Thursday, February 20, 2014

Unlike Count Dracula, NAT has a reflection...

There's this neat thing called NAT or Network Address Translation.  It's what makes your public address on your cable or DSL modem separate from your internal 192.168.0.x IP address.  NAT allows your cable modem to be treated as a router.  It acts like a built in firewall.  Lots of good things can come from NAT.

But if you're trying to run an application on a device inside your network (a webserver for instance), sometimes that device won't be reachable.  Say your device is at the internal address of 192.168.0.10 and has a DNS entry of mywebserver.mycompany.com on the public internet.  This could be a VoIP telephone system, a fileserver, a DVR, anything really.

How difficult is it to make this device so you can reach it from inside your network by typing the DNS name of http://mywebserver.mycompany.com instead of http://192.168.0.10/index.htm ?

Not very difficult at all if you have the ability to enable NAT reflection.  Another name for this is NAT loopback.  Some routers support reflection/loopback and some just don't.  You can find a pretty good list here; http://opensimulator.org/wiki/NAT_Loopback_Routers.  If your router is on this list, checkout pfSense or IP Cop.  Both are open source, free firewalls that take a minimum of effort to setup and will provide you with a tremendous amount of capabilities.  And did I mention, free software!

One option if you don't have the time to setup reflection/loopback is to use a host file.  On Windows the host file is located at \windows\system32\drivers\etc and the filename is actually hosts.  No extension, just hosts.  Edit that file and at the bottom just type in the IP, enter a tab and put the hostname.  There is an example in the hosts file that will show you how it should look.

This problem actually happened to us when we were playing around with SugarCRM.  We just built out a system and were playing with it but we kept getting loopback errors when accessing the telephone call popups.  Turns out we didn't take into account the "site_address" and "site_url" variables in SugarCRM's config.php

JP Technologies is an Atlanta Georgia based technology company specializing in Voice Data and Programming. Want to know more?  Check us out online or call us at 877-297-4081.  You can also checkout our facebook page at www.facebook.com/jptechnologiesllc

Wednesday, February 19, 2014

Is your telephone doing strange things?

What happens when you dial someone and they don't answer?  Just like most people don't know how the lights work when you flick the switch on the wall, telecom is a mystery to people.

We recently had a customer complain that calling one extension directed calls to a completely different extension!

To the novice trying to figure this out is a daunting task.  I called someone but someone else answered.  Why?  Help!!!

We make it easy.  Usually fixing a routing issue is a simple matter of comparing the programming in the call path to the actual behavior of the device.

Take a call forward for instance!  Simply removing a call forward (which is easy enough to put back in place) will likely resolve most issues of this nature.

Contact us at 877-297-4081 for information on resolving telephone problems.  We're happy to help on the phone or online!  Visit our website at www.technologieshq.com or send us an email info@technologieshq.com

Tuesday, February 18, 2014

What do we check first when a customer is down?

Obviously time is of essence when the customer is down. Assuming both Data and Voice services aren't functioning, restoring service can take from minutes to painstaking hours!
firewall
At JP Technologies, we typically can isolate the causes of outages in minutes, partly because of our ability to have good visibility into the inner workings of the system.
We use Nagios for quick and easy monitoring. Nagios is great and provides a simple way to get an early warning on systems troubles. When a customer is down, we seek
first to determine the scope of the outage.
For instance if phones are up but computers are down, there's a few things that can quickly narrow it down further Since we need to determine as rapidly as possible scope, we can check dialing extension to extension. If that works then you know it's a problem with the edge or the carrier.
DHCP addressing can also be problematic. If your phones aren't getting addresses, they won't work! Checking to see if you have a 169.x.x.x address range can be indicative of a DHCP server failure.
A checklist is great but it's not a replacement for good old fashioned skill!
Want to know more?  Check us out at online or call us at 877-297-4081.  You can also checkout our facebook page at www.facebook.com/jptechnologiesllc

Monday, February 17, 2014

Are you moving your office? Don't forget your telephones!


If you think that moving your telephone system is going to be quick you might be right, or, you may be in for a big surprise.

A typical telephone system move can take a full business day but it takes MUCH longer to move your service.  If you are on AT&T for instance, you should allow a minimum of 30 business days to move a PRI from one location to another.
We start with mapping your existing system.  Once this is complete, we'll take this information and provide you with an analysis of costs and time to perform the move.  You don't want to wait on this.

The actual move process is often split up into dis-assembly/transport then reassembly and testing.

If you need your phone lines active throughout your move, we have many options available.  Many times we can call forward your telephone numbers to a "dummy" telephone system and even provide routing for cellphones if it's a call that you just have to take.

This information relates to the JP Technologies, LLC website. For more information on how we can help you not only build a great network but maintain your existing network, visit us on the web or by phone at 877-297-4081.

Ask us about your specific options! Call us at 877-297-4081 for more information.

Sunday, February 16, 2014

What happens when your IT guy quits?


This information relates to the JP Technologies, LLC website. For more information on how we can help you not only build a great network but maintain your existing network, visit us on the web or by phone at 877-297-4081.

With apologies to the ladies in IT, it's a pain to many companies when the person who is designated with keeping up with your networking and computer systems takes another job.


Consider the following case where a customer contacted us concerned that their IT person was able to remotely access their network.

Labor Performed: Squid http proxy running on external tcp port 80
Samba/CIFs shares to world? tcp/135,139,445 forwarded but filtered
Checkpoint Firewall-1 Secure Remote tcp/256 forwarded but filtered

This last one is quite interesting.  The customer stated that they have no Checkpoint firewall.  In fact, this customer had no firewall at all.  Checking to see what other ports use 256 found this:

Port 256 Details



Port(s)
Protocol
Service
Details
Source
256
udp
trojans
Trojan.SpBot (04.05.2005) - trojan horse that opens a compromised computer to be used as an email relay. Opens a backdoor on port 256/udp.
SG
256
tcp,udp
rap
RAP
IANA
256
tcp
fw1-sync
Checkpoint Firewall-1 state table sync
SANS
256
tcp
fw1-secureremote
also "rap"
Nmap
256
udp
rap
rap
Nmap
256
tcp
threat
FW1 Certificate/key distribution. VPN clients (SecuRemote) can download keys on this port.
Bekkoame
256
tcp
threat
SpBot
Bekkoame

7 records found

It appears that there is a trojan SpBot somewhere on the network.

Our first goal is to diagram the network.  Understanding what we're dealing with allows us to better secure the environment.  But we don't have a lot of time.  We need to shut down this person from accessing the network immediately.

Labor Performed: Disable NAT and DHCP on Cbeyond IAD. This routes all traffic through the firewall. Recommend doing a Road Warrior VPN and RDP for connections. Changing the extern IP and gateway. 172.16.176.105 is gw moving public to .106

We started by removing all port forwards from the Cbeyond IAD (that's fancy terminology for a router).  We were able to rapidly replace the Cbeyond equipment with an IPCop, open source firewall.  This allowed us to immediately cut off access to the former IT person and control the edge.

We scanned each system and installed our baseline monitoring Guardian software.  This allowed us to remove the threat of remote access.  Receive an alert if anything new is added to the workstations.

What about wireless access?
Labor Performed: Mac for wireless DD:2A:F2 (last six) Found and acquired login information (was set to default), for admin access at 10.0.1.201. Reset the secret. Also, found the other AP at 10.0.1.3, login information was on the bottom of the device (Buffalo). Reset the secret on this device as well.

Great question. Obviously securing and stabilizing the network doesn't do a lot of good if the party in question can simply drive into the parking lot and login.  But sometimes finding these little wireless devices can be a challenge.  Of course, if you can find the physical box it's often a lot easier!

For more information on securing your network, contact us! 877-297-4081

Monday, March 26, 2012

"This site may be compromised"


Recently we've seen a rash of poisoned search results in google's cached version of the page.  

Basically, there's an exploit that allows an attacker to inject code into your website that responds to the "google-bot" and only the google-bot.  You'll see your website looks normal when you type in your normal url (http://www.mysite.com for example) but if you do a search in google (and apparently only google), your cached version of your site is a great big ad for Viagra or something equally off topic.  This will not be good for your relationship with google, you're helping spammers increase their page ranks (at your site expense) and it looks bad.  

If you are feeling industrious, you can fix this problem yourself.  First, figure out how the attacker got in.  Usually we are finding that there is a FTP site or some other way to access files on your site.  Once you've determined that (and changed passwords, updated to latest patch revisions, etc to keep the attackers out), you can do a search on the compromised text and determine which file is affected.  You may need to use something that can search inside each file (we use grep with other search tools quite frequently).  Find the file, remove the injection and then you're ready to contact google and ask for a resubmission.  You do that by using webmaster tools.  Here's a link.  

If you need assistance with this problem and don't want to do it yourself, feel free to contact us at the number below. We can probably help clean this pretty fast and will get you back up with a minimum of expense.  Contact info follows:

For product support, please contact us at 877-297-4081 or if you're in Atlanta 770-831-1036 option 2.

Thursday, March 15, 2012

Thinking about outsourcing programming?

Be careful...

Overseas programming became popular due to the low cost structure for development.  That and the ability to have a team of programmers available basically 24 hours (when you're in China for instance, when it's night there, it's morning here in the States).  But there are many pitfalls that you face by doing overseas programming, most notably the communications gap.  I hear time and again horror stories of clients that decided to outsource and have software that "still needs work".

Using Agile Development in combination with a web enabled database approach will likely meet your goal of low cost, rapid development and be easy on the wallet.