The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,829 other subscribers

Archive for the ‘Network-and-equipment’ Category

Did not realise that a 2018 Mikrotik vulnerability made it to the top of the CBL (SMTP composite black list) warning page for quite some months as the first ever device

Posted by jpluimers on 2021/07/02

Having it accidentally made it to the CBL (Composite Blocking List – Wikipedia) a long time ago, I discovered the page started with (WayBack link mine):

IMPORTANT: Many CBL/XBL listings are caused by a vulnerability in Mikrotik routers. If you have a Mikrotik router, please check out the [WayBack] Mikrotik blog on this subject and follow the instructions before attempting to remove your CBL listing.

It wasn’t one of my Mikrotik devices, as first of all they had all being patched out of the box from a really empty internal network before being externally exposed to the internet or more busy internal networks, and second because the CBL entry was a one off on one specific day where someone used our guest network.

Some CBL entries in the range where it was displayed, quite a while after CVE-2018-14847 became public:

Read the rest of this entry »

Posted in Firewall, Hardware, Infrastructure, Internet, MikroTik, Network-and-equipment, Power User, routers, SPAM, WinBox | Leave a Comment »

Fritz!Box as DMZ behind an Experiabox version 10A

Posted by jpluimers on 2021/06/17

First of all: incoming Fritz!Box VPN behind an Experiabox version 10A fails, because the DMZ implementation of the Experiabox is faulty.

This worked just fine with the Fritz!Box as DMZ host behind a Ziggo Connectbox ([WayBack] Connectbox | Klantenservice | Ziggo).

First a few things to get regular TCP stuff to work: having your Fritz!Box as the DMZ host of an Experiabox.

I had a hart time figuring out some of them, so further below are also quite a few links just in case you bump into simular things.

  1. On the back of the Experiabox version 10A you find the SSDI and WiFi password on what appears to be a sticker, but is in fact a small piece of cardboard paper.

  2. Behind that cardboard paper is a sticker with the initial administrator password: shove out the piece of cardboard to reveal the sticker.
  3. After login (you cannot change the username, which is ADMIN or KPN) you have to choose a new password, which has these undocumented restrictions:
    • It cannot be the old password
    • The password must contain at least 1 special character (!@#$%^&*()_+|~- =\`{}[]:";'<>?,./).
    • The password must contain at least 1 number character.
    • The password must contain at least 1 uppercase letter.
    • Other restrictions I have not bumped into
  4. The default address of the Experiabox V10a is 192.168.2.254. Do NEVER change it, as KPN totally does not support that scenario and will force you to reset it before starting to help you out with anything. Logon as Administrator to the Experiabox at 192.168.2.254.
  5. Setting fixed DHCP leases was hard to find (I was looking for fixed DHCP, not DHCP reservation): Network -> LAN -> LAN DHCP (dropdown next to LAN) -> DHCP Reservation (up to 10 computers).

  6. The DMZ setting was not where I expected it: Network -> Firewall -> DMZ (dropdown next to Firewall)

 

External port checker: [WayBack] Open Port Checker & Scanner | Test Port Forwarding | Internet Protocol Tools

Related:

–jeroen

Posted in Network-and-equipment, Power User, VPN | Leave a Comment »

CloudKey ESXi Appliance – Google Search

Posted by jpluimers on 2021/06/07

Via [Archive.is] CloudKey ESXi Appliance – Google Search:

–jeroen

Posted in *nix, Cloud Key, ESXi6, ESXi6.5, ESXi6.7, Internet, Network-and-equipment, Power User, Unifi-Ubiquiti, Virtualization, VMware, VMware ESXi | Leave a Comment »

Reminder to self: get less dependent on the various clouds

Posted by jpluimers on 2021/06/04

For my link archive: [WayBack] Grote Google-storing trof Gmail, YouTube en diensten van derden – IT Pro – Nieuws – Tweakers.

It has some interesting tips for IoT video doorbell products that are less depending on single-choice clouds:

Er bestaan er minimaal eentje; smart deurbel met camera en evt speaker, eigen intern netwerk, compatible met SIP (en video), zelf verantwoordelijk voor opnamen, etc. Enige nadeel is dan wel de prijs, het is een Duits kwaliteitsproduct, dus reken rond de 350 euro voor het absolute basismodel. Doorbird heet het; oa te koop bij Robbshop en CoolBlue of direct bij de fabiraknt’s website.

 

Je moet je huis flink geautomatiseerd hebben wil je echt nut van die api willen hebben.

als je alles zelf in de hand wil hebben doe je dat ook. Je zorgt er zelf voor dat je webinterface via een externe URL bereikbaar is en dan is het enkel je eigen hardware en internetverbindingen die als SPOF dienen en je kan dan ook makkelijker van solution-provider wisselen zonder vast te zitten.

 

wellicht is dit een oplossing voor jou?

https://www.instructables…oorbell-for-Less-Than-40/

 

–jeroen

Posted in Cloud Apps, Internet, IoT Internet of Things, Network-and-equipment, Power User | Leave a Comment »

Fritz!Box repeater and other devices: “Radar detection enabled. At the moment no wireless LAN connection (5 GHz) is possible; please wait.”

Posted by jpluimers on 2021/05/31

If any of your Fritz!Box devices under “Wireless” -> “Radio Channel” -> “5-GHz band”  the indicates “Radar detection enabled. At the moment no wireless LAN connection (5 GHz) is possible; please wait.” – Google Search:

  1. Click on the “Refresh Auto Channel” button
  2. Wait until it has chosen a new 5Ghz channel
  3. Verify you can connect over 5Ghz
  4. If you still cannot connect, retry steps 1…3 once.

I had this only happen on 1750E repeaters so far, but others seem to have had it on other Fritz!Box devices as well.

In the Netherlands, potentially affected channels seem to be 52 through 140.

Related:

–jeroen

Posted in Fritz!, Fritz!Box, Fritz!WLAN, Internet, Power User | Leave a Comment »

Unifi Cloud Key: “We have detected that your SD card is missing. Please insert it and reboot your Cloud Key or disable automatic backup.”

Posted by jpluimers on 2021/04/23

Got this a while ago with 5.10.17:

“Missing SD card”

“We have detected that your SD card is missing. Please insert it and reboot your Cloud Key or disable automatic backup.”

This might be a hardware issue with [Archive.is] Ubiquiti UniFi Cloud Key, UC-CK: AmazonSmile: Computer & Zubehör

Reading the 1-star reviews, SD-card problems seem paramount: [Archive.is] Amazon.de:Kundenrezensionen: Ubiquiti UniFi Cloud Key, UC-CK.

For me, most of the times this solved the problem:

  1. Power down the Cloud Key
  2. Remove the SD card
  3. Insert the SD card
  4. Power up the Cloud Key

Read the rest of this entry »

Posted in Cloud Key, Hardware, Network-and-equipment, Power User, Unifi-Ubiquiti | Leave a Comment »

Stop FortiClient from auto-starting (as it uses a truckload of Windows resources, often including 2 gigabyte of memory for their logger)

Posted by jpluimers on 2021/04/16

I see lot’s of negative reactions on FortiClient, as it is very closed source, many intermittent issues, and is a product that tries to be a jack of all trades (over a couple of versions, in addition of being a proprietary VPN client, they started doing vulnerability scanning, interfering with anti-virus products, they blocked saving of passwords and allowing password managers to paste them, and I could go on).

Sometimes you have to use it in order to access a FortiGate based VPN server, so the best is to defer starting it until as late as possible.

Here are some links to get that configured correctly:

–jeroen

Posted in FortiGate/FortiClient, Network-and-equipment, Power User, VPN | Leave a Comment »

How to remember password in FortiClient VPN? – Stack Overflow

Posted by jpluimers on 2021/04/12

In [WayBack] How to remember password in FortiClient VPN? – Stack Overflow, the consensus seems to be “it varies, and usually is unreliable”.

Time to write a tool that snifs the Windows GUI and auto-enters the credentials.

That would be much like the Linux expect solution: [WayBack] Continuous run Forticlient VPN using expect. Automatically restart VPN if get disconnected or session closed. · GitHub

Via: [WayBack] Forticlient 5.6 – Save Credentials | Fortinet Technical Discussion Forums

–jeroen

Posted in FortiGate/FortiClient, Network-and-equipment, Power User, VPN | Leave a Comment »

Need to do some reading on local domains on the internal network

Posted by jpluimers on 2021/04/09

A long time I wondered why I saw ESXi systems on my local network have two entries in their /etc/hosts file:

[root@ESXi-X10SRH-CF:~] cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1   localhost.localdomain localhost
::1     localhost.localdomain localhost
192.168.71.91   ESXi-X10SRH-CF ESXi-X10SRH-CF

Then I bumped into someone who had a different setup:

[root@ESXi-X10SRH-CF:~] cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1   localhost.localdomain localhost
::1     localhost.localdomain localhost
192.168.0.23    esxi.dynamic.ziggo.nl esxi

So now I knew that the first entry can have a domain resolving it (it still makes be wonder why ziggo is using a top-level domain to resolve local stuff; but searching for  dynamic.ziggo.nl did not get me further on that).

So I installed a quick ESXi machine on that local network, and got the same.

When back home the machine still thought it was esxi.dynamic.ziggo.nl, though clearly I was outside a Ziggo network

I wanted to get rid of it, but that was hard.

Since I forgot to take screenshots beforehand, I can only provide the ones without a search domain bellow.

Reminder to self: visit someone within the Ziggo network, then retry.

Normally you can edit things like these in the default TCP/IP stack. There are two places to change this:

Neither of these allowed me to change it to a situation like this, but luckily the console did.

In the below files, I had to remove the bold parts, then restart the management network (I did keep a text dump, lucky me):

[root@esxi:/etc] grep -inr ziggo .
./vmware/esx.conf:116:/adv/Misc/HostName = "esxi.dynamic.ziggo.nl"
./resolv.conf:2:search dynamic.ziggo.nl 
./hosts:5:192.168.71.194    esxi.dynamic.ziggo.nl esxi
[root@esxi:/etc] cat /etc/resolv.conf 
nameserver 192.168.71.3
search dynamic.ziggo.nl 
[root@esxi:/etc] cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1   localhost.localdomain localhost
::1     localhost.localdomain localhost
192.168.71.194  esxi.dynamic.ziggo.nl esxi

Future steps

  1. Read more on local domains, search domains and related topics
  2. Configure a local domain on my local network, so DHCP hands it out, and DHCP handed out host names are put in the local DNS
  3. Test if all services on all machines still work properly

Reading list

Read the rest of this entry »

Posted in DNS, ESXi6.5, ESXi6.7, Hardware, Internet, Mainboards, Network-and-equipment, Power User, SuperMicro, Virtualization, VMware, VMware ESXi, X10SRH-CF, X9SRi-3F | Leave a Comment »

Build your own Infrared reader head for electriciti smart meters for around USD 6: haus-automatisierung.com [4K] – YouTube

Posted by jpluimers on 2021/03/24

In German, but very interesting IR-Lesekopf für SmartMeter selber bauen | haus-automatisierung.com [4K] – YouTube:

I could not find the promised follow-up video at haus-automatisierung.com – YouTube, but the manual steps and the site below have enough information for me.

Too bad the site is way to big to fully archive in the WayBack machine. I only saved the top pages:

Related: [WayBack] MQTT-Grundlagen-Kurs – haus-automatisierung.com

–jeroen

Read the rest of this entry »

Posted in Development, Hardware Development, Hardware Interfacing, IoT Internet of Things, Raspberry Pi, Software Development | Leave a Comment »