What are typical results of nmap 198.168.1.1 for an average Joe? What would be a red flag?
PORT STATE SERVICE
111/tcp filtered rpcbind
What does this mean in context and is it something to worry about?
Basically, RCPBind is a service that enables file sharing over NFS,The rpcbind utility is a server that converts RPC program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. When an RPC service is started, it tells rpcbind the address at which it is listening, and the RPC program numbers it is prepared to serve So if you have the use for file sharing, It's fine, otherwise unneeded and are a potential security risk.
You can disable them by running the following commands as root:
update-rc.d nfs-common disable
update-rc.d rpcbind disable
That will prevent them from starting at boot, but they will continue if already running until you reboot or stop them yourself.
And if you are looking to get into the system through this, There are lots of reading material available in the google.
I'm trying to set up a malware analysis lab, following the instructions found here:
https://blog.christophetd.fr/malware-analysis-lab-with-virtualbox-inetsim-and-burp/
In setting up inetsim to simulate internet protocols, I keep getting "http_tcp_80 - failed!" everytime I run it. Changing the port it uses in the configuration file to 8080 causes the it to work. When I run it on a different vm, the configuration works as intended.
I have apache also installed on this vm. Could it be interfering?
Edit: I just installed a new vm to try using inetsim without apache installed. HTTP is reported to be running, but now dns_53_tcp_udp is reported to be failing to start. Trying to browse web pages to bring up inetsim's default page fails, regardless of if I use the FQDN or the IP address. The only time I get the page is with localhost. Otherwise, I get server not found. At least I know its not apache.
The error I get with DNS indicates that the 0.0.0.0 ip is already in use, which doesn't make sense to me since 0.0.0.0 is being used to bind the services to all IPs. Changing the inetsim.conf file so "service_bind_address 10.0.0.0" instead of "service_bind_address 0.0.0.0" seems to run dns, but the browser on both the analysis machine and the victim machine still report no server found.
You should stop the Apache server:
service apache2 stop
It works for me.
I guess there are some other processes listening on those ports.
Use
sudo netstat -tulpn | grep LISTEN
It will print out those processes with their pid. For example, 964 is the pid of the first process in this case:
Check if something is occupying your corresponding ports. Shut them down with
sudo kill -9 <pid>
Of course, the busy processes running on those ports may not in listening states but still be able to cause such a problem. So you can check it with
sudo netstat -tulpn
just in case.
Anyway, it does work for me.
I am getting error:
"Lost connection to MySQL server at 'reading initial communication packet, system error: 0"
while I am going to connect my db.
If I am using localhost everything is working fine.
But when I am using my live IP address like below, it's getting error:
mysql_connect("202.131.xxx.106:xxxx", "xxxx", "xxxxx") or die(mysql_error());
Someone here suggests that it might be a firewall problem:
I have just had this problem and found it was my firewall. I use PCTools Firewall Plus and it wasn't allowing full access to MySQL. Once I changed that it was fine.
Could that be it?
Also, someone here suggests that it might be because the MySQL server is bound to the loop-back IP (127.0.0.1 / localhost) which effectively cuts you off from connecting from "outside".
If this is the case, you need to upload the script to the webserver (which is probably also running the MySQL server) and keep your server host as 'localhost'
Open mysql configuration file named my.cnf and try to find "bind-address", here replace the setting (127.0.0.1 OR localhost) with your live server ip (the ip you are using in mysql_connect function)
This will solve the problem definitely.
Allow remote connect to MySQL.
Edit file:
>sudo nano /etc/mysql/my.cnf
Comment line:
#bind-address = 127.0.0.1
Restart MySQL:
>sudo service mysql restart
Create user for remote connection.
>mysql -uroot -p
CREATE USER 'developer'#'localhost' IDENTIFIED BY 'dev_password';
CREATE USER 'developer'#'%' IDENTIFIED BY 'dev_password';
GRANT ALL ON *.* TO 'developer'#'localhost';
GRANT ALL ON *.* TO 'developer'#'%';
In my case I need to connect remotely from Windows to VirtualBox machine with Ubuntu. So I need to allow port 3306 in iptables:
>iptables -A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT
Had this problem when setting up a new slave server. Found it was the slave server IP address was missing from the master server /etc/hosts.allow file. Added the IP address and it let me connect to the master server.
Note that I use hosts.allow and hosts.deny to control access.
I had this problem and it ended up being the prior sys admin changed the port MySQL was running on. MySQL Workbench was trying to connect to the default 3306 but the server was running on 20300.
The error means that it didn't receive a response from the port it expected to find the server on. The causes range from contacting the wrong machine (For one of a number of reasons) to the server not being on the expected port.
Check which port your server is bound to in /etc/mysql/my.cnf. Does that correspond to what is in your connect statement. If they match then try connecting with mysql from the server itself and from the command line of the machine where you are running the client. If it works form one place and not another then you may have a firewall / router configuration issue.
One more reason...
I ran into an Ubuntu server where everything was customized and could not connect because of that same error.
This setting was inside /etc/ssh/sshd_config
PermitTunnel no
After turning into
PermitTunnel yes
I was able to connect remotely to my MySQL DB
The problem on my case was MySQL being bind only to the lo on linux.
in order to solve the problem i have edited the my.cnf (found at /etc/mysql/my.cnf) removing the line bind-address=127.0.0.1
this allows mysql to bind to any network interface
I just set up mysql on a windows box. I got the OP's error when trying to connect with the Navicat MySql client on the same box. I had to specify 127.0.0.1 as the host, and that got it.
localhost, or the servers actual ip address both did not work.
This error occurred to me while trying to connect to the Google Cloud SQL using MySQL Workbench 6.3.
After a little research I found that my IP address has been changed by the internet provider and he was not allowed in the Cloud SQL.
I authorized it and went back to work.
I faced the same problem. I checked and tried to set AllowTcpForwarding Yes but it was missing in my sshd_config so no help.I didn't change sshd_config or my.cnf. Make sure the ssh hostname is NOT the same with the mysql hostname(use localhost).
In workbench, choose + to add new connection and set the following:
connection method: standard TCP/IP over SSH
SSH Hostname: 192.168.0.50:22 (replace remote SSH server IP and port(optional))
SSH Username: sshuser
You can set password or add at the prompt
MYSQL Hostname: localhost or 127.0.0.1
MYSQL Server port:3306
You can set password or add at the prompt
Test connection. It should be successful then hit OK.Viola!
I ran into this exact same error when connecting from MySQL workbench. Here's how I fixed it. My /etc/my.cnf configuration file had the bind-address value set to the server's IP address. This had to be done to setup replication. Anyway, I solved it by doing two things:
create a user that can be used to connect from the bind address in the my.cnf file
e.g.
CREATE USER 'username'#'bind-address' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON schemaname.* TO 'username'#'bind-address';
FLUSH PRIVILEGES;
change the MySQL hostname value in the connection details in MySQL workbench to match the bind-address
The problem for me was that DNS queries were blocked by the FW within the subnet. The solution was to disable DNS lookups within MySQL.
The problem was quite stupid for me.
I used to get the same issue on AWS EC2 Ubuntu machine (MariaDB is installed locally for the time being), so I tried to make SSH tunneling, and had the same issue. So I tried to ssh tunnel over terminal:
ssh -L13306:127.0.0.1:3306 root#ip.address -i my/private/key.pem
And it told me this:
Please login as the user "ubuntu" rather than the user "root".
I changed ssh user from root to ubuntu, just like my ssh config, and it connected just fine.
So check your SSH connecting user.
I oversaw this, so this too half an hour of my time, so I hope this will be useful for you.
For me the config file was found "/etc/mysql/mysql.conf.d/mysqld.cnf" commenting out bind address did the trick.
As we can see here:
Instead of skip-networking the default is now to listen only on
localhost which is more compatible and is not less secure.
I am trying to connect my db docker container on Ubuntu 18.04, same problem.
First check your device by run nmcli dev to check if device docker0 is connected.
If it is not connected, try to restart docker service:
sudo service docker restart
I tried make a telnet over remote server on port 3306.
The error message is clear
Host 'x.x.x.x' is blocked because of many connection errors; unblock with 'mysqladmin flush-hosts'Connection closed by foreign host.
As root at server mysqladmin flush-hosts worked at all!
I had the same error when using localhost. I restarted the MySQL service and it worked fine.
in my case, I had ALL: ALL in hosts.deny. Changing this to ALL: PARANOID solved my problem when connecting over ssh
Ran into this same issue, Bind Address back and forth to no avail. Solution for me was flushing privileges.
mysql> FLUSH PRIVILEGES;
Firewalld blocks the IP address. so to give access, use these commands:
firewall-cmd --permanent --zone=trusted --add-source=YOUR_IP/32
firewall-cmd --permanent --zone=trusted --add-port=3306/tcp
firewall-cmd --reload
For me setting bind-address = 0.0.0.0 in mysql/my.cnf worked. It basically listens to all addresses (but still one port) then.
And don't forget restart your server: systemctl restart mysql
I just had the same problem, but in my case I solved it with
service mysqld start
In my case it was the university wifi blocking port 3306. I was able to connect by using a mobile hotspot.
Change to a mobile hotspot or another network, and if it works there, then you know that original network is blocking port 3306. If you get the same error on more than 1 network, then you know it's specific to your machine.
I had port 3306 in Docker container but in Dockerfile it was 33060. I edited the port in Docker container to 33060
Must have been added to the Dockerfile
ENV MYSQL_ROOT_HOST 172.17.0.1
I have done below 3 steps then working for me.
bind-address = "YOUR MACHINE IP" in my.cnf file at /etc/my.cnf
Restart service by command : service mysql restart
GRANT ALL PRIVILEGES ON yourDB.* TO 'username'#'YOUR_APPLICATION_IP' IDENTIFIED BY 'YOUR_PASSWORD' WITH GRANT OPTION;
I had the same issue installing MySQL docker image then trying to connect from WSL2 MySQL client.
As it was stated in the accepted answer that it should be a firewall issue, in my case this error was caused due to not allowing docker for windows to communicate to private network.
I changed the settings on "Firewall & network protection", "allow an app through firewall", "change settings" (need administrator rights) and allowed "Docker desktop backend" to connect to private network.
I had the same error on my Mac with a local MySQL installation. The problem was that the number files that MySQL was opening was too high for MacOS.
To see if you have the same problem you can run this command and look for File Descriptor errors:
tail -200 /usr/local/var/mysql/$(whoami).err | grep "Warning"
I added this line to my.cnf file and the problem was fixed:
table_open_cache = 200
Had the same problem, what worked for me was:
Go to Windows Firewall where you allow applications.
mysql probably won't be in the list, so you need to add it, its path is typically C:/Program Files (x86)/MySQL/bin/mysql
Mark both private and public networks, apply.
When connecting to Mysql remotely, I got the error.
I had this warning in /var/log/mysqld.log:
[Warning] IP address 'X.X.X.X' could not be resolved: Temporary failure in name resolution
I just added this line to /etc/hosts file:
X.X.X.X some_name
Problem solved! Not using skip-name-resolve caused some errors in my local app when connecting to MySQL.
I am having a weird problem.
I have a service running on port 8888 on one of my many servers in a cluster.
When I run nmap on my gateway to get all the IPs inside my network, this service miraculously dies. Since nmap does a port scan too, It might have something to do with it. I am not sure.
The nmap command I am using is this:
sudo nmap -oX ${FILE_NAME} ${IP_DOMAIN} -A -O --osscan-guess
Can some tell me what might be happening ?
While Nmap developers try to limit the danger, Nmap scans can still crash services. The most likely culprit for crashing a service (as opposed to crashing an entire machine) is the service version detection scan phase (-sV, implied in your command by -A). This scan sends a series of data packets to the service in an attempt to elicit a response which can be matched against Nmap's database of known services. When a match is found, Nmap stops sending probes. That means that an unknown service can get lots of probes sent to it which contain binary data, command strings, and other data that your service is not expecting.
A well-written network service will not crash on any input; your service has a bug of some sort. Avoiding this sort of crash usually means avoiding scanning that service:
You can use the Exclude directive in your nmap-service-probes data file to instruct Nmap to never send these service probes to port 8888.
You can avoid scanning port 8888 at all by changing the ports you scan with -p. Later versions of Nmap will support the --exclude-ports option, too.
You can make sure you are using the latest version of Nmap. If your service's fingerprint was added to the nmap-service-probes file, then Nmap will stop sending probes when it detects it, which may avoid sending the later probe that crashes it.
You can reduce the intensity of the service scan with the --version-intensity option. This prevents Nmap from sending so many service probes, which may eliminate the one that is crashing your service.
Finally, if this service is a standard one and not something custom to your own network, you can report it to The Network Scanning Watch List so that other users can avoid crashing it as well.
When I try to start a site in IIS it says:
the process can't access the file because it used by another process
I searched in Google and found that another site may have been using Port 80 but in MyIIS I see that only this site is using Port 80. What else could be using Port 80 or is there another issue involved?
Check using netstat -aon or netstat -aon | findstr 0.0:80 in a command prompt to see which Process Id is LISTENING to port :80 and then watch for that Process Id (PID) in Task Manager with view->select columns-> process id checked. End that process, restart IIS and you are done. (Note: if you have Skype installed, try exiting that process first.)
In a modern Task Manager, you need to go on the Details tab to search for the PID. Or, as mentioned by #Nikita G in the comments, you can use this command to find the task from your command prompt:
tasklist /FI "PID eq 123"
Note: change 123 with the PID returned from the first command.
It is happening because a different process is using port 80, it may be a chat application on your PC like Skype.
First, change the default web site port which was 80 to some unused port (e.g. 8087). To achieve this right click the application and then click on 'Edit Binding'.
After this port change restart again.
Now you can identify which process is blocking the IIS Port 80. To check this use netstat command which displays the details of port along with the process ID.
Sign out of Skype and try again. I have experienced the same issue and I just logged out of Skype and then reset my IIS. It worked for me.
You can also run this command to find out which application or service is using the port and then trace it down in Task manager (Provided it's not the Web Deploy Agent Service).
netstat -o -n -a | findstr 0.0:80
Then open Task manager, go to Processes, click the "Show processes for all users" checkbox and then click the View menu and Go to the Columns, add the PID column.
Match the Process ID from the netstat command to the PID in task manager and you will find the service or application that's using the port.
As others have said, something else may be using port 80 or 443. It was VMWare Workstation Server for me, but check other answers for how to use netstat.
I think this link gives a pretty good explanation and fix of this problem http://support.microsoft.com/KB/890015
Most of the time; it's caused by one of the two reasons:
1) port 80 is being used by something else and as suggested by others you can use netstat -o -n -a |findstr 0.0:80 to see whether this is the case. If yes then kill the process from task manager (tick show processes from all users)
2) if port 80 is not used, the second cause is potentially an invalid ip address in the ListenOnlyList filed in the registry key of HTTP->Parameters. If you follow the link to set the key manually or in fact you can use (xp and server 2003) httpcfg delete iplisten -i ipaddress to delete the invalid ip address.
You must restart the http once you edit the ipaddress!
In my case, it was the "Sync Share Service" (SyncShareSvc) that was running and using port 80.
netstat showed 80 as free, though. I could get the site to run on another port, but not 80. if I added a Host name, IIS would allow me to start the site, but I'd get prompted for Digest authentication when browsing to localhost (or any host name I added). Only Anonymous and Forms Auth were enabled in IIS...
I also found that, after stopping IIS, http://localhost still prompted me for Digest authentication.
The solution - in my case - was to remove File and Storage Services > Files and iSCSI Services >
"Work Folders" from the services installed (restart required).
After removing the "Work Folders" service and restarted, IIS worked as expected.
My case was after installing RD Web Access, the original default websites couldn't be started. Removed the RD Web Access role still same. Removed port 443 binding solved the issue.
Most times when this happens by web developers is the reason apache, so if you go to the config file from apache! open it up and search with ctrl + f to 80 and change the ip you will see to 8080 and the sentence beneath there with 80 to 8080 and you need to confige that in you xampp, or the program u are using currently
Hope I'll help u guys out
In order to get more meaningful information, one way is to also get ownership information when issuing netstat so that you know the process which is using either 80 (default http binding) or 443 (if https binding is defined):
netstat -ab
In my case the culprit was vmware:
TCP 0.0.0.0:443 ComputerName:0 LISTENING
[vmware-hostd.exe]
netstat can be piped into find to search for ports 80 or 443 (e.g. find ":443"), but these particular active connection will show at the beginning of the list at they are easy to see.