I hope someone can help me. I got some message that our server sends malicious attacks over the Internet. Sometimes RDP is not available over the internet. MAy you please give me a heads up where do I check which port is being used to send outgoing packets.
Regards,
Romeo
Related
I am trying to capture an old application that didn't honour the system's proxy setting. The only config I can change is the server IP address.
Capturing the packets with Wireshark. Without the Charles reverse proxy, I can see requests after the first three handshake requests.
With the reverse proxy, the connection stuck after the handshake requests.
I notice that when Charles received a request and connecting to somewhere but it will just stuck there:
Following is the config of the reverse proxy (Remote host removed):
Any help, solution and workarounds would be appreciated!
First of all, your app uses neither HTTP nor HTTPS. Studying screen shot of successful connection gives some details on protocol used:
the first message after handhsake is originated by server contrary to common client-server approach, where client is responsible for sending query. This fact is enough to cross out HTTP and HTTPS.
payload data isn't human-readable, so it's a binary protocol.
based on PUSH flags, protocol is much more likely to be message-based rather than stream-based
So client establishes connection, immediately gets some command from server and replies it. Then communication continues. I can't guess exact protocol. Port number might be irrelevant, but even if it's not, there are only few protocols using 4321 port by default. Anyway, it can always be custom private protocol.
I'm not familiar with Charles, but forwarding arbitrary TCP stream is probably covered by its port forwarding feature rather than reverse proxy. However, I don't really see any benefits in sending traffic through Charles in this case, capturing data on your PC should be enough to study details.
If you are looking for traffic manipulation, for arbitrary TCP stream it's not an easy task, but it must be possible. I'm not aware of suitable tools, quick googling shows lots of utils, but some of them looks applicable to text based stream only, so deeper study is required.
Reason for Failure
It may be because you are requesting a local IP address from a remote scope, which Charles proxy doesn't applies. For POS(Proof Of Statement), please refer to the below link
https://www.charlesproxy.com/documentation/faqs/localhost-traffic-doesnt-appear-in-charles/
Solution
So In order to solve the problem for the current scenario, use
http://192.168.86.22.charlesproxy.com/
Note: The url that you request will only be proxied properly by Charles not any other proxy services.
I have a https connection from Client to Server and a malware in client. The malware modifies the message and compromises its integrity. I am using a proxy to check the Integrity of the message after the malware has changed the message and before sending it over the internet to the server.
Now, How can I check the Integrity of the message (Sure that it has not been modified by any Man in the Middle) for the second half of my communication channel(Which is from Client to the Server over the internet).
I see few conventional approaches of CRC or Checksum will help. But I am looking for some non traditional or upcoming approaches. I am new to this area and want to take expert advise about the direction I need to search for answer to my question.
Any pointers would be of great help.
Thanks,
As I mentioned in your other question, if you have an https session, you can't do this.
If you could do it, it's possible your proxy could be the "man-in-the-middle", which is exactly what SSL is designed to prevent.
Also, it's not clear how you expect the malware on the client side is changing the message - your software can always validate the message before it is sent via SSL, and after it's sent, the only thing that should be able to decode it is the server.
I strongly recommend spending some time learning about specific well known client server security patterns rather than trying to invent your own (or trying to hack apart SSL). A great starting point would be just picking through some questions on http://security.stackexchange.com. (A personal favorite there is this question about how do to password security). There are likely some questions/links you can follow through there to learn more about client-server security (and eventually understand why I'm confused about what it is you're trying to do).
If you are required to make up your own for some reason, a possible (but still hackable with enough determination) way of doing validation is to include a checksum/hashcode based on all the values, and make sure the same checksum can be generated server side from the values. You don't need a "middle" to somehow crack the SSL to do this though - just do the validation on the server side.
I know how to test smtp email using telnet. But I think because telnet uses "its own channel" to reach smtp server, it doesn't necessarily mean the normal smtp communication on port 25 would work. (Please correct me if this is not true)
Basically the client has encountered with an issue : [ERROR] Access to default session denied during a test from application to reach smtp server. From the same server, telnet to send an email just works...
So I've got no other choice but to figure out why I am getting this sort of error. Done my research only to find out lots and lots of command-line email applications, no good in this case as it is the client's environment that I've got little control on what to install.
So I think the last resort would be using simple DOS commands? Please advise if there is even a better way. Many thanks in advance.
I know how to test smtp email using telnet. But I think because telnet uses "its own channel" to reach smtp server, it doesn't necessarily mean the normal smtp communication on port 25 would work.
That's incorrect. If sending e-mail works with typing it to the Windows telnet application, then it works, i.e. there is no problem with the SMTP server, and there are no firewall issues between the client and the server.
So the bug is most probably in the in the application displaying the error message. Maybe there is no bug, but the application is not configured properly.
I think because telnet uses "its own channel" to reach smtp server, it doesn't necessarily mean the normal smtp communication on port 25 would work. (Please correct me if this is not true)
That is not true. A "real" SMTP client uses the same method to talk to the SMTP server as telnet does.
If you do not trust Telnet, use Thunderbird, but the problem is probably with your client software or configuration. Double check the settings there and see if you can turn on any trace logging (on the client or the server).
If Internet goes down while we make a Ajax Request then how to give feedback to the user that the internet is down ?
You can define a timeout on AJAX request, if timeout is reached you can then choose best way to display the error message to the user.
BTW, you cannot be certain that internet connection is down, so a standard message could be:
Unable to contact server at url: 'http://myapp.com'.
Please be sure your internet connection is working
The ajax request will time out and fail at which point you could let the user know and suggest to them that their internet connection might be down.
You will only be able to suggest as there is no way of knowing what has severed the connection from the client to your host. It could be your server is down or their net is down right through to it could be their ISP is having intermittent failures.
If an AJAX call fails, and you are 100% sure that it will fail only if there is no internet connection, then after failure you can make, for example, a popup informing the user.
Here is a nice example which will make you work of detecting the user is online or offline very easily
Checking for online and offline events to detect connectivity status for the end user.
Hope it helps
This question is unlikely to help any future visitors; it is only relevant to a small geographic area, a specific moment in time, or an extraordinarily narrow situation that is not generally applicable to the worldwide audience of the internet. For help making this question more broadly applicable, visit the help center.
Closed 10 years ago.
I have installed an configured the smpt feature on windows 2008, i can send emails and i can see that on inetpub is a folder mailroot for the incoming mails, but i dont know how to configure the accounts to access the emails received.
I know this smtp server is outdated and is only on 2008 for compatibility, so i assume is just for sending emails?? is that true???
I'm not really a Windows mail server expert, but...
SMTP is a mail transport agent only. The protocol itself is "just for sending emails." Where are you sending them? If they're going to a remote server, you'll need to get them off of that server however you otherwise would (POP and IMAP are popular standards for getting email). If the local machine is the server on which the mail sits and waits to be retrieved, you'll still need a mail server (again, POP or IMAP generally) to listen for incoming connections to fetch the mails.
I wouldn't call SMTP "outdated" as it's still very widely used across the internet. It's the standard mail transport protocol. How have you configured this in the past? Did previous versions of the Windows SMTP service also provide POP/IMAP/etc. support?