Uhm... You may have read it wrong? There actually is a very popular network debugging tool by the name of wiresharK https://www.wireshark.org/
If not then... Lol. Although I can see a torrenting/file sharing tool used to stress systems, but I imagine there are better tools suited for that.
Some cryptomining malware is able to detect when you open Task Manager, and then stop what it is doing in order to hide itself until you close it. That's my first guess.
Try Process Hacker.
Bandwidth doesn't seem to be the problem.
$ host voat.co voat.co has address 91.250.84.85
$ host 91.250.84.85 85.84.250.91.in-addr.arpa domain name pointer rs213611.rs.hosteurope.de.
$ ping 91.250.84.85 PING 91.250.84.85 (91.250.84.85): 56 data bytes 64 bytes from 91.250.84.85: icmp_seq=0 ttl=116 time=25.273 ms 64 bytes from 91.250.84.85: icmp_seq=1 ttl=116 time=26.345 ms 64 bytes from 91.250.84.85: icmp_seq=2 ttl=116 time=26.850 ms 64 bytes from 91.250.84.85: icmp_seq=3 ttl=116 time=25.089 ms ^C --- 91.250.84.85 ping statistics --- 4 packets transmitted, 4 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 25.089/25.889/26.850/0.733 ms
They address is pointing to an hoster in a datacenter in Germany. The ping is steady, around 26 from here, The Netherlands.
$ sudo nmap -sS -O 91.250.84.85
Starting Nmap 6.47 ( http://nmap.org ) at 2015-06-11 16:34 CEST Nmap scan report for rs213611.rs.hosteurope.de (91.250.84.85) Host is up (0.0084s latency). Not shown: 989 filtered ports PORT STATE SERVICE 21/tcp open ftp 53/tcp open domain 80/tcp open http 110/tcp open pop3 143/tcp open imap 443/tcp open https 554/tcp open rtsp 1433/tcp open ms-sql-s 3389/tcp open ms-wbt-server 7070/tcp open realserver 8443/tcp open https-alt
I see some Microsoft ports opened, and on port 8443 runs Plesk for Windows. It seems to be just a simple server, and on Windows. That's asking for problems imho. They became "slashdotted" and could have prevented it by using Varnish and/or NGINX with caching enabled and tuned.
WOW. I never thought anyone would upstage Hackers (1996) for lack of realism!
Aside Matrix Reloaded, are there any movies out there that do it even close to correct?
For those who are unaware, despite the piles of nonsense of Matrix Reloaded, they did a great job with the real world hacking. In the scene where Trinity breaks into the power grid servers, she uses nmap to scan for vulnerabilities, finds that it is running an old version of SSH, then uses a real exploit called sshnuke to reset the root password. Though the vulnerability had been fixed for a few months by the time the movie came out, there is a good chance low security government servers had yet to be patched.
http://nmap.org/images/matrix/trinity-nmapscreen-hd-crop-1200x728.jpg
I'm not shrugging this off because it's Valve. If anything, I think it deserves more scrutiny because it's not about EA (or their ilk). Valve is one of those companies that I think I agree with in their basic motivations, but does some things that deeply worry me.
At this point, though, I am shrugging it off for the following reasons.
Sure -- the experiment would be be a pretty trivial download of a packet & network analyzing program, and then monitoring whether there is outbound voice data being sent by the browser or any other apps. (spoiler alert: it isn't)
Credit to u/calrogman for finding this From apply_delayed_options() in nmap.cc:
> if (o.verbose) { if (local_time->tm_mon == 8 && local_time->tm_mday == 1) { log_write(LOG_STDOUT | LOG_SKID, "Happy %dth Birthday to Nmap, may it live to be %d!\n", local_time->tm_year - 97, local_time->tm_year + 3); } else if (local_time->tm_mon == 11 && local_time->tm_mday == 25) { log_write(LOG_STDOUT | LOG_SKID, "Nmap wishes you a merry Christmas! Specify -sX for Xmas Scan (http://nmap.org/book/man-port-scanning-techniques.html).\n"); } }
The title makes it seem like this will work for everyone, which is hardly the case. This only works if you have a notebook with one of the WiFi adapters listed in that post: >- Intel Centrino 6205 Advanced-N - Intel Centrino 6235 Advanced-N - Intel Centrino 6300 Ultimate-N
Which is pretty unlikely (but by all means do lookup the specifications of your laptop to see if you've got one of these). If you don't have that WiFi adapter, your laptop is not affected by this issue and your ping spikes are being caused by something else. Things you can try:
Bit late, but will still go at it. When he said "wire shaked", it means he used a packet sniffing tool called Wireshark (https://www.wireshark.org/).
When someone sets up a voice call in over steam, the connection doesn't go through their servers, it direct connects you to the other person's computer (for less lag presumably), because of this you can use Wireshark to get someone's ip (https://nictutorial.wordpress.com/2014/06/19/wire-shark-finding-your-friends-ip-through-steam/).
Now that isn't enough to get your real name, but having your ip is enough to get about where you live. So if he was able to associate your steam username with a profile you might have somewhere else, i.e. you use the same profile name for your twitter or something. He might have been able to find your real name. Then using (most likely) Facebook he could search your name and confirm with the ip location which person is actually you (if you have a common name). And bam, you've been dox-ed...
Quick note, Wireshark will do absolutely nothing bad to your computer, it just looks at packets, there is a 99% chance they did nothing to harm your computer, and I severally doubt some fear-monger on steam would have the skill/knowledge/motive to actually do anything bad.
Yes, it might be a little over the heads of most consumers, but there are plenty of simplified tutorials for using wireshark, and capturing all traffic is a very basic action for the program. As long as it can see your wifi device on your computer, it can capture packets received by/visible to it.
*If you're not technically inclined enough to understand what wireshark is doing or how to read the capture log, then perhaps something like:
>I was having trouble connecting to my wifi hotspot device while staying in ______ hotel at ______ address. I'm concerned that they may be attempting to block access to my personal device by illegally pretending to be my wifi hotspot and telling my device to disconnect (in essence, jamming the signal.) With the help of others on the internet, I was able to capture the attached log of wifi traffic visible to my device using the program Wireshark. Please review it for any sign that they might be engaging in such a practice.
In a terminal, you can run htop
, this gives you a very decent overall look at your running processes, how much ram they take up, and so on.
another popular option is to use conky, it puts the information on the desktop, it has its own scripting language, allowing you make layouts however you want, but there are also tons of premade ones you can use, heres what I have on my second screen
Software engineer and hobbyist sysadmin here. Steam performing a bunch of reads shouldn't put your performance out too much, assuming that you're not engaging in any other disk-heavy loads. Applications should still be responsive, nothing should lag, etc.
If you're seeing applications lag like they're not responding, and not just seeing applications take longer to do things, then there's a good chance you're low on RAM and your applications are being paged out of memory.
Yeah, buying an SSD will help the problem, but that's really only a band-aid; the real fix is to make sure you don't leave too many applications open, or if you're just running out of memory, consider getting more.
If you want to try to diagnose these sort of things, I'd recommend checking out the tools at Sysinternals. Process explorer is one of their most popular tools, but vmmap is handy for examining a single process.
It kinda depends on how often you're sending requests. But in a lot of cases, it can make a huge difference. Take this page I'm responding to you on for example. Opening up the Chrome inspector to the Network tab shows that the HTML for this page is 14.4 KB. At 128 Kbps, that'd take roughly a second to transfer. With a typical latency of 50ms with 4G, it hardly affects the total time. With a typical latency of 500-1000 ms on a 2G connection, you can easily double the time it takes to load a page. Now consider that this page has 23 separate resource requests (stylesheets, javascript, images, etc), and each of those potentially has an extra full second of latency added on, and it really stacks up. Granted, your browser will usually request a handful of resources in parallel, and some of them will end up being cached. But it's still very much a factor in page load time.
Also consider any kind of server-side interactivity - things like submitting a comment on reddit or search suggestions as you type in google. The typical comment is usually just a couple hundred bytes. The connection speed won't matter hardly at all. But 50ms (instantaneous) vs 1000ms (noticeable delay) in latency makes for quite a different feel. Search suggestions as you type feel much less helpful if you have to wait a second or two before they load.
If you want to experiment a bit, take a look at Net Limiter.
The Organizationally Unique Identifier. Every network port has a MAC address. The first half of which is assigned to the manufacturer of the unit. If you punch the MAC address into an OUI Lookup Tool it'll be able to tell you who made it (theoretically).
Download the Sysinternals tool "Process Explorer" (here: https://technet.microsoft.com/en-us/sysinternals/bb896653.aspx )... launch it.. and go under the OPTIONS menu and turn ON the "VirusTotal" functionality. (it may make you agree to a EULA...,etc)
The "VirusTotal" feature... takes a snapshot of all your currently running processes --- and compares them against the virus-database up on www.virustotal.com .... that should tell you whether any of your current Processes are suspicious or not.
while not an answer as to a possible problem, use this to get an evulation and possible infos on problems
https://mxtoolbox.com/spf.aspx
btw: masking the spf records is pretty funny since it is public to anyone
Anti-fraud checklist:
> Even if it were from @youtube.com doesn't mean it's still real. You can fake the email address although it doesn't guarantee it goes to their inbox.
Actually, Google uses SPF to ensure that only legitimate senders are able to send from @youtube.com e-mail addresses. Of course, the receiving e-mail service doesn't have to honor SPF rules, but the screenshot from OP is a screenshot of Inbox, one of Google's apps for receiving Gmail (or G Suite) e-mail, which means that they are honoring SPF. If the above came from an @youtube.com address and it made it to a @gmail.com inbox, then it's legit.
Not Foscam for once :)
root@raspberrypi ~ # nmap -PN 10.100.100.10
Starting Nmap 6.00 ( http://nmap.org ) at 2015-09-28 01:13 UTC Nmap scan report for Foscam-[Redacted] Host is up (0.064s latency). Not shown: 999 closed ports PORT STATE SERVICE 80/tcp open http MAC Address: 48:02:[Redacted] (B-Link Electronic Limited)
Nmap done: 1 IP address (1 host up) scanned in 4.92 seconds root@raspberrypi ~ #
I checked your domain's reputation on https://mxtoolbox.com (use the blacklist checker) and it comes up clean. The XYZ review process looks simple enough so just provide them with the results of your checks?
The site uses AWS who are on the list of advertisers to boycott. It's only been 12 hours so I get why they haven't switched yet, but equally, why would lefties use Amazon in the first place.
If you're blacklisted at Spamhouse, you're likely to be blacklisted other places as well.
You can use https://mxtoolbox.com/blacklists.aspx to figure out which ones. Make sure to search both by hostname and IP - I've occasionally seen different results coming up.
That'll help you figure out WHERE you are blacklisted. Some of these guys that have blacklisted you will have an automatic thing on their site that may tell you why you were blacklisted.
You can get hints on WHY you are blacklisted by using email-tester.com - it will give you a spamscore and some pointers on what to improve to make your emails look less like spam.
Good luck.
It would help to know a bit more about your setup.
I have been quite pleased with Poste.io on Scaleway. If you'd like to give that a shot, its very cheap.
What?!? Are we talking about https://www.wireshark.org/ ?!?
The completely free and limitless tool? That captures every protocol you dump on the line?
​
There is no pro, or you sir, are a very good troll :)
Because I was bored, I checked their SPF record (main reason for deliveribility issues is a messed up record or lack there of).
It looks like they're using the SPF type instead of the TXT type.
What does this mean? Well it means your email provider likely rejected their email due to this invalid record.
https://mxtoolbox.com/SuperTool.aspx?action=spf:robertsspaceindustries.com
Someone should message them and get that fixed.
Brownie points if they manage to get a DKIM record in place as well.
I'm not the most educated on the subject, but I came across the same problem and do have a solution.
It's not "forever," per se, but does seem to remove most of my noticeable input lag.
1) Download Process Explorer.
2) Open osu!
3) Run ProcExp as administrator.
4) Find "explorer.exe" on the list. Right click and hit "Kill process."
5) Find "winlogon.exe" on the list. Right click and hit "Suspend."
6) Under "winlogon.exe" should be "dwm.exe." Right click and hit "Kill process."
You should be free from the binds of Windows 8.
Note that you have to do this process every time you wish to play osu!, unfortunately.
After doing these steps, you will be unable to access the Start Menu, File Explorer, and other minute processes related to Windows.
To revive Windows 8, simply hit "File" on Process Explorer (hopefully you haven't closed it, or you'll have to restart), click "run," and type "explorer.exe." Hit "Ok," and your File Explorer will be necromanced.
Right click on the suspended "winlogon.exe." and hit "Resume" to revive the Windows 8. dwm.exe should reappear when you do this.
If anyone has a better solution, please share ;_;
It's a large set of multiple blacklists that most email servers are configured to use. If you wind up on one, it's basically time to fold up shop and close down, because no email servers will accept mail from you. It's extraordinarily difficult to remove yourself from them because there are a lot of them and they're all independently maintained, so you have to contact a whole shitload of different people if you get on one.
It's basically a community death penalty for spamming servers. One of the things you have to do if you run your own email (or if you run the email servers for a company that isn't using hosted email from O365 or GSuite or whatever) is keep regular tabs on the lists to make sure you're not on them. It's one of a thousand reasons why self-hosting email is a giant pain in the ass.
Windows firewall does a better job than Linux in some cases. For example when someone is running a port scan it won't respond to some type of hidden scans like FIN scans. http://nmap.org/nmap_doc.html
Not a solution to OP's problem, but for overall bandwith allocation I use NetLimiter, it shows bandwidth used by different applications separately, allows to set individual limits, and shows to wich IPs data goes/comes from.
(On a "meh" side - it's pretty expensive, but I couldn't find freeware programm that dose that.)
i dont get it...they claimed their host shut them down due to a C&D letter from "B".
yet they are still using OVH https://mxtoolbox.com/SuperTool.aspx?action=ptr%3a37.187.103.5&run=toolpage
I think "B" might get them again...lol
Some people do
yum install nmap
or
wget http://nmap.org/dist/nmap-5.61TEST2.tgz
tar -zxvf nmap-5.61TEST2.tgz
cd nmap-5.61TEST2
./configure
make
sudo make install
Edit: Fixed because I didn't actually try to run the second way.
[gordie@maple02]~% nmap whitehouse.gov zsh: no manners found: nmap whitehouse.gov [gordie@maple02]~% please nmap whitehouse.gov
Starting Nmap 6.40 ( http://nmap.org ) at 2015-10-23 05:36 NST ...
I did some superficial research into the server this announcement was posted on.
~# nmap -F -P0 -O terathon.com
Starting Nmap 6.40 ( http://nmap.org ) at 2015-01-12 22:34 CST Nmap scan report for terathon.com (69.175.14.218) Host is up (0.035s latency). rDNS record for 69.175.14.218: server.terathon.com Not shown: 86 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh [... snip ...] 995/tcp open pop3s 3306/tcp open mysql Device type: general purpose Running: Linux 2.6.X OS CPE: cpe:/o:linux:linux_kernel:2.6 OS details: Linux 2.6.9 - 2.6.27 Network Distance: 15 hops
OS detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 7.08 seconds
Seems to be working okay for a "[...]disparate array of barely functioning parts with horrible reliability and little potential[...]".
There's the film "The Girl with the Dragon Tattoo" where we see a couple of scenes of the main character using Nmap along with Terminal and I believe a couple of instances of SSH. It's probably in my opinion one of the few films that I can think of where they actually get hacking right. Non of the Hollywood CGI crap.
Not sure if this counts, but I would also add The Social Network as a film that it least tries to get the tech stuff right, especially with the scenes involving Jesse Eisenberg using KDE.
EDIT: For anyone wanting to know an example, here's a scene from "The Girl with the Dragon Tattoo": http://nmap.org/images/gwtdt/gwtdt-nmap-screen.jpg
This won’t work for websites on shared hosting.
I’d test this before assuming it will work.
Shared hosting is more common for low end/low traffic sites but it’s entirely plausible for a larger website to have multiple services running on the same IP, in which case knowing the IP alone wouldn’t be enough.
You could also find this information without the use of a terminal.
https://mxtoolbox.com/SuperTool.aspx
Select ping and type in the website you want the IP for.
A pair of new Boot Nodes:
Seems to be an investment firm, subsidiary to Tencent.
General software/IT consulting firm.
Just as Battle(non)sense, I used Wireshark. Join a match, start capturing.
Afterwards you can create a graph from the captured data. I used Statistics, IO Graph to create the packets per second graph by filtering on packets received from the gameserver IP, filter: "ip.src == gameserver_ip_here". You can find the gameserver IP in the long list of captured data by looking at the IP that sends lots of UDP packets in the 7000-8000 port range.
ISP gives you IP address
IP address identifies you online
ISP rotates IPs sometimes because ISP stuff
Most people have a "dynamic IP address"
If you have a dynamic IP address, you do not have a permanent IP address
(Many ISPs allow you to request a "static IP" which does not change, probably with a fee)
That means that your IP may be changed by your ISP, and you get a "new" one
Because IPv4, the current IP system used, has a (relatively) limited pool of IP addresses, your new IP was likely in use at some point before you got it
If that IP was banned from anywhere, like Wikipedia, you are now IP banned from that place
There are tools online to check if your IP is blacklisted by services, such as this one. In most cases, you won't notice a few blacklists
It looks like the AWS DNS servers are returning 127.0.0.1 for textsecure-service.whispersystems.org.
I solved this problem by running Netlimiter 4 on my Windows 8.1 machine. I agree with you-- if the bitcoin node eats up ALL my upstream bandwidth, then my internet connection becomes un-usuable. So the only way is to limit it.
Now I run my bitcoin node 24/7 and can watch movies and play games and it's fine :)
I have DSL with about 1.5MB downstream and 150KB upstream, so I set NetLimiter to limit Bitcoin Core to 1.17MB down 100KB upstream. I found that was the max before I noticed bandwidth performance degradation in other areas. I highly recommend this solution as it's been working great for me.
Fire up Process Explorer, double click on the explorer.exe process, go to the "Performance Tab" and post a screenshot.
Then close that properties window, and while keeping explorer.exe selected, hit Control-D, which will open the lower pane showing what DLLs are loaded into explorer.exe. Sort by Path, and then hit Control-A to save it to a text file. Dump the text file here.
The usage is real if the "private bytes" or "working set" values are high. Virtual Size has nothing to do with physical memory usage.
The cause is usually something third party, whether it be something you intentionally installed, or from a virus/malware.
If you have anything installed that integrates with the context menus in Windows, consider uninstalling that. WinZip, 7 Zip, TortoiseSVN, Virus scanners themselves - these run some parts in explorer's process, and if they have memory leaks it'll cause your sort of problems.
Scan the list of DLLs that show up as loaded into explorer.exe, and see if anything looks suspicious. Find out what installed it and uninstall it. That's what I'll be doing if you post the list.
Any action that you take to try to fix this will usually only show up after explorer.exe gets restarted. You can do that either by 1) rebooting 2) logging out and logging back in 3) manually restarting explorer.exe while logged in (for instance, in process explorer, right click on explorer.exe and click restart).
Gmail has some black listed Servers as well. Found out from a G-Suite user (not a @gmail.com).
Can't imagine it being out of the question of people getting compromised and then spam e-mail sent from a legitimate account.
Eh I guess you could try ping the website and see what address you get back. Could be two websites on two different hosts
EDIT: Yeah seems to have 4 a records which could be it. Who knows why
You are incorrect, it is not.
http://nmap.org/book/legal-issues.html
>After all, no United States federal laws explicitly criminalize port scanning. A much more frequent occurrence is that the target network will notice a scan and send a complaint to the network service provider where the scan initiated (your ISP). Most network administrators do not seem to care or notice the many scans bouncing off their networks daily, but a few complain.
It's possible your Anti-Virus scanners aren't finding anything because the Remote-Control/Access is a legit program (IE = if an exploit or trojan opened the Remote-Desktop ports or installed something like VNC or TeamViewer,etc)
If that theory is correct.. then your only option really is to go through your machine with a fine-tooth comb and look for any "remote-control" apps that YOU didn't install.
Alternatively.. you could use the official Microsoft Sysinternals tool named "Process Explorer" (download here: https://technet.microsoft.com/en-us/sysinternals/bb896653.aspx ) ... open/launch it and click on OPTIONS and enable the VirusTotal feature. The VirusTotal feature takes a snapshot/fingerprint of all your running processes and compares it to the virus-database up on www.virustotal.com .... and will tell you if any of your running processes are suspicious.
Another approach you could use.. would be to use a command like NETSTAT -A ... to view all open network connections.. and see where the traffic is going.
She used a real version of a real tool (http://nmap.org) to discover the exploit existed, then she used a fictional tool (sshnuke) to exploit the real ssh1 CRC32 vulnerability which had been found and fixed some time before the movie was released.
If you see this player on the other team, boot this up:
EDIT: Wireshark is a packet-sniffing tool that can took at all the traffic coming in and going out of your computer. If you see this barcode player on the other team, start up Wireshark and allow it to sniff the packets going over the net. If you end up getting DDoS'ed, you'll be able to see where the flood of packets is coming from and give this information directly to Riot.
What about for SPF? i.e: https://mxtoolbox.com/spf.aspx
Grab one of the sent emails and check the headers and makes 100% sure the origin listed in the headers isn't a subdomain or Outlook.com itself or anything like that and whatever it is has a valid SPF.
90% of the time when people post about this its Gmail auto throwing it to junk because it counts find a valid SPF for the actual message origin.
UDP port 53 is the assigned port for DNS queries. Both the IP addresses (37.59.40.15 and 139.99.96.146) are related to Parrot OS
They both resolve to subdomains of ParrotSec.org https://mxtoolbox.com/SuperTool.aspx?action=ptr%3a139.99.96.146&run=toolpage https://mxtoolbox.com/SuperTool.aspx?action=ptr%3a37.59.40.15&run=toolpage#
So I think it's unrelated to VeraCrypt.
I'm not familiar with ParrotOS personally - but it looks like a 'privacy feature' that they're overwriting the default DNS configuration from your router to use their DNS revolvers rather than your ISP default.
Why exactly sudo is doing a DNS lookup in the first place would be down to how that's configured.
I'd pop over to /r/ParrotOS and ask if I were you...
My first guess is that his router's public IP is blacklisted because somebody had (has?) malware in the office.
1) Find your public IP address
2) Look up your IP in MX Toolbox blacklist search
3) At this point really your network engineering team should know about if you have any hits on blacklists (RBL's). There's maybe 100 well known RBL's out there and they are all run independently and differently. Some just want an assurance that the malware problem is fixed, others have more difficult policies. If the IP is removed and the problem isn't fixed that triggered it, often RBL's will make the ban last longer or add the IP to a more serious list, so it's important that the network team take it from there.
As previously mentioned, outsource it immediately. You can cutover that size organization in a day. I thought O365 offers NPO reduced rates even, although I cannot remember.
From there, I would start with "Do the users need access to Email when not at work? Can they do it over VPN only?" If so, seal off all ports except for your SMTP receive port. If they do need Outlook anywhere and such, make sure those are the only ports open on your firewall. That's a good first step.
Hit up mxtoolbox.com to make sure you aren't an open relay or other major problem with your environment.
Get that DC role off your server. Because the Exchange Server must interact with the outside world, you are increasing the surface area of attack for your entire environment.
Make sure backups are working. You'll know sooner rather than later because if not backed up, the transaction logs don't flush and you end up with full drives.
Remember that Exchange 2010 goes end of life in about 18 months. At that point, they will not release new security updates for Exchange 2010. Now, Microsoft has been pretty decent about patching WannaCry on XP. If you want to run your mail server on a system where any new found vulnerabilities will not be patched, I'm afraid hardening your box is impossible.
You can use USBPcap to capture the raw data from the USB bus then view it with WireShark. The learning curve can be rough since there's a bunch of messaging that will have nothing to do with the actual data you're looking for. I would also recommend unplugging as many USB devices as possible so you have less junk to sort through.
Use Process Explorer to see if the CMD is being called with arguments: https://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
And Autoruns to track down the cmd entry (if there's a match): https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
(I'd start in the task scheduler.)
> If it is a Windows machine, you should reboot.
Sorry, but this isn't true anymore for the vast majority of cases. You should use tools like Task Manager or Process Explorer to see if the app is doing useful work and/or kill the individual process in question.
Sounds like it may be time to track your internet performance and hit them with hard data. I had Cox in Phoenix for about 8 years, and had multiple hour outages 4-7 times a week. Turned out to be 10-40% packet loss due to my neighborhood node being overloaded with people/their hardware not being able to handle all the bandwidth. Completely fucked up both my wife and I's ability to work from home.
Check out Ping Plotter https://www.pingplotter.com/ - it's easy to use, has a free trial (or at least did when I used it), and will give you hard data you can take to Cox and the FCC showing how frequent your outages last and what is causing the outages. Always run this from a wired connection, WiFi can have similar issues that are not related to your ISP.
Fixed formatting.
Starting Nmap 6.00 ( http://nmap.org ) at 2014-05-22 16:11 IST Nmap scan report for john.com (162.252.156.212) Host is up (0.16s latency). rDNS record for 162.252.156.212: perfora.net Not shown: 995 filtered ports PORT STATE SERVICE VERSION 21/tcp open ftp ProFTPD 22/tcp open ssh Linksys WRT45G modified dropbear sshd (protocol 2.0) |ssh-hostkey: 1024 34:47:0f:e9:1a:c2:eb:56:eb:cc:58:59:3a:02:80:b6 (DSA) 80/tcp open http Apache httpd |_http-methods: No Allow or Public header in OPTIONS response (status code 200) |_http-title: John.com 81/tcp open http Apache httpd | http-auth: | HTTP/1.1 401 Authorization Required | Basic realm=WebDAV |_http-title: 401 Authorization Required |_http-methods: No Allow or Public header in OPTIONS response (status code 401) 443/tcp open http Apache httpd |_http-methods: No Allow or Public header in OPTIONS response (status code 200) |_http-title: John.com Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: storage-misc Running (JUST GUESSING): Linksys Linux 2.6.X (86%)
OPs screenshot doesn't have enough information to make a determination. A more powerful tool such as Wireshark can decode the actual traffic.
If OP isn't using any IPv6 applications all that traffic can be attributed to the exchange of routing information that needs to be shared across the tunnel. A sample I've taken from my own network shows about the same frequency of traffic and it's all routing related. Nothing sinister (or even interesting) going on here.
Conky is still under active development, are you using the latest dev release from https://github.com/brndnmtthws/conky
The dev appears quite willing to take in pull requests for features and fixes, so if you can find and fix what annoys you, it'll probably be pulled into conky quite quickly.
When you start conky, you can specify a config file and by using that, have multiple conky instances with different configurations.
Fastest way to figure out what's going on:
If you download a program called process explorer by sysinternals, it will actually branch out and show you EXACTLY what processes are being spawned under that instance of rundll32.exe. From there you will find out exactly what's going on.
link: https://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
You can verify this
This can be used to get the ips of each node https://mxtoolbox.com/SuperTool.aspx?action=srv%3a\_algobootstrap.\_tcp.mainnet.algorand.network+&run=toolpage
This can be used to geolocate them https://tools.keycdn.com/geo
Postfix is not set up by default to permit relaying. Open relays are why there is so much spam on the internet and pretty much everyone involved in good email hates it, so it's never default behavior. However - some setup scripts for Postfix (depending on your distro) may ask you some questions which if answered wrongly, would result in this behavior.
Glad you sought help. You messed up, but we all do. You'll get over it and hopefully learn. Might be worth giving your server a good long hard look in terms of general security too. (Just going on the basis that if one thing was open, something else might be and your server might be compromised - or vulnerable)
Downside is your IP address is almost certainly listed on a whole bunch of RBLs. But that's okay, we don't want you sending email again until you've learned a bit more about how to run a mail server - if you need to. If you don't need to, then don't. Same with every other service on an internet facing server; everything that's enabled is another security weakness.
When you feel you have learned enough, and have reconfigured your server and turned it on again, use something like https://mxtoolbox.com/diagnostic.aspx to test it to see if it's exploitable. That's a fairly basic test, but it's a start.
Adminning a server well is HARD. Making one secure is also hard. None of us get it right all the time, so feel a moment of shame, but move on and keep asking questions. It's how we all improve.
>nmap -Pn 65.96.124.4
Starting Nmap 5.51 ( http://nmap.org ) at 2011-03-19 01:50 Eastern Daylight Time
Nmap scan report for c-65-96-124-4.hsd1.ma.comcast.net (65.96.124.4) Host is up. All 1000 scanned ports on c-65-96-124-4.hsd1.ma.comcast.net (65.96.124.4) are fi ltered
Nmap done: 1 IP address (1 host up) scanned in 202.01 seconds
So, the host is up, but the ports are filtered... hmm...
Your life would be easier if you didn't reinvent the wheel and used tcpdump (or at least stored to pcap format) and then analyzed with Wireshark / TShark.
If you modify your format just slightly (remove the leading 0x, add offsets) you could use text2pcap to generate a pcap from what you are already doing or import it directly to Wireshark.
A box, running a 100% Libre GNU / Linux distribution and Wireshark https://www.wireshark.org/, configured as a router should do the trick. This effectively puts the DRM infected Apple and Microsoft devices in a FLOSS jail.
On a windows machine, you can run the command "netstat -a -b" from the command prompt (may need to run with administrative privileges) to see which programs have open connections and what port they're using. You can then use this info to cross-reference packets traversing your PC so you can rule out what traffic is good and questionable (use wireshark for this). Might be a good idea to turn off as many services as you can on your NIC because a base install of windows has a lot of garbage traffic.
Once you see some traffic that is questionable, block it in the firewall and see what breaks. That's a great way to see what programs are accessing the internet and how it all works.
I had the same memory leak symptoms [system crash after 2 hrs] and used process explorer to find which files were being accessed and not released back into free memory. Turns out it was an audio driver conflict with an external mixing unit I had plugged into the comp via usb. Removing the driver and unplugging the unit before starting Planetside resolved my problem.
DNS changes usually take a while to propagate. In top of that, you might have it cached in your browser or OS.
Use tools like https://mxtoolbox.com/DNSLookup.aspx to check where is the DNS actually pointing (but again, it might take a while to propagate).
Also, to check properly, delete the cache of your browser, and restart it just in case.
Thank you for highlighting this. That is correct we do store passwords using bcrypt, and make use of salts. We've just posted an update on our website.
Please do reach out if I can help answer any questions.
Never mind that an IPMI card should never be on the Internet without a strict firewall in front of it.
With the reference implementation of NTP, which just about everyone uses, there's no difference between the client and the server. It's the same software, with the same (or largely similar) config.
If you want to scan your own network(s) for vulnerable systems, there's an nmap script that can help.
:/
skaverat:~/ $ nmap -p22 --open -sV 197.213.63.32/29
Starting Nmap 6.25 ( http://nmap.org ) at 2012-12-20 15:47 CET Nmap done: 8 IP addresses (0 hosts up) scanned in 5.10 seconds
"Nmap (“Network Mapper”) is an open source tool for network exploration and security auditing."
"Needing to hack the city power grid, she [Trinity] whips out Nmap version 2.54BETA25, uses it to find a vulnerable SSH server, and then proceeds to exploit it using the SSH1 CRC32 exploit from 2001"
I suggest Zabbix -> Website!
100% Free, open source and rock solid, while there is commercial support available if wanted, but not necessary.
prtg is also doing a good job, but i don't really like the 100 sensors free license limit.
(I am biased since i'm working as consultant/trainer for the product Zabbix, so if you want more info, let me know!)
Zabbix has a very steep learning curve, but is definitely worth looking into in your case. All software required for running a proper Zabbix Server setup is free, except the time you put in when setting it up.
I can't really speak about Nagios, other than at where I currently work, before I got hired they had been running Nagios and decided to move to Zabbix because they needed a "proper" monitoring and alerting solution. I know many run Nagios and are very happy with it though.
By accident, I've become the guy who manages our Zabbix installation and I've been working with it for about a year now. It is extremely flexible and customizable. Basically, you can monitor any value you can find on your system with Zabbix, and I do mean any.
By default Zabbix has some strong SNMP and Zabbix Agent templates for different operating systems. Writing completely custom checks, only requires you to know a little Bash or PowerShell. A few days ago I created a template for auto-discovery of bonding interfaces on our CentOS systems, which discovers bonds and their slaves, and sets up monitoring and triggers when found. It took 3 lines of custom item keys in the Zabbix Agent and 2 low-level discovery jobs in a template, that was it. No hardcore coding, just a little scripting and a few hours.
Again, steep learning curve to get the hang of all of the possibilities, but luckily Zabbix provides extremely good documentation: https://www.zabbix.com/documentation/3.0/
I have a simple suggestion for you that will show you the full extent of the issues. Download Wireshark.
Record a typical session on your old OS.
Now record a session on 10, your goal being to get the reporting down to what it used to be. First use the GUI to disable as much of the monitoring as possible. Record again. Now use Group Policies to disable as much of the additional monitoring as you can. Record.
Not there yet? Pull out all the stops, whatever you need to do, assuming it's native to Windows. You're likely into firewall settings, routing tables, registry by now.
Now ask yourself, could the average user do this? Would they even KNOW what the concerns are?
I don't know man. I'm likely to pick up a lot of business from this change, so it's good for me personally. But I don't think it's good for the user.
> These servers are hosted by OpenDNS (which has now been purchased by Cisco)
Are you sure? OpenDNS only lists the following DNS servers on their website.
208.67.222.222 208.67.220.220
If you do an ARIN lookup on your IPs they are owned by Rackspace Hosting.
https://mxtoolbox.com/SuperTool.aspx?action=arin%3a23.253.163.53
https://mxtoolbox.com/SuperTool.aspx?action=arin%3a198.101.242.72
DNS means Domain Name System, basically when a developer says they're going to change the DNS configuration for a domain they mean they're going to change where the domain points. When you enter a domain in a browser, the first thing the browser does is resolve an IP address for the domain–an IP address of course being an address of which computer in the network to fetch a webpage from. Here's an example from an online tool, it shows what IP addresses wikileaks.org resolves to:
https://mxtoolbox.com/SuperTool.aspx?action=a%3awikileaks.org&run=toolpage
You can see the IP address /u/YeahButThatsNothing mentioned above is listed there as well (141.105.65.113).
update zabbix.users set passwd=md5('mynewpassword') where alias='Admin';
There's published attacks against WPA(2) + TKIP.
Switch to CCMP (AES) with a new passphrase just to be sure.
The to attack other users
part in their message suggests it's a flaw in your router.
Find your "public" IP address, then run nmap against it.
The following commands should do it:
nmap -P0 -p1-65535 YOUR_PUBLIC_IP nmap -P0 -sU -p1-65535 YOUR_PUBLIC_IP
They'll give you a list of ports open at the firewall.
Any of the following being open would warrant a support ticket with the router's manufacturer, as there either is a flaw in their system, or you need help with properly setting it up:
udp/53 udp/123 udp/161 udp/162
Depending on the router's security policy, you may have to run the scan from outside your own network to get accurate results.
Hey, reading this post reminded me of a post by /u/SweetAndFluffy who developed a vibrator controlled by picking up diamonds in Minecraft. Maybe he is willing to help you if he is still active?
Apart from that, it seems to me that parsing the video output of the game is a hard and time-consuming task to get right. Have you thought about parsing the required information from network traffic? Idk how hard this is but maybe Wireshark can help you if you have some spare time :)
Wireshark is super simple to use. The trick is understanding what you're looking at, and for that you're going to need to have detailed understanding of the things you're trying to troubleshoot, like Kerberos, NTLM, SMB, TLS/SSL, Certificates, how to do filtering etc...
You're asking how to use a chef's knife to make Boeuf Bourguignon. You need a solid understanding of ALL of these things to properly see how the tool helps.
But for starting to learn Wireshark and how packets work, I encourage ya to read https://www.wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html
I agree with that, and there is an issue for this in the github currently here, I'm just saying that this post is a bit too smug, saying things like:
>In this particular instance, getting familiar with the ABS, altering build flags and reading the new documentation were all that was required.
when that's clearly not the case. The new conky release is broken, that's just the fact. And those of us who did all the things we were told to and still had to rollback are not just avoiding problems.
I personally use Process Explorer - being able to track .dll problems with it and across everything running has helped in the past.
Havent uses system explorer though so cant compare the two.
I'll expand on "con centralization" because it is a big subject.
The governance is centralized, which is being addressed by moving towards governance by staking. Even with governance opening up the foundation has advantages over the man in the street holding Algo.
The distribution of algo is quite centralized with the foundation, relay node runners, and early backers holding many tokens.
The relay nodes are only run by 100 relay node runners. The public cannot yet run them. There is a pilot for a small number of 3rd parties to run relays.
The relay nodes are geographically NOT centralized. Some other coins all the block adding servers run in a small number of/single data centers. This is not the case for algo. This is the SRV record that transactions sent to Algorand goes to. The 100 endpoints can be resolved to IP addresses. These are verifiable with ip=>geo tracing to be worldwide distributed. Some of them can even be tied down institutions, many are at universities. https://mxtoolbox.com/SuperTool.aspx?action=srv%3a_algobootstrap._tcp.mainnet.algorand.network+&run=toolpage
There is only one implementation of the relay nodes (an assumption I am making from their git repos), so this is also centralized. I haven't seen exact requirements so they could be running on same technology stack too, I don't know. This could be a single point of failure as all relays could suffer the same security defect.
There is no dns record for the www
subdomain. I checked both A
and CNAME
records from the site below. Without the www
it can see the A
record just fine.
https://mxtoolbox.com/SuperTool.aspx?action=cname%3awww.mcminnclinic.com&run=toolpage
Update: Thanks to a little help, the flow of illegitimate email has been halted. I was able to use https://mxtoolbox.com/diagnostic.aspx to verify that it's setup correctly now.
Unfortunately, I now have to personally answer two questions: 1. How did this happen after two years of running smoothly? 2. What's the long-term fallout?
I'm not too confident that I'm going to like the answers to either of those, but I should be able to figure it out on my own from here.
Thanks for all the help!
If you do a DNS lookup on the MX record you will see that it points to a Microsoft mail server.
https://mxtoolbox.com/SuperTool.aspx?action=mx%3akent.com&run=toolpage#
BRB - gonna email martha.
I'm going to register websites, slap on Wordpress and some text, put ads on them, then put free sample offers on them. Then, submit them to freebie sites. Profit.
Sarcasm aside and nothing against OP but this smells fake. Why? EVOO is dark green. Looks identical to Intur travel agency fake. Ads on the page. Address is a residential location in Greece. No way to buy. Registered in June this year, expires next year: https://mxtoolbox.com/SuperTool.aspx?action=whois%3A%2F%2Fgreek-olive.com&run=networktools
He even stated he used "preliminary" numbers. Michigan allows same day registration and this stuff is easily verifiable.
Go look at the Zeher affidavit in the same case. That guy's a lawyer and has 3 exhibits of letters, because that evidence supports a central claim to his argument. If there's not evidence submitted the defense, nor judge have to consider it relevant.
I didn't see Ramsland submit anything in Constantino, nor do I see Powell's name attached. It's possible I missed her name, but I'm fairly certain she's just a figurehead.
https://www.datadoghq.com/blog/visualize-statsd-metrics-counts-graphing/
So, I know this isn't exactly what you wanted, but this goes into some data analysis theory as to why you might prefer to use a rate or count. Basically it boils down to how you would use the data and how it's being reported. My main point here is that using a decimal doesn't describe nefarious intent.
> Right - why would you ever restart a VM if a process exits? Why did you make this statement?
Please read this comment for context.
If you want to architect an application in a container style but using VMs instead of containers, then if something goes wrong with a VM that's wrapping a single process, in general you need to restart the VM because you can't be sure of its state.
> If that's a primary use case for Docker, I think I just replaced it with something even more lightweight:
Except that doesn't address filesystem isolation, dependency modularity, network port modularity and remapping, private binding between services, and a long list of other things that Docker provides.
There's a reason that larger companies are leading the adoption of Docker, which is that it provides very powerful capabilities for deploying and operating complex systems at scale. It's easy to look at any single features of it and think you can do that some other way - bash scripts, iptables, chroot maybe if you're desperate, and so on, but the benefits have a lot to do with the total package in which all the features work together in standard ways that you don't get by munging bash scripts together.
Zabbix would be my choice. You can set discovery rules quite easily.
​
https://www.zabbix.com/documentation/3.0/manual/discovery/network_discovery/rule
​
It requires some time to get used to but there's a good community and a lot of tools/plugins.
FreeNAS uses collectd and Graphite. You just need to enable graphite in influxdb, and set the server IP in FreeNAS Advanced settings.
UPS is a little more complicated, and depends on if you have a management card or not in your UPS. I currently monitor via usb, so I have a script on my NUT server to grab the data via upsd and populate Telegraf. With a management card, you can probably use SNMP, which would be much easier.
I do ESXi monitoring through SNMP. There are tons of resources about this, but this is a good place to start. You can get a list of MIB OIDs here for ESXi.
So, download the appliance.
Follow the guide: https://www.zabbix.com/documentation/3.0/manual/vm_monitoring
10 minutes might be a bit too fast, but just monitoring esxi shouldn't take too much time.
And, yes, i know it's quite a learning curve if you want to use all the product features ;)
Hate to be that guy, but the third line of the upgrade documentation should answer your question:
While upgrading Zabbix agents is not mandatory (but recommended), Zabbix server and proxies must be of the same version. Therefore, in a server-proxy setup, Zabbix server and all proxies have to be stopped and upgraded.
> Starting Nmap 6.47 ( http://nmap.org ) at 2015-06-25 20:25 EEST
> Nmap scan report for client.thehost.com.ua (91.234.34.114)
> Host is up (0.018s latency).
> Not shown: 997 closed ports
> PORT STATE SERVICE
> 22/tcp open ssh
> 53/tcp filtered domain
> 8888/tcp open sun-answerbook
Попробовал подключится к его проксе
> Access denied
> The administrator of this proxy has not configured it to service requests from your host.
> Generated by tinyproxy version 1.8.3.
Их личная прокся? Может и другие троли на ней висят.
Nmap did.
http://nmap.org/book/legal-issues.html
>Reports of systems being crashed by Nmap are rare, but they do happen. Many of these systems were probably unstable in the first place and Nmap either pushed them over the top
Several of these systems are old and crash prone.
He's right.
>We have all seen many movies like Hackers which pass off ridiculous 3D animated eye-candy scenes as hacking. So Fyodor was shocked to find that Trinity does it properly in The Matrix Reloaded. Needing to hack the city power grid, she whips out Nmap version 2.54BETA25, uses it to find a vulnerable SSH server, and then proceeds to exploit it using the SSH1 CRC32 exploit from 2001. Shame on the city for being vulnerable (timing notes).
A video of the exploit is available on YouTube or as matrix-nmap.mp4. Click on the following thumbnails for higher resolution or view more pictures here.
Banners are general information given out by a program running on a networking port that indicates the program name and version. This page should help you where you need to go. http://nmap.org/book/osdetect-usage.html
This computer you can get remote access to is plugged into the switch in question, yes? And the IPs are the only thing that changed, no new VLANs or anything? I'd suggest adding a secondary IP in .1.0/24 to the computer you can get to, and then using nmap (http://nmap.org/) or a broadcast ping to .1.255 to see if anything responds. I assume forward or reverse DNS is too much to hope for?
Mostly true, but not completely! Random kinda-cool fact: in The Matrix Reloaded, I think in the scene where they break into a power facility (?) you can see Trinity on a laptop trying to hack using a program called Nmap... a pretty realistic portrayal of hacking, actually.