Signature 1315 - ACK TCP Stream w/o - why alert?

We improved one of our sensors to 1.0000 E1 and now we are seeing extremely high on this particular signature alerts. The signature is NOT set to draw attention. Any ideas on what we can do to stop the other alert filter something that should not need filtering?

Thank you

Is actually one of the more frequent oversights...

Tags: Cisco Security

Similar Questions

Bought the Adobe Pro today / and I need the part of the signature to download and it takes forever - why is - this? Thank you EL

Bought the Adobe Pro today / and I need the part of the signature to download and it takes forever - why is - this? Thank you EL

Your subscription to cloud shows correctly on your account page?

https://www.adobe.com/account.html for subscriptions on your page from Adobe

If you have more than one email, you will be sure that you use the right Adobe ID?

.

If Yes

Sign out of your account of cloud... Restart your computer... Connect to your paid account of cloud

-Connect using http://helpx.adobe.com/x-productkb/policy-pricing/account-password-sign-faq.html

-http://helpx.adobe.com/creative-cloud/kb/sign-in-out-creative-cloud-desktop-app.html

-http://helpx.adobe.com/x-productkb/policy-pricing/activation-network-issues.html

-http://helpx.adobe.com/creative-suite/kb/trial--1-launch.html

-ID help https://helpx.adobe.com/contact.html?step=ZNA_id-signing_stillNeedHelp

-http://helpx.adobe.com/creative-cloud/kb/license-this-software.html

.

If no

This is an open forum, Adobe support... you need Adobe personnel to help

Adobe contact information - http://helpx.adobe.com/contact.html

Chat/phone: Mon - Fri 05:00-19:00 (US Pacific Time)<=== note="" days="" and="">

-Select your product and what you need help with

-Click on the blue box "still need help? Contact us. "

Why alert massage back twice on the screen?

Hello world

I had this script:

var

mySelected = number (app.extractLabel ("mDialog")),

myDialog = app.dialogs.add ({name: "record Colse \"Yes\"ou \"No\"",canCancel files:true}); "})

{with (MyDialog)}

{with (dialogColumns.Add ())}

{with (dialogRows.Add ())}

var

mySelection = dropdowns.add ({stringList: ["01 Yes", "No 02", "03 inversion"], selectedIndex: 0});

}

If (myDialog.show () is true)

main();

myDialog.destroy ();

main() {} function

colse_file();

}

function colse_file() {}

If (mySelection.selectedIndex == 0) {}

docs var = app.documents.

for (var i = docs.length - 1; i > = 0; i--) {}

docs [i]. Close (SaveOptions.Yes);

}

Alert ("done. \rAll files are saved.");

}

If (mySelection.selectedIndex == 1) {}

docs var = app.documents.

for (var i = docs.length - 1; i > = 0; i--) {}

docs [i]. Close (SaveOptions.no);

}

Alert ("done. \rAll files are closed without saving.");

}

If (mySelection.selectedIndex == 2) {}

docs var = app.documents.

app.scriptPreferences.userInteractionLevel = UserInteractionLevels.neverInteract;

app.documents.everyItem (.revert ());

app.scriptPreferences.userInteractionLevel = UserInteractionLevels.interactWithAll;

}

Alert ("done. \rAll files are reversed.");

}

Why alert massage back twice on the screen?

Hmmh?

Same problem as your last thread - the logic of your script is not really good!

Why you use not the structure that I showed you it: unfunction third part of script you can fix it?

Here's the script I posted here (extended now with alerts)

//---------------------------------------------------------------------------------------- ------------------------------------------------------------------------------- 

//var mySelected = Number( app.extractLabel("mDialog") ),
  var myDialog = app.dialogs.add({name:"Colse files save \"Yes\" or \"No\"",canCancel:true});
  with(myDialog){
       with(dialogColumns.add()){
            with(dialogRows.add()){
                 var mySelection = dropdowns.add({stringList:["01   Yes", "02   No", "03   Reverse"], selectedIndex: 0});
            }
       }
  } 

if (myDialog.show() == true) {
    var docs = app.documents;
    main();
    myDialog.destroy();
    } 

function main(){
if (mySelection.selectedIndex == 0){
      //colse_file();
      save_file();
        // for save function
        //alert("saved")
      return;
      }
if (mySelection.selectedIndex == 1){
      close_file();
        // for close function
        //alert("saved")
      return;
      }
if (mySelection.selectedIndex == 2){
      revert_file();
        // for reverse function
        //alert("saved")
      return;
      }
} 

function save_file(){ // colse_file()
    for (var i = docs.length-1; i >= 0; i--) {
        docs[i].close(SaveOptions.YES);
        // for every file
        //alert("saved")

        } return; // sorry, the return was on the wrong place before
} 

function close_file(){
    for (var i = docs.length-1; i >= 0; i--) {
        docs[i].close(SaveOptions.NO);
        // for every file
        //alert("closed")

        } return; // sorry, the return was on the wrong place before
} 

function revert_file(){
       app.scriptPreferences.userInteractionLevel = UserInteractionLevels.neverInteract;
       app.documents.everyItem().revert();
       app.scriptPreferences.userInteractionLevel = UserInteractionLevels.interactWithAll;
       // this is not a loop
       //alert("reversed")
       return;
} 

//---------------------------------------------------------------------------------------- -------------------------------------------------------------------------------

Activate alerts should easily solve your problem.

Have fun

IDS/IPS signatures for monitor audio/video streaming applications

Hi people,
Can someone Advisor on the names or signatures that could be used successfully to control the use of streaming on the network applications. The plan must feed to MARS and then create reports on streaming applications use to use it later for the creation of a security policy preventing the theft of bandwidth.

Perhaps suggestions on how to create a custom signature to monitor the audio and video streams would be appreciated.

Eugene

Hello Eugene,

It is possible to matching strings video specified in your capture by examining the Type of content. Run after the connection with a TCP reset or refuse the inline package will keep the video of the game - which will save bandwidth that the video would have used otherwise. However, it is important that we establish the role of the IPS appliance. The IPS is designed to detect and limit the attacks by matching known traffic patterns. For TCP, this obligation can also include some that drop a bag to disrupt a flow. The IPS is not fundamentally designed to monitor flow and provide a number of bytes for a particular protocol so that the use of protocols analysis can be performed.

The signature below will drop packets with the flv-application Content-Type, which will keep the video that you have tested on break.com of play. Each video streaming site works differently. A screenshot of each video streaming site will have to be examined and another custom signature written, if you want to block all. Also, keep in mind that many sites offer different options for streaming videos. It may ask you to take multiple shots at each site - one for each method of streaming.

signature-60001 0
alert-severity average
GIS-description
Flv-application TCP SIG - name string
output
engine-tcp chain
products-event-action alert | Reset tcp-connection
Regex-string flv-application
service port 80
the service management
output
alert frequency
Summary-fire-all mode
output
output
status
enabled true
output
output

Thank you

Blayne Dreier

IDS Cisco TAC team

* Please check our Podcast *.

TAC security show: http://www.cisco.com/go/tacsecuritypodcast

Stream TCP server loses data

Hello

I have an application high visibility which has a bug in it I want some
long live the spirits of discussion forum OR make a suggestion on.

The app is on the International Space Station. I have a LV executable on a
laptop on the edge of the ISS that sends TCP and UDP data to a binary of LV on a down to Earth
computer.

The path is not an IP standard or "trivial", but it is supposed to be equivalent to
a standard IP address. The capture comes when a few bytes of data are lost paired.
When this happens, the land LV says something like "not enough memory
to complete the operation"

Here's what we found...
=======================================================
The TCP server (on the edge of the ISS) send a TCP stream with the following format...

... LLLLSTART d1$ $d2... $dN #llllSUMccccENDLLLLSTART...

where

* LEMAÎTRE is a binary 32-bit integer with the number of bytes in the following package starting with the START text string and ending with the string of text END.
* $, #, BEGINNING, SUM and END are the delimiters.
* d1, d2,..., dN are data text string values.
* Lemaître is a text string with the decimal number of bytes starting with the START text string and ending with the symbol #.
* cccc is a text string with the checksum decimal number of bytes starting with the START text string and ending with the symbol #.

TCP Client (on Earth) indicates 4 bytes as LEMAITRE, then reads the LEMAÎTRE (usually about 85 bytes) bytes as the package starting with the START text string and ending with the string of text END.

The error comes when LEMAITRE data are lost, so that the TCP Client is four bytes (probably S, T, A and R) as LEMAITRE, who converted a number which is very large, then reads LLLL bytes (maybe 50 M) but this read fails because there is not enough memory to read that much data.

The fix is sure that LEMAÎTRE is a reasonable size (such as 20-200) and to ensure that the data packet begins with START. The difficulty is how to restructure the code to reset the loop package when LEMAITRE is off limits, or when this START header is not present.
=================================

My dilemma is that in LV, I do not see what is happening in the TCP server or
Client TCP live.

Any suggestions will be appreciated.

JIM

As said Miha, a TCP connection should not lose all the data (not in silence, at least), but from your description, I understand that you can't really control the implementation of intellectual property.

Since it is a data flow, you can probably is just read N bytes each time (say 200) and simply pass a buffer of the last N * X bytes. Then you can check the data in this buffer. If you are absent LEMAITRE bytes for some reason any (and you don't mind losing all the data package), you can simply look at the end of the message, check what follows, it is the correct start of message and just continues from there.

WHY I CANT WATCH VIDEO STREAM

CANT PLAY VIDEO STREAM IT CONTINUES by SAYING ME Windows Media Player cannot play the file. The player might not support the file type or does not support the codec used to compress the file.

Hello

Welcome to the Microsoft answers site!

This problem may occur,

(a) the file type is supported by the drive, but the file was compressed by using a codec that is not supported by the player.

(b) the file might have been encoded with a codec that is not supported by Windows Media Player. If this is the case, Windows Media Player cannot play the file.

I suggest you try the following steps:

Step 1: First, check to see if Windows Media Player streaming video settings is enabled. To do this, follow the steps below:

(a) open Windows Media Player and click on organize.

(b) go to options and select the network tab.

(c) under the network tab, select all the boxes to check and try.

Step 2: To determine what codec was used with a specific file, play the file in the player, if possible. When the file plays, right click on the file in the library and then click on properties, the file, look at the Audio and video codec codec.

Step 3: download and install the Codecs:

Follow these steps in Windows Media Player:

(a) click the arrow below the now playing tab, and then click Other Options.

(b) on the Player tab, select the check box automatically download codecs .

http://Windows.Microsoft.com/en-us/Windows-Vista/codecs-frequently-asked-questions

(, Read the player always try to download codecs automatically?)

Step 4: when you open Windows Media Player next, the option plan you will find the stream menu bar. In the menu bar of data flow, please apply the settings you want to the stream and the video game under streaming options.

If this does not match the type of video file that you are trying to replicate with windows media player default programs.

You can make the default program using set Associations.

(a) open default programs by clicking the Start button, click default programs.

(b) click on associate a type of file or Protocol with a program.

(c) click on the file type or protocol that you want the program to act as the default value.

(d) click the program of change.

(e) click the program that you want to use by default for the selected file type, or click the arrow next to other programs to show other programs. (If you don't see other programsor your program is not listed, click Browse to find the program that you want to use and then click Open. If no other programs are installed that are able to open the type of file or Protocol, your choice will be limited.)

(f) click OK.

Step 5: Configure the protocol settings

To change the Protocol for the player settings

(a) click the arrow on the reading tab, click More Options, and then click the network tab.

(b) make the desired changes.

(c) If you disable the TCP , or if your firewall TCP stream blocks box and the player are configured to use the RTSP protocol, the player will try to receive the streams by using the UDP protocol. If you also clear the UDP check box, or if your firewall blocks broadcasts that use these protocols and the player is configured to use the RTSP protocol, the player will try to receive the streams by using the HTTP protocol.

http://Windows.Microsoft.com/en-us/Windows-Vista/which-protocols-does-Windows-Media-Player-use-for-streaming

Now, check if the problem is resolved.

Please see the link below for your reference:

http://support.Microsoft.com/kb/911710

Thank you, and in what concerns:

Ajay K

Microsoft Answers Support Engineer

Visit our Microsoft answers feedback Forum and let us know what you think.

Need help on TCP/IP port multi Client-Server

Hi all, I'm trying to develop a client-server application to disseminate data on a few numbers of random ports (defined by myself) to the data on the server TCP stream (IE another computer) in LabVIEW. So far, I created my app using the examples OR for 'Simple Client + Server data' and it works fine. I also understand that VI 'TCP Listen' could not listen to the TCP 1 connection only and a way around this is to use the idea of queues to receive & process the incoming data. The disadvantage of the idea is that the 'port' basic (IE original port) must be the same (on each client TCP) with the TCP server and it is not suitable for the use I have planned.

Basically on the side of TCP server, I need to graph/control data on different port numbers that are currently broadcast in real time to client TCP one computer. Is this possible in LabVIEW?

Anyone (gurus OR incl.) advise and point me in the right direction?

* lost *.

Hello

http://zone.NI.com/DevZone/CDA/EPD/p/ID/2739 Here you can download this component. But you can also use the TCP icons which is available in the data communications > Protocals > TCp for communication and to read and write data using flattened string Variant. I have attached a small example where I'll copy a constant string to the PC to check the connection between the client and the host server. Hope this helps you.

SPA112 & SIP122 - bytes of garbage sent using the SIP over TCP

Because the port UDP 5060 is blocked in my case, the SIP over TCP is a good solution for me.

But when I put SPA112 to use SIP over TCP, the server record is still broken.

(I used the version of the firmware is latest: 1.3.3 but older versions has the same behavior.)

After capturing packets, a problem is found:

Each time before SPA112 has sent a message to register, there were 9 frames of data sent before him.

Each frame has 20 bytes, and the content is the same.

The 20 bytes has a motive: the first 4 bytes is always 00 01 00 00.

So come with 4 * 4 bytes, for example, d8 22 6 b 17 d8 d8 d8 22 6 b 17 22 6 b 17 b 22 6, 17

So, in the stream TCP, the register message is like:

....."k.." k.. » k.. » k......"k.." k.. » k.. » k......"k.." k.. » k.. » k......"k.." k.. » k.. » k......"k.." k.. » k.. » k......"k.." k.. » k.. » k......"k.." k.. » k.. » k......"k.." k.. » k.. » k......"k.." k.. "" k... "k.NOTIFY sip:sip.callwithus.com:5060 SIP/2.0

Via:...

The server responded immediately "SIP/2.0 484 address incomplete."

Then send SPA112 record message again, this time it succeeded and the server response "SIP/2.0 401 Unauthorized '.

Seems good.

Subsequently, SPA112 has sent a new message digest information register but the bytes of garbage appeared again.

Is there any configuration on this bytes of garbage?

It seems that you hit the Nice firmware bug. I can tell you what I see in captured TCP stream.

Your client is connected to the SIP server, but it is not start sending SIP messages - it STUN via the stream instead. You caught "STUN Binding request" nine times before the first SIP package. And an another STUN is tried before the second REGISTER.

This is a bug with doubt - STUN have nothing to do in the stream TCP SIP. As the switch waits for the SIP packets, it is confused by byte STUN causing packets SIP to be misunderstood and rejected.

Unfortunately, I have no idea how to report a bug in firmware to Cisco, unless you are willing to pay for it.

On the other side, it would be that hard to solve the problem. Just disable the STUN.

Thread mark as answered if it solves your problem, it will help others to find solutions.

sign documents with digital signatures with Adobe Reader DC

We use the Adobe reader dc for signing documents with digital signatures, but does work well for us.
Use the digital signature, we have configured so that whenever you use for pin code request. The problem is that when you sign a document with Adobe Reader DC the first time, we used the firm asked the PIN, but the following documents signed what it does is it adds the signature pin, but he does not ask why when valid certificate is not valid.
Can you help me to always ask the pin code when you want to use the digital signature to sign the document?

Hi Jumitere12,

Whenever you sign a PDF by using the digital ID, you will be asked to enter in the PDF file. KB doc. using Acrobat help. Digital IDs

Kind regards
Nicos

Why you can't sign a PDF file?

I don't understand why Acrobat DC does not have to electronically sign PDF Forms. Many forms have fields to fill and a signature field that is not complete. Why Acrobat DC not allow sign these? When I try it says 'this form does not allow you to drag and drop the saved information.

Hi badly drawn Boy.

If this happens with PDF files with form fields and no signing these documents must be created using application LiveCylce Designer. Please check the properties of the document for the same thing. If they are created using the LC designer while we can use fill & sign for her.

Thank you

Abhishek

problem with multiple digital signatures by deactivating the fast web view

Hello, I use acrobat pro 9.1 and have questions regarding a problem with several signatures on a pdf document.
Why I ask the question below? My job is to prepare PDFs for submission to the FDA. The FDA requires, among other things, the documents submitted electronically have quick view active web.
I am currently exploring ways to use digital signatures to sign pdf reports and always make sure they are spec FDA compliant. My question concerns a document which would have several signature fields. What I do, it is to create at least two signature fields in the doc and then save and optimize everything for fast web viewing. When I connect the first box and save, the file retains the fast web view state. Yet, when I apply and signatures past one, the file is then left for quick web display with no obvious way to turn it back on. I'm confused as to why it gets disabled after the second, and not just after even the first condition has been signed. And, of course, I would like to know if it is possible to maintain the fast web view and how to do it. I will gladly accept "tinker under the hood' suggestions file if they exist as well.
Please let me know if something is not clear or you would like more information.
Thanks for your time and your help.
~ Vlad

Hi Vlad,

Real Michael has got the right answer. A "Linearized" file (which is a file that has been optimized for fast Web view) aims to get the first page to display as soon as possible so that you can start playing without waiting for the rest of the file to download. Incidentally, the first designated page should not necessarily be page 0 (use of PDF has zero according to the pages counting system), but it usually is. The PDF specification, "the main objective of linearized PDF is optimized PDF documents viewing read-only. It is expected that the linearized PDF generated once and read many times. Incremental update is still permitted, but the PDF is is more linear and subsequently is treated as ordinary PDF. »

When you open a PDF file the first time that the backup process is a full 'save', it is the whole document is rewritten, so there is no more than two percent markers EOF (end-of-file) inside. The first expressions of folklore means what page to see the first and the second EOF designates the end of the rest of the file (so the browser knows when to stop downloading). However, when you add a second signature (or even longer) the file is saved as a "record growth" and new data is appended to the original file. It is that you can do a restore to the previous signed version and allows Acrobat/Reader verify the integrity of each signature regardless of any other signatures. It's the incremental save, breaking the linear optimization of the file.

Steve

Percentage of the processing load = 100

Hello

The guys I worked with 3 IPS 4260 2 and a 4270 yesterday, I noticed that the Inspection is RED. On the 4260 is the responsibility of the inspection.

SJDetec1 # sh - virtual statistical sensor | Load Inc.

Percentage of the processing load = 99

On the 4270!

DCDetect1 # sh - virtual statistical sensor | Load Inc.

Percentage of the processing load = 100

DCDetect1 engine # sh - statistical analysis

Statistics of scan engine

Number of seconds since the start of service = 174759

The TCP connections followed by second rate = 0

The rate of packets per second = 4711

The number of bytes per second = 8402

Statistics of receiver

Total number of packets processed since reset = 823334516

Total number of IP packets processed since the reset = 822979042

Statistics of the issuer

Total number of transmitted packets = 823478816

Total number of packets rejected = 0

Total number of packets reset = 0

Fragment reassembly statistical unit

Number of fragments currently in FRU = 0

Number of datagrams in FRU = 0

Stream TCP reassembly statistical unit

TCP stream currently in the embryonic State = 0

TCP stream currently in the established State = 0

TCP stream currently in the closing state = 0

TCP stream currently in the system = 0

The TCP packets currently queued for reassembly = 0

Signature database statistics.

Total active nodes = 16115

Nodes matching the IP addresses and the ports TCP = 3438

Nodes matching the IP addresses and the two ports UDP = 29

Nodes matching the two IP addresses IP = 1715

Statistics for Signature events

Number of SigEvents since the reset = 153308490

For example in the 4270 we cross almost nothing the sensor... And his works not in mode Supreme. Why is the burden of Inspection that high? In the 4260 is the same... It works in mode Supreme... There are alarms for packets missed as well.

I was see several discussions for the same reason, but none has a solution. The problem with the inspection workload is random. During the day, sometimes it high and sometimes low.

Cisco Intrusion Prevention System, Version 2.0000 E4

Update of signature S499.0

Any notice will be really appreciated.

Diego.

Hi Diego,.

I would go ahead and open a TAC case at this stage we take a glance.

Best regards

JT

Firefox abandons his silently http request within 60 seconds
- Summary
Firefox abandons its http request in nearly 60 seconds (period till)
waiting time varies) and says nothing to users. This has happened at a time of
Nginx and Apache.
- Environment
Client browser: Firefox 35.0.1
Client OS: Windows 7 Enterprise 32-bit SP1
Web server: Apache 2.2.3 - 91 & 1.6.2 - 1 of Nginx
Server operating system: CentOS 5.11
PHP: 5.3.3
FastCGI: spawn-fcgi(3) - 1.6.3 - 1
- Description of the problem
I noticed that nginx record 499 http response code so often.

Nginx is used almost only to two web applications, one based on PHP
and others on ruby. We encounter this problem in both applications. The server and the client PC belong to the same subnet.

Since last month, nginx logged 624 errors for Firefox and 16 others
browsers (IE, almost).

For the test, so I wrote a simple PHP (see bottom of article) and I tried to access
Thanks to these two Apache and Nginx with 35.0.1 Firefox and IE 11. IE11
waited for 120 seconds and returned html successfully through two nginx
and Apache, but Firefox has failed or the other.

Let me describe the behavior of Firefox.

1. Enter the test php url in the address bar, and then press ENTER.
2. the message "waiting for response from the server" appears in the status bar for a while.
3. watch the conversation network through Wireshark, signals 'Keep Alive'
are repeated several times between server and client, and after that,
4. the message disappears. 'END' signal is sent to the server, the client, just after that. Firebug newspapers 'Aborted' to the almost at the same time.
5. the responses from the server ' END ACK.

There is a difference of bit with nginx and Apache behavior after ' END
ACK "."

A.Nginx

Nginx logs '499' error and end the conversation immediately.

B.Apache is not connect anthying at this stage. After 120 seconds (sleep timer
in PHP) of the request, it returns html expected. Of course Firefox doesn't make it, but I could confirm both request and response of the "Follow TCP Stream" of Wireshark function. Finally, it is saved with the http status code 200 to the httpd log file.

I repeated this test several times. Actual expiration time varies from 22
70 seconds but the results are the same.

To my knowledge, the browser should display "timeout error".
After such a situation, but it only shows nothing. If the end user does not
find out what happened.

---
- What I tried to solve the problem
- Disable all other than firebug extensions.
- 'network.tcp.keepalive.enabled' set to false in: config.
- the value "network.http.spdy.enabled" fake, too.
- the "network.http.response.timeout" value 0.
- Mobile IPV6 and DNS prefetch, seeing what follows to help.
https://support.Mozilla.org/en-us/KB/websites-Don
- past Timeout to 0 to http.conf to apche.
My goal is to make our web applications to work correctly in our work environment. I have recommended Firefox to colleagues because it was a very cool application. Change the default brawser is a nightmare for me. Any suggestions are welcome.

---
< php test >
Sleep (120);
echo time();

Dear jscher2000

I saw your site with my Firefox twice and there is no expiration time. After 120 seconds, Firefox has made text "sleep 120 seconds before generating the HTML."

If this isn't the problem in Firefox, but our network or server or both of them.

Thanks to you all. I will try to pinpoint the cause of our problem.

Connection stuck when connecting over BES/MDS

I have an application called customer MC (later called 'client') who uses a socket connection to communicate with a server, the controller of Mobile (later called "controller").
The connection is used to exchange information of signaling for control of calls, instant messaging and presence information and uses the SIP protocol.
There are two ways how I can connect the Client to the controller:
-Direct TCP (with a configured APN)
-WIFI
BES/MDS

While the first two modes operate smooth we are facing problems with the connection on the SDM service method.

The client uses the deviceside = false parameter to initialize the socket via the MDS Server connection.
We did several tracks on the controller and the client and have the impression that the TCP stream is somehow blocked on the BES between the customer and the controller.

Following things that we discover that day:
-The TCP connection negotiation works very quickly. Handshake ACK SYN, SYNACK, is always quick.
-The data channel itself seems to block / latency of data.
Initially the application did not send data in decision-making, that data was sent to the origin of the side front controller. I worked around this by sending a single packet of data to the stream with data fictitious "\r\n" on the controller to the client directly after the establishment of the connection.
In this way a steam machine is usable by the customer immediately, but after two messages flow seems to block again.

I use Windows Server 2007 SP2 64-bit with a BlackBerry® Enterprise Server Express version and an SDM connection BlackBerry Service: 5.0.1.39

Description of the scenario:
[13:40:21.737] Client send data first Packet 'REGISTER'
-Package is received the controller and responded with "401 Unauthorized" immediately after 15.8 msec (see trace packet)
[13:40:25.619] Client receives the '401 Unauthorized '.
-Package comes a little late, but still in time (after 3.8 seconds)
[13:40:26.054] Client sends the REGISTRY with the authorization response
-the second package never reaches the controller, the connection has expired

The Server BES itself seems to be functional, since other applications like e-mail or the SSH of Rove client seem to work well.

-Is it possible to influence the BES server how packages for a socket MDS connection are transferred? Is there a good way to solve the problems on the BES Server?
I look in the newspapers, the more information I can find a connection is opened and closed again.

Any tips?

I finally found a solution for this.

We have modified the client application to do a function flush() after writing in the stream object.

Looks like there is a mayor unlike the behavior of the object of the steam of a plug.

With direct TCP and WIFI all data are send immediately, whereas with the MDS connection all gots queued for the seconds until a flush() function is made.

So remember: when using the socket via MDS connection allways drain when using the communication of critical data in time.

How can you deny the applications of p2p with an INLINE

With an online solution, what is the best way to deny source IP addresses p2p connections? There are several choices.

deny-attacker-inline - not to transmit this package and future packages from the address of the attacker for a period of time.

deny connection-inline - not to transmit this package and future packets on the TCP stream.

deny-package-inline - not to transmit this package

deny-attacker-victim-pair-inline - not to transmit this package and future packages on the pair of addresses abuser/victim for a specified period.

deny-attacker-service-pair-inline - not to transmit this package and future packages on the pair of port attacker address victim for a specified period.

We want to refuse the connection for the p2p application but quite not to deny the source.

If the Signature is using a TCP database engine then I would use deny connection-inline. If the Signature uses something like UDP, it would be preferable to use deny-package-inline.

Hope that helps,

Jonathan

Signature 1315 - ACK TCP Stream w/o - why alert?

Similar Questions

Maybe you are looking for