Question about brute force attacks

How does ironport deals with brute force attacks on ssh and https?
There is some kind of control?
If someone leaves ironport's 22 and 443 ports "open" to the internet, it would be a problem if ironport does not control number of invalid logins attempts...

uhm, i think it would be against Ironport Systems main purpose, that is to keep the appliances doing only its jobs. If you give a firewall, ppl will be able to use ironport to another tasks beyond MT task, and i think it's not wise...
I'm not talking about using it as a firewall to protect other systems. I'm talking about it having a built-in software firewall for protecting itself.
Ok, i understand what you say, but i cannot see the major usefulness of the built-in fw. If you really want your system to be safe, just dont run the stuff. Keep ssh and https disabled on the public interface.
On the begining, i was concerned about ppl that leaves the ssh and https ports opened to the net. And when i say opened, i reaaly mean without fw.
I think we are missing the spot.
But just in case, do you guys really think ironportnation's forums have enough spot to this kind of discuss?
You're the one who started this thread. If you don't think this is an appropriate place for it then why did you start it?
Ok, what i'm trying to say, is that, in my (silly) opinion, ironportnation's forums should be more visited, more commented. I dont see the ironport's legion here. Many ppl just sign in and almost never log in.
But who cares with my opinion? so let's not discuss it, let's forget it.
I keep thinking that 'Robot Exclusion Protocol' should be considered.
If you don't agree, check it out
another tip, the crawler is indexing the 'login help' page.

Similar Messages

  • How to prevent Brut force attack?

    Hello and TYIA,
    It looks like one of our Windows 2008 SBS is being attacked.  In the security log, I see about 1400 event ID 4625 Audit Failures in the last 24 hours.  They are all coming from different Ports and from IP addresses and use different usernames.
     What is the best way to stop and prevent these attacks.
    Although this is an SBS, we are not using the Exchange or the SharePoint services.  We are only using it as an AD/File/Print server
    Thank you,
    dp
    dp

    Hi,
    Since you are using Active Directory, I recommend you to use
    Account Lockout Policy to avoid brute attacks.
    By defining an
    Account Lockout Threshold, we can control the number of failed logon attempts before an account gets locked out.
    In addition, I also suggest you try to locate where these failed logon attempts generated from.
    Audit failure events are not always caused by brute attacks, when some services, scheduled tasks or devices have cached old user passwords, audit failure events are generated, too.
    Therefore, please make sure that the current passwords are used by those services or devices.
    More information for you:
    Account lockout policy overview
    http://technet.microsoft.com/en-us/library/cc783851(v=WS.10).aspx
    Troubleshooting Account Lockout
    http://technet.microsoft.com/en-us/library/cc773155(v=WS.10).aspx
    Many Audit Failure Event ID 4625
    http://social.technet.microsoft.com/Forums/windowsserver/en-US/8f7ebcf5-2310-42c3-9b6a-20205a6c17ef/many-audit-failure-event-id-4625?forum=winserveressentials
    Please feel free to let us know if there are any further requirements.
    Best Regards,
    Amy Wang

  • What the heck is brute-forcing our exchange server?

    Hello all,
    We have been getting FLOOODED with (what seems like) brute force attacks on our server. We use RDP a lot for remote connecting but our firewall (Sonicwall) is setup to block IPs that aren't ours (I've seen this resolve RDP brute-force attacks first-hand).
    The problem is that i'm used to seeing the "Failure Audit" logs with "Logon Type 10" and an IP that was attempting the connection, but now we're being flooded with "Logon Type 8". The issue that has me concerned is that i'm now
    seeing a LARGE amount (438 entries) of failed login attempts with no IP address to indicate where it's coming from.
    Now, as much as I love Batman, I know for a fact noone on our end was trying to login under this account (or the hundreds of other accounts that attempted logins). I copied one of the event viewer logs below and literally ALL of the events are identical
    with the exception of the Account Name (the acct name is different and always something blatantly fake).
    My guess is that there is some type of bot trying to authenticate using OWA to get email access, however I could be 100% wrong (the logic comes from the fact that an exchange file is listed on every event). ANNNNY input / advice on this matter is appreciated!!!
    An account failed to log on.
    Subject:
    Security ID: NETWORK SERVICE
    Account Name: <serverHostname, Edited out for security>
    Account Domain: <our domain>
    Logon ID: 0x3e4
    Logon Type: 8
    Account For Which Logon Failed:
    Security ID: NULL SID
    Account Name: baseball <This is different across the events>
    Account Domain:
    Failure Information:
    Failure Reason: Unknown user name or bad password.
    Status: 0xc000006d
    Sub Status: 0xc0000064
    Process Information:
    Caller Process ID: 0x2f3c
    Caller Process Name: C:\Program Files\Microsoft\Exchange Server\V14\Bin\EdgeTransport.exe
    ^this is what leads us to believe it's coming from OWA / email login attempts
    Network Information:
    Workstation Name: <servername>
    Source Network Address: -
    Source Port: -
    Detailed Authentication Information:
    Logon Process: Advapi
    Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
    Transited Services: -
    Package Name (NTLM only): -
    Key Length: 0
    This event is generated when a logon request fails. It is generated on the computer where access was attempted.
    The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
    The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
    The Process Information fields indicate which account and process on the system requested the logon.
    The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
    The authentication information fields provide detailed information about this specific logon request.
    - Transited services indicate which intermediate services have participated in this logon request.
    - Package name indicates which sub-protocol was used among the NTLM protocols.
    - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

    Hi,
    logontype 8 is the same as logontype 3 -network logon except for the fact the password is sent in clear text.
    I think your OWA is publicly available and someoen is trying to access it. The fact the logontype is 8 indicates you might use basic authentication on the website- which is quite insecure. it migh lso be some other servcies (like smb) are available from
    the internet and abused.
    make sure the server is only reachable on the web on the needed ports 443 for the website, 25 for smtp. You firewall should block all the rest!
    For rdp (and other management tools) I would recommend blocking access over the internet and configuring some vpn solution.
    MCP/MCSA/MCTS/MCITP
    Thank you! This goes along with what we were thinking so it's very nice to see someone else saying it. We are looking more into the firewall rules and most likely getting an updated firewall altogether. With any luck we will be ok after setting up the new
    wall with all fresh Rules while keeping the threat in mind. Lots of rules currently and limited security options since it's ancient.
    Thanks for the response!

  • Stopping brute force ssh attacks on OS X Server 4?

    OK, well the new year has brought out a slew of fresh IPs (mostly from Hong Kong, and China) trying to login to my machine (running OS X Yosemite 10.10.1 Server 4.0.3).
    I have enabled the adaptive firewall (per http://help.apple.com/advancedserveradmin/mac/4.0/#/apd4288B31F-0C3D-4004-9480-4 B7E0AFBB818) and yet the attacks continue unabated.  Multiple IPs from one class C address block, for instance—flipping between three different IPs—are hitting my machine once per second over the course of dozens of hours. Yet the firewall is doing nothing to block those IP(s). They either walk through and try a list of bogus accounts, or continually hammer the root account. 
    I have configured just a few users access to ssh via the server application. But short of disabling sshd—which is not ideal—what are the strategies for combating these attacks?  Is the best route to use the /etc/hosts.allow and /etc/hosts.deny files to configure access for sshd?
    Thanks for any tips!  —michael

    Apparently the adaptive firewall isn't very robust (see above). I have seen it block certain attempts automatically, but it doesn't do so for brute force attempts.   And everything I've read about it says to ignore the message "No ALTQ support in kernel".  (There are several references here and here.)
    For more, see: OS X Server: How to enable the adaptive firewall - Apple Support
    I use this command when I want to stop an attack immediately from one IP:
    sudo /Applications/Server.app/Contents/ServerRoot/usr/libexec/afctl -a 123.123.123.123
    afctl accepts CDIR notation, so this is useful to block an entire class C address from the 123.123.123.0 network:
    sudo /Applications/Server.app/Contents/ServerRoot/usr/libexec/afctl -a 123.123.123.0/24
    You can add more time to the block with the -t flag. To view the currently blocked hosts:
    sudo cat /var/db/af/blacklist

  • Just installed iOS6, questions about "iMessage" and other things...

    I've been a satisfied iOS4 user since I bought my iPhone4, but I was forced to install iOS6 tonight in order to download a "free" app. I found a few new icons on the screen along with about 200 percent more "Settings" I'd like to ask some questions about. I'm sure a few of these could be answered by doing a frantic and thorough search through weeks of posts but I'm a little short on time right now.
    First, what exactly is iMessage? Looking at the page for it, I can't see any difference between it and regular text messages. The info page says its to avoid charges, but between my data plan and not being charged for text I don't see where theres any other benefit. The one person I text with the most recently asked me why I had not installed iMessage yet, and didn't have an answer when I asked him why I should. I guess he just wanted to see text replies in blue instead of green.
    In a related bit, flipping through Settings>Messages>Send & Receive I find a "2 addresses" section, with my phone number in there as well as my email under "You can be reached by iMessage at:" and "Start new conversations from:". What good does it do iMessages to have my email address? Does the Mail app handle text as well as email addresses? That seems to be the only explanation, and also very odd to think I'd be trying to text through my Mail app.
    Second, looking through the Settings>Mail I see now that I have an icloud email address as well as the mac.com address I've been desperately hanging on to for the past 10 years, and the me.com address they've been trying to force me into since those came out. (I was happy to see I could delete the me.com address from the phone. I wish I could delete it from the universe.)
    I wasn't even aware there was a such thing as icloud.com addresses. When did this happen? What is it used for?
    Third, under that icloud Setting I see a long list of apps with buttons labeled "Off" under it. What are those for? Under the Mac.com settings I see switches for "Mail" and "Notes", with Mail on and Notes off. The Notes app (which I haven't used since my old iPhone 3) still opens, regardless of this setting.
    Fourth, I now have an item called "Facetime" under my Settings. It is off, but underneath it says "Your phone number and/or email address will be shared with people you call". I understand caller ID normally sends caller number info to the receiver, but why would someone need my email address if I call them?
    Fifth, I now have a "Music" setting, at the bottom of which I see a "Home Sharing" item, which when clicked brings up my AppleID and asks me if I want to Sign Out or Cancel. What is Home Sharing? Its also at the bottom of the "Video" settings.
    Sixth, now I have Twitter and Facebook settings? For what? I don't have accounts with either of those companies. So why have settings, especially since it asks me to create accounts and download apps for those companies right in the Settings?
    Seventh, there is a camera icon on the unlock screen. Touching it causes the screen to bounce up about a quarter inch, almost but not quite revealing something behind it. I should probably just quit asking about this stuff already, but I'll take the bait - what is this now?
    Finally, what is the Notification Center used for?
    If I got a text under iOS4, it would put an alert on the Unlock screen. Scrolling through this huge list of things under the Notification settings I'm really blown away by all the apps set up to yell at me. I can see having an alert for a text message but Game Center? What the heck is that, and why is it set up to hit me with a "Badge App Icon" (whatever that is) when I get alerts from "Everyone". Similarly, the phone is set to alert me to something called a "Photostream Alert"? What is this? Why is there a Phone section for the Notification Center? So they can put a Notice on my screen to tell me the phone is ringing? Holy cow! The phone is set to send me alerts from the "Weather Widget". So if I miss the fact its raining there will be a message on my screen to let me know? Whats next - a buzzer to tell me I'm listening to music?
    There's a lot more, like what would I need Passbook for when I have the actual movie tickets, gate boarding passes, coupons, etc in my hands, but we'll leave that for another time. Many thanks to all who can offer some answers to my questions above.

    Hey Taantumus!
    Here is an article that will provide some guidance on this question:
    Apple ID: Changing your password
    http://support.apple.com/kb/ht5624
    The next time you use an Apple feature or service that uses Apple ID, you'll be asked to sign in with your new Apple ID password.
    Thanks for coming to the Apple Support Communities!
    Regards,
    Braden

  • Question about the Documentat​ion Tags for Source Code

    Hello,
    I have a question about CVI's automatic source code documentation. My problem is that is seems like you need to write all documentation for a specific tag on one line. If you don't, a line break will be inserted when the documentation is displayed. Suppose I want to write a large amount of documentation for the function itself, using the HIFN tag. If I don't want linebreaks to be forced in the documentation, I need to write all this documentation on one single line, which kinda messes up my code. If I split the documentation over several HIFN tags, the documentation displayed to the user might look messed up because of all the linebreaks. Is there any escape character I can put at the end of a line, allowing me to split the documentation of several HIFN lines without forcing linebreaks in the documentation?
    Thanks!
    GEMIDIS - Innovating Display Technology
    HQ Ghent, Belgium

    This information is certainly useful. Note, however, that it can also be found in the documentation
    Tag
    Description
    /// HIFN help text
    Specifies the help text for the function. Use multiple /// HIFN tags to display help text for the function on separate lines. To separate help text with an empty line, use /// HIFN on a line by itself. You also can use HTML tags, but you must enclose the tags in <HTML><BODY></BODY></HTML> tags.
    Example
    /// HIFN SampleFunction returns the value of a control.
    int SampleFunction (int controlID, ctrlType controlType, char label[], double *value)
         SomeAction;

  • Questions about my PDF portfolio.

    I have only a few questions about a CD portfolio I am designing with Acrobat Professional (8.0)
    There were a few things i couldn't figure out on my own.
    I have about 15-20 pieces to show on CD, but there is no web design involved, so I couldn't use my own web site layout to just throw onto CD, out of that convenience.
    1) How do you make sure the PDF will always opens at the size you want?
    For example, whenever I set the document at actual size (100% view) I close and open the document, and it reopens at a random size, such as 317 percent.
    WTH?
    2) Where can I find examples of design portfolios that were designed in Acrobat? Everyone's portfolio is online these days, which is not my style.
    3) Is it possible to make a 'thumbnail view' on the first PDF page (like you would see in a gallery on a website) that links from that page to any one of the 15-20 pieces?
    Any advice is much appreciated.

    Fender77 wrote:
    1. i think you will have to shutt it off within settings, if the javagame won't let you turn it off temporary. Don't you find keytones annoying?
    Guess thats what ill do
    I also found another stuipd thing in some Java games the phone still has the tilt sensor active in games and software.
    Some games end up with graphic glitches forcing you to restart them, some display a message saying its unsupported and some support it partially (The number keys for navigation stay like they are in portrait which is of course messed up (The phone seems to change the navigation keys internally though so that does work)

  • Brothers credit journey of BRUTE FORCE (cont)UPDATE

    UPDATE: Brother got AA on his Barclays Apple card today. They called him and said that even though he pays statement in full and on time, over 100 inquiries is simply too much and closed his account. On another note, he raised his Lowes to 12k and Exon&Chevron to 4k each today. If anyone doesn't remember my last post about my brothers "spree", here it is: http://ficoforums.myfico.com/t5/Credit-Cards/Brothers-crazy-credit-journey-PART-II/td-p/3815607 I no longer consider his journey to be a spree, it's more like brute force. He applies for about 20+ cards daily (including any prime cards, etc) and gets what he gets. He's very adamant about it and probably hasn't gone more than 3 days without applying for a few cards for the past 8 months or so. Today he messaged me that he got in with a Chase British Airways VS $3500 limit & 15.99%APR and some type of a Discover card. He probably has over 100 inquiries (last 6 months) on each bureau and 60-70+ new accounts reporting in the last 6 months. His next goal is to get in with AMEX & Citi and his overall goal is to reach the $1,000,000 available credit mark, he is currently at around $200k-$250k. I'm surprised myself, apparently applying once a day for every credit card ever works, haha.

    tuolumne wrote:
    Kostya1992 wrote:
    If anyone doesn't remember my last post about my brothers "spree", here it is: http://ficoforums.myfico.com/t5/Credit-Cards/Brothers-crazy-credit-journey-PART-II/td-p/3815607 I no longer consider his journey to be a spree, it's more like brute force. He applies for about 20+ cards daily (including any prime cards, etc) and gets what he gets. He's very adamant about it and probably hasn't gone more than 3 days without applying for a few cards for the past 8 months or so. Today he messaged me that he got in with a Chase British Airways VS $3500 limit & 15.99%APR and some type of a Discover card. He probably has over 100 inquiries (last 6 months) on each bureau and 40-50+ new accounts reporting in the last 6 months. His next goal is to get in with AMEX & Citi and his overall goal is to reach the $1,000,000 available credit mark, he is currently at around $200k-$250k. I'm surprised myself, apparently applying once a day for every credit card ever works, haha.How does he even still get approvals? That really is brute force.I ask myself the same thing, lol. His score is like 650 now across the board.

  • Brothers credit journey of BRUTE FORCE (cont)

    I remember that crazy wacko app spree like yesterday

    tuolumne wrote:
    Kostya1992 wrote:
    If anyone doesn't remember my last post about my brothers "spree", here it is: http://ficoforums.myfico.com/t5/Credit-Cards/Brothers-crazy-credit-journey-PART-II/td-p/3815607 I no longer consider his journey to be a spree, it's more like brute force. He applies for about 20+ cards daily (including any prime cards, etc) and gets what he gets. He's very adamant about it and probably hasn't gone more than 3 days without applying for a few cards for the past 8 months or so. Today he messaged me that he got in with a Chase British Airways VS $3500 limit & 15.99%APR and some type of a Discover card. He probably has over 100 inquiries (last 6 months) on each bureau and 40-50+ new accounts reporting in the last 6 months. His next goal is to get in with AMEX & Citi and his overall goal is to reach the $1,000,000 available credit mark, he is currently at around $200k-$250k. I'm surprised myself, apparently applying once a day for every credit card ever works, haha.How does he even still get approvals? That really is brute force.I ask myself the same thing, lol. His score is like 650 now across the board.

  • Basic questions about Ironport

    Dear responder,
    I have some questions about the S series Web Security Ironport, It would be appreciated to respond it one by one.
    1-Is ironport can work independently if i buy it alone and put it on the edge of my network and connect the internet to the one of that ports and connect my local lan switch to the other port?
    2-If i can use it independanly can i use it in the Transparent proxy mode not the explicit one and make it sensitive to the Http traffic to bring the Authentication page for new users who want to connect to the Internet?
    3-Is there any authentication page in ironport or i have connect to the ironport to use Internet like VPN connection by an agent?
    4-Assume that if a user is currently log-in and the user wants to log-out, it there any way to Logout from the Ironport with a specific page for loging-out?
    5-Is there any local database is available into the Ironport to create users?
    6-Is there any option to define radius or Ldap server address as User database to read when needed for authentication propose?
    thank you so much.
    Abraham

    Good Afternoon Abraham,
    In my answers I'll assume you'll get AsyncOS 7.5 for Web for your WSA.
    1.  This is "in-line" mode, and while the documentation doesn't specifically say you can't do this, it doesn't say you can either.  The support on this is fuzzy.   There are 2 supported ways to deploy a WSA: Transparent redirection (using WCCP or policy-based routing), or explicit mode, using settings in the browser, or PAC files.
    2. If I understand your question, the answer is yes.  With transparent redirection, you can force all http traffic to the WSA, and require users to authenticate.  You can force the users to enter a username and password, or it can happen automatically (see answer 3)
    3. There are a few ways to handle authentication for your users: 
         They can authenticate to the the ironport, which can do a lookup against your LDAP or Active Directory.
         It can transparently authenticated them if you're using Active Directory and a browser that supports it (IE, Firefox, Chrome)
         You can use the ADAgent (runs on a seperate box) which scrapes the security logs from the AD domain controllers and passed authenticated users and their IP to the the Ironport.
    4. I'm not aware of a "logout" page.
    5. There is a "local database" for administrative users, and you can use RADIUS for administrative users, but not for your regular users. (see answer 6)
    6. Yes. You can use LDAP, Novell eDirectory, or Microsoft Active Directory for your users.
    I hope that helps!
    Ken

  • Several Questions about Aperture Problems

    Having used Aperture for some time, and being a Mac user since 1985, I have a list of questions about Aperture that I need help with.
    1. Periodically operating the sliders will make an image turn black. Sometimes this is early in a session, sometimes late. Various workarounds will bring the image back, but once this starts, quitting seems the only option. Can anyone help me with why this happens and how to stop it?
    2. About 20% of the RAW files from my supported camera display the Unsupported Image Format error screen. These files operate perfectly in the manufacturers software and in other image management software that does not use the OS RAW libraries. Can someone help me with the cause of this and the solution (not a "workaround" but a way to make it stop happening).
    3. ALL of my RAW files from my supported camera, when I try to lift metadata, return the error message that there is no metadata to lift. But in fact, the metadata inspector displays metadata. How can I stop this from happening and experience normal metadata lifting?
    4. When I use the DNG format from my supported camera, a great many EXIF fields do not display, such as lens data. Can someone help me with DNG files, since these never generate the UIF error screen (cf. #2 above) as the manufacturer's RAW files do. I'm forced to use DNGs to have all my shots, but the EXIF data is not fully displayed.
    5. Today I opened Aperture and no previews would display. Aperture froze while updating thumbnails. I'd not done any non-routine edits or imported any unusual files or formats. Aperture then would not quit. Is it safe to attempt to restart Aperture?
    6. At times Aperture slows to the point of not working at all. Long pauses simply in trying to enlarge the selection circles for redeye removal, for example. What would cause Aperture to slow down without warning at any point in the workflow? How can I experience a more consistent operating speed from Aperture.
    7. How do other image management programs like Lightroom compare on these points? Is Aperture typical or should I seek a change in my workflow, improvement in my hardware, or some adjustment in my installation?
    Info: MacBook Pro, 4 GB RAM (apple), 320 GB drive, 45 GB free on drive; library of 3800 images. Fewer than 12 projects.
    Thanks for your assistance.

    n #3. It looks like you're absolutely right on this. I went back and checked on photos I'd edited and there was the altered metadata. +Many thanks for dispelling that concern!+ I love being a happy camper. Check that one off the list!
    On 1, I've followed the black-screen issues and pretty much all we know is that a workaround exists--usually selecting the crop box restores the picture, but a lot of times it blacks out again. Having used Apple products over 25 years, all of which was in my adult professional life, I haven't seen Apple willing to just let users tolerate an irritating "workaround." I think this is something that needs fixing.
    On 6--I don't understand how the rotational speed would produce erratic performance issues. I can go a month of reasonable performance, and then suddenly things bog down. Also, if that is the reason, this really ought to be part of the System Requirements, or at least, a recommendation. Maybe it is already--I should check to be sure. I confess this is one aspect I had not thought about.
    Thanks so much for thinking about these. I love my Apple products and have owned almost every generation of Mac since the "Fat Mac" (512K RAM! 800Kb Floppies!) and hate to stare at the screen and think I've been given a truly poor product--not in my DNA--but these things break my heart.
    Message was edited by: LawsonStone
    Message was edited by: LawsonStone

  • Question about "fast fsck", ext4 and defragmentation status [SOLVED]

    I'm trying to use fsck to do a defacto defragmentation check of an ext4 partition. I'm running fsck from a live cd (SysRescue 1.15) to check one of my ext4 partitions. The ext4 partition is unmounted, of course.
    The check goes amazingly fast, but it doesn't give me any info about the percentage of non-contiguous inodes, which I understand to be the the same as the percentage of defragmentation (true?). I'm thinking this is because of the new "fast fsck" feature of ext4, as detailed below.
    My question: can I force a "slow fsck" in order to get a complete check including the inode-contiguity info? Or is there another way to get at the defragmentation status using fsck?
    Thanks.
    FWIW, here's the info on "fast fsck" from the excellent http://kernelnewbies.org/Ext4 page:
    2.7. Fast fsck
    Fsck is a very slow operation, especially the first step: checking all the inodes in the file system. In Ext4, at the end of each group's inode table will be stored a list of unused inodes (with a checksum, for safety), so fsck will not check those inodes. The result is that total fsck time improves from 2 to 20 times, depending on the number of used inodes (http://kerneltrap.org/Linux/Improving_f … ds_in_Ext4). It must be noticed that it's fsck, and not Ext4, who will build the list of unused inodes. This means that you must run fsck to get the list of unused inodes built, and only the next fsck run will be faster (you need to pass a fsck in order to convert a Ext3 filesystem to Ext4 anyway). There's also a feature that takes part in this fsck speed up - "flexible block groups" - that also speeds up filesystem operations.
    Last edited by dhave (2009-02-17 22:09:49)

    Ranguvar wrote:
    Woot! http://fly.isti.cnr.it/cgi-bin/dwww/usr … z?type=man
    fsck.ext4 -E fragcheck /dev/foo
    Thanks, Ranguvar. I had read the man page for fsck.ext3, but I hadn't run across the page for fsck.ext4. The link was helpful.

  • Brute force on admin account - Windows Domain

    Hello,
    I have seen a rise of attempts to brute force our Administrator account on a awindows domain. I have in place, a Cisco ASA5505 w/ IPS sensor. I'd like to use the IPS sensor to automatically block IP's that brute force after x failed login attempts.
    Question is, is there a signature present (we auto update and are current) which will detect this and, what do we need to do to enable / configure this to kill the connection and deny further attempts.
    THIS is what I need to stop: We are getting a few hundred a day.
    Logon Failure:
           Reason:            Unknown user name or bad password
           User Name:      administrator
           Domain:            xxx
           Logon Type:      10
           Logon Process:      User32 
           Authentication Package:      Negotiate
           Workstation Name:      xxx
           Caller User Name:      xxx
           Caller Domain:      xxx
           Caller Logon ID:      (0x0,0x3E7)
           Caller Process ID:      8728
           Transited Services:      -
           Source Network Address:      213.171.220.184
           Source Port:      9674

    Hello
    To my knowledge there is no such signature,you need to create a custom signature to achive this.
    If you have Cisco MARS; you can pull these events directly in MARS and create a regex rule for the same. Add email notification to this rule as usual to ensure alerting as desired.  Windows events can either be pulled  by MARS or can be pushed using the Snare agent.
    Please see this link for more details:
    http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/device/configuration/guide/cfgHost.html#wp718623
    Regards
    Farrukh

  • Question about the BlackBerry 8520 Unlocked

    Hi all,
    I've a question about the BlackBerry 8520.
    I saw it's being sold as unlocked and I'm wondering if once I buy it I need to have a particular carrier plan to use it or if I can simply use my pay as you go At&t plan.
    So far I didn't buy any smartphone, iPhone, Android and so on because I don't want to be forced to add a monthly plan, that by the way usually is not cheap here in LA (around $70-$90 per month). But I'd like to have a BlackBerry as I guess I could use, even without the usual carrier plans, most of its features (but please correct me if I'm wrong).
    So, basically the question is: would it make sense to buy the 8520 even with my basic "pay as you go" plan?
    Thanks for any info.

    Haha... so, probably whatever I write in this forum it doesn't matter. That's nice, it could be the perfect place where I can just rant or write anything that comes to my mind. Cool, I'll keep you guys updated. Stay tuned, some good rant coming soon!

  • Quick (and urgent) Question about Intel G5's

    Just a quick question about the new intel G5's.
    I currently have bunch of software for my PPC G5 which is a Dual 2ghz. Software includes Adobe CS2, Macromedia Studio, Quark 6, etc, etc.
    If I purchase the new intel mac, would I be able to use the same software? or would I be forced to purchase a whole new set of everything I currently have?
    If the software will work on the intel G5, would it perform at the same rate/better than how it performs now on my PPC g5?
    Thanks in advance for any help.

    Rosetta:
    Most of the time you get a real 'hit' when a program first opens that is PPC. Very sluggish. They will require and use more memory than otherwise, too.
    Tests from last August aren't as helpful, there have been improvements, letting the Mac Pro pull even further ahead.
    http://www.barefeats.com/quad06.html
    Comparison Mac Models shows scores of all models. So there is 2x as much or more processing power, bandwidth, better video, as well as disk drives. A 'base' configuration would be 4-6GB RAM.
    And there are differences, more than between G4 and G5.
    People with experience would be Mac Pro Discussions
    Don't use Migration Assistant, and upgrade to CS3 etc. reinstall all your applications fresh.
    There are some drivers and plug-ins, that can be problems, and known.
    Mac Pro 2GHz 4GB 10K Raptor RAID Cinema HD   Mac OS X (10.4.9)   WD RE RAID Aaxeon FW800 PCIe MDD-G4 APC RS1500 Vista

Maybe you are looking for

  • Syncing is really slow after upgrading my iPhone 3Gs to iOS 4.3.3.

    After upgrading my iPhone 3Gs to iOS 4.3.3, syncing my iPhone takes 15 to 20 minutes.  Prior to this, it only took a minute or two.  It just sits on "Preparing to Sync" the whole time, an finally completes the sync after 15 or 20 minutes.  My office

  • Inter plant STO with intermediate G/L Account & profit at Plant level

    Hello Experts, I have a situation at a client in California. The client does Make-to-Order sales. This client has plants in several cities. The scenario goes like this. The plant 0020 wants to sell materials to external customer. If this 0020 plant d

  • Linking between Sales order data and Biling condition

    Hi Bwers, Currently we are geneating a report with Sales order Item level (2lis_11_VAITM) information and Biling conditions(2lis_13_VDKON). We have respective DSO for both datasources (Sales order DSO and Biling Condition DSO). We have to pull both i

  • Problem when chenging a word file into PDF

    when I convert a word file into a PDF one, the whole font of the file changes. I use in the original document arial 12, when I convert the file the size and font of the whole file changes, what can I do to avoid that to happen??? IT'S URGENT I use mi

  • BBP_UPLOAD_QM_SYSTEMS Importance of this report

    Hello All, BBP_UPLOAD_QM_SYSTEMS What is the importance of this report in EBP? and tables .It says that to replicate quality management syatem data from r/3.Can you elaborate more? Appreciate your answers. Regards Muthu