To override a signature for a particular IP Address range in IPS
Hi team
We have one of the customers having Cisco IPS in Inline VLAN Pairing mode , version IPS 4240 , 5.1(5) .The issue is that they are having a website www.visaonline.com which was accessible from their LAN few days back (with and without proxy) .The users use to type this URL in browser on HTTP port , after which internally it gets redirected to HTTPS port .After the IPS became inline , the URL is inaccessible .The current bypass setting in the IPS is "Auto".I have chnaged the bypass mode to "On" (not to inspect traffic) so as to confirm if IPS is only blcoking the traffic . Once i changed , i found the URL started working . My concern is iam unable to find out that particular signature which is triggering this as may be the logging / produce alert action is not enabled for the same
I have done following to make the URL work
1) Created a even action filter from the source(0.0.0.0-255.255.255.255) to the destination (198.241.168.0-198.241.168.254)and subtracted all "deny " actions
2) Created a even action filter from the source (198.241.168.0-198.241.168.254)to the destination (0.0.0.0-255.255.255.255)and subtracted all "deny " actions
The above combination didnt worked , so i disabled the above rule and then i created a new custom signature 60002 with the engine as "Atomic IP "
A) Gave the action for all produce alert / log alert / SNMP for the source (0.0.0.0-255.255.255.255) to destination (198.241.168.0-198.241.168.254) however this also didnt worked
Note the IP Address of www.visaonline.com is 198.241.168.200 and sometimes we see in the nestat output 198.241.168.36 too
I believe the "Event action filters " in IPS should have worked in this case ; howeevr it is not working .Please let me know how to do correct configuration and also how to find out as to with which signature it is triggering
As of now i have disabled all the Deny packet inline / attacker / victim / TCP Reset / modify packet type of signatures and the URL is WORKING NOW .....however i believe thats not a solution .Please help in this regard
Ankur
No the idea is not to disable the signature. The reason why I wanted you to locate the specific block/deny was to make it easier to fix it. I would still recommend to use the Event Action Filters only to exclude the host and not disable the signature altogether.
That said, there are some signatures that "according to the documentation" cannot be excluded using event actions like Sweep signatures. These signatures have a field for Source/Dest IP built-in to exclude specific hosts. HOwever to be honest I could get event actions to work perfectly with event actions on our customers ;), so it could be an old restriction still mentioned in the docs.
Lastly, you only disable a signature when you are absolutely sure that you are not running the Software/Application/Service on your network. For example on one customer we would frequently get VPN 3000 COnc. HTTP attack signatures fired for internet traffic, and since there is no chance to add any VPN3k on this network (its already End of Sale), I disabled this signature.
Regards
Farrrukh
Similar Messages
-
How can I override an alert for a particular event?
I'm using Calendar 6.0 in Mountain Lion. I have set default alert times, but sometimes I want to set a different alert for a particular event. This is something that is easy to do in other calendar programs but seems impossible in Calendar. If I edit the alert time and date, it always reverts back to the default once I close the editing window or click apply.
See this support article. <br />
https://support.mozilla.com/en-US/kb/Creating+a+desktop+shortcut+to+a+web+page -
Set up Oracle HTTP Server for a particular IP address
How do I set up Oracle HTTP Server to allow access control based on a particular IP address to certain CGI Scripts if a site is a local site?
I have tried this in httpd.conf file but it does not restrict a particular IP address (say 10.1.2.4) in my home network (consists of 3 PCs). 10.1.2.3 is the IP address of node where OHS is installed. I access my OHS from client like this http://10.1.2.3:7777/cgi-bin/printenv
ScriptAlias /cgi-bin/ "C:\oracle_home\Apache\Apache\cgi-bin/"
<Directory C:\oracle_home\Apache\Apache\cgi-bin>
AllowOverride None
Options None
Order Deny,Allow
Deny from all
Allow from 10.1.2.3
</Directory>
Note: - I have not made any changes in the default configuration of OHS.
Any help for a student like me will be highly appreciated.
Regards
Rajesh KumarNo the idea is not to disable the signature. The reason why I wanted you to locate the specific block/deny was to make it easier to fix it. I would still recommend to use the Event Action Filters only to exclude the host and not disable the signature altogether.
That said, there are some signatures that "according to the documentation" cannot be excluded using event actions like Sweep signatures. These signatures have a field for Source/Dest IP built-in to exclude specific hosts. HOwever to be honest I could get event actions to work perfectly with event actions on our customers ;), so it could be an old restriction still mentioned in the docs.
Lastly, you only disable a signature when you are absolutely sure that you are not running the Software/Application/Service on your network. For example on one customer we would frequently get VPN 3000 COnc. HTTP attack signatures fired for internet traffic, and since there is no chance to add any VPN3k on this network (its already End of Sale), I disabled this signature.
Regards
Farrrukh -
How to delete the attachment for a particular to address in outlook using c#
I want to remove the attachments from outlook for a specific to address(for example if to address contain gamil.com then i want to delete the attachments) at the mail sending evevt. When we use multiple to address it give problems. I use the below code.
when i use multiple to address (like, xxx.gmail.com,yyy.yahooo.com) it remove the attachments for both mails.
pls help,
Thanks in advance....
string[] toa = mail.To.Split(';');
for (int a = 0; a <= toa.Count(); a++)
if(toa[a].Contains("gmail.com"))
//remove attachmentsHello,
You can handle the
ItemSend event of the Application class which is fired whenever an Microsoft Outlook item is sent, either by the user through an Inspector (before
the inspector is closed, but after the user clicks the Send button) or when the Send method
for an Outlook item, such as MailItem,
is used in a program.
Use the
Recipients property (a Recipients collection
that represents all the recipients for the Outlook item) of the MailItem class instead of the To property.
Use Recipients(index) or
Recipients.Item(index), where index is the name or index number, to return a single Recipient object. The name can be a string representing
the display name, the alias, or the full SMTP e-mail address of the recipient.
The Recipient class provides the
Address property which returns a string representing the e-mail address of the Recipient.
P.S. You can't remove the attachment for a specific email address. You need to send separate emails individually - with an attachment and without. In the ItemSend event handler you can check out the Recipients list and copy the source item
if you need to send the item without an attachment. Remove the "blocked" recipients from the original mail item and set them on the copied one. Then remove the attachment and send the copy. -
Hi,
I need to create local digital signatures for my users. How can I do that using W2k8 Active Directory Certificate Services? We are gonna sign Office 2010 documents.
What company offers cheap digital signatures solutions?
Thanks in advancedConsider the following:
if you use your local CA server to issue digital signature certificates, there is no cost, because you are eligible to issue so many certificates as you need. However, documents signed by these certificates will be considered trusted only within your AD
forest and other machines that explicitly trust your local CA. Any external client will not trust your signatures.
If you want to make your signature trusted outside your network (say, in worldwide), you need to pruchase a certificate from trusted commercial CA (VeriSign, GoDaddy, GlobalSign, StartCom, etc) according to respective vendor price list. In that case you
don't need to have your local CA server, because it is not used. All certificate management is performed by the external CA. A most common scenario is to purchase signing certificate for particular departament principals (head managers) or few certificates
for a whole company (all documents are revised by a responsible person or persons who holds signing certificate and sign them after review).
so, it is not clear from your post what exactly you need.
My weblog: http://en-us.sysadmins.lv
PowerShell PKI Module: http://pspki.codeplex.com
Windows PKI reference:
on TechNet wiki -
Can I create digital signatures for other people?
I am trying to determine if there are rules/software limitations that prohibit me from creating a digital signature for other people on my PC. As an example, I support a Vice President-can I create his digital signature and store it to use on his behalf? I would also have my own signature created and stored. Thanks.
Consider the following:
if you use your local CA server to issue digital signature certificates, there is no cost, because you are eligible to issue so many certificates as you need. However, documents signed by these certificates will be considered trusted only within your AD
forest and other machines that explicitly trust your local CA. Any external client will not trust your signatures.
If you want to make your signature trusted outside your network (say, in worldwide), you need to pruchase a certificate from trusted commercial CA (VeriSign, GoDaddy, GlobalSign, StartCom, etc) according to respective vendor price list. In that case you
don't need to have your local CA server, because it is not used. All certificate management is performed by the external CA. A most common scenario is to purchase signing certificate for particular departament principals (head managers) or few certificates
for a whole company (all documents are revised by a responsible person or persons who holds signing certificate and sign them after review).
so, it is not clear from your post what exactly you need.
My weblog: http://en-us.sysadmins.lv
PowerShell PKI Module: http://pspki.codeplex.com
Windows PKI reference:
on TechNet wiki -
Unable to set signature for different accounts
I have a client site where all users have an email address at two different accounts, the same two for all users. All users have a signature setup in Outlook for each email account.
For all users except one, when they select the Inbox for account A and select New Email, they get the signature for account A; and when they select the Inbox for account B and select New Email, they get the signature for account B.
But there is one user who gets the signature for account A no matter whether she creates a new email after selecting the Inbox for account A or account B.
I've looked at her signature setup in Options in Outlook and it's set correctly. She has two signatures and each is assigned to the appropriate account and New messages and Replies/forwards are both set to the appropriate account.
I myself have Outlook setup with multiple accounts and each account has its own signature and when I select any particular Inbox and create a new email, the appropriate signature is added.
Any ideas as to why it keeps defaulting to the signature of one account no matter which Inbox she chooses to create a new email from?
JonathanThanks for your reply. She is using Office 2007. I read what is at the link you provided and unfortunately it wasn't any help.
It says for Outlook 2007 to ensure a signature is set for the default email account. She had a signature set for her original account which is an Exchange one and is the default.
She recently added a second account, which is an IMAP one, and created a signature for it but when she creates an email to be sent out from her new account, the signature in the new email is that of the default account, not the new one, even though Outlook
options is set up correctly so new emails and replies/forwards from the new account are supposed to use its signature.
I tried Outlook in Safe Mode and it was no different.
One other thing is that when she opens the New Mail window there is an Account button right below the Send button. If she changes to the second account, the signature changes and this is how she is sending out email from the second account.
But everyone else in the office does not have to do this. With everyone else, if they first select the Inbox of the second account, then open a New Mail window, the signature is that of the second account. This is how it works on my computer where I have
multiple accounts.
So for some reason it's like Outlook is not detecting that she has selected the Inbox of the second account before opening New Mail. Or else it does detect it and is still defaulting to the primary account. This is what I'm trying to fix.
Jonathan -
SMTP-server does not support DKIM signature.
How to make a DKIM signature for outgoing messages in the Thunderbird?I'm not familiar with this particular use of the terminology.
Thunderbird has S/MIME support built in. You can add PGP support via the Enigmail add-on. Both offer the means to sign and encrypt messages.
I see add-ons to support the checking of DKIM-signed incoming messages, but haven't found any yet for signing.
Is it something that an email client is entitled to do? The Wikipædia entry says
<blockquote>Both modules, signing and verifying, are usually part of a mail transfer agent (MTA).</blockquote>
and that means a server, as opposed to a client (MUA). -
URL to directly launch the Contribution console for a particular site
Looking for the URL that will directly launch the Webcenter Sites Contribution console for a particular site. Can we have such a URL (might be with site id and/or any other parameter) that will directly take us to that site when we launch http://<host>:<port>/cs/...?....
Thanks
ArijitUnderstood. Good question. You certainly won't be the last one to ask that. The short version is "I don't know", but the longer version is that it's possible to figure it out.
The contributor UI is set up so that you can override any element you want. You're going to want to figure out which session variable is set to hold the site id - it's probably "pubid". Then, create a dedicated CSElement/SiteEntry pair that is the URL that you redirect to. Then element does nothing but pre-set pubid to what you want, and then calls the "front door" the UI. At that point, the framework should pick up the newly set pubid and you're off to the races.
Caveat - I haven't tried this on the contributor UI yet but it works beautifully on the advanced UI to do all sorts of things - like creating a URL directly to an asset's edit screen etc.
Good luck! -
How can I create more than one different signatures for one account or for one address?
I want to vreate 2 jr more signatures for one account. For example, in different languages, with different text, etc.
Take a look at this add-on.
https://addons.mozilla.org/en-US/thunderbird/addon/signature-switch/ -
How to find out the list of field exists for a particular transaction
Hi all,
Can u please help me find out the list of field exits available for a particular Tcode?
Is it similar to User exit or . . . . ?
Thanks,
C.Selvaraj
SAP-QMCreate a program and add this code to find user exit
tables : tstc, tadir, modsapt, modact, trdir, tfdir, enlfdir.
tables : tstct.
data : jtab like tadir occurs 0 with header line.
data : field1(30).
data : v_devclass like tadir-devclass.
parameters : p_tcode like tstc-tcode obligatory.
select single * from tstc where tcode eq p_tcode.
if sy-subrc eq 0.
select single * from tadir where pgmid = 'R3TR'
and object = 'PROG'
and obj_name = tstc-pgmna.
move : tadir-devclass to v_devclass.
if sy-subrc ne 0.
select single * from trdir where name = tstc-pgmna.
if trdir-subc eq 'F'.
select single * from tfdir where pname = tstc-pgmna.
select single * from enlfdir where funcname =
tfdir-funcname.
select single * from tadir where pgmid = 'R3TR'
and object = 'FUGR'
and obj_name eq enlfdir-area.
move : tadir-devclass to v_devclass.
endif.
endif.
select * from tadir into table jtab
where pgmid = 'R3TR'
and object = 'SMOD'
and devclass = v_devclass.
select single * from tstct where sprsl eq sy-langu and
tcode eq p_tcode.
format color col_positive intensified off.
write:/(19) 'Transaction Code - ', "#EC NOTEXT
20(20) p_tcode,
45(50) tstct-ttext.
skip.
if not jtab[] is initial.
write:/(95) sy-uline.
format color col_heading intensified on.
write:/1 sy-vline,
2 'Exit Name', "#EC NOTEXT
21 sy-vline ,
22 'Description', "#EC NOTEXT
95 sy-vline.
write:/(95) sy-uline.
loop at jtab.
select single * from modsapt
where sprsl = sy-langu and
name = jtab-obj_name.
format color col_normal intensified off.
write:/1 sy-vline,
2 jtab-obj_name hotspot on,
21 sy-vline ,
22 modsapt-modtext,
95 sy-vline.
endloop.
write:/(95) sy-uline.
describe table jtab.
skip.
format color col_total intensified on.
write:/ 'No of Exits:' , sy-tfill. "#EC NOTEXT
else.
format color col_negative intensified on.
write:/(95) 'No User Exit exists'. "#EC NOTEXT
endif.
else.
format color col_negative intensified on.
write:/(95) 'Transaction Code Does Not Exist'. "#EC NOTEXT
endif.
at line-selection.
get cursor field field1.
check field1(4) eq 'JTAB'.
set parameter id 'MON' field sy-lisel+1(10).
call transaction 'SMOD' and skip first screen.
Rewards if useful........................
Minal -
Unable to see a column of a table in portal for a particular User
Hi,
A particular user is unable to see a particular column of a table in the portal . The application is developed in Webdynpro ABAP. The table contains two columns. Both the columns contain text type fields. What appears to the user is that the left column has disappeared and the right hand column has shifted to the left.
This is occuring for a particular user only. We have checked in our development and quality systems but we are unable to replicate the issue. Please help.
Thanks and regards,
Satya.Hi Vikas.
You can use BAPI in LSMW to craete Material or You can use direct input method. Both methods as follows below:
Using BAPI in LSMW:
First maintain IDOC Inbound Processing steps by giving PORT and Partner Type and Partner Numberby clicking 'settings' icon in menu path in LSMW Screen.
Adn then execute LSMW and maintain the values as below in the first step.
BusinessObject Method(BAPI)
Business Object BUS1001006 Standard material
Method SAVEDATA Create and change materia
Message Type MATMAS_BAPI Create and change materia
Basic Type MATMAS_BAPI03 Create and Change Materia.
For the selecting of views, you can maintain fields for all views(From Basic view to costing view) in your excel and populate with 'X' in respective fields for activating views.
In the 6th step (Maintain field mapping and conversion rules). you can map those fields for views which you want to activate since we have all views are in the standard structure.
Using Direct Input Method:
Standard Batch/Direct Input
Object 0020 Material master
Method 0000
Program Name RMDATIND
Program Type D Direct Input
For the selecting of views, you can maintain fields for all views(From Basic view to costing view) in your excel and populate with 'X' in respective fields for activating views.
In the 6th step (Maintain field mapping and conversion rules). you can map those fields for views which you want to activate since we have all views are in the standard structure. -
Resp Person Tab is not coming in CJ20N for a particular project type
Hi All,
I am unaware of the standard SAP screen in CJ20N but we have a screen in CJ20n wherein we can assign a person / link a person this particular tab is not coming at all for a particular project type (Resp Person) rather a different tab (cust enhancement) is coming but our problem is we have a mass program which works on BDC and hence if the required screens are not there it fails.
Can someone please tell me if there is come config i can check/ maintain for this resp person tab so that it starts coming for all project types.
Regards
Anmol PareekHey Sarang,
Thanks a lot, it was helpful, one more thing though, In Resp Persons tab there is something called Link Employees and my problem is that i have a mass linking program (using BDC) which cannot work if i dont see that screen in my BDC (without changing BDC). The way you have told is in OPUK/ OPUJ check for proj type and see if person responsible is hidden or not. I dont think that is what i am asking because no matter what this person responsible is hidden, but for certain project types Resp Person tab itself is not coming and that is the problem.
Regards
anmol -
How to get the connected Adapter Object for a particular BDoc Type?
Hi All,
I have a scenario in which CRM system is connected to ERP system.
In SMW01 transaction, I can see one BDoc with BUS_TRANS_MSG as the BDoc Type in CRM.
Now, how do I get to know if this one BDoc is a SALESDOCUMENT or SALESCONTRACT.
Is there any way thorough which I can get to know the Adapter Object for this particular BDoc.
Regards,
MadhuriHi Madhuri,
Happy new year.
In Transaction : R3AC1.
You can observe the Linked BDOC for the adaptor objects. For example Sales docuemnt and Sales contrcat will have the same linked BDOC as "BUS_TRANS_MSG".
If you see an error in SMW01, you want to find whether it is salesdocument or contract.
1. Please take the Queue name from SMW01.
from the queue name you can find whether it is sales contract or sales document.
Queue name is customized in tables: SMOFQFIND.
I hope this helps you.
regards,
Sri... -
How to create a sequence for an particular item in my apex form
Hi friends,
I created an database application, of a form with a report, and it is working fine...
But in my form, i have a requirement....The below are the existing fields in my form
issue no
created by
start date
status
priority
due date
Among these fields in my form i need to create a 'Sequence' for my field "issue no",
So that whenever i opened the form the 'issue number' must generate automatically like 1 for the first time, 2 for the second time and so on..
For that i created a sequence
CREATE SEQUENCE "ORDERS_SEQ"
MINVALUE 1
MAXVALUE 999999999999999999999999999
INCREMENT BY 1
START WITH 1000
NOCACHE
NOCYCLE;
But for validation where i need to write the sequence query for the particular item 'issue no'....i dont have any idea of where to write the validation query for the sequence..
please tell where i need to write in step wise manner..please help me friends...
As the below is my validated sequence query for item 'issue no'
'select seq.issue_id.nextval into issue_no'
This is my above validation query whether the query that i mentioned is right..if not let me know the validation query..
And also i need where to apply this validation query in steps..
Thanks in advance
Regards,
Harry...Harry,
Rik is on the right track. Here is a sample insert trigger: Would need to substitute you sequence ORDERS_SEQ with my sequence las_log_seq, how you define or use timestamps is up to you.
DROP TRIGGER LASDEV.BINS1_LAS_LOG_TBL;
CREATE OR REPLACE TRIGGER LASDEV."BINS1_LAS_LOG_TBL"
BEFORE INSERT
ON las_log_tbl
FOR EACH ROW
BEGIN
-- Description: Insert log_seq, creation_dt, creation_id,
-- lst_updt_dt and lst_updt_id.
-- Maintenance:
-- Date Actor Action
-- ==== ===== ======
-- 07-Sep-2010 J. Wells Create.
:new.creation_id := nvl( v( 'app_user' ), user );
:new.creation_dt := SYSDATE;
:new.lst_updt_dt := :new.creation_dt;
:new.lst_updt_id := :new.creation_id;
SELECT las_log_seq.NEXTVAL
INTO :new.las_log_seq
FROM DUAL;
END bins1_las_log_tbl;
/Heff
Maybe you are looking for
-
Site will not display in safari
Hi There, This URL quite often doesn't load in Safari: www.svelte.net.nz - if it does load, click a link from the navigation and the next page will be blank. However, if you click and drag, you see a grey frame that can be dragged, and once you let g
-
Get RC=8 Error message when running CSS Upgrade Assistant
I can't get to where I can safely uninstall 7.0 to upgrade to 8.21 because I can't get through this Upgrade Assistant Program. I get the following error message: 'An error occured while archiving your Client Security Solution data. If you uninstall
-
Fan is working so fast on Satellite A300D
Hi everybody! My machine is Satellite A300D 17-F with Vista! For a long time it had a problem which is about HDD because of the bad sectors. I guess I solved it with a program named maxtor blast4. I have set up it to xp sp3 and it became more fast. B
-
frmFrame1 = new JFrame("Test Frame"); frmFrame1.setSize(600,400); i have a main panel with cardlayout in this frame which inturn have several different screens not sure why but when the first time application is launched window is not getting set wit
-
Hello, Work flow for blocked invoices - WS20000397. How to check in the configuration of work flow or IMG that email will be automatically sent to a list of users about the blocked invoices and advise them to take action? Also if there are any custo