TWR router(s) DHCP

Submitted by tarvid on Wed, 09/28/2016 - 10:57
A wireless user called in a panic when his Internet connection went down. Dispatched Ray to the site and suggested bouncing the radio. That means disconnecting the cat5 cable from the POE to the radio, wait 5 seconds, plug it back in, wait two minutes or so. No luck. The POE is inside, the radio is outside. The easiest and least expensive fix to try is replacing the POE. Ray has one in the van and replaces the POE. Yay the Internet comes back up. Not so fast, a few minutes later the Internet is down again. Time to retrieve that POE from the trash.

Another SSH attack from hacked Windows IIS server

Submitted by tarvid on Wed, 09/28/2016 - 09:06

This time from 45.35.110.17 which is in a netblock 45.34.0.0/15. The server is in The Los Angeles area. The website is in Chinese. NOC abuse was notified and the following response was received.

support@psychz.net 9:10 AM (9 minutes ago) to me Hi, We have notified the client regarding the abuse. They have 24 hours to take necessary action. If you still notice the abuse after 24 hours, kindly reply to this ticket and we will null the IP address. Your Ticket Deatils (sic) are as follows: Ticket ID: 1160483 Subject: hacked widows IIS server at 45.35.110.17

Configuring a NanoStation as an AP

Submitted by tarvid on Sun, 09/25/2016 - 12:52

By default, a NanoStation wants to be a “station” or client. The screen shots below are after configuration. That’s good in that my NanoStation is working as an AP and bad in that it doesn’t show the fumbling I did to get there. Out of the box with your laptop connected to the primary port and your IP address set to 192.168.1.2, enter 192.168.1.20.

Cheap Wireless bridge

Submitted by tarvid on Fri, 09/23/2016 - 22:01

The Tenda N301 is a cheap but functional 2.4 Ghz wifi router. It will not run OpenWRT nor DDWRT and is a single band router. I buy them at Microcenter sometimes on sale for less than $10.

SSH attacks

Submitted by tarvid on Fri, 09/23/2016 - 10:10

Yesterday's was from 218.93.211.112. That is somewhere in CHINANET jiangsu province network. That address runs an amazing amount of stuff

tarvid@tarvid-OptiPlex-7010:~$ nmap 218.93.211.112

Grant is back up.

Submitted by tarvid on Thu, 09/22/2016 - 21:04

A new fiber was installed at the Grant facility replacing the one that had been breached. The breach is not beleaved to have been perpetrated by Russian rats nor part of a wider conspiracy. However a cable was disconnected at our Fairfax Virginia Facility on Sunday. A temporary cable was installed and equipment moved to provide limited operations. No culprit has been identified. Almost back to normal.

All of Grant is down - maybe more

Submitted by tarvid on Fri, 09/16/2016 - 09:30

TWR has been notified. We are monitoring.

Posted on: 16 September 2016 11:10 AM 
Jim, 

We (WideOpenNetworks) dispatched technicians last night when the outage started, they were not able to resolve the issues and are going back out today.

Matt

Technicians have identified a fiber break between the building and the tower. We are trying to make enough slack to splice the drop tonight but it appears that will be difficult because of the location of the break. A crew is being scheduled to install a new drop.

 

Snooping

Submitted by tarvid on Thu, 07/21/2016 - 10:26

There are times when one needs to know the traffic on a network to track down compromised users. It turns out our edge router for the TWR network in Galax is capable of providing the information required. 

I set up a packet sniffing streaming receiver here in Fairfax but Mikrotik is adequate for the task so I don't need to collect the information remotely.

I don't put on a stole when listening to confessions but I, like Shultz, know "Nothing!" Be assured that Big Brother has collected enough information upstream to reveal the most sordid details of your affairs.