Author Archives: cemocan

yandex.ru mail server ip address

Posted on by
Reply

You can find below yandex mail servers ip address,

77.88.0.0/18 # yandex.ru
77.88.22.0/23 # yandex.ru
77.88.24.0/21 # yandex.ru
77.88.24.0/22 # yandex.ru
77.88.28.0/22 # yandex.ru
77.88.36.0/23 # yandex.ru
77.88.42.0/23 # yandex.ru
77.88.44.0/24 # yandex.ru
77.88.50.0/23 # yandex.ru
87.250.224.0/19 # yandex.ru
87.250.230.0/23 # yandex.ru
87.250.252.0/22 # yandex.ru
93.158.128.0/18 # yandex.ru
93.158.137.0/24 # yandex.ru
93.158.144.0/21 # yandex.ru
93.158.144.0/23 # yandex.ru
93.158.146.0/23 # yandex.ru
93.158.148.0/22 # yandex.ru
95.108.128.0/17 # yandex.ru
95.108.128.0/24 # yandex.ru
95.108.152.0/22 # yandex.ru
95.108.216.0/23 # yandex.ru
95.108.240.0/21 # yandex.ru
95.108.248.0/23 # yandex.ru
178.154.128.0/17 # yandex.ru
178.154.160.0/22 # yandex.ru
178.154.164.0/23 # yandex.ru
199.36.240.0/22 # yandex.ru
213.180.192.0/19 # yandex.ru
213.180.204.0/24 # yandex.ru
213.180.206.0/23 # yandex.ru
213.180.209.0/24 # yandex.ru
213.180.218.0/23 # yandex.ru
213.180.220.0/23 # yandex.ru

Debug VPN in Fortigate

Posted on by
Reply

You can see debug commands for IPSEC site-to-site below,

- Enable debugging
FGA# diag debug en

- Enable debug messages for specific application , here we are interested in IKE
FGA # diag debug app ike -1

- also to do sniffer on the tests
FGA # diagnose sniffer packet any ‘host 10.10.10.10′

- end of debuging,
FGA # diag debug disable

Skipping webupdates because rateup did not return anything sensible in MRTG

Posted on by
Reply

I have encountered rateup error as follow when runnig mrtg config file with –user option,

[root@localhost config]# env LANG=C /usr/bin/mrtg --user=apache mrtgconfig.cfg
Insecure dependency in exec while running with -T switch at /usr/bin/mrtg line 1086.
2012-07-17 19:31:55: ERROR: Skipping webupdates because rateup did not return anything sensible
2012-07-17 19:31:55: WARNING: rateup died from Signal 0
with Exit Value 255 when doing router 'customer_network'
Signal was 0, Returncode was 255
 
2012-07-17 19:43:49, Rateup WARNING: /usr/bin/rateup could not read the primary log file for customer_network
2012-07-17 19:43:49, Rateup ERROR: /usr/bin/rateup found customer_network's log file was corrupt
or not in sorted order:
time: 128285545600.2012-07-17 19:43:49, Rateup WARNING: /usr/bin/rateup The backup log file for customer_network was invalid as well
2012-07-17 19:43:40: ERROR: Skipping webupdates because rateup did not return anything sensible
2012-07-17 19:43:40: WARNING: rateup died from Signal 0
with Exit Value 1 when doing router 'customer_network'
Signal was 0, Returncode was 1

the below code is added in /usr/bin/mrtg file beacuse of MRTG could not read inlast and outlast values of target device

# set values to -1 to tell rateup about unknown values
$inlast = -1 unless defined $inlast;
$outlast = -1 unless defined $outlast;
 
# 
if ($inlast =~ /^([-0-9.]+)$/) {
$inlast = $1;
}
 if ($outlast =~ /^([-0-9.]+)$/) {
 $outlast = $1;
}
 
if ($$rcfg{'options'}{'dorelpercent'}{$router}) {
@exec = ("${FindBin::Bin}${MRTG_lib::SL}rateup",

Fortigate dDos Syn Proxy settings

Posted on by
Reply

If you encounter the following errors on fortigate while entering dDos policy,

“Invalid synproxy configuration.” on web gui or
“Only SP inteface has syn proxy feature.” on CLI

You should check tcp_syn_flood paramater which is in Dos Sensor configuration. If the firewall doesn’t have CE4, XE2 or FE8 cards it does not work in proxy mode.

You can see fortigate document below about this error,

Configuring security processing modules
FortiGate Security Processing Modules, such as the CE4, XE2, and FE8, can increase
overall system performance by accelerating some security and networking processing on
the interfaces they provide. They also allow the FortiGate unit to offload the processing to
the security module, thereby freeing up its own processor for other tasks. The security
module performs its own IPS and firewall processing, but you can configure it to favor
IPS in hostile high-traffic environments.
If you have a security processing module, use the following CLI commands to configure it
to devote more resources to IPS than firewall. This example shows the CLI commands
required to configure a security module in slot 1 for increased IPS performance.
config system amc-slot
edit sw1
set optimization-mode fw-ips
set ips-weight balanced
set ips-p2p disable
set ips-fail-open enable
set fp-disable none
set ipsec-inb-optimization enable
set syn-proxy-client-timer 3
set syn-proxy-server-timer 3
end
In addition to offloading IPS processing, security processing modules provide a hardware
accelerated SYN proxy to defend against SYN flood denial of service attacks. When
using a security module, configure your DoS sensor tcp_syn_flood anomaly with the
Proxy action. The Proxy action activates the hardware accelerated SYN proxy.

Because DoS sensors are configured before being applied to an interface, you can
assign a DoS sensor with the Proxy action to an interface that does not have hardware
SYN proxy support. In this circumstance, the Proxy action is invalid and a Pass action
will be applied.

How to change default outgoing / outbound ip address on Windows Server 2008?

Posted on by
Reply

If you have multiple ip addresses on your Windows Server, Windows always use nearest ip adress to gateway. So if you need to change it, you should remove all ip addresses and add it via Netsh.

netsh interface ip add address "Local Area Connection" 10.10.10.2 255.255.255.0 skipassource=true

Skipassource means Windows won’t use this ip address for outgoing communication unless explicitly set for use by outgoing packets.

Exim Mass Mail Delete from Queue

Posted on by
Reply

If your server suffers from a spamming attack through an exploited web site or any other means it is probable that you want to delete all offending mails. Below we provide a very useful script which does exactly this. It scans through your mail queues and deletes all mail that match the sended or the recipient address you specify

#vi /bin/cleanqueues

#!/bin/sh
if [ $1 ]; then
echo "`exim -bpru | tr '\n' + | sed -e "s/++/=/g" | tr -d + | tr = '\n' | grep "$1" | awk {'print $3'} | xargs exim -Mrm | wc -l` E- Mails deleted"
else
echo "To delete ALL the `exim -bpc` E-Mails on mail queue, give this command:"
echo "exim -bpru | awk {'print $3'} | xargs exim -Mrm"
echo ""
echo "If you want to delete only mails with an specific sender/recipient, use:"
echo "$0 [sender/recipient]"
fi

#cleanqueues somemail@spamdomain.com

update debian’s packages (repos)

Posted on by
Reply

Erase the first 2 repos and leave it like this:

deb http://ftp.de.debian.org/debian/ lenny main non-free contrib
deb-src http://ftp.de.debian.org/debian/ lenny main non-free contrib

deb http://security.debian.org/ lenny/updates main
deb-src http://security.debian.org/ lenny/updates main

#deb http://volatile.debian.org/debian-volatile lenny/volatile main
#deb-src http://volatile.debian.org/debian-volatile lenny/volatile main

Make sure you add “non-free contrib” at the end.
Save and exit your editor.

Then update:

# aptitude update

Then install whatever:

# aptitude install whatever

Then update your data base
# updatedb

Debian update repo

Posted on by
Reply 
#vi /etc/apt/sources.list

# deb cdrom:[Debian GNU/Linux 6.0.0 _Squeeze_ - Official amd64 DVD Binary-1 20110205-18:15]/ squeeze contrib main
deb http://ftp.tr.debian.org/debian stable main
deb-src http://ftp.tr.debian.org/debian/ stable main
#deb cdrom:[Debian GNU/Linux 6.0.0 _Squeeze_ - Official amd64 DVD Binary-1 20110205-18:15]/ squeeze contrib main
deb http://security.debian.org/ squeeze/updates main contrib
deb-src http://security.debian.org/ squeeze/updates main contrib
# Line commented out by installer because it failed to verify:
#deb ://volatile.debian.org squeeze-updates main contrib
# Line commented out by installer because it failed to verify:
#deb-src ://volatile.debian.org squeeze-updates main contrib

How to repair a SQL Server 2005 Suspect database

Posted on by
3

To get the exact reason of a database going into suspect mode can be found using the following query,

DBCC CHECKDB ('databaseName') WITH NO_INFOMSGS, ALL_ERRORMSGS

To repair the database, run the following queries in Query Analyzer,

EXEC sp_resetstatus 'databaseName';
ALTER DATABASE "databaseName" SET EMERGENCY
DBCC checkdb('databaseName')
ALTER DATABASE "databaseName" SET SINGLE_USER WITH ROLLBACK IMMEDIATE
DBCC CheckDB ('databaseName', REPAIR_ALLOW_DATA_LOSS)
ALTER DATABASE "databaseName" SET MULTI_USER