Category: Networking

On November 15, 2018, Norton ConnectSafe service is being retired or discontinued meaning the service will no longer be available or supported. You may continue to use ConnectSafe until November 15, 2018.
AntivirusmacbookModemsNetworkingRouters

Your Internet May Be Going Down Because Norton ConnectSafe Is Retiring

Hello, World! Your Internet connection may be going down this November 15, 2018 onward if your devices are connected to the internet via Norton ConnectSafe’s DNS IP addresses and you do not have a secondary DNS in place. The announcement is currently displayed at https://connectsafe.norton.com/configureRouter.html with a link to this FAQ that hopefully will answer most of your questions.

The DNS IP Addresses you need to check for and change from are any pair among the following:

  • 199.85.126.10
  • 199.85.127.10
  • 199.85.126.20
  • 199.85.127.20
  • 199.85.126.30
  • 199.85.127.30

If you changed your DNS, you probably know already which one you want to go to next. If you have no idea and need some time to investigate, you can either remove the DNS settings that you have in your device (computer or mobile device) and therefore default to your Internet Service Provider’s DNS settings or you can temporarily follow this How-To Geek article that offers step by step instructions on how to change your DNS to OpenDNS’ or Google’s if you trust these two tech companies.

Alright, you are now in the know, friend!

Advertisements
GoogleLittle TipsMalwareNetworkingSecurity

And That Is How Your TV Is Watching You

Have you ever heard of the term “idiot box?” Maybe they are not that dumb? Smart TV’s are able to watch you watch TV and learn about the devices on the same network in your home. By the way, even if you had never heard of the idiot box term, I am sure you can easily guess that it is the North American word for a television set. At least, that is what Google seems to believe.

idiot box definition by Google

In fact, search of “define idiot box” yielded the definition “a television set.” Marriam-Webster seems to agree as well.

Back to our point, though. Your Smart TV has been reported to spying on you with your consent but, if you are like the majority of Smart TV owners, without your knowledge. So, go ahead and read up on these stories about what Samba TV does with your data and what bad hackers could trick your device into doing. Armed with this knowledge, you will at least be able to understand how in the world did that company know to advertise this or the other product to you.

Local Session Manager
Little TipsNetworkingRDS - Remote Desktop ConnectionWindows Server Tips

How To Find Out All Remote Desktop Logon Sessions That Took Place On Windows Server 2012 R2

The first time I used these logs is when I was running an audit to figure out whether a specific user has recently accessed my server using Remote Desktop Connection.

In order to identify who has recently had a full session remotely running on your server, you: look at the events located at these two places:

Event Viewer > Application and Service logs > Microsoft > Windows > TerminalServices – Local SessionManager > Operational

and

Event Viewer > Application and Service logs > Microsoft > Windows > TerminalServices – RemoteConnectionManager > Operational

To have any events logged in here, you have to at least have these things in place:

  • You must be running the Windows Feature AppServer (Terminal Services Application Server)
  • The specified logs must be enabled.

With these conditions in place, these logs show give you the user names and computer names of all Remote Desktop sessions that have taken place between your computer and other client devices for a certain duration of time. Of course the length of the log depends on the properties you have set for the logs (e.g. Enabled logging, Maximum log size, what to do when maximum event log size is reached, etc.).

Please note that these logs can also be used to diagnose and troubleshoot RDS sessions that disconnect in an apparently random way.

One other place you can check is your Event Viewer > Windows Logs > Security which should have audit log of successful and failed logons if you had activated the “Audit logon events” in Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > Local Policies > Audit Policy snap-in.

Finally, a rather simple way you can go about it is by using the command line as an administrator and typing the following command (more about it at the Windows Command Line reference below):

net user  username | findstr /B /C:"Last logon"

Do you know of any other ways to achieve this audit? Please let us know in the comment section.

Some other useful resources include:

Wi-Fi Protected Access II (WPA2) Vulnerability Paper
AntivirusMalwareModemsNetworkingRouters

Wi-Fi Protected Access II (WPA2) Vulnerability – All Your Wi-Fi Devices Might Need A Security Patch

UPDATE3: On a website dedicated to the “Key Reinstallation Attacks,” https://www.krackattacks.com/, the researcher who brought attention to this vulnerability describes what it is, presents a demo of the attack against an Android device as client, and suggests practical steps in a rich Q&A article.

UPDATE2: More companies have updates available. Microsoft also has released an update for client devices. (Source: Pileum Corporation)

If you have a Meraki access point, they have released a patch to address this issue. See below link for more information.
If you have an Aerohive access point, they have released a patch to address this issue. See below link.
SonicWALL has announced that their firewalls and access points are not vulnerable to the flaws in WPA2.
Cisco has released patches for some of their products that are affected. You can check for those products and updates as they are released here:
Microsoft has released a patch that provides additional protection on the client workstation. We recommend that this be installed on all workstations immediately.

UPDATE1: Several Wi-Fi AP manufacturers have started developing and releasing Updates. Please check the CERT website below for updates. One of the most recent ones is Meraki access point.

In a research paper titled “Key Reinstallation Attacks: Forcing Nonce Reuse in WPA,” Leuven, Belgium researchers Mathy Vanhoef and Frank Piessens just proved that WPA2 handshake traffic can be manipulated to induce nonce and session key reuse. Here is an overview of the announcement from CERT:

Wi-Fi Protected Access II (WPA2) handshake traffic can be manipulated to induce nonce and session key reuse, resulting in key reinstallation by a wireless access point (AP) or client. An attacker within range of an affected AP and client may leverage these vulnerabilities to conduct attacks that are dependent on the data confidentiality protocols being used. Attacks may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast and group-addressed frames.

The simplest solution is to install updates provided by your Wi-Fi device vendor.

More on this here:

Find Your historical DNS record
NetworkingRouters-Modem-FirewallsWeb DevelopmentWordPressWPEngine

How To Find My Old DNS Information Or DNS History

Ever been stuck in a situation where you cannot remember what your last DNS* information was? This may happen while migrating a site from one hosting provider to another, a domain from one registrar to another**, or any of the possible playing around you could find yourself doing with your DNS.

You may easily remember your CNAME records, but trying to find what your SOA, NS, A, AAA, MX, or TXT records*** were in the past can be a tricky exercise unless you are familiar with some really cool tools online like DNSTrails. I just used this tool a few minutes ago and it saved me from a lot of frustration as I wanted to temporarily revert my DNS records to what I just had deleted from my domain registrar.

I am sure there other tools out there, but this one just served me well, so I thought to share the insight with you!

Oh, also, if you ever want to temporarily make your computer point to a specific DNS setting for a specific domain, here are some useful resources:

  1. The Host File Trick on Mac and PC by WPEngine
  2. Editing the Host File on Mac OS X Leopard by WordPress

Finally, just for the sake of completion. Another site I really like is MX Toolbox, this online tool will help you check the propagation status of your DNS, MX, and other Records.

 

——

*DNS means Domain Name System

** Yep! That is actually possible! Just ask your current registrar how to migrate your domain
*** CNAME stands for canonical name and serves to make a domain an alias of another domain, MX stands for mail exchange and lists the mail servers that are to be used for a domain, NS stands for name server and tells which Name Server is authoritative for a given domain, SOA stands for State Of Authority and keeps up with when the domain was last updated and other similar information, A stands for address and is the IP of a given domain, AAAA is an IPv6 address records corresponding to a 128-bit IPv6 address while other addresses are mapped for 32-bit IPv4 addresses, TXT is a way for the domain administrator to enter any text into the DNS record. More on this at PCNames.

Little TipsNetworkingPrinters and DevicesWindows 10 Tips

ControlCenter4 error CC4-202

How To Get Here

So, there you are with your brand new Brother (e.g. a Brother MFC-L58000DW Series) multifunction (all-in-one) printer, scanner, and fax trying to scan a file from the Device (the scanner itself) to a PC, e.g. a Windows 10 PC.(Jump to Solution Options)

You go the usual way and click Scan to PC, but after you select which PC to scan to, nothing major happens on the scanner. The paper is not drawn into the wide open mouth of your scanner. Instead you scanner’s little LCD sits there telling you to check your firewall settings to allow communication between this scanner and your PC. Maybe you even go and disable your firewall on the PC or do something just as useless and dangerous.

Eventually, you decide to Google this and find this note I wrote to myself (and now to you). Ok, enough rambling, the solution is simple. Well, if the first solution works. Because, otherwise there are 4 to 6 other possible solutions, some more difficult than others. I will list them here, but you can find more details from the source article on Brother’s official website*:

Possible solutions**

Option 1: This solution is for Network Users Only (Machines that have a built in network card only): if you are connected to two different networks at the same time (e.g. Wi-Fi and Ethernet), disable one of them to keep only the one on which the printer can also be found. Then try to scan from the Brother Device and watch for the error message. You may need to restart your computer and check your network to confirm you are still connected to only one correct network.***

Option 2: For Network Users with only one network connection. Hunt down the TWAIN file labeled Twain001.Mtx and delete it (I would first just move it to another location until I determine that this is the solution that works for my case) from your AppData\Local\Temp folder which itself can be found inside your current user folder. Please note that you might need to unhide the AppData folder first. Restart your computer and test the scanner. If you continue receiving the same error message. Check if Option 3 is you case.

Option 3Download and run the ControlCenter4 Update Tool. If you are not of any of the previous two options, you may need to update your Control Center. You should be able to find the ControlCenter4 update tool on Brother’s Downloads page. Install the update tool, run it, restart your computer when prompted and then try to scan again.

Option 4: Reinstall the Brother MFC Pro Printer Utilities program. You can do so using the Uninstall program that is furnished by Brother together with the Printer Utilities software. Restart your computer then reinstall the Brother MFC Software from the original CD. You can also download the Full Driver and Software Package ( please navigate to their downloads page) from their site and install it. Try your scanner after the new software product is installed.

If the problem persists. Try to get in touch with your network administrator or with Brother, the company that produces your printer. You could also just stick to start your scans from the PC until a solution is found.

Disclaimer: *Try at your own risk. **I wrote down these steps as I learned them from Brother’s official site and am not intending to appear as the author of the above troubleshooting steps. ***THIS SOLVED MY ISSUE

NetworkingWindows Server Tips

Can’t Find Server in Network

You have installed Windows Server 2008 R2, you have installed the application you want to make available to multiple endpoints on your LAN (Local Area Network), and you have even created your Share on the server. Good!

Then comes the time to setup the endpoints or client computers that will consume your application, but there is one problem, Ma’am/Sir! You cannot find the Share on the network. In fact, you cannot even find your server on the network!! What do you do?

You go to your Services on the server and enable the service named Computer Browser. This service is disabled by default. So, turn it on and you are good to go! Go check on the endpoints’ list of network devices on your LAN and you should see your server there. If you do not, please leave a comment here.

Some external help here from the people at Websense:

1.Make sure that Windows Network File Sharing is enabled.
  a.Go to Start > Network > Network and Sharing Center.
  b.In the Sharing and Discovery section, set File Sharing to On.
2.Go to Control Panel > Administrative Tools > Services.
3.Double-click Computer Browser to open the Properties dialog box.
4.Set the Startup type to Automatic.
5.Click Start.
6.Click OK to save your changes and close the Services dialog box.

And from the people at Microsoft Technet.