I run netstat -o in CMD and found Firefox has some TCP connection in my PC that are odd!
There are two connection between 127.0.0.1(localhost) and Jessica-PC(my computer name) and I think they are equal ! (127.0.0.1 = Jessica-PC)
I test netstat -a and most of Foreign Address are "Jessica-PC"!
What is usage of such connections?
Why firefox need such TCP connections?
I've stumbled over these kind of connections too when developing a web proxy and the answer was surprising. There are some external web sites which try to communicate with a web server on the localhost in order to interact with some local application. A typical example is Spotify (but there are others), which even have DNS setup in a way so that whatever.spotilocal.com resolves to 127.0.0.1, see What is the advantage of having a domain name (spotilocal) that resolves to 127.0.0.1? for more information.
Of course this does not work if proxies are involved, because this would mean to connect to the localhost on the proxy which proxies usually deny for security reasons anyway. And this kind of setup might even be a security risk, since other applications might run a server on localhost, notably the print server CUPS on localhost:631 on Mac an most Linux systems. For details about this long known problem see this article from Tavis Ormandy from 2008.
Related
I'm currently trying to setup a tunneling tool, specific for game servers.
So you can start the server locally and everyone can join without open your ports or getting unsecure.
Basicly I do a reverse ssh tunnel to one of my dedicated linux servers where the game port get mapped to a different port (for example 8888). So the server is now exposed to the internet and available for anyone and the user don't have to get unsecure and open his own ports. Everyone can connect to the following ip: SERVERADRESS:8888.
The command which gets executed looks like this:
ssh -N -R "*:8888:localhost:25565" root#SERVERADRESS
This works fine just as i want. But I also want to secure my "forwarding" server, so I'm relativ new to networking but I found reverse proxy's. I watched some tutorials and I installed the "Nginx Proxy Manager" tool which comes with a web interface and looks very good and easy. So there is an option to create an Stream (Picture below), there you can enter the incoming port and the forward Host + port, for example: REVERSEPROXY:7777 -> FORWARDINGSERVER:8888. So with this I want to hide the ip adress from the server where all the ssh tunnels. Sadly this Stream tool won't work, I already saw some other topics with that. They all said to enter the port into the docker-compose.yml which I already did + restart. But for now it won't work. Any other soloutions for this problem? Or completly different ideas to protect my server?
https://i.stack.imgur.com/FolLe.png https://i.stack.imgur.com/KuJbt.png https://i.stack.imgur.com/2SN4a.png https://i.stack.imgur.com/9kzbj.jpg
I try to do my own tunneling tool, but with a protection so that my server getting damaged.
Case
I own a singular VPS hosting account at Hostgator and also a shaired hosting account. This question is mostly intended to gain knowledge, so I would so much appreciate a good explanation than a how-to.
I truly apolagise for mentioning their name but I had to say it so that someone who knows has the required information to help me.
With any type of their accounts, an SSH login is provided but, only with VPS Hosting root access to the same is available.
What I want to do
I want to create a private tunnel to encrypt my browsing data between external servers and my home PC so that my ISP cannot modify or read the data that belong to me.
Question
If I have SSH supported by provider on the server side, does it mean that I have SOCKS5 too?
What else is needed for me to set-up my secure tunnel to find way out using my existing web server account?
If SOCKS5 doesnt come for shaired hosting servers for free or if its not possible, how can one use Socks5 with such servers and establish a secure connection?
SSH supports creating a SOCKS tunnel with the -D option. See http://wiki.vpslink.com/Instant_SOCKS_Proxy_over_SSH for for more details on how to use it. But, this will only be a SOCKS4, not a SOCKS5 tunnel, which means that DNS lookups still will be done outside the tunnel.
My website works fine on my local machine. And it also works fine, when I publish it, and access it over the Internet.
However, when I access it through my company's network (LAN), many requests state in the pending state and they won't return back either successfully, or with error. No IIS logs, no nothing.
After like 5 minutes, the request simply dies. No HTTP response is shown in Chrome's console. I guess it's a network problem. But I don't know how to debug it.
How should I debug this pending state?
This is more a problem for sys-ops than for development but you might need to verify/prove the problem is with the routers and not with your server or computer configuration.
The first tool you need is network analyzer, for this look no further than Wireshark. You'll need administrator permissions on your machine.
Wireshark is intuitive, but has a lot of features, you might want to read a tutorial or two on how to use it.
With Wireshark on your machine you can verify a TCP connection to the server is made or attempted. If you don't know how TCP works, now is the time to learn.
Based on the result you should have your answer of where the problem is:
No TCP SYN sent or sent to wrong IP: problem in your machine. Make sure the server is not redirected to localhost/wrong ip in the hosts file and verify no static routes have been added to your routing table.
Most likely no TCP SYN-ACK: The problem is in the network routing, you might want to install Wireshark on the server and verify the SYN packets are indeed not getting through. Get your sys-ops guys to fix the problem. Probably a misconfigured firewall rule.
Very unlikely: TCP connection established and HTTP request sent to server, but server does not respond. No idea, if the server responds to internet traffic it should respond to your traffic.
By the way if there are no sys-ops guys in your company to fix the problem, get the model of any configurable router between your computer and the server and try asking in Server Fault (or get a consultant).
I am unable to connect, for example, via http to a brand new installation of 64-bit Windows Server 2008. The server is on a domain, but is not DC (that's another problem altogether).
The IIS7 is running on the server and the website is accessible locally via http://localhost, but when I try to connect from another machine on the same network, the connections is refused, even though Windows Firewall is disabled.
I am able to connect to and browse the shared folders on the server using Windows Explorer, so it is not a physical connection issue. I can ping other machines on the network from the server, but trying to ping the server from another machine results in "Destination host unreachable".
As far as I can tell, the server refuses any TCP connections from any machine. I am thinking, there must be some other configuration setting that I am missing... Please, help.
NS
Like in Windows 7 the behaviour is determined by the network type (home, work, internet) the OS thinks it is connected to... even with a disabled firewall it respects these settings and accordingly refuses/allows connections...
The solution is embarrassignly simple, and the credit goes to Ashley Steel, on ServerFault.com for asking just the right questions. It turns out that the DNS was resolving the name of the server incorrectly, because the machine was named the same as an old, since decommissioned workstation that used to live on the same subnet.
The solution: rename the server.
NS[Now hiding under a rock]
I have 50 machines in a LAN and each of these have internet access. Can a program be developed using vc++ which will tell what are all the websites which is being opened by users in each machine?
You can easily accomplish this by writing an application which captures packets outbound on port 80 (and the associated DNS information). The problem is that this application must run on every client computer which you want to trace. The easier method, as stated by others, is to take advantage of your network architecture and tunnel all traffic through a central proxy which can record the same information.
There are many-many enterprise tools suited for just this task in the latter instance.
Route your internet traffic through a centralized proxy and monitor the traffic from proxy say using Fiddler, or something else. In case proxying is not possible, use Fiddler to generate data at known location and then collate it at required intervals.
Install a firewall, if you don't already have one, and use it to log connections.