The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,839 other subscribers

Archive for the ‘Network-and-equipment’ Category

« Previous Entries
Next Entries »

Windows 7..10: disable shutdown/hibernate/sleep/restart from UI

Posted by jpluimers on 2019/02/18

I needed this for the Windows 10 machine of my mentally retarded brother: WoL (wake-on LAN) for his machine always works when it is in sleep or deep sleep mode, not every now and then fails when fully powered off.

After it is disabled in the UI, you can still perform it with [WayBackshutdown.exe, so I added these shortcuts first:

Disabling the Shutdown related actions in the UI consists of two steps:

  1. Removing it from the logon screen using the registry
  2. Removing it from the user using gpedit.msc (which is wrapped in mmc.exe)

I will try to get the registry changes for the second using [WayBackRegFromApp – Generate RegEdit .reg file from Registry changes made by application (thanks [WayBack] magicandre1981 for suggesting that at [WayBackwindows – How can I use Process Monitor to detect register changes made by GPEdit modifications? – Super User).
The wrapping mmc.exeis easiest to obtain using Process Explorer, and RegFromApp likely needs to run in elevated mode.

If that fails, I can try Process Monitor as suggested by [WayBack] Tom Wijsman in [WayBackcommand line – Change group policy using windows CMD – Super User.

The reason for the above is that I want to avoid UI based modifications that are hard to script.

Remove Shutdown options from the logon screen

This is just the registry setting below.

It also removes the reboot/hibernate/sleep options from the logon screen, so you need shortcuts for that.

Remove Shutdown for the regular users UI

This can be done using either gpedit.msc (Group Policy Editor) drilling down to the local policies or secpol.msc (the Local Policy Editor):

  1. Drill down to
    1. Local Policies
    2. User Rights Management
  2. Double click Shut down the system
  3. Remove the groups you don’t want the system to shutdown
  4. Press OK to confirm

See the video below how.

I’ve removed the group Users and kept the group Administrators to allow ShutDown.

Administrators now do need to execute the above commands (for instance shutdown.exe /h /f) in with an UAC administrative token enabled!

If you do not want that, add the users that can perform Shutdown commands to a new group, then aadd that group to Shutdown the system.

If you want to perform this system wide for all users, then it’s faster to change the [WayBackWindows Explorer NoClose policy (see also [WayBackGroup Policy Registry Reference).

Read the rest of this entry »

Posted in Ethernet, Network-and-equipment, Power User, Wake-on-LAN (WoL), Windows | Leave a Comment »

Accessing storage (NAS) over the Internet via FTP | FRITZ!Box 7490 | AVM International

Posted by jpluimers on 2019/02/13

Of course you don’t want this. So by the time you read this, the connection has been closed.

For testing some Internet of Shit stuff from a client that cannot do SFTP, I needed a temporary FTP accessible connection.

These links helped:

TL;DR:

  1. Preparing the USB stick:
    1. Ensure the USB disk is FAT/FAT32/NTFS
    2. Create a directory in the root of the USB disk for the FTP user (for now: FtpDirectory)
    3. Insert the USB disk in the Fritz!Box
  2. Logon to the Fritz!Box web UI
    1. Configure a user for FTP:
      1. In the menu, go to System, then FRITZ!Box Users
      2. Click Add user
      3. Name the user (for now: MyFtpUser)
      4. Ensure that user *only* has a checkmark for `Access to NAS contents`
      5. Click the button Add directory
      6. In the popup click Select folder
      7. Choose the FtpDirectory you just made
      8. Click OK
      9. Ensure the read and write checkboxes are enabled
      10. Click OK
    2. Configure the USB stick for FPT access
      1. In the menu, go to Home Network, then USB Devices
      2. Observe if the device is visible and has the correct file system (if not: ask AVM)
      3. In the menu, go to Internet, then Permit Access
      4. Click on the FRITZ!Box Services
      5. Ensure there is a checkmark at Internet access to your storage media via FTP/FTPS enabled
      6. At TCP Port for FTP/FTPS, fill in 21 (many IoT devices cannot use a different port)
      7. Ensure there is *no* checkmark at Allow only secure FTP connections (FTPS)
      8. Make a note of the value after FTP address (something like ftp://example.org:21`)
      9. Click Apply
  3. Test

–jeroen

Posted in Communications Development, Development, Fritz!, Fritz!Box, FTP, Internet protocol suite, IoT Internet of Things, Network-and-equipment, Power User, Software Development, TCP | Leave a Comment »

Link archive: ASUS MN78 PRO URLs

Posted by jpluimers on 2019/02/08

Since my brother has this motherboard: M4N78 PRO GREEN.

It does WOL, but doesn’t always wake up when powered down.

–jeroen

ASUS Serial 93M0AI195747; Part 90-MIB7C0-G0EAY00Z; M4N78 PRO GREEN; UPC 61083916977; EAN 4719543169773

Posted in Ethernet, Hardware, Mainboards, Network-and-equipment, Power User, Wake-on-LAN (WoL) | Leave a Comment »

Installing as a LAN -> WiFi bridge: FRITZ!WLAN Repeater 1750E

Posted by jpluimers on 2019/01/21

I have a bunch of [WayBackFRITZ!WLAN Repeater 1750E | Overview | AVM International devices; this is the quickest way to install them as LAN -> WiFi bridge (connect ethernet to your LAN; use the WiFi as a bridge).

  1. Connect the FRITZ!WLAN to your LAN
  2. Connect the FRITZ!WLAN to power
  3. Connect your laptop to the WiFi SSID FRITZ!WLAN Repeater 1750E with password 00000000 (that eight times a zero)
  4. Set your laptop with a fixed IP address 192.168.178.127 with netmask 255.255.255.0 and gateway 192.168.178.2 for WiFi.
  5. Connect to your FRITZ!WLAN at http://192.168.178.2
  6. Setup your FRITZ!WLAN for the first time (password, country) and have it reboot
  7. Logon to the FRITZ!WLAN
  8. Change the WiFI password and the SSID for 2.4 Ghz and 5.0 Ghz channels (I use a different SSID for both as many Fritz!Box devices have both bad 2.4Ghz performance and a hard time to automatically switch from 2.4Ghz to 5.0Ghz on the same SSID automagically).
  9. Change your laptop to use DHCP on WiFi
  10. Reconnect to the Fritz!Box with the new SSID and password

–jeroen

Posted in Fritz!, Fritz!WLAN, Internet, Power User | Leave a Comment »

Raspberry Pi cannot be woken up by WOL, but it can send, and there is Whack-on-LAN

Posted by jpluimers on 2019/01/17

Cool stuff if you want to make your own WOL devices out of spare parts.

From old to new:

They can be woken up by anything sending magic WOL packets, including Raspberry Pi (which cannot be woken up by them, though you could use a Whack-on-LAN for that).

Basically the Raspberry Pi cannot be woken up with WOL because of a few reasons:

  1. The ethernet chip is connected over USB so it cannot pass the WOL result further on.
  2. If it could, there still is no BIOS to process the WOL result.
  3. When it is halted but has power, the CPU isn’t active. The GPU is, but cannot process the WOL.

It can be a WOL server though: [WayBackRaspberry Pi As Wake on LAN Server: 5 Steps (with Pictures)

–jeroen

Posted in Development, Ethernet, Hardware Development, Network-and-equipment, Power User, Raspberry Pi, Wake-on-LAN (WoL) | Leave a Comment »

Tools for TCP tunnels over HTTP/HTTPS

Posted by jpluimers on 2019/01/16

With the advent of WebSockets, it looks like TCP tunnels over HTTP/HTTPS are gaining more ground and I need to put some research time in them.

Some old to new links:

CONNECT requests are not supported by many HTTP proxies, especially in larger organisations, so chisel and crowbar have a much bigger chance there.

And of course there is SoftEtherVPN/SoftEtherVPN: A Free Cross-platform Multi-protocol VPN Software. * For support, troubleshooting and feature requests we have http://www.vpnusers.com/. For critical vulnerability please email us. (mail address is on the header.).

However, that is a VPN solution which is much broader than just a single TCP tunnel. You can so similar things with OpenVPN, but over HTTP/HTTPS, also requires CONNECT:

SoftEtherVPN seems to be more versatile though. I blogged about that before, but back then didn’t have needs for it yet. VPN over HTTPS: Ultimate Powerful VPN Connectivity – SoftEther VPN Project.

–jeroen

via: [WayBackVPN through only http – Server Fault answer by [WayBack] neutrinus

Posted in Communications Development, Development, HTTP, https, Internet protocol suite, Network-and-equipment, OpenVPN, Power User, TCP, VPN, WebSockets, Windows-Http-Proxy | Leave a Comment »

Reminder to self: see how widespread support for the TCP BBR congestion control algorithm is.

Posted by jpluimers on 2019/01/14

The TCP BBR congestion control algorithm was introduced in September 2016 and became available in Linux kernel 4.9 in July 2017 after being in the news for a good 5 months (see links below). It strives for better bandwidth use and lowering latency on big data pipes.

This post is a reminder myself to see how widespread that is on recent distributions for both end-user and server systems.

Via:

–jeroen

Posted in Network-and-equipment, Power User | Leave a Comment »

Strange MAC addresses starting FA:8F:CA without OUI in your network? They are Locally Administered Addresses and likely from Google.

Posted by jpluimers on 2019/01/07

A while ago, I write about Locally Administered Addresses: a few series of MAC addresses you can use on your local network: MAC address ranges safe for testing purposes (Locally Administered Address).

A while ago, I found ones in my network and ones in my WiFi SSID survey starting with FA:8F:CA. They did not show up in the Wireshark · OUI Lookup Tool nor their manufacturer database.

But with bit 7 turned off they start with F8:8F:CA which does show up as “F8:8F:CA Google, Inc.”

They appear to be Google devices, in my case Google ChromeCast ones, though they can also be Google Home ones.

Google does “magic” with networks, just look at a few of the links here:

–jeroen

Posted in Ethernet, Google, Internet, Network-and-equipment, Power User, Ubiquiti, WiFi | Leave a Comment »

No more https://www.whatsapp.com/cidr.txt

Posted by jpluimers on 2018/12/11

Not sure when this happened but the CIDR list is no more [WayBackhttps://www.whatsapp.com/cidr.txt:

Dear partners,
Please note that we have migrated the latest IP pools of WhatsApp to Facebook Mobile Partner Portal. Feel free to browse to the Settings page of the portal and download the latest WhatsApp IP pool: https://fb.me/mpp_support 
Further IP pool updates are also done through the portal and are no longer distributed via email or through WhatsApp web site.
If you have not yet registered on the Mobile Partner Portal or have difficulties accessing it - please request access through the following form and we'll be happy to assist: https://fb.me/mpp_access
For any technical requests please contact us through the Support section of the portal: https://fb.me/mpp_support 
WhatsApp team

In the past it was the place to get the CIDR so you could either block or allow WhatsApp traffic: [earlier WayBack]

It is still widely cited as way to regulate WhatsApp traffic, for instance at these places:

Time to find an automated way to get the replacement list. Maybe the below helps (via [WayBackBlock facebook messenger and whatsApp on Dlink router – Super User)

whois -h whois.radb.net '!gAS32934'

–jeroen

Posted in Android Devices, Development, Internet, Network-and-equipment, Power User, routers, SocialMedia, Software Development, Ubiquiti, WhatsApp, WhatsApp for Android, WiFi | Leave a Comment »

How to configure pfSense as multi wan (DUAL WAN) load balance failover router – nixCraft

Posted by jpluimers on 2018/12/03

This will come in useful one day:

Notes for monitoring at [WayBackMulti-WAN – PFSenseDocs: Gateway Groups

  • monitoring packet loss on ADSL is cumbersome depending on the ADSL distance
  • member down is the easiest to monitor, but on fiber can fail to detect packet loss (the connection seems online, but in fact doesn’t provide traffic)

–jeroen

Posted in Internet, pfSense, Power User, routers | Leave a Comment »

« Previous Entries
Next Entries »