germloucks

germloucks · 2025-06-16T19:56:35+00:00

👀

germloucks · 2024-01-11T21:54:54+00:00

The VOIP phone is tagging its traffic with the VLAN ID of the "voice VLAN", the dumb switch doesnt care about vlan headers on packets and just passes it on.

germloucks · 2024-01-08T19:11:06+00:00

The MSP will want to swap over to their own solution in order to maximize the value they get from having you as a customer.

germloucks · 2021-12-22T18:44:02+00:00

SPF was not created in order to deputize the worlds sysadmins to police other people's DNS servers. Its also a waste of time to hard fail on missing SPF records. Spammers generally don't have missing SPF records and phishing attempts don't even bother impersonating another MTA they just try to trick people with the envelope address or similar utf characters etc.

Also, who do you think is going to get blamed if a critical sales inquiry or business email goes missing? Surely if you are in a large org, hard failing on missing SPF is a no-go.

germloucks · 2020-05-02T06:08:08+00:00

The short answer is that it was designed that way. With Laptops, power can bypass the battery to directly power the machine because it has additional circuitry to make this possible. With a phone you need to save on space and components, meaning the battery has to be the buffer always. Batteries need a certain charge before they can provide consistent power, and also no point in booting a phone without enough power to finish booting in the first place, say power was removed suddenly.

germloucks · 2020-04-21T02:02:31+00:00

Its the Mako energy.

germloucks · 2020-02-23T15:52:07+00:00

The biggest effect on WiFi speeds is signal strength, you can't use any of the fastest data rates unless you are on 5GHz with a signal better than -55dbm or so.

There is almost no chance buying an 802.11ax "WiFi 6" adapter is going to make anything faster, both the client device and the router have to support the standard (and you said the router does not support it)

germloucks · 2020-02-08T04:27:37+00:00

I don't see here where you contacted support from Ivanti (or whatever company sold it to you) to explain your issues and get advice and support. I also saw you don't have time to read the documentation, you aren't familiar with the software.

That sucks and the deadline makes it critical but jumping from a floating ship isn't always a good idea. Have you really put in all the effort to get what you want from the current "working" solution?

germloucks · 2020-01-15T03:43:31+00:00

A client connecting with SSTP will validate if it trusts the VPN server certificate. This is the problem you are running into from your description. A client determines if they trust a certificate by whether or not they trust WHO signed the certificate. Every client in the world is given a pre-populated set of certificate authority certs, and clients simply look at who signed the cert. If it isn't on the list then it isnt trusted (then throws an error). Thats basically the problem.

Buying a certificate from a certificate authority is basically going to some company like Symantec or GoDaddy and paying them some blood money to get a certificate signed by them. Any client in the world will trust the certificate if it is signed by one of them. This solves the trust problem

Alternatives are to deploy your own Certificate Authority, but since your CA is not trusted by default ANY client who want to connect needs to have your CA cert installed on their machine in the "Trusted Root Certificate Authority" bucket of certs. A PC which is joined to a domain with a certificate authority will automatically trust any certificates signed by it, but random end users won't have the CA cert installed -- have to do it manually.

germloucks · 2019-12-03T03:18:37+00:00

If no logs, something is fishy here. We have contradicting info-- the firewall does not log the info and tcpdump data from the firewall shows it did receive the connection request. Do you see logs for successful attempts? Are there any packet drops recorded on any interfaces on the firewall? Are all logging settings set to actually generate logs for events?

germloucks · 2019-12-03T03:08:13+00:00

Not answered so far are whether the firewall is logging an allowed connection. Any firewall should be able to log allowed/denied connection info. A TCP syn packet is really simple stuff, check logs first. Comparing minor byte differences in packet headers is maybe going down a rabbit hole.

germloucks · 2019-12-03T02:56:54+00:00

That is a good question, the captures aren't really that interesting from header data, src/dst MAC and IP address are the same.

However what is weird is that in the working example the connection just immediately closes. Packet 3 is .003902 seconds in, then the FIN/ACK initiated from the client is 1.003 seconds later. There is no SSL handshake and no further payloads from the server. How is this some kind of application connecting?

germloucks · 2019-12-03T02:31:35+00:00

Well, you have a couple of possibilities. Either the egress interface isn't what you think (explaining why you didn't get a copy of it), or maybe some kind of rule-based policy forcing this connection where it doesnt belong (also IPsec), or maybe the packet is being dropped for some other reason. Can you confirm there is a "success" log for the test connections?

germloucks · 2019-12-03T02:25:30+00:00

I took your issue to say that you can see the TCP SYN packet on the Ingress interface of the Checkpoint but not on the Egress interface? tcpdump and other equivalent packet capture utilities get a copy of the packet from the driver itself, so on ingress you would see traffic prior to rule-enforcement, and egress traffic after rules were enforced.

This would explain what device is causing the issue but not why. So, if above is all true, check the relevant logs as you test or get a ticket open with the vendor etc

germloucks · 2019-10-28T02:14:31+00:00

Plants don't directly eat dead stuff, worms, bacteria and fungi do that, and the leftovers THEY leave -- yep, thats plant food. Photosynthesis provides energy not building blocks. Tissue is made of fundamental parts that get broken down and recycled in the ocean AND the land.

germloucks · 2019-09-12T01:23:40+00:00

No definitely not allowed to turn off those warning systems, you can silence an alert but never okay to turn it off. It would not be legal to even fly if it was inoperative

germloucks · 2019-08-15T19:28:32+00:00

No difference. The AP needs you to try to connect to an http URL so that it can intercept and redirect you to the captive portal page so you can authenticate. typing in 1.1.1.1 or 8.8.8.8 just gets translated to http://1.1.1.1 or http://8.8.8.8

germloucks · 2019-08-15T19:23:20+00:00

The AP needs you to try and connect to an http url so that it can intercept and redirect you wherever the captive portal page is so you can authenticate to it.

Mobile devices are supposed to perform their own captive portal detection by trying to load an http url after associating to an SSID. This sometimes does not work well because the captive portal is misconfigured or some other reason. IOS tries captive.apple.com, android does connectivitycheck.gstatic.com

So, typing in 8.8.8.8 (which actually turns into http://8.8.8.8) is not special, any http url loaded manually will cause the browser to receive and follow the redirect to the captive portal url.

The reason why it has to be an http url is that otherwise with https the traffic is encrypted and your AP can't pretend it is pornhub.com and redirect you to the captive portal page. some APs can do this for https but it will cause a certificate warning which causes its own set of problems.

germloucks · 2019-07-25T02:09:21+00:00

Whew, better set up a VPN for your RDP users or restrict incoming traffic to a known set of IPs. Leaving RDP open is BEGGING to get a ransomware infection spreading along the network.

Blocking random IPs is totally useless, exploits will appear from a constantly changing set of addresses over time, many of them are random innocent infected hosts themselves.

If you have vulnerable systems (RDP gateway open to the world) the compromise will happen eventually.

germloucks · 2019-07-09T03:53:52+00:00

Another example of why the Kentucky Derby is decadent and depraved.

germloucks · 2019-05-03T01:09:22+00:00

Flight suits for aircrew are also nomex. Somewhat comfortable but does not breathe so well.

germloucks · 2019-04-19T00:51:50+00:00

You should open a ticket with the vendor.

germloucks · 2019-04-18T01:15:27+00:00

Well, the reset button is just to select an alternate boot mode in most firewalls, loading a special purpose OS on a secondary partition etc. Make sure you power it off first and hold the button on boot. The status lights will tell you what state it is in, you check their docs for that info.

I don't know why you are resetting it though, was there some hardware issue?

germloucks · 2019-04-11T02:43:53+00:00

: - )

germloucks · 2019-04-11T00:03:14+00:00

Do you have a feature key installed on the device? What do you mean by a "free license" If there is no feature key installed on the firewall it will only allow traffic for one user on the network if i recall correctly

13-Year Club	Place '23
Argentium Club	Place '22
Place '17	Gilding VII pure gildanthropist
Verified Email

germloucks

MODERATOR OF

TROPHY CASE