Posts tagged networking
Can I Replace Telnet With Open SSH on Windows?
Feb 13th
For those of you out there still living in the dark ages, and still using Telnet on Windows because you haven’t found a more viable alternative (You know who you are) We have some good news for you!
Maybe you haven’t decided to switch to a more secure solution because you use Windows Servers and Windows hasn’t adopted using SSH.
Maybe you think SSH is only for Unix/Linux.
Well, your excuses are no longer good here sonny boy. If you haven’t heard there is an OpenSSH port for Windows. Now you can still use the terminal remote access method, but you won’t be sending your login credentials and important information across the wire in plain text.
OpenSSH provides full support for SSH/SCP/SFTP. So what are you waiting for? Download OpenSSH and secure your servers.
As we always say at Asktheadmin.com The Safer the better! If we don’t have to send our credentials as plain text, we are all for it. After all we do know how to use a SNIFFER!
From Their Website:
OpenSSH for Windows
OpenSSH for Windows is a free package that installs a minimal OpenSSH server and client utilities in the Cygwin package without needing the full Cygwin installation. This is similar to the package formerly available from NetworkSimplicity.
The OpenSSH for Windows package provides full SSH/SCP/SFTP support. SSH terminal support provides a familiar Windows Command prompt, while retaining Unix/Cygwin-style paths for SCP and SFTP.
Catch the download page here. [Via SourceForge]
Does Vista still share C$ by default? Nope and here is the Registry quick fix.
Nov 7th
Davey writes to us that he needs to get access to his home Vista machine over the wireless network and it would make his life easy if he can do it – like he does it in XP or 2000.
Dave connects using a browser or command line to file://machine/drive$. As we have covered before the $ makes the share hidden. (oh!) So that’s why it doesn’t show up if you just type file://machinename/ at the command prompt.
So we did some digging for you Davey boy and you can definitely do it. Its a registry tweak and just don’t forget that foxing with the registry is dangerous make a full backup first and don’t blame us if you don’t!!
Ever since Windows 2000, Windows has always created a few shares administrative purposes. The most often used being, \\machinename\c$ , because it’s an easy way to get access to an entire drive, if you have permissions to be there.
As a default, only Administrators have access to it – the fact that there’s a trailing $ means that it won’t show up in the Network browser. Hidden access. Sweet!
Vista has it built in as well, but for some reason my domain machines allowed access to this share -while my home /workgroup machine didn’t.
I would get the log in prompt.
I’d log in.
It’d come back screaming “invalid account” and I’d look at the screen and shrugged my shoulders’. Some googling on the interwebs gave me a registry tweak to get around it…
Head our warnings and… open the registry and go to:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Create a new DWORD called LocalAccountTokenFilterPolicy
Set the DWORD value to 1
Some people have said to reboot. It still prompts for a user ID, and you still have to have File Sharing turned on via the Firewall and permissions set for this user for the drive, but that’s a given.
Basically, if you make this registry mod and you still can’t connect, create a new share and see if you can get to that – my guess is that you’ll find that some global network setting was turned off so not only would this fail but all network calls would fail.
And as per usual: this is a change to the registry and that’s scary stuff. Use it at your own risk and for your own system. Make backups often in the event that you accidental twitch and delete the majority of your registry: it won’t be my fault. I’ll empathy and probably sympathize, but I don’t know that I can help you recover.
Are you alright now Dave? – Let us know!
Internet2, the internet for mad scientists has hit 100 gbps. Speeds of 10x that are imminent. Whatcha know about that?
Oct 12th
So it turns out there is a second Internet for the real important people behind our technological advancements. And today they have hit record breaking speeds of 100 gbps. Researchers are predicting that it will hit 10x that in the near future. We all ready knew Asia was light years ahead of us, bandwidth wise – but if we have the technology for it, how can I get connected at 100 gbps??
How does that make you feel? Stop drooling… It wont help you with your Bangbus or “Dental Assistants Gone Wild” torrents, it is actually reserved for people who actually do the stuff you can’t comprehend. Nuclear physics, super computing permutations and searching for Santa Claus. (maybe you can comprehend, who are we to judge?) 
They need to be able to shoot their data between universities, Evil Fortresses, and research facilities.
How do I apply to have my Porn um social science research projects accessing this line? Does it get to the real net? Or is it just a transport? We need to know! Anyone out there have access to this line? Know more about it? C’mon share it with us – we won’t tell anyone :) We Promise. (fingers crossed) Well back to our measly little10mb fiber optic connection :(
Don’t forget to check out our 2GB Memory upgrade giveaway from Crucial! Enter today!
_TheINeeds100GbpsAdmiN_
Definition of the Day: NAT and Public vs. Private IP addresses
Sep 11th
So a lot of my end users don’t know what N.A.T. is . And if you haven’t guessed it – it’s not what is pictured on the left! Most end users have no idea what the difference is between their external and internal IP addresses or Public vs. Private. Chances are they will never know unless they try to connect to their desktop remotely and even than FAT CHANCE. They will come and ask you to set it up for them! Isn’t that what an Admin is for? (…Mutters RTFM under breath…)
I get calls rather frequently since we started letting key users use MSTSC to connect to a RDP session. In fancy terms they open a Remote Desktop Connection and work as if they were in front of their machine. Your external IP comes in handy when you are using MSTSC, PCANYWHERE, VNC or other similar products.
I have seen it all from the user going to http://www.whatsmyip.com/ and trying that to a user trying to change their local ip to “Something They Can Remember” LOL! It was set to 1.1.1.2. Do Not Do This. I Repeat DO NOT DO THIS! It’s funny as fuck but not functional @ all.
So here I go trying to break it down real simple like:
Your machine has an ip address on it that allows you to connect to your internal network. These addresses usually look something like 192.168.x.x or 10.0.0.x these addresses can not be addressed from outside your network they are INTERNAL addresses or PRIVATE addresses. If you want to connect to this INTERNAL address you need a NAT or a 1 to 1 this is a Network Translated Address or a 1 to 1 NAT.
You set this up in your firewall, router or default gateway. If you have a cable modem or dsl chances are you have a single dynamic Ip that changes every so often. But if you have a bigger line like a T1 or 10mb you should have been given a net block. Probably 4 public addresses.
If you are not sure contact your ISP.
Here is some more information I have gathered for a more detailed explanation (not real simple like):
IP NUMBERS, NAMES, AND DNS
Our current IP number system is referred to as “IPv4″. To give the most simple explanation, IP numbers, like 209.204.13.67 can be described as phone numbers, and “fully qualified names” like ip-067.wmld.com can be described as the name of the device at that number. The DNS service or “Domain Name Server” is a software system of keeping track of what name is equivalent to what number, and vice versa. Much like the phone book.
Let’s think about the telephone system. Joe Smith has a telephone number of 323-555-1234, and Mary Jones has a telephone number of 323-555-1987. If Joe needs to call Mary but doesn’t know her number, he could dial 411 and ask for the number for Mary Jones. The operator may reply that there is more than one listing for a Mary Jones so he needs to be more specific, and provide an address. He then tells her he needs the number for the Mary Jones at 123 Main St., of which there is only one listing, and he gets the number. Conversely, Mary Jones might be looking at her telephone bill, and see a call to 323-555-1234 and wonder who she was talking to. Mary could look thru her rolodex until she found the number, and she would see that she had called Joe Smith.
The internet uses a very similar system, the combination of IP numbers and “fully qualified domain names”, and the DNS server is the “411 service” keeping track of the matching records between the two. When a person using a computer needs to connect in some way to someone else’s computer, they need to either know the IP number (like a phone number) of their computer, or they need to know the fully qualified domain name (like a person’s name along with their street address) of their computer so the DNS system can look up the IP number of thier computer and return it to the requestor (just like the 411 operator does). IP numbers are structured as 4 numbers, from 0 to 255, each separated by a dot. 206.205.204.203 is just as valid a number as 1.2.3.5 or 16.7.200.34.
“Fully Qualified Domain Names” are much like a name along with an address, and can vary widely in their structure, but the most common are in the form “host.domain.extension”. “host” being the “name” you or your system administrator has assigned to your computer, like “receptionist”, and “domain.extension” is like a virtual “area” in which your computer can be found, like bigcompany.com. A domain name like “bigcompany.com” is very similar to the “areacode-prefix” combination used by phone companies to identify which region of the city your number is in, and which switching center your number is handled out of. “323-465″ tells Pacific Bell that a number is in the “North and West of Downtown LA” area (323) , and served from the Hollywood #1 switch center (465) along with many other prefixes. “bigcompany.com” tells the network world that your computer is in the “area code” handled by BigCompany Inc. and “receptionist” tells the network world which computer inside that “area” to look up when looking for (or “resolving”) an IP number from a fully qualified name. Therefore, when a computer program looks to the DNS server for the IP number assigned to “receptionist.bigcompany.com”, the correct IP number is returned. If the computer program in question were to simply query the DNS for a computer called “receptionist”, there might be thousands and thousands out there, and no way to resolve which one is which without the “street address” of the one you’re looking for, in this case “bigcompany.com”.
The name structure within a company can be varied to show more breakdown or to organize computers into department specific groups, like “receptionist.marketing.bigcompany.com”. The setup and system for the prefix to a company’s domain name is up to the administrator at the company and/or their internet service provider to decide on and implement.
PUBLIC VS. PRIVATE IP NUMBERS
Private IP numbers are the source of much confusion for many new networking users. Many home “powerusers” with more than one computer, small offices, and just about any user of a broadband IP connection to the internet like DSL or Cable Modem has probably come face to face with this issue. The whole use of IP numbers is generally hidden from your typical Internet user who uses a modem and PPP software to connect to the internet – they are transparently and dynamically assigned an IP number while they are dialed in by their ISP, and don’t really have to think about it. That is until the user starts to get curious about running a webserver on a machine in their house, or moving up to faster “always on” connections like ISDN, DSL, Cable Modem, or other methods.
Think about what happens when a small city runs out of phone numbers, but can’t split up an area code. Things could get difficult and providing additional phone service as the city expands would be a nightmare. One method of preventing an area from going totally overboard on providing separate phone numbers is to have one or a handfull of numbers used in a shared manner amongst many phone users, like any large office would do. A large company with 250 workers in an office building each with a phone at their desk wouldn’t want to pay the phone company for 250 discreet and separate lines for each desk, nor would the phone company want to give all those numbers to them if they were trying to conserve numbers. Therefore, offices use internal equipment to “share” a smaller number of lines amongst their users, like mabye 20 or so used in rotary. By doing so, each desk can have an inter-office extension number, which is bridged to an outside phone company line when the user picks one up to dial out and one is free at that moment. In this case, any number of offices in the city might have an “extension 123″ within their office, but each “extension 123″ in these offices would never conflict with each other because they are “behind” the company’s phone equipment which serves up the company’s outside lines to those extensions when needed. The internal office extensions can communicate with each other perfectly fine, but must be connected to an outside line to connect to an extension at the company across the street. 213-555-1200 thru 1210 would be BigCompany, Inc.’s “public” phone lines, and extensions 1 thru 250 would be BigCompany, Inc.’s, “private” phone lines.
IP protocol networks use a system very similar to the above to prevent the world from running out of IP addresses. Even though 0-255.0-255.0-255.0-255 is technically 4,228,250,625 numbers, the useable amount of numbers is much lower due certain types of numbers set aside for special signalling and identification uses and not for typical “device” identification and traffic. Also consider that just about EVERY device that will handle IP traffic must have a unique number, and there are probably just as many routing and switching and serving devices on “the net” as there are actual computers. Add all that up and one can see how the current IP number structure really doesn’t go all that far, and there is a need for computers and devices in certain groups to be able to use “private extensions” that work behind a group’s “public numbers”, just like the large company offices example above.
The organizations that agree on the technical standards behind the IP protocol have issued a standard for “Private IP number blocks”, or numbers that can be used within an enterprise as long as the enterprise has the technical capability to separate those private IP numbers from the rest of the Internet at large, and properly gateway the traffic between the internal stations at the enterprise in question and the public Internet. For Example, when a large company with 200 computers in the office needs to implement IP networking and connectivity both between the computers in the office *AND* supply inbound and outbound connectivity to the Internet from within their office network, that company would avail themselves of a block of IP numbers within the “private” numbers set aside for just that purpose. There is most certainly many other computers somewhere in the world using your IP number if your IP number is one of these private numbers, but both yours and the other private IP numbers in the world are safely operated behind other IP routing equipment which handles all the internal network’s traffic out to and in from the public Internet, just like all the “extension 105″ numbers in offices thruought the world are safely operated behind telephone equipment that bridges those extensions in and outbound thru a given office’s public telephone system number.
The private IP addresses that you assign for a private network (inter-office LAN, Internet Service Provider customer bases, campus networks, etc) should fall within the following three blocks of the IP address space:
10.0.0.1 to 10.255.255.255, which provides a single Class A network of addresses, which would use subnet mask 255.0.0.0.(theoretically up to 16,777,215 addresses, good for VERY large enterprises like internet service providers or other global deployment)
172.16.0.1 to 172.31.255.254, which provides 16 contiguous Class B network addresses, which would use subnet mask 255.255.0.0.(theoretically up to 1,048,576 addresses, good for large enterprises like colleges and governmental organizations)
192.168.0.1 to 192.168.255.254, which provides up to 2^16 Class C network addresses, which would use subnet mask 255.255.255.0.(theoretically up to 65,536 addresses, widely used by default in consumer/retail networking equipment)
Explanation of Subnet masks, Network classes, and other technical info is readily available on the internet.
Click here (updated – .pdf file) for an example page showing how the University of Michigan uses private IP numbers in their networking strategy.
Click here to read the Internet standards document RFC 1918, “Address Allocation for Private Internets”.
ADDITIONAL READING, FUTURE CHANGES (ADDED 12-08-2005)
From Wikipedia – IPv6. IPv6 is the future improvement and extension of IPv4 (our current IP number system). The change is already happening although slowly. With IP numbers under IPv4 growing ever more scarce, IPv6 is bound to creep into your computing life…
Google Search – Link-Local IP numbers. Ever wonder why your Macintosh seems to have a strange IP number starting with 169.254, and you can’t connect to the internet? There really is a good reason. Quoting from Wikipedia: “A second type of private network is the link-local address range codified in RFCs 3330 and 3927. The intention behind these RFCs is to provide an IP address (and by implication, network connectivity) without a DHCP server being available and without having to configure a network address manually. The subnet 169.254/16 has been set aside for this. If a network address cannot be obtained via DHCP, an address from 169.254.1.0 to 169.254.254.0 is assigned randomly. The standard prescribes that address collisions must be handled gracefully. The subnets 169.254.0/24 and 169.254.255/24 have been set aside for future use. As with the private network addresses defined in RFC 1918, packets from this subnet must not be routed to the internet at large.”
Hope that cleared it up for ya? If all else fails send us your question and we will get you all fixed up – real quick like. Ya Heard?
Keeping Your Network Updated With WSUS.
Aug 28th
So you’ve just finished rolling out 500 new desktops using disk imaging. How are you going to keep them updated? As you know, Microsoft releases updates on the second Tuesday of each month. You need a way to approve and install these updates on all your desktops and servers, and you need to do it quickly because the time between release of the update and an exploit being developed is shrinking.
You’ve got a couple of options:
- Allow each user to go to Windows Update and select and install their own updates. That would put an enormous strain on your network as each update is downloaded 500 times and you need to rely on the users actually doing this.
- Configure Automatic Updates on each machine. Still strains your network and you don’t know what is really being installed.
- Do nothing and hope for the best.
A better option is to use the free Windows Server Update Services from Microsoft to install a Windows Update server on your internal network. This allows all your clients and servers to get their updates from the local WSUS server. There are numerous benefits to using WSUS:
- It saves bandwidth since each update is only downloaded once from the Internet and then stored locally.
- It allows you to investigate and authorize updates before they are installed.
- You can group your machines and install different updates to different groups.
- You can force the machines to only use your local WSUS server and not allow users to download updates from Windows Update.
- You can force updates to be installed within a specific timeframe.
- You can use WSUS to update Office, Exchange, SQL, ISA and other Microsoft products.
- The whole thing can be controlled using Group Policy.
- You can create detailed reports showing which updates are needed by which machines.
- The WSUS software is free!
All you need is a moderately powered Windows Server 2003 box to run it on (Remember, most of the month the machine won’t be doing anything). Installing and configuring WSUS is not complicated and there are many, many articles available about how to do it.
Once you have your WSUS server set up, you can use Group Policy to force the clients to use it and configure how and when they install updates. All you need to do is analyze and approve the updates when they are released and assign them to the groups you created. WSUS handles notifying the clients and pushing the updates out to them.
The WSUS team maintains a blog with some good information (although it’s not updated that often).
Using WSUS gives you complete control over keeping your network updated. If you run a really large network, you should check out the new System Center Configuration Manager 2007, which is the updated version of SMS. It is a full featured network management system that does update management and much, much more.
Download WSUS 3.0
We also covered 3rd party programs that will keep your small workgroup or individual computers updated via firefox here.
Keeping Your Network Updated With WSUS.
Aug 28th
So you’ve just finished rolling out 500 new desktops using disk imaging. How are you going to keep them updated? As you know, Microsoft releases updates on the second Tuesday of each month. You need a way to approve and install these updates on all your desktops and servers, and you need to do it quickly because the time between release of the update and an exploit being developed is shrinking.
You’ve got a couple of options:
- Allow each user to go to Windows Update and select and install their own updates. That would put an enormous strain on your network as each update is downloaded 500 times and you need to rely on the users actually doing this.
- Configure Automatic Updates on each machine. Still strains your network and you don’t know what is really being installed.
- Do nothing and hope for the best.
A better option is to use the free Windows Server Update Services from Microsoft to install a Windows Update server on your internal network. This allows all your clients and servers to get their updates from the local WSUS server. There are numerous benefits to using WSUS:
- It saves bandwidth since each update is only downloaded once from the Internet and then stored locally.
- It allows you to investigate and authorize updates before they are installed.
- You can group your machines and install different updates to different groups.
- You can force the machines to only use your local WSUS server and not allow users to download updates from Windows Update.
- You can force updates to be installed within a specific timeframe.
- You can use WSUS to update Office, Exchange, SQL, ISA and other Microsoft products.
- The whole thing can be controlled using Group Policy.
- You can create detailed reports showing which updates are needed by which machines.
- The WSUS software is free!
All you need is a moderately powered Windows Server 2003 box to run it on (Remember, most of the month the machine won’t be doing anything). Installing and configuring WSUS is not complicated and there are many, many articles available about how to do it.
Once you have your WSUS server set up, you can use Group Policy to force the clients to use it and configure how and when they install updates. All you need to do is analyze and approve the updates when they are released and assign them to the groups you created. WSUS handles notifying the clients and pushing the updates out to them.
The WSUS team maintains a blog with some good information (although it’s not updated that often).
Using WSUS gives you complete control over keeping your network updated. If you run a really large network, you should check out the new System Center Configuration Manager 2007, which is the updated version of SMS. It is a full featured network management system that does update management and much, much more.
Download WSUS 3.0
We also covered 3rd party programs that will keep your small workgroup or individual computers updated via firefox here.
