Server being flooded

Similar Messages

• Multicast trafficis being flooded on igmp snooping enabled switch

  I have two devices connected to the same switch, S streams video using multicast, H doesn't send join request, but the multicast is being sent to H, actually it is being flooded. Both hosts are in the same vlan.
  Distribution-1#show ver | in WS
  cisco WS-C2960-24TT-L (PowerPC405) processor (revision E0) with 65536K bytes of memory.
  Model number                    : WS-C2960-24TT-L
  *    1 26    WS-C2960-24TT-L    15.0(1)SE2            C2960-LANBASEK9-M

  Duplicate post.
  Go here:  https://supportforums.cisco.com/discussion/12218811/multicast-trafficis-being-flooded-igmp-snooping-enabled-switch

• Is Flash Media server being used commercially--TV? etc.

  Would much appreciate some concrete (live time) examples of Flash Media server being used in a commercial enterprise.  Prefer domestic (US) but any will be great.  Any closed network systems such as a multi-campus university?
  Is it being used only as a one-to-many distriution tool?  Or, is it being used as a many-to-many remote classroom environment?
  Thanks,
  Greg. Eckrich, aka
  chicagohotdog

  On your requirement of having your web app manage access, your developers will need to program some supporting classes on the FMS side. If the web app is to maintain access control, the flow will work like this:
  1. User credentials will be provided to the client side application (the .swf) either by manual entry via a form, or by runtime variables provided in the flash object embed code.
  2. When the client connects to the FMS application, the credentials will be passed in the connection request
  3. The FMS application will make an HTTP request of the web application server to validate the credentials.
  4. The web app server will reply with a pass/fail result
  5. The FMS application will accept/reject the connection accordingly.
  Server side programming for FMIS (server side actionscript) is Javascript, so if your developers are already experienced with Javascript, they should have no problem getting comfortable with the FMS API.

• IPhone 5s, full reset, now won't activate due to activation server being temporarily unavailable

  Did "erase all content and settings" on my iPhone 5s yesterday, due to signal being extremely intermittent, came to try starting it up again, with the view of just putting everything straight back on from iCloud, and it wont activate, been trying for 12 hours now, and just says "Your iPhone could not be activated because the activation server is temporarily unavailable"
  I have tried numerous times over different WiFi networks, and also by connecting to iTunes... any help.. at all?

  http://support.apple.com/kb/ts3424

• Mavericks server log flooded

  Recently upgraded OS X Server 10.6.8 to Server.app 3.2.2 and now the System Log is getting flooded with the following message repeatedly...
  Jan 15 15:58:34 sg-acd52 kernel[0]: *** kernel exceeded 500 log message per second limit  -  remaining messages this second discarded ***
  Jan 15 15:58:35 sg-acd52 kernel[0]: IOSCSITargetDevice::RetrieveINQUIRYDataPage: Inquiry Failed for page 0
  Jan 15 15:58:35 --- last message repeated 498 times ---
  This is repeating basically every second.  Only services enabled are File Sharing, NetInstall & Open Directory (and DeployStudio server).  I'm trying to find the source.
    Any ideas?  Thanks!

  What type of external storage do you have connected.  The IOSCSITagetDevice would suggest iSCSI or possibly and outdated SCSI driver.  Any chance you have old ATTO drivers that snuck in on the upgrade?  Are you using iSCSI?  Are all your volumes working?  Take a look in /Library/StartupItems for legacy startup scripts.  Maybe check out /Library/LaunchDaemons and LaunchAgents to see if there is any junk in there.
  Reid
  Apple Consultants Network
  Author "Yosemite Server – Foundation Services" :: Exclusively available in Apple's iBooks Store
  Author "Mavericks Server – Foundation Services" :: Exclusively available in Apple's iBooks Store
  Author "Mavericks Server – Control and Collaboration" :: Exclusively available in Apple's iBooks Store

• Is my mail server being used to relay spam?

  I've just setup a new OS X server (10.5.6). The only two services I have running are mail and web. The web services seem to be running well. However, mail is giving me problems. Specifically:
  I have "Relay" set with two ip addresses. The first is localhost: 127.0.0.0/8 and the other is: 216.23.173.96/28 which is the ip network my server is on.
  However, when I look at my SMTP log - set to "debug" level - it shows lots of mail activity including this entry:
  "Apr 23 19:53:34 MMcolo postfix/smtp[39718]: DBEAE98602: host g.mx.mail.yahoo.com[206.190.53.191] refused to talk to me: 421 Message from (216.23.173.107) temporarily deferred - 4.16.50. Please refer to http://help.yahoo.com/help/us/mail/defer/defer-06.html"
  That url takes you to a page that states that my mail server may be being used as a spam server, so I can't send mail to yahoo accounts.
  The logs also show multiple attempts to connect to a variety of different domains. Since I'm the only one with an account on my server and I know I'm not sending those emails, it makes me concerned. Anyone have any suggestions or advice?
  Thanks in advance,
  John

  I just went through this when I migrated to a new ISP. However, it was Comcast that was blocking me with a similar message. We thought our ISP had provided clean IPs. So I called Comcast and they were actually very helpful. Found out that in addition to some blacklist providers (spamhaus, etc) they are also using senderscore.org and trustedsource.org.
  Turns out the block was due to the IP being listed as malicious on trustedsource.org. Got a new block from my ISP and all is now good. (trustedsource shows as unverified for the new, but that's ok with Comcast). From what I see unverified is the standard state for very low volume sites. There are some other sites for this "credit" score as well. senderbase.com is another (based on Cisco's IronPort).
  So I would follow the link yahoo gives and select the part that says to send yahoo the messages and let them help diagnose the problem. If they're willing to help, use that.

• X Server being uncooperative?

  I've recently installed Arch Linux and installed a KDE desktop as my graphical environment, but starting the graphical environment has presented some confusing abnormalities. When I attempt the command
  startkde
  , I'm met with an error saying "$Display is not set or can't connect to X server". However, when I run
  kdm
  , it starts up the kde environment with no problems. This is confusing and annoying, for one, because I can't use ALT-CTRL F7 to switch back into kde after I switch into a tty session with ALT-CTRL F1, and I'm not sure what other problems may derive from this apparent lack of connection which I haven't even encountered yet. Any help on this topic would be greatly appreciated! I'm running an intel video chipset, and followed the instructions for configuring an intel video chip on the Arch wiki. Happy to provide any other needed information!

  Go figure... I displayed my newbie skills in not even attempting to finish the edit of the .xinitrc file. I gave it a shot and when logging in as the user, 'startx' started kde just as it was supposed to. No surprise that the only issue was my lack of understanding about how the X server works. Also, on the issue of not being able to change between my tty and graphical environments w/ ALT-CTRL F1-F7, I enabled sysreq, which didn't appear to make a difference, but then tried using the left side ALT-CTRL on my keyboard instead of the right side one... so not sure if it was enabling sysreq that made the difference or if my error was that simple the whole time... :-! Anyhow, my only remaining question at this point is whether there's a way I can setup 'startx' to launch kde by default when logged in as root. I understand that when running as root, X looks straight to the /etc/X11/xinit/xinitrc file, so I suppose my question is whether it's safe to replace that file with the same skeleton .xinitrc file I copied to ~.
  To answer the question about why not kdm at boot, I've actually started finding the command line growing on me lately. If I ever need to do a quick piece of system administration that I wouldn't even need a graphical environment to accomplish, it seems like booting straight into a CLI could be a nifty time saver

• TS3899 I want to use my AAPT server but my iPad insists on my outgoing server being big pond even when I clearly type AAPT. How can I change outgoing server to be AAPT. Thanks.Jack

  Trying to set up my iPad for mail and despite my clearly writing my outgoing server as AAPT it changes itself to big pond by default and so I can't send or receive . How do iI get the system to accept AAPT as my outgoing server? Help please
  Jackfromqld

  I am trying to figure out what you said, but I haven't a clue. Can you be much more explicit about what your issue is?

• Do I need to run DNS on a colo server being accessed remotely via VPN?

  My Mac Mini Server is located in a colo site. We generally use it for Web, email and a couple of application-specific services. It has a dedicated IP address. We have a separate DNS service we use to point to the domains on the server located remotely from the server. Forward and reverse lookups work fine from the server, even though the local DNS service is turned off.
  However, we now have a couple of things we want to access remotely on the server via VPN (for example, some files via AFP). The firewall blocks remote AFP requests (using the built-in firewall, not a separate box). We can connect via VPN without problems. However, AFP does not work. If I allow AFP in the firewall and try to connect, no problems at all.
  Since the Mini is located by itself and will never likely have anything connected to a "local network" (never running DHCP, etc.), there generally doesn't seem to be a need to run DNS on the server.
  I suspect the problem is that when you VPN into the server you are on its "local network", whatever that means, so the DNS does not resolve since the local DNS service is not running. However, I am not positive of this.
  Must we run local DNS? Does it have to mirror the remote DNS that we currently reference? Can we somehow "reference" the local DNS from VPN clients trying to access local services?
  I hope this question makes some sense.

  Bear with me please....
  The Mac Mini is in a data center on a shelf, getting a direct connection to the Internet via ethernet with a fixed IP address (under the covers, I suspect that the data center is using some sort of router or switch, but I am not paying for a hardware firewall or other gateway). There is no local network for the Mini. It is not running DHCP, not handing out NAT addresses, etc. DNS is currently off. Rather than using the local DNS, the Mini is resolving its DNS needs with a DNS server located at another site, over the Internet. This seems to work fine (i.e., changeip confirms it is working and services seem to work).
  I am currently using the software firewall built into SLS.
  I want to turn on VPN so that remotely located computers can access services on the Mini without having to make the services visible through the firewall.
  I am able to connect devices via VPN with little difficulty (iPhones, Macs, etc.). However, when I try to access services (let's use AFP as an example), I cannot access them UNLESS they are allowed through the firewall. This tells me that I am not seeing the services through the VPN, but rather through the Internet directly.
  What I meant by "local network" is that the VPN allocates local IP addresses when devices log into the VPN service (10.0.x.x). There is no DHCP allocating these addresses, just VPN.
  My question is: why can I not see the services on the Mini blocked by the firewall when successfully logged into VPN on the server? Isn't the whole point of the VPN to gain access to services behind the firewall?
  I am guessing (with no particular information to support my thesis) that somehow without DNS running on the Mini, VPN clients are unable to access services on the Mini. I do not know for sure, however, if this is the problem. If it IS a problem, then the question is whether I should completely copy the DNS entries from the remote DNS server to the Mini and start the service. Will that solve the issue? Create conflicts with the DNS (since it is now located on both a remote service and on the Mini)? It certainly will create a maintenance headache since now I will have to maintain the DNS in both places.
  I am hesitant to migrate all of my DNS services to the Mini (because I will also have to go to the domain registrars to change where they point, etc.) to eliminate the remote one. And I am not sure it will solve this problem anyway.
  Sorry for all of the typing!

• How do i download itunes 10.6 after getting a connot download due to server being reset?

  How can I download itunes 10.6 after getting a message that says 'cannot download due connetion with server was reset' ?

  The same way ever other iTunes update is downloaded.
  Go to www.apple.com/itunes/download and click the download button.
  If you get a specific error message, you can either post the exact message here or try helping yourself by doing a search for that error to find resolutions.

• Hello my phone will not activate due to the activation server being down what can i do

  hello i just updated my iphone 3gs and i get this message saying that the activation server is down try again later and i put my sim card in and my sim card says searching  i dont know what to do can someone please help me

  has your device ever be jail broken or hacked

• I am based in england but use satellite broadband with the server being in sited in Turin Italy. search results often returned in Italian of which i have no knowledge. How do I set firefox to return everthing in English?

  I use satellite broadband because I live in a rural area where standard broadband service is not reliable hence the need to use a satellite system. I cannot get BBC i Player because I am told I am not in the UK likewise checking Lotto results I am informed I am outside the UK and cannot take part. How can I set my system to identify myself as a UK resident.
  The same happens when I use internet explorer

  Hi,
  I suggest you try the steps in this thread for test:
  Disable Suggested Sites does not work.
  http://answers.microsoft.com/en-us/ie/forum/ie9-windows_7/disable-suggested-sites-does-not-work/4ba064b1-1c6e-43f1-939e-2db1d335b2ef
  Regards,
  Vincent Wang
  TechNet Community Support

• POP3 email marked as read on server before being read

  Problem: Emails downloaded to my iPhone are marked as read on the server, even when they have not been read on either the iPhone, server/webmail or any other email client. When iPhone recieves a new email, it is listed as unread on the phone but on the server's webmail the same email will be listed as read. This sounds exactly like the problem described here, but unfortunately there was no solution to that discussion. The main issue for me when trying to find the new/unread email via webmail, when my inbox is sorted by conversation/thread, is that all the emails look the same. The new email is not highlighted differently (ie. unread) to the other 99 emails on the page and so is difficult to find.
  More information: My iPhone is supplied by my employer and is used primarily for work. The primary mail account is configured to sync with my employer's Exchange server. This all works fine. I have added a second account to send/retrieve SMTP/POP3 email to/from my home ISP's mail server. This all works fine too (but with the above mentioned problem). With my previous phone (Windows Mobile), this same setup worked fine but without items on the server being marked as read.
  Example: At work, on my PC, I have a web browser tab open on my home ISP's webmail page. The iPhone chimes and displays a new email notice on its lockscreen. Without touching the iPhone, I check my webmail on the PC to read the new email. In the list of emails in my webmail Inbox, the new email is already marked as read, even though I have not yet opened it on the iPhone nor via webmail. Futher to this, if I send myself an email from work to home, and immediately check my webmail, I can see the email listed as unread. Without opening the email, if I allow the iPhone to check for new email (or manually make it check) but do not open the new email, then refresh the webmail page, that new email has now become marked as read.
  Further information: My ISP does not offer IMAP; this is stated very clearly on their user help/email setup wiki pages. My iPhone is configured to use their POP3 server address and port 110, the same as I have configured on my home PC. My work email account is configured for Push, my home account is configured for Fetch - hourly. The account advanced settings... Deleted Messages=never remove, Use SSL=off, Authentication=password, Delete from server=never, Server Port=110, S/MIME=off.
  Any ideas that the heck is going on here?

  Use OWA (Outlook Web Access) Not POP3 Settings
  Use OWA (Outlook Web Access) Not POP3 Settings
  Use OWA (Outlook Web Access) Not POP3 Settings
  Okay.  This is doing this because your bb is not logging into the owa (outlook web access), it's using  POP3.  In order to use owa it must be enabled on your exchange server (ask your admin if you have this option).  An owa address is something like https://mail.yourcompay.com/owa, depending how your admin set this up it could be named something else.  You can either get to this option through your phone companys (BIS) website or on the bb itself.
  If you use your phone companys website (BIS) to configure this option just log in and find the topic that reads something like this -
   "How do I set up BlackBerry Internet E-mail using a My T-Mobile Account?"
  This will give you the instruction for setting up the account for owa.  (Took me a little bit to find this in my tmobile account.)  During this setup there should be an option to check called use owa.  You have completed the setup and never saw that option then start over and find that option.
  If you go through the bb's setting on the actual device the way to get to this option is kind of strange (at least it was the only way I could figure out how to get to it on my phone).
  I started by deleting the email account off the phone then added a new account.  Go back to the account setting and change the password to a wrong password.  After you select "ok" or "next"  or whatever to get to the next screen you will get a message saying could not connect to server or error or something like that.  Now you should have a option to configure the device manually.  This option will get you to page to allow you to select OWA.  Then just configure you bb for owa and you are good to go.
  Sorry this is such a crude post.  I usually take the time to give very accurate, step-by-step instructions, but I do not have time.  Good luck to all with this issue. 

• What the heck is brute-forcing our exchange server?

  Hello all,
  We have been getting FLOOODED with (what seems like) brute force attacks on our server. We use RDP a lot for remote connecting but our firewall (Sonicwall) is setup to block IPs that aren't ours (I've seen this resolve RDP brute-force attacks first-hand).
  The problem is that i'm used to seeing the "Failure Audit" logs with "Logon Type 10" and an IP that was attempting the connection, but now we're being flooded with "Logon Type 8". The issue that has me concerned is that i'm now
  seeing a LARGE amount (438 entries) of failed login attempts with no IP address to indicate where it's coming from.
  Now, as much as I love Batman, I know for a fact noone on our end was trying to login under this account (or the hundreds of other accounts that attempted logins). I copied one of the event viewer logs below and literally ALL of the events are identical
  with the exception of the Account Name (the acct name is different and always something blatantly fake).
  My guess is that there is some type of bot trying to authenticate using OWA to get email access, however I could be 100% wrong (the logic comes from the fact that an exchange file is listed on every event). ANNNNY input / advice on this matter is appreciated!!!
  An account failed to log on.
  Subject:
  Security ID: NETWORK SERVICE
  Account Name: <serverHostname, Edited out for security>
  Account Domain: <our domain>
  Logon ID: 0x3e4
  Logon Type: 8
  Account For Which Logon Failed:
  Security ID: NULL SID
  Account Name: baseball <This is different across the events>
  Account Domain:
  Failure Information:
  Failure Reason: Unknown user name or bad password.
  Status: 0xc000006d
  Sub Status: 0xc0000064
  Process Information:
  Caller Process ID: 0x2f3c
  Caller Process Name: C:\Program Files\Microsoft\Exchange Server\V14\Bin\EdgeTransport.exe
  ^this is what leads us to believe it's coming from OWA / email login attempts
  Network Information:
  Workstation Name: <servername>
  Source Network Address: -
  Source Port: -
  Detailed Authentication Information:
  Logon Process: Advapi
  Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
  Transited Services: -
  Package Name (NTLM only): -
  Key Length: 0
  This event is generated when a logon request fails. It is generated on the computer where access was attempted.
  The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
  The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
  The Process Information fields indicate which account and process on the system requested the logon.
  The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
  The authentication information fields provide detailed information about this specific logon request.
  - Transited services indicate which intermediate services have participated in this logon request.
  - Package name indicates which sub-protocol was used among the NTLM protocols.
  - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

  Hi,
  logontype 8 is the same as logontype 3 -network logon except for the fact the password is sent in clear text.
  I think your OWA is publicly available and someoen is trying to access it. The fact the logontype is 8 indicates you might use basic authentication on the website- which is quite insecure. it migh lso be some other servcies (like smb) are available from
  the internet and abused.
  make sure the server is only reachable on the web on the needed ports 443 for the website, 25 for smtp. You firewall should block all the rest!
  For rdp (and other management tools) I would recommend blocking access over the internet and configuring some vpn solution.
  MCP/MCSA/MCTS/MCITP
  Thank you! This goes along with what we were thinking so it's very nice to see someone else saying it. We are looking more into the firewall rules and most likely getting an updated firewall altogether. With any luck we will be ok after setting up the new
  wall with all fresh Rules while keeping the threat in mind. Lots of rules currently and limited security options since it's ancient.
  Thanks for the response!

• UDP FLOODING and NON-FUNCTIONAL INBOUND LOG

  Hello,
  I have been using Linksys Routers since 1998, IIRC. I just bought a new "Cisco" (LINKSYS) E1200 and
  the INBOUND log does not work, even after activation the log function in the "Administration" area. The
  OUTBOUND log works.
  Also, my desktop workstation (a Dell T3500 running XP SP3) is being flooded with inbound UDP on
  port 1900, which is usually used for Universal Pllug and Play.
  HOWEVER, I have all of that that can be disabled, disabled. The router works fine as a DHCP server
  but I do have the problems described. It even allows ICMP through sometimes as well as NetBios
  name requests on incoming UDP port 137. Netbios is deactivatived on my computer on port 139
  as well a SMB on TCP port 445 (via a registry configuration). Nothing is listening on any ports except
  TCP port 44334. (that's my software firewall).
  I know the inbound log is not working because I have had my ports scanned and nothing shows up
  in the inbound log, TCP or UDP or ICMP. I know the outboung log (which is very small) works because
  I see the IP addresses in the outbound log. (please see the attachment)
  How do I fix the problems?

  That router has been out a long time now, since 2011 I think. As a home router it works pretty well for the basic stuff but it seems to me that all the "home" routers are a little hit or miss on how they handle more specific things like what you are taking about. I would see if it has the  latest firmware installed on it. That may possibly clear up some of it. If not you may want to contact linksyscares and see if they can help you. I wish cisco was still building these but since they sold this line to Belkin the quality seems to have suffered in my opinion.  Hopefully it will improve over time