I got 3 IP addresses i am trying to trace and I want to know where this person has send me those from. Is is possible to get exact addresses/locations?, where the person who sent me the emails is from? and Infos which websites have been visited?
This are the 3 IP's i have got:
216.139.189.105
41.204.234.10
82.13.210.203
After Trace route whats the next thing to do ? When my ISP dynamic IP address is some like and starts with 112.0.0.0 I cannot see all sites on the server. So what I did run a tracert on DOS prompt. After 9 hops and reach this IP 216.18.239.6 everything timed out and it cannot reach my server.
I already tested several Internet access and its reaching the server except my home DSL with the IP 112. I also checked if the IP is block on the firewall but its not present on the block list. I also mentioned this with my internet provider and still waiting for notification.
what to do next?
I recently moved a customer's site to a new server. Everything went smoothly except for the fact my customer cannot access the new site. When he pings it he gets the right IP address but it just times out.
The URL is regalfire.co.uk
I asked him to run a tracert command and it seems to find the right path but stops just short of finding the server. The last server he connects to is ge-5-2.the.uk.euroconnex.net [87.127.231.90] which is the same as me. The next step is the actual server but for him it just times out.
I can see the new site fine. His ISP is Virgin Media and I have asked several other customers with the same ISP and they can see the site OK.
He has flushed his DNS cache and the problem remains.
Does anyone have any ideas what I could try next?
Hi over the last week ive been having numerous problems with hosting accounts on 2 different servers which has lead me to think that my 'security' is not 'secure' and a malicious user is at play. im in the uk on broadband on a private connection to the internet - no-one else should be sharing this connection. This is the traceroute from my connection at home to the server ive had the most problems with - is this normal?
Traceroute has started ...
I don't know whether possible or not if we can trace the dns from certain reseller webhosting and found where she or he bought the package... maybe it is important because we must know the reputation of the seller.
View 2 Replies View Relatedwhat is needed is a dedicated server or colocation in which my portable IP space (a class c assigned to me in 1995) can be routed to in its entirety. We will then have a VPN back to our own site. This could be accomplished by the ISP BGP peering, or simply announcing the routes themselves. We've got clue in routing, both in OpenBSD and IOS.
The machine doesn't have to be too powerful, and needs little storage space, but the bandwidth provided has to be decent. This is for a hobbyist rather than commercial project, so price is an issue.
How would I trace a malware file uploaded to a particular account? ....
View 2 Replies View RelatedHow do I trace name servers back to the web hosting company?
There is a website that is sharing my copyrighted information and I want to contact their hosting company.
They are using nameservers
NS.theirwebsite.com
N2.theirwebsite.com
Anyone have a tool for this?
I dont know much about server. I was wondering: if I plug in my laptop at work would the server log my connection, even if my laptop is not a client?
View 2 Replies View Relatedanybody here have a review or a way to trace proccess from scratch after top -c or ps -aux
how i got the exact file or user cause this process ....
I found that recently a lot of nobody files appear in my /tmp.
I delete and delete.. by still same. I don't know how to trace where they from. I suspect is from my hosting users, but I don't know how to check and trace. Anybody can give me some guide?
I use geoip so that if ($country="CN") { die(); }
This works on my site. But for some reason I still get the occasional IP's through.
I looked at my Lighttpd server-status and I have 600 connections from 3 different IPs that come from China.
I typically use ./route add -host 222.221.81.3 reject as the way to block them, but it changes from time to time. The Chinese are using 90mbps of bandwidth and I want it to stop as they must be directly hotlinking my content.
How to null route large blocks from China? Please note I want to keep Hong Kong, Macau and Taiwan.
ssh is driving me CRAZY right now... On an almost stock CentOS 5.1 install (inside a Xen VPS, though), I changed sshd to listen on 2222 instead of 22 and restarted sshd.
All of a sudden:
Code:
matt@t60:~$ ssh -p2222 64.191.108.xxx
ssh: connect to host 64.191.108.xxx port 2226: No route to host
I should note that I'm actively logged into that IP in another window, and that it responds to ping. There most certainly is a route. Yes, I've quadruple-checked that I have the right IP. And I use the -p2222 daily to connect to another machine. This is a virgin CentOS install; I just changed the "Port 22" line to "Port 2222" and restarted sshd (/etc/init.d/sshd restart).
I am not behind any sort of firewall, unless CentOS installs one that I don't know about. (I own the physical hardware, not just the virtual machine.)
I figured it had to do with this error in /var/log/secure
Code:
May 31 19:18:39 relay120 sshd[23359]: Server listening on :: port 2222.
May 31 19:18:39 relay120 sshd[23359]: error: Bind to port 2222 on 0.0.0.0 failed
: Address already in use.
So I changed (uncommented) the ListenAddress directive to:
Code:
ListenAddress 64.191.108.xxx
and restarted sshd again.
Recently two servers of mine have stopped communicating with each other and I've been told to create a static route between the two, I am using CentOS 4.4 and not sure what the exact syntax would be
I also have the gateway IP which would be needed.
As we are finishing our migration plans to Cisco OER. I would like to get everyone's thoughts on the low latency "brand name" internap bandwidth.
Do you think that the high priced brandname is going to continue with Cisco finally releasing OER to what a large number of datacenters use as their primary core switch? In my eyes the FCP and the Avaya/RouteScience platform just lost a lot of value. The OER product looks very complete and in testing works excellent, the final verdict will be in what the platform actually does.
If you are wondering Cisco OER information can be found here [url]
Can anyone please tell me how dangerous in fact Apache's TRACE and TRACK functions?
I have read common explanation but would disabling TRACK and TRACE improve my server's ability to fight cross site scripting and similar attacks and make it more secure?
I can't remember the name of the utility that lets you watch what a process is doing. You call it on a PID and you can see all the memory allocations, file IO, library loading, etc. that the process is doing as it happens. Anyone know what I'm thinking of?
View 2 Replies View RelatedHow can i trace my datacenter detail through my website ip?
View 14 Replies View RelatedI have pure-ftp server.
I have checked some ftp failure login attempt made but when i check log file but only see real ip address which is external ip address but i want to trace main ip so anyone tell me howto trace that ip address.
I'm looking for a solution that I can place a firewall between 2 vlans on
a BigIron router with L3 enabled.
For this moment there is one big vlan2 with a ip-route 0.0.0.0 0.0.0.0
123.123.123.123 and a router-interface ve2 with the IP of the router, the
address I use as gateway on the machines behind it.
The WAN port has the IP address to communicate with to the GW of the
carrier-router (123.123.123.122)
Because I want to let the BigIron the routing I was thinking of 2 vlans,
one for the lan-vlan and one for the wan-vlan, but this will be a problem
because I only have one IP-block what I can use.
So the sitiuation must be as follow on the BigIron:
WAN => vlan2 => firewall => vlan3(lan)
Because of the fact that the firewall will be transparent, this should be
no problem to place it between the vlans. The actual problem is how to
manage this. In simple words, I should be able to replace the firewall
with a cross-cable and it should still work.
Cisco for an example has a SVI solution for this, but I can't find such
thing for a Foundry router.
Cisco Switch IP Route setup
This is probably an easy and simple task for someone that have a good knowledge in Cisco, BGP and Blackhole/Synchole communities.
We do have a Cisco 2948G that is our border and through this equipment we apply Blackhole (a sequence of commands to filter all the traffic from the world except our country, this is done by communities that is setup in cisco).
These are the sequence of the commands to apply it for IP 189.1.XXX.40
Enter configuration commands, one per line. End with CNTL/Z. asw-hl01(config)#router bgp 184XX
asw-hl01(config-router)#network 189.1.XXX.40 mask 255.255.255.255 asw-hl01(config-router)#exit
asw-hl01(config)#access-list 50 permit 189.1.XXX.40
asw-hl01(config)#ip route 189.1.XXX.40 255.255.255.255 Null0 250 asw-hl01(config)#
I have another Cisco 2948G that is connected in a FastEthernet port of the border above, and this other cisco is holding another subnet. To make it clear,
Border - I have 189.1.XXX.1 ~ 189.1.XXX.127 (subnet 255.255.255.128)
Cisco2 - I have 189.1.XXX.128 ~ 189.1.XXX.255 (subnet 255.255.255.128)
This is being done through a ip route from Border to Cisco2 to forward subnet 128 ~ 255 to the switch,
ip route 189.1.XXX.128 255.255.255.128 172.16.1.2
Ps: 172.16.1.2 is the internal IP for switch2
Now we go to the problem. If I want to apply a Blackhole (those sequence of commands for an IP located at subnet 128 ~ 255 switch2) it block all the traffic for that given IP, and I cant get access from national backbones. To make it clear,
Blackhole for IP 1 ~ 128 - It works fine
Blackhole for IP 128 ~ 255 - It doesnt work correctly, instead of blocking only international traffic its blocking everything in the world
This worked yesterday.
Now I get connect: No route to host when I try to FTP.
What to do?
I can ping the IP without problems.
I wonder how it effects to network performance? The network will be faster? How much? The normal routers can choose the best routes too, is it correct?
View 14 Replies View RelatedIs there any way to detect network problem/congesting along the route? Assumed that you only have a shell access to the server.
I usually do tracepath/traceroute and ping each hop to see if there's any packet loss. It doesn't seem to be effective as many people say router will drop the packet when it's busy/overloaded depending on configuration.
Would anyone be kind enough to give me some pointers to route packets from a specific ip on my subnet via the tun0 OpenVPN interface, and all other hosts out the default route of the main routing table
(192.168.1.1 on br0)?
i.e. 192.168.1.2-9 -> via br0, and 192.168.1.200 -> via tun0
I have created the tables:
mkdir /etc/iproute2
echo 201 table1 >> /etc/iproute2/rt_tables
ip rule add from 192.168.1.200/32 table table1
But i am really stuck from here. I tried adding default routes in the table1 but all traffic stops at this point (i am pinging from the host 192.168.1.200 out onto the net, it works as soon as this command below is entered it times out):
ip route add 10.19.0.5 dev tun0 scope link src 10.19.0.6 table table1 (not sure if this is needed - either way doesnt work with or without) ip route add default via 10.19.0.5 dev tun0 table table1
I did try: ip route add default dev tun0 table table1. and again that fails to work. I appreciate this isnt a guessing game hence moving to post here in hope of some expert advice.
Routing table for the main table (table 1 contains the entries from above commands):
root@OpenWrt:~# ip route list table table1
default via 10.19.0.5 dev tun0
root@OpenWrt:~# ip route list table main
10.20.30.40 via 192.168.1.1 dev br0
10.19.0.1 via 10.19.0.5 dev tun0
10.19.0.5 dev tun0 proto kernel scope link src 10.19.0.6
192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.4
default via 192.168.1.1 dev br0
There is a point to point link to the OpenVPN server on 10.19.0.5 with a local address of 10.19.0.6, but im not sure if this needs to be added in the table1? I did try by adding ip route add 10.19.0.5 dev tun0 scope link src 10.19.0.6 table table1, but again still the same issue.
With OpenVPN setup to push the redirect-gateway option, all works well with the routing table and the box acts as a router sending everything through it (table shown below - this works fine apart from everyone is routed through it). As mentioned, I would like the tables default route below to only apply to the host 192.168.1.200. I am posting the table below as this does work for all hosts:
root@OpenWrt:~# ip route list table main
10.20.30.40 via 192.168.1.1 dev br0
10.19.0.1 via 10.19.0.5 dev tun0
10.19.0.5 dev tun0 proto kernel scope link src 10.19.0.6
192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.4
default via 10.19.0.5 dev tun0
I am masquerading on tun0 as i will be routing a number of hosts through the router:
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
I also run 'ip route flush cache' after i enter the routing commands but to no avail.
I have been stuck on a rather annoying issue using the Route53.php script included within the Plesk Extensions SDK - [URL] ....
Instructions were followed from [URL] .... but there are obvious confusions with the instructions.
First, it never mentions that within Server Management - Extensions you can load the extension and within the AWS Route 53 extension settings and you are prompted to enter in your identifying security keys. But the instructions ask to code these keys into the actual script, must this be done in both places??
Second, how does it operate?? After I install the extension/script must anything else take place? Do I register private dns addresses using my Route 53 ips and the rest is automatic? Should more information be added within the Plesk DNS template area or can I just turn off the DNS/Bind server and only utilize Route 53? There is no feedback in the UI letting you know it is actually on and working.
Third, I have tried to install the script in ssh and I always receive error:
ERR (3) [panel]: PHP Fatal error: Class 'pm_Loader' not found in /......./modules/route53/scripts/route53.php on line 8 I stumbled on a thread discussing this bug at [URL] .... but it leads to a dead end with the author withholding what the bug fix was and how to achieve it.
we utilize AWS Route 53 for a majority of our domains.
PRODUCT, VERSION, MICROUPDATE, OPERATING SYSTEM, ARCHITECTURE
Parallels Plesk Panel v11.5.30_build115130819.13 os_CentOS 6
PROBLEM DESCRIPTION
Unable to integrate Amazon Route 53, vague instructions even for a developer.
STEPS TO REPRODUCE
[URL] ....
ACTUAL RESULT
ERR (3) [panel]: PHP Fatal error: Class 'pm_Loader' not found in /../../.../modules/route53/scripts/route53.php on line 8
EXPECTED RESULT
errorcode0 in ssh and some indication the extension is working properly within the Plesk Panel UI.
I had a bandwidth spike yesterday for a short while and I wanted to know where I can look to trace what IP(s) caused the high traffic spike.....
View 1 Replies View RelatedMy server is constantly crashing (halting to dead) and needing reboot literally every few hours. I cannot trace the cause of this whatsoever. Please help out.
CPU/Memory/MySQL Usage shows no accounts in red or yellow zone ....
root@server # df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 145G 145G 0 100% /
/dev/sda1 99M 41M 54M 44% /boot
none 250M 0 250M 0% /dev/shm
/usr/tmpDSK 6.7G 74M 6.3G 2% /tmp
/tmp 6.7G 74M 6.3G 2% /var/tmp]
I cannot trace where the usage is coming from. There is only one account on this box using 26GB. Its a centos/cpanel box. I checked /var/log and had already deleted audit.d directory. /usr/local/apache/domlogs and logs show almost nothing.