I'm on my 3rd Virgin media 615 today, the last one arrived yesterday and I opened the box to fine a rev d with old bios installed, throw hands in air and all that and then proceeded to upgrade to 4.13 which I have found to be stable and work ok, the other two grow to have the wireless failure issue, I could moan here about VM but hey there's no point so I have come here for adviseafter I found the last one wireless going down, daily trips from the kids down to me to ask why the internet isn't working etc etc I started to investigate, I found the 4.13 and gened up a bit, looked at the 3rd party code and came back to Dlinks own code, anyway I have seen in the last few days hundreds of similar port scans. [code]
Now is the the router being a little sensitive to harmless software companys scans to see if products installed etc or are they something to worry about now I know whats going on if its the latter, and I don't think anyones got in yet but I would like to ban these ip's and to be honest I'm not sure of the best way also I noted a UDP active session that not a part of my subnet too mine being a standard 192.168.0.*and the other being 192.168.4.*.
keep getting this message from my firewall:A port scan was detected. Local IP:192.168.xxx Remote IP: 192.168.1.xxx. Protocol: UDP.Action Taken: BlockedWhat does this mean?!!? And what effect will it have? Simple question for pro's.
I have a dir-655 Firmware Version 2.00, hardware:B1 It's a new wireless router and it's just a week ago I got it.My problem is that the wireless is just stopping to work, it just disappear.When I do a rescan of wireless AP's the ssid and my AP is not showing up.I have to reboot the router the hard way by unplugging the power source.I have multiple computers and wireless devices, and they all loose connection and no one even see the ssid (AP) defined on my dir-655.It's connected to a cable modem switch (without nat), I'm running dhcmp on my router. No Qos engine is enabled.This happens when I'm working from home with a VPN tunnel from my pc to my companies network.I've tried to make a ticket on this on dlink support pages, but their support system only works on IE7, and the password is anyway rejected. how to solve the termination of my wifi ap?
Connected our Brother MFC-8820D printer/scanner/fax directly to one of the 4 Ethernet ports on the back of the DIR-655 in our new install with this router, and all computers can print to it, whether connected via an Ethernet cable or via wireless, but none of the printers can scan. We just get an error message. Scanner driver is installed on all computers. Same printer worked fine via Ethernet on a Windows small business server for printing and scanning. Windows server no longer used or connected. Only DIR-655 as we are dumbing down and getting rid of our Windows server and have gone to a NAS solution connected to the DIR-655.
What can we do to make the scanning work on our Multifunction printer?
Recently had an external security scan done on my DIR 655 and scan results are stating I have an accessible TFTP Server running. i've been through all the settings, and even upgraded to the latest firmware. Yet security scans are telling me I've got a TFTP Server running. Why would one be showing on the external interface, and how can I stop it?
I am wondering how to change my internet IP address as someone is DDOS attacking me on a daily basis. I have tried all the ipconfig stuff, and unplugged my modem for an hour. Not sure what to do at this point. Plugging my PC directly to the modem changes my IP, but then when I plug my PC back into my router, it changes back.
Is there anyway to block a DDOS attack? I dont know to much about DDOS attacks and how they work, but i think i understand a little bit of it. Is there no way to configure a firewall to detect rapid, spontaneous,continuous amounts of fragmented, random data coming from an IP address? Wouldn't the data coming in from a DDOS server be somewhat distinct from data that flows normally
I manage a CISCO 4404 WLC with about 46 access points across our WAN. System works very well, serving trusted users, guests etc very well.However, over the last month or two we have had an issue where we have had high load on our WAN.We have traced this down to the CISCO 4404, about 3-4 times a day, the controller connects to every access point and transmits about 5-8mb of data on port 5427. This in itself would not be a problem, but it connects to all 46 at the same time.
We are getting continuously log created as below in ASA 5510. I suspect something is going wrong (like system is getting compromised ? )
Note: I have changed the actually public IP to 22.214.171.124 for some security cause.
Mar 18 21:46:19 126.96.36.199 Mar 18 2011 21:46:22: %ASA-2-106017: Deny IP due to Land Attack from 188.8.131.52 to 184.108.40.206Mar 18 21:46:19 220.127.116.11 Mar 18 2011 21:46:23: %ASA-2-106017: Deny IP due to Land Attack from 18.104.22.168 to 22.214.171.124Mar 18 21:46:20 126.96.36.199 Mar 18 2011 21:46:23: %ASA-2-106017: Deny IP due to Land Attack from 188.8.131.52 to 184.108.40.206Mar 18 21:46:21 220.127.116.11 Mar 18 2011 21:46:24: %ASA-2-106017: Deny IP due to Land Attack from 18.104.22.168 to 22.214.171.124(code)
I have multiple questions about the PIX 525 software version 8.0(2) ASDM 6.0 (2)I am a windows network admin that is new to Cisco and routing in general. I have read through the forums and the Cisco documentation, but have not been able to fully understand the topics discussed within.
This option is currently DISSABLED for all interfaces.I know what ip address spoofing is, but what is the functionality of these options specifically? How does it work and should I enable it and for which interfaces? Second Question: Scanning Threat Detection - Auto Shun
I found this option in ASDM under: Configuration --> Firewall --> Threat Detection.Enable Basic Threat Detection and Enable Scanning Threat Detection are both currently ENABLED, but Shun Hosts detected by scanning threat is currently DISABLED. Also, the Networks Excluded from Shun field is empty. I know what the shun command does. I have used it many times when I have been fortunate enough to catch some piece of **** trying to spam my mail server or gain access to it.
What I am asking specifically is how does the Auto Shun work? Should I enable it and what are the potential consequences? Also, what exactly is a scanning attack?
I am not familiar enough with the PIX and with the topics discussed in the document to successfully apply the info within. Plus, I'm not sure it covers the kind of basic, all-inclusive bandwith cap I would like to put in place.
The goal is to cap the maximum internet (outside) bandwidth that inside5 can use to a reasonable percentage while allowing the other interfaces to have the remainder.
How would I go about this implementation? 2. Is there a way to allow inside1 - inside4 to use max bandwidth when there is no traffic on inside5?
I am probably, at least, the third owner of this device and I do not have an account with Cisco nor can my tiny (perhaps non-exsistant given the current economic state) IT budget afford any form of support or software licensing with them.My goal is to backup the IOS and ASDM data in the event that I have to replace the device due to a hardware failure.
I found a file transfer function within ASDM which allowed my to copy the files pix802.bin, asdm-602.bin and tfp from flash to my desktop computer. I also have a copy of the activation key info and my current configuration.
1. Have I backed up all the data/info I would need to restore this software and ASDM to another unit. 2. The activation key screen also has a serial number field. Is this the hardware serial number or is it for the software? and is it tied to this device specifically or can I use it to restore another unit if necessary? 3. Is there anything else I should do or be aware of regarding backup and restore for the PIX? 4. What is the tfp file?
Currently in my office have a TPlink wireless router (WR1043N), and Dlink 615 router.Below is my office's network organization.Internet-->TPLinkRouter(192.168.2.0)-->DlinkRouter(192.168.0.0)We want to host a demo website but we are afraid our network being attacked. So we wish to implement a DMZ network to hide our internal network from outside. My question is can i setup a dmz network with the above capabilities by using home routers?
We have a WLAN consisting of a WLC 4402 and 11 lightweight APs. For security/compliance reasons we have a Cisco PIX firewall that sits between the WLC (outside) and the APs (inside). The APs are allowed to form LWAPP tunnels through the firewall (inside access-list) to the WLC and the WLAN works as expected.The firewall then limits traffic from the WLAN (outside access list) to certain the internal systems.I have noticed that every so often the firewall logs show continuous "Land attack from 0.0.0.0 0.0.0.0" messages then all APs are disconnected (all lights flash).
I have a Cisco asa 5510. I am doing attack a my firewall, using n map. I am seeing in the log the attack but i like that firewall send only alarm of attack by email . I have active email with warning and i received very much email.
I observed that graph show attack, but not ip of attacker, is possible that Cisco asa show the ip too ? The log show scanning with n map but not shunning IP and not send alarm. How i can send alarm ? The graph no show ip, it's possible show it.
I study at University of Ostrava and currently I am working on my master thesis. Its content is realization of few attacks on network. Now I am trying to implement ICMP redirecting attack by using Intercepter program. Diagram of my netwok you can see on enclosed picture (Schema.jpg). Through Intercepter program I generate packets ICMP redirect (ICMP type 5), which are successfully sent from PC Attacker, but these packets do not arrive to PC Victim and Warshark shows me messages „ Destination Unreachable (Host Unrecheable).“ When I use instead of Cisco switch non Cisco switch (for example: Edimax) or hub, ICMP redirects packets arrive to PC Victim and I can continue in the attack?
SW: Switch is in the defautl setting Cisco Catalyst 2960 IOS: c2960-lanbasek9-mz.122-50.SE3.bin Router: Set only IP address on FastEthernet interfaces Cisco 2801 IOS: 2801-ipbasek9-mz 124.25f.bin
Does Cisco ASA5510 or 5520 can protect DDos attack and sync flood ?I have problem on this, so how can i protect on this, some time i saw on my log like this"sync flood " or "ddos to xxx.xxx.xxx.xxx" the ip address random .
Region : Italy Model : TD-W8968 Hardware Version : V1 Firmwae Version : latest ISP : telecom italia business on ipatm
How to Forward an external wan port like 49150 to lan ip on port 22?In the control pannel I can set only one port , and this port will be the same where the connection will be router to the lan ip ,therefore If I set the port 22 , the connection will be natted to the 22, but how to set a different external port to a specified different lan ip port?
Region : UnitedKingdom Model : TD-W8970 Hardware Version : V1 Firmware Version : 0.6.0 0.11 v000c.0 Build 121203 Rel.46289n ISP : Virgin Media
Is there any way of forwarding an external port to a different internal port on the TD-8970 ?I saw a question posed on an Australian forum implying that it might be provided in a later firmware release.Our TD- 8970 has replaced a previous NetGear WAG 320N which had this facility, and is useful to provide access to multiple machines without having to modify each individually to use a different port.
I am having an issue opening a port (4040) on the 655 for my Fedora-based subsonic server. Inside the LAN, I can see the device from other peer machines, so I am confident the port is open and listening. However, I can't seem to get to the machine-port from outside/internet.
I have tried Virtual Server and Port Forwarding with single port. The server has a stactic IP which I've included in the DHCP range and outside the range. I have a DSL connection (AT&T), modem only. I have updated firmware. I have exhausted the Subsonic community's knowledge, everything points to the router, but all the settings seem correct. What am I missing? Is if possible there is a defect in the router? (don't laugh). Is there a way to trace a request to that port to see where it is hanging?
OK- so my computer was going haywire - freezing, lagging, crashing. Only thing I could do was to restart in safe mode and run a full AVG scan which did show viruses that were sent to virus vault. Once I restarted into normal windows mode, the computer seems to be working fine with no freezing, etc.....but my LAN connection won't work. Looking at all the device managers and info on the LAN - it says "device is working properly". I have tried downloading a few "fix it" programs like Winsockxpfix and Complete Internet Repair - didn't work.
So we had a PCI scan, and we failed on a couple things where the devices are HP printers.For those that don't know, PCI = Payment Card Industry
service tcp 34862 Linux nfs-utils Overflow
The rpc.mountd service was detected on this server. This is a remote procedure call (RPC) based service that is known to have an overflow vulnerability which can give root-level access to an attacker. Note that this service may have been activated by default when you installed your operating system.
service udp 2049 RPC nfsd Detected
The nfsd program faciliates the Unix Network File System, which is rarely meant to be exposed to the public Internet. Many Unix/Linux systems activate a number of RPC services by default during installation. The nfsd program has also had vulnerabilities which could allow an attacker to gain control of this system.
Windows Registry Accessible The Windows Registry is accessible by remote users and can be accessed using a NULL session (no credentials) or using the built-in Guest account. The Registry is a critical collection of information that governs how Windows and installed applications operate. The Registry is a primary target for attackers to view or modify.
These 3 came from an HP LaserJet M4345 MFP.What needs to be disabled? Strangely, the other M4345's didn't get these. I compared configurations, but everything was the same that I could see (except for the SNMP setting).
i can't access internet after i scan for viruses using smadav and avastwhen i type sonfig /all in CMD, here are the resultsWindows IP Configurationan internal error occurred : the request is not supportedAdditional information : Unable to query host name
Get "router/acess point channel conflict error and when I try Epson scan icon it tells me it cannot communicate with scanner.When I reinstalled CD, it told me the installation failed as some files necessary fo set up were missing.
the setup is as follow: I have two separate network.192.168.90.xx and 10.10.xx.xx the two boxes being connected via an ethernet cable. How would I go about having a 192.(...) machine speak to a 10.(...) box? My boss tells me that via a UDP call the 192.(...) machine can get the IP of a 10.(...) box. Isn't UDP dependant on a subnet mask to limit the # of queries, and in that case would it even be feasable? I was thinking instead of spoofing the 192.(...) IP to an unoccupied 10.(...) IP. Of course to do this would require knowing what IPs are unoccupied on the other network, and I cannot assume the would respond to pings.
I try to launch a LAND Attack against my firewall ASA 5520. Everything will work fine. But why, I think it should not work. I use a little tool where I can user a spoofed address, with a cluster shell and attack the firewall interface with the source of 127.0.0.1 ore the ip address of the interface as the source and destination. Then I get a cpu load of 89% with only two host. With IP tables I can use kernel processes to prevent this. But I don´t find anything for ASA.
I have a DIR-655 Rev B, in a typical cascaded config: modem > dir-555 > switches & devices, etc.One of the four dir-655 ports is connected to a cheap-o Belink Wifi router which I use as an access point (I only use this because there's one device that only supports WEP). I was debugging a WiFi issue and I pulled the plug on this Belkin just to get it out of the picture. Well, when I did that, EVERYTHING that was connected through the DIR-655 lost connection. (Well, all the wired stuff anyway- not sure about WiFi devices through the DIR-655). I noticed that the port link light for the powered-off device stayed on on the DIR-655. When I unplugged the cable from the DIR-655, everything went back to normal.
So what I'm trying to figure out now is, is this a DIR-655 issue, or is it something screwy with the Belkin? Or Both? I've got to assume that there's some inherent flaw in the DIR-655 that allows something connected to a port to screw up everything that it's hosting.
I am trying to use Nmap to determine whether a certain IP address is available or not. However, the output of the scan shows that it scanned the subnet my computer is on and only one address in the network I typed in (MPLS network). Is there any way I can have Nmap only scan that one subnet and not all the others?