Who is 2.16.4.xxx

So I got a question from a customer. Their firewall team detected that clients tried to connect to 2.16.4.xxx (I replaced the last octet with x’s to protect the innocent).
So who is 2.16.4.xxx, lets start with a simple reverse dns query

So now we know that we are talking about Akamai, well that doesn’t really help since it is the or one of the biggest CDN’s in the world.

  1. So I asked the firewall team for information what was sent and they couldn’t help me.
  2. So we need to figure out which name is pointing to the IP. And I didn’t have access to the clients to check either. If I had access to a client I could have run “ipconfig /displaydns” this would have given me the same kind of information as I got from the cache.
  3. But wait I do have access to the DNS servers. Lets check in the DNS Cache.

Exploring the Windows DNS Server cache

Lets dump the entire cache to a file so we can work with it.

Now we have a good file to look through. Lets start looking for A record is pointing to 2.16.4.xxx. I found another akamai name, so I needed to see what CNAME was pointing to that name and so it went a two times.. But in the end we found it. Below is the interesting parts of the dump I did.

So in the end the client tried to reach crl.microsoft.com. This is a standard case why locking down your firewalls by IPs can be a time consuming endeavour.

Using Windows builtin “PortProxy” to forward ports

I found a question on the Microsoft Technet Forums, how can I forward connections to for instance Telnet (tcp/23) to a virtual machine.
So Brian Komar already did a correct answer but since I am not really sure that the original poster did really understand the subtle difference between a proxy and a forwarding of IP ports.

But I think it is important to also explain that you can use the PortProxy function built into Windows. It allows you to terminate the TCP session and open a new session to the endpoint. This allows an enduser to telnet to your machine and end up somewhere else.

Adding a portproxy to google

Required commands

[Read more…]

Find Netbios targets in a serverbased DFS

So a while ago I posted how to find NetBIOS in domain based DFS’s. So I wrote how to find NetBIOS targets on standalone DFS machines.

DFS-Standalone-Target-NetBIOS

Script

[Read more…]

Tablet hardware keys cheatcard

So since I have a few tablets now I realized there are some differences to how you enter bios and such. So this is a list of mine and others I have played with.

Dell Venue Pro 8

Diagnostics:

  1. Power on the device
  2. Press and hold the volume up (+) button

BIOS:

  1. Power on the device
  2. Press and hold the volume down (-) button

Boot menu:

  1. Power on the device
  2. Press the volume up (+) button quickly and release

Surface Pro 2 (Probably most Microsoft Surfaces)

UEFI settings:

  1. Turn the machine off
  2. Press and hold the volume up (+) button
  3. Power on the device
  4. Just before the Surface logo appears release the volume up button

Boot from USB:

  1. Turn the machine off
  2. Insert the USB memory into the computer, make sure it UEFI bootable.
  3. Press and hold the volume down (-) button
  4. Power on the device
  5. Release the volume up button when the Surface logo appears

Screen capture:

  1. Press and hold Windows button. The button that takes you to the start menu.
  2. Press the volume down key on the left side of the surface
  3. The screen should dark flash for a second to show that it is done.

Adding RSAT without all features enabled (in Specops)

So knowing that we can add features to an install we decided to go and install the Remote Server Administration Tools (RSAT). Well funny thing here. I did as i described in my article A language is a language is a patch?. But Microsoft seems to have made a change with Windows 8. In windows 7 you needed to manually enable all the roles after you installed the update package, in Windows 8 everything is enabled. But that’s not what I wanted.

I wanted everything installed but not more than that. So lets use the knowledge of another of my late entrys about removing features during the install. So lets build a good image now. [Read more…]

Lazy Windows 8.1 Update patching

So you are like me. You wanna live on the edge and you have an MSDN subscription. As noticed by many Microsoft has released the Update to Windows 8.1 on MSDN. The updates will be released for all April 8.

Currently there are two zipfiles to download one for x86 and one for x64.

Filename
mu_windows_8.1_windows_embedded_8.1industry_update_x86_4046911.zip
mu_windows_8.1_windows_server_2012r2_windows_embedded_8.1industry_update_x64_4046913.zip

Both contains 6 MSU files which Microsoft recommends to install in a specific order. [Read more…]

New-Password revisited

Well. Here I am again. Another blog entry about the same simple script. I have made some changes.

So yes, it wasnt perfect but neither am I. So I did listen to the comments I got about the script and added that it wont fail after trying 100 times..

Change list:

  • It will try to use the builtin random for 50 times instead of 100
  • Instead of failing when reaching the limit, it will force the first X characters to be different.

Its uploaded to the same place Technet Galleries.