cards, etc) and gets what he gets. He's very adamant about it and probably hasn't gone more than 3 days without applying for a few cards for the past 8 months or so. Today he messaged me that he got in with a Chase British Airways VS $3500 limit & 15.99%APR and some type of a Discover card. He probably has over 100 inquiries (last 6 months) on each bureau and 60-70+ new accounts reporting in the last 6 months. His next goal is to get in with AMEX & Citi and his overall goal is to reach the $1,000,000 available credit mark, he is currently at around $200k-$250k. I'm surprised myself, apparently applying once a day for every credit card ever works, haha.

  tuolumne wrote:
  Kostya1992 wrote:
  If anyone doesn't remember my last post about my brothers "spree", here it is: http://ficoforums.myfico.com/t5/Credit-Cards/Brothers-crazy-credit-journey-PART-II/td-p/3815607 I no longer consider his journey to be a spree, it's more like brute force. He applies for about 20+ cards daily (including any prime cards, etc) and gets what he gets. He's very adamant about it and probably hasn't gone more than 3 days without applying for a few cards for the past 8 months or so. Today he messaged me that he got in with a Chase British Airways VS $3500 limit & 15.99%APR and some type of a Discover card. He probably has over 100 inquiries (last 6 months) on each bureau and 40-50+ new accounts reporting in the last 6 months. His next goal is to get in with AMEX & Citi and his overall goal is to reach the $1,000,000 available credit mark, he is currently at around $200k-$250k. I'm surprised myself, apparently applying once a day for every credit card ever works, haha.How does he even still get approvals? That really is brute force.I ask myself the same thing, lol. His score is like 650 now across the board.

• Brothers credit journey of BRUTE FORCE (cont)

  I remember that crazy wacko app spree like yesterday

  tuolumne wrote:
  Kostya1992 wrote:
  If anyone doesn't remember my last post about my brothers "spree", here it is: http://ficoforums.myfico.com/t5/Credit-Cards/Brothers-crazy-credit-journey-PART-II/td-p/3815607 I no longer consider his journey to be a spree, it's more like brute force. He applies for about 20+ cards daily (including any prime cards, etc) and gets what he gets. He's very adamant about it and probably hasn't gone more than 3 days without applying for a few cards for the past 8 months or so. Today he messaged me that he got in with a Chase British Airways VS $3500 limit & 15.99%APR and some type of a Discover card. He probably has over 100 inquiries (last 6 months) on each bureau and 40-50+ new accounts reporting in the last 6 months. His next goal is to get in with AMEX & Citi and his overall goal is to reach the $1,000,000 available credit mark, he is currently at around $200k-$250k. I'm surprised myself, apparently applying once a day for every credit card ever works, haha.How does he even still get approvals? That really is brute force.I ask myself the same thing, lol. His score is like 650 now across the board.

• Brute force on admin account - Windows Domain

  Hello,
  I have seen a rise of attempts to brute force our Administrator account on a awindows domain. I have in place, a Cisco ASA5505 w/ IPS sensor. I'd like to use the IPS sensor to automatically block IP's that brute force after x failed login attempts.
  Question is, is there a signature present (we auto update and are current) which will detect this and, what do we need to do to enable / configure this to kill the connection and deny further attempts.
  THIS is what I need to stop: We are getting a few hundred a day.
  Logon Failure:
         Reason:            Unknown user name or bad password
         User Name:      administrator
         Domain:            xxx
         Logon Type:      10
         Logon Process:      User32 
         Authentication Package:      Negotiate
         Workstation Name:      xxx
         Caller User Name:      xxx
         Caller Domain:      xxx
         Caller Logon ID:      (0x0,0x3E7)
         Caller Process ID:      8728
         Transited Services:      -
         Source Network Address:      213.171.220.184
         Source Port:      9674

  Hello
  To my knowledge there is no such signature,you need to create a custom signature to achive this.
  If you have Cisco MARS; you can pull these events directly in MARS and create a regex rule for the same. Add email notification to this rule as usual to ensure alerting as desired.  Windows events can either be pulled  by MARS or can be pushed using the Snare agent.
  Please see this link for more details:
  http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/device/configuration/guide/cfgHost.html#wp718623
  Regards
  Farrukh

• Question about brute force attacks

  How does ironport deals with brute force attacks on ssh and https?
  There is some kind of control?
  If someone leaves ironport's 22 and 443 ports "open" to the internet, it would be a problem if ironport does not control number of invalid logins attempts...

  uhm, i think it would be against Ironport Systems main purpose, that is to keep the appliances doing only its jobs. If you give a firewall, ppl will be able to use ironport to another tasks beyond MT task, and i think it's not wise...
  I'm not talking about using it as a firewall to protect other systems. I'm talking about it having a built-in software firewall for protecting itself.
  Ok, i understand what you say, but i cannot see the major usefulness of the built-in fw. If you really want your system to be safe, just dont run the stuff. Keep ssh and https disabled on the public interface.
  On the begining, i was concerned about ppl that leaves the ssh and https ports opened to the net. And when i say opened, i reaaly mean without fw.
  I think we are missing the spot.
  But just in case, do you guys really think ironportnation's forums have enough spot to this kind of discuss?
  You're the one who started this thread. If you don't think this is an appropriate place for it then why did you start it?
  Ok, what i'm trying to say, is that, in my (silly) opinion, ironportnation's forums should be more visited, more commented. I dont see the ironport's legion here. Many ppl just sign in and almost never log in.
  But who cares with my opinion? so let's not discuss it, let's forget it.
  I keep thinking that 'Robot Exclusion Protocol' should be considered.
  If you don't agree, check it out
  another tip, the crawler is indexing the 'login help' page.

• Stopping brute force ssh attacks on OS X Server 4?

  OK, well the new year has brought out a slew of fresh IPs (mostly from Hong Kong, and China) trying to login to my machine (running OS X Yosemite 10.10.1 Server 4.0.3).
  I have enabled the adaptive firewall (per http://help.apple.com/advancedserveradmin/mac/4.0/#/apd4288B31F-0C3D-4004-9480-4 B7E0AFBB818) and yet the attacks continue unabated.  Multiple IPs from one class C address block, for instance—flipping between three different IPs—are hitting my machine once per second over the course of dozens of hours. Yet the firewall is doing nothing to block those IP(s). They either walk through and try a list of bogus accounts, or continually hammer the root account. 
  I have configured just a few users access to ssh via the server application. But short of disabling sshd—which is not ideal—what are the strategies for combating these attacks?  Is the best route to use the /etc/hosts.allow and /etc/hosts.deny files to configure access for sshd?
  Thanks for any tips!  —michael

  Apparently the adaptive firewall isn't very robust (see above). I have seen it block certain attempts automatically, but it doesn't do so for brute force attempts.   And everything I've read about it says to ignore the message "No ALTQ support in kernel".  (There are several references here and here.)
  For more, see: OS X Server: How to enable the adaptive firewall - Apple Support
  I use this command when I want to stop an attack immediately from one IP:
  sudo /Applications/Server.app/Contents/ServerRoot/usr/libexec/afctl -a 123.123.123.123
  afctl accepts CDIR notation, so this is useful to block an entire class C address from the 123.123.123.0 network:
  sudo /Applications/Server.app/Contents/ServerRoot/usr/libexec/afctl -a 123.123.123.0/24
  You can add more time to the block with the -t flag. To view the currently blocked hosts:
  sudo cat /var/db/af/blacklist

• IPS signature to block brute force attempt

  Hello all,
  We have an Outlook web access server and I would like to block an attemt of bruteforcing its login page (SSL enabled). Is there any signature that can accomplish this?
  Thanks in advance

  We could create a signature to detect this type of activity.  The only problem is that one person's brute force is another's average day, in terms of network traffic.  Any such signature would have to be highly tuned for the enviornment it is deployed in.

• Virus try to brute-force my unlock screen pin on iPad immediately after FaceTime call redirect

  Hi all!
  I guess there could be exploit in FaceTime/call redirection proto. It's the 3rd time when I see my iPad is flashing with digits brute-forcing pin code to unlock screen and does not react on any touch or buttons.
  The scenario is as following:
  1. I receive a call on iPhone
  2. Call is redirected to iPad via FaceTime
  3. After call is answered from iPhone, iPad do not fall into sleep
  4. iPad does slide to unlock!
  5. iPad start flashing with digits (it looks the same when you tapping and after any touch digit flashes). The sequence is traditional: 1111,1211,1221,etc,etc...
  6. Finally iOS blocks pin entering with timeout and iPad back to normal operations, reacts on buttons and touches.
  I talk about iPad2/iPhone4S running latest iOS 8.3.
  If anybody get the same problem, please write here.

  What you describe sounds more like a problem with your iPad's touchscreen than a hack. There's no known method for brute-forcing the lockscreen code in that manner.
  Note that the sequence you describe isn't really "traditional"... the only digits you describe as being used are 1 and 2, which are right next to each other... a problem with the touchscreen in that region could easily explain that. Use a soft, slightly damp cloth to clean the screen. If that doesn't help, contact Apple for diagnosis and service.

• Ability to view multiple files in ONE window

  I can see here that this is not a new topic really but the thing with Acrobat 9 is so frustrating that it is just unbelievable.
  This is another pearl:
  Acrobat 9 "lost" its predecessors ability to view multiple files in ONE window. After opening four only documents I cannot see anything on the screen because the toolbars on each individual window cover all necessary view and nothing is left for the actual document. And sometimes I need to open 20 documents!
  This is ABSOLUTE DISASTER!!!
  I found some explanations from Adobe on the Web that are more than a year old.
  I was sure that by now this unfortunate mishandling of that feature (apparently it was dropped out from A9 deliberately - WHO'S IDEA WAS THAT?) would be somehow restorable.
  Would anyone happen to know if this feature can get restored to how it was working in A7 or 8 (without the need to uninstall A9 and install A8)?

  No, it can't be restored, unless Adobe decides to change the way Acrobat works (which is possible, but not likely).
  By the way, it was Microsoft's idea... Adobe were just following their example on this.
  You can make a feature request here: https://www.adobe.com/cfusion/mmform/index.cfm?name=wishform

• Please add the ability to add multiple folders to the assets folder in order to better organize large numbers of files.

  Please add the ability to add multiple folders to the assets folder in order to better organize large numbers of files.

  Hello KDLadage
  Thank you for your recommendation. I understand the challenges of managing large numbers of files on the My Files page. I also understand the need to preserve project files.
  Perhaps a compromise would be to create an Archive tab under My Files. Previous versions and retired project files could then be automatically moved into this holding area when a new version is published, thus preserving the files in a separate area that is still accessible to the author.
  I will submit this suggestion to our product management team to consider as a future enhancement.

• Ability to add multiple email addresses to the same contact person

  Hello SRM Experts,
  I have a question in SRM 5.0
  In "Personal Data" tab of "Employee Data" in Manage Business Partner, we have the ability to add multiple email address. But only one email can be selected as standard.
  We have a new requiremnt that more than one email address has to be selected. Which means, when a bid invitation is published, the email notification has to go to all the email addresses from that list.
  How can this be achieved?
  Any information would be appreciated.
  Thank you

  By default the system send intimation to only one email id to the contact person.
  If you want to be send to the multiple email id for a contact person. you need to implement the same in the BADI..
  Try to find the BADI which is called on save of Bid invitation. You can check of the 'Published' status in the BADI method and fire the emails as required.
  Regards,
  Ramesh

• Lost ability to add multiple copies of a song to Shuffle

  I lost the ability to add multiple copies of the same song to my iPod Shuffle since updating my software.
  Since updating my software, I lost the ability to add multiple copies of a song to the shuffle. Before the updates, I could add as many copies as I wanted. I liked having multiple copies of my favorite songs, so that I could hear certain songs over and over again when I was in the linear play mode.
  I also don't have a manual update option on my shuffle. I actually don’t know if I ever had this option. I just noticed others were talking about it and that your site mentioned the option, so I was trying to use the function to avoid the automatic updating and inadvertent loss of songs that may no longer be in my library. I guess I have to live with the auto-update feature, since I think the Shuffle is simply lacking this feature that is found in the more expensive iPODs.
  I just updated to iTunes 6.0, hoping that this latest update would fix my problems, but there was no change. I still have the problem with not being able to ad multiple copies of the same song.
  Any ideas?

  Thank you for the tip about renaming the song. I will try it, although I think it may not help since I don't have any way to uncheck the autofill option. As it turns out, the Shuffles don't have the option for a manual update. If I change the name of the songs, it will simply erase the original song, since it will no longer be in the library. I think there is a chance it will work, until I reinsert the Shuffle to make changes. That would be OK, if it worked temporarily, so I am hopeful that it might work. I may also be able to trick the Shuffle by adding the song from a playlist, in which I have renamed the song only on the list, not in the library.
  This just bugs me, since I could add multiple copies before the updates.
  I just tried to change the name of a song on a playlist, but shuffle changed the name everywhere in the iTunes application. It looks like iTunes may be a little like Microsoft Word, in that it starts making “corrections” all by itself. In general, I don’t like it when things start changing all by themselves.
  I may try to ditch the updates and go back to the original software.

• Ability to open multiple SQL Worksheets for the same connection

  Hi,
  Please allow the ability to open multiple SQL Worksheets for the same connection, now only one can be opened.
  Thanks

  Logged Bug 9000801 - ea1: otnforum: worksheet launcher does not remember the last/default connection
  -Raghu