I work in a service desk in +100 company and lately i got a task to gather all the host file entries that are on our network's PC's.We operate on windows XP 32&64bit, W7 64bit. Is there any tool that i could use to scan all host files within our network. I tried google of course but maybe i type my search phrases in a bad way to find something useful to my needs.
I have enabled Network filtering on MAC address on my D-Link 628 router.
I've noticed entries in the log file - "Access Denied to LAN System with MAC address ______________" for 2 different MAC addresses. I do not recognize these MAC addresses. The entry that immediately follows these messages - "Above message repeated 466 times and 124 times. The entries for these 2 MAC addresses has been occurring multiple times with different repeat numbers over the past few days.
Is this an indication that someone nearby my router is attempting to hack into my wireless router or do I have a configuration issue?
I can ping and connect to servers by IP address from my workstation. However, Sys Admin wants everyone to use the DNS name instead. The only way I know to add DNS names is to modify the host file on the workstation. Sys Admin has forbidden users from modifying their host files.
How else can I map these IP addresses to DNS on a Windows 7 machine?
I have tried modifying the domain, thinking I can use the DNS entries on the domain server. Did not work. If this should be working maybe I'm not using the right domain? Any way to determine what domain to use?
I am decent in using command line, feel free to give non-GUI based answers.
Notes: - I do know how to modify host files, including the Windows 7 work-around for having this locked out. But it's a "rule" by the Sys Admin not to do it. So I'm trying to adhere to the policy
- Sadly, asking the Sys Admin for the alternative tactic is not an option. Lame but true.
- I have scoured the internet for info on this issue. Everything I find either involves modifying files or enabling services on the server, or modifying the host file on the workstation. Even looking at the server settings is out (I don't have access).
Using the host file to block inappropriate websites on a pc works great.But i was wondering can you do the same on a wireless router.for some reason i can not find the option to do this on my netopia router.
So I have a proxy server in my home that all the computers use to access the internet (XP Pro). I edited the host file on the proxy to redirect traffic for various reasons (ad blocking, etc.) But I have noticed that it doesn't seem to affect the computers that use the proxy. For example one entry in the host file could be 127.0.0.1 abc123.com so that abc123.com would loopback to the localhost. For some reason this isn't working. Is there anyway to get this to work without changing the host file on each individual computer?
I'm using the Linksys Wag325N which always served me well. I've always been able to get my VPN to my workplace going. Until now. I've edited a hostfile on my mac (etc/ppp/ip-up) to get a route setup to be able to use internet and the vpn at the same time. But now the vpn would work no more. Why do i think that it is a router problem? Because other computers in my home network aren't able to establish the vpn they used to work with for a long time.
1. is it possible that my /etc/ppp/ip-up on my computer messes up the router?
2. Is there a way to completely reset my router? Tried "restore to factory settings" which did not work. Is there a "harder" reset?
I have a host that can successfully connect to a PIX 515E (7.x OS) via VPN Client; however, I have no IP routing to the LAN from the remote host.The VPN IP pool works finem,The LAN default gateway is the inside interface on the PIX; the network is flat L2 behind it.The default route on the PIX points out; no other routes are defined,The VPN remote host can be pinged from LAN hosts, but the VPN remote host cannot ping any LAN host, not even the PIX inside interface.
I am working on a Drupal site which is on a virtual server (the way it's been explained to me). I've been told I need to work with it through webdev. So I can copy a file off the server and onto my local machine. I make my edits and then try to upload it to the server. I get locked out with the message: Error 0x80070021: The process cannot access the file because another process has locked a portion of the file. I have tried shutting down my code editor, opening and closing the connection, tried different methods of reaching the server (Cyberduck and through Window's map network feature) to no avail. What can I do?
how to read some of these log entries I see on the IOS 15.2 router I'm working with. I'm fairly new to this stuff. My understanding is that the first socket (18.104.22.168:port#) is the originating one, and the 2nd socket is the receiving or destination. This makes sense when I see an entry like:
01043: *Nov 21 2012 10:28:34.323 PCTime: %FW-6-DROP_PKT: Dropping tcp session xx.xx.241.163:39557 192.168.xx.xx:80 due to RST inside current window with ip ident 0
The internal IP is our email server inside the LAN, the first IP is some IP in a foreign country, so someobody visited our web interface for the email server, obviously trying to breach or recon the interface but whatever. Then I see an (unrelated) entry like this elsewhere in the logs:
001095: *Nov 21 2012 25:56:03.531 PCTime: %FW-6-DROP_PKT: Dropping tcp session xx.xx.178.210:25 192.168.xx.xx:47343 on zone-pair inside-outside class INSIDE-OUTSIDE due to Stray Segment with ip ident 0
What this latter entry tells me is that the Internet host sent data FROM port 25 to what I am guessing is the open port our internal email server must have originated some other communication from. However we do not accept incoming port 25 mail from anywhere but a designated IP so this "send" is not supposed ot occur. So first off, am I reading that correctly? Is the first IP the sending system, and the second IP the receiver? there are no other entries in the logs between these two hosts, so either the logs have truncated with oldest entries removed (log buffer is set to 51200), or that outside host is sending, hoping to get our mail server to respond? BTW, the outside host WHOIS's to Microsoft's IP range, Block 1.
For our children, we use the parental control feature of the DIR-615 (RevD, FW4.11b15), which works excellently. I use the whitelist feature, so only trusted web sites can be accessed. Unfortunately the DIR-615 only has 10 entries in that list and I will soon need more. So I wonder if there is another D-Link router that offers a bigger list with maybe 50 or even 100 entries?
I have a DIR-655 rev A4 with firmware 1.35NA.I read [URL] 5 which stated that the SECURESPOT feature was removed as of firmware 1.35NA but since upgrading the router to 1.35NA I find the following two log entries mentioning securespot being initiated:
[INFO] Sat Jan 22 21:01:21 2011 Initiating securespot services. [INFO] Sat Jan 22 21:01:21 2011 Allocating securespot services.
I will mention, before upgrading to 1.35NA I was running the stock 1.21 firmware that shipped with this router. Prior to updating to 1.35NA I had taken a backup of the router settings and after the firmware update was applied I restored this settings backup. Could that be the reason this log entry is showing up? It makes me think securespot is not really removed as is claimed in the release notes for this firmware.Can anyone else with a DIR-655 A4 w/firmware 1.35NA confirm the above two log entries mentioning securespot appear in the log (assuming ALL log settings are turned on) when your router is rebooted?
we are using an ASR 1002 for dynamic NAT (with route maps). I do have a Problem with the usage of the NAT pool it self.The total NAT Translations for the pool are:
#sh ip nat stat [Id: 1] route-map natted-host-01 pool nat-pool-01 refcount 136 pool nat-pool-01: netmask 255.255.254.0 start XX.XX.202.0 end XX.XX.203.255 type generic, total addresses 512, allocated 88 (17%), missee 0
If i now look into the NAT translation Table i do get less entries:
#sh ip nat translations filter map-id dynamic 1 total Total number of translations: 43
Only a deeper look into the QFP gives here the right values:
# sh platform hardware qfp active feature nat data The ouput count matches the values I get if i isue a sh ip nat stat
My question is how is it handled internally.
We do have a problem too, with raising usage of the pool over the time.Once allocated Pool entries are not released after a period of time. And no NAT translation occur for that used IP NAT pool Addresses.
The timer on the device are set: ip nat translation timeout 300 ip nat translation tcp-timeout 900 ip nat translation pptp-timeout 900 ip nat translation udp-timeout 120 ip nat translation routemap-entry-timeout 900 ip nat translation max-entries 750000
I just replaced my older D-Link with a DIR-601. I decided to try the email feature, so I set the option to "On Log Full". Within an hour I had 5 emails. I noticed that they were mostly entries reading "DIR-601 local0.debug udhcpd: UDHCPD Received a SIGUSR1". The "Debug Information" option isn't checked.
I am trying to configure a BEFSX41 router which sits behind a Motorola SB 5120 cable modem. Somehow it now shows DNS entries on the basic setup page. Comcast advises me to zero out all those entries. When I make the attempt a message pops up saying the entry is invalid, and when I close the warning the entry reverts. The router is set to get its IP address automatically from the SB 5120.
Having trouble with resolving DNS entries with their WRT160Nv2? By resolving I mean, every once in a while, it browsers will just hang and say "Looking up..." When using nslookup, it says DNS timeout. DNS request timed out timeout was x seconds. Can't find server name for address xxx.xxx.xxx.xxx: Timed out Default servers are not available Default Server: UnKnown Address: xxx.xxx.xxx.xxx
I have the firmware 2.0.02_11 installed. Hooking directly up to the modem, I can resolve entries consistently. When I plug in the router, it works for a little, but becomes very unstable after some time. I spoke with support about this and they suggested changing the IP of the router, as well as lowering the MTU to 1400. Both did not improve stability.
I have the ME3400 deployed in an the following design. 8 100Meg ports connects to Cisco 2955s, and the 1Gig port uplinks to a Cisco 3560. My CDP neighbour table only shows an entries for the uplink Gig port. If I look at the CDP stats in the show cdp Interfaces Fastethernet 0/1,, I see CDP packets being sent every 60, but nothing returning.
On occasion I will have to clear the ARP cache on a 6500 when a customer swapeeds out a firewall or firewall NIC. The ARP cache will show the MAC of the previous device and will not update until either the ARP table refreshes dynamically (currenty at default time) or it is cleared manually.
Sometimes I need to clear it manually and sometimes is is refreshed dynamically when the new device comes up. Inconsistant issue....
Under what circimstances will an ARP entry NOT be refreshed when a firewall or firewall NIC is swapped out.
I've been using my pair of ACE-4710s for quite some time and have usually stuck to the Class C Subnet sticky settings, as that's what we migrated from in Windows NLB. In one instance of load balancing I'm trying to create an L4 inspection policy that looks for a certain payload (much like a http header) and would like to persist on this. The problem is that the client portion of the conversation starts with a 'SessionID' of 0, and the server responds with a unique 'SessionID'. If I setup the sticky policy with 'Enable Sticky For Response', I get entries populated in the sticky database, but they all go to the same server as there is a sticky session setup for the SessionID = 0. Is there a way to setup sticky entries on server response only? Currently using ACE DM v4(1.0).
Our proxy/anti-smap/IPS box called PROXY is behind our Cisco ASA firewall. The PROXY is set in transparent mode.The PROXY internal ip is 22.214.171.124 (internal ip)We have the MX record for mail.domain.com with public ip 126.96.36.199 (public ip as we entered with ISP public DNS)What happens now is that the emails that come through get "caught" by the PROXY and then we setup a thing whereby the emails are then forwarded from PROXY to our mail.domain.com server. Also, we made a static entry in PROXY whereby we can https to our email server for the outlook web access from outside of work therefore allowing for users to see the outlook web access web page.On the Cisco firewall, we put the static entry that 188.8.131.52 is mapped to 184.108.40.206 thus the mail server public ip is mapped to the PROXY.
Now, the box has this thing whereby it sends an email to all staff once a day telling them how many mails are legit, how many rejected and how many are spam - the spam emails are listed within the email and staff can at a click of a release button next to each spam email release a particular email from the PROXY box and make it to into their inbox. This works fine from the inside network, but I have issues from the outside due to the DNS and other things.I also put in the PROXY that any network can release spam and that our staff vlan can release emails. Also, on the inside of the firewall we did an access list that computers from staff vlan can access 220.127.116.11 on port 6552 (Which is the release spam port).Hence, we can release emails from internal network through the Microsoft Outlook.
On the outside network, we cannot release emails when using outlook web access.The host name for the PROXY release spam is proxy.domain.com so what we did also today is ask "ISP" to make an A record entry for another public ip which is 18.104.22.168 for proxy.domain.com.We meanwhile made an entry on the access list that comptuers from outside can access 22.214.171.124 on port 6552 (which is the release port).Now the only question is in regards to the static entries:
1. do we (and can we?) static map 126.96.36.199 to 188.8.131.52 through a port 3840 on the Cisco ASA (although we have already mapped 184.108.40.206 to 220.127.116.11 - I have a doubt here as this might mean we might not get emails? Or would we have to do the static again for this one specifcying the 18.104.22.168 as an smtp entry and the 22.214.171.124 as a release button?
2. have I made a mistake in general and should I have just told the ISP to make a CNAME entry for proxy.domain.com with the public ip 126.96.36.199 (which is the public ip for MX record?)?
we use RV082 as main gateway and need to open/forward around 50 ports to inside. But during setting of the rules I got an error message "The max of Port Range Forwarding is 30 entries. You can't add any more.".
In the online help is explicitely said "4. Click the Add to List button, and configure as many entries as you would like."
How can we setup more than 30 port forwarding rules ?