@JasGot said in Email phishing attempt against one of our vendors was successful ...:
@BraswellJay The phish'd e-mail came from another domain, correct?
That's correct.
@JasGot said in Email phishing attempt against one of our vendors was successful ...:
@BraswellJay The phish'd e-mail came from another domain, correct?
That's correct.
Our accounting department just let me know that one of our vendors payments to us was apparently hijacked and sent to an account that was not our own. Here are the facts as I have them so far
Our head of finance sent an encrypted email to the vendor giving them an account of ours to ACH funds to. Vendor states that they did receive this email.
Subsequently and on the same day, the vendor received another email that he thought was from one of our accountants directing him to ACH to a different (bogus) account.
Upon closer inspection we can see that this is a phishing email he received. The from field spoofed our domain by replacing the characters "il" with "ll" in one spot and thus was difficult to spot unless looking closely.
This secondary email, though obviously spoofed, had the correct email signature that we use as a corporate standard for the user that it was impersonating, which gave the email an extra measure of authenticity in the eyes of the vendor.
My question is how likely was this caused by a breach on our network? The thing that is concerning is that the attacker had the correct email signature, though, this could have come from anyone that had ever received an email from us since it is standard what we use. Furthermore from what I have been told (I haven't seen to be able to verify) the phished email was received immediately after the original valid email.
Anything in particular that I should be checking? We are on O365 for our email and so we don't host our own email server.
Had never knew this about one of the founders of Cloudflare ...
Ok, thanks for the feedback.
Would replacing these APs with ubiquiti ac pro devices result in better performance? Would it be reasonable to expect client connections to be faster with an AP that supports AC?
I've got a secondary site that where I have AC Pro AP's so I can test there and see what I am getting at that site with the different access points.
Thanks.
I've been doing some performance testing on our network and I'm seeing what appears to be significant performance degradation on the wireless network vs wired network. I realize that in most if not all cases wireless will not be as performant as wired but what I am seeing seemed much more significant than expected.
Here is iperf results on wireless:
c:\temp\iperf-3.1.3-win64>iperf3.exe -c 192.168.1.158
Connecting to host 192.168.1.158, port 5201
[ 4] local 192.168.1.32 port 54717 connected to 192.168.1.158 port 5201
[ ID] Interval Transfer Bandwidth
[ 4] 0.00-1.00 sec 8.75 MBytes 73.4 Mbits/sec
[ 4] 1.00-2.00 sec 8.38 MBytes 70.3 Mbits/sec
[ 4] 2.00-3.00 sec 8.25 MBytes 69.2 Mbits/sec
[ 4] 3.00-4.00 sec 7.75 MBytes 65.0 Mbits/sec
[ 4] 4.00-5.00 sec 7.75 MBytes 64.9 Mbits/sec
[ 4] 5.00-6.00 sec 6.50 MBytes 54.6 Mbits/sec
[ 4] 6.00-7.00 sec 7.38 MBytes 61.9 Mbits/sec
[ 4] 7.00-8.00 sec 7.62 MBytes 64.0 Mbits/sec
[ 4] 8.00-9.00 sec 7.62 MBytes 63.9 Mbits/sec
[ 4] 9.00-10.00 sec 7.12 MBytes 59.8 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bandwidth
[ 4] 0.00-10.00 sec 77.1 MBytes 64.7 Mbits/sec sender
[ 4] 0.00-10.00 sec 77.1 MBytes 64.7 Mbits/sec receiver
iperf Done.
And here is results on wired:
c:\temp\iperf-3.1.3-win64>iperf3.exe -c 192.168.1.158
Connecting to host 192.168.1.158, port 5201
[ 4] local 192.168.1.37 port 56917 connected to 192.168.1.158 port 5201
[ ID] Interval Transfer Bandwidth
[ 4] 0.00-1.00 sec 105 MBytes 879 Mbits/sec
[ 4] 1.00-2.00 sec 103 MBytes 861 Mbits/sec
[ 4] 2.00-3.00 sec 102 MBytes 860 Mbits/sec
[ 4] 3.00-4.00 sec 102 MBytes 855 Mbits/sec
[ 4] 4.00-5.00 sec 102 MBytes 860 Mbits/sec
[ 4] 5.00-6.00 sec 102 MBytes 859 Mbits/sec
[ 4] 6.00-7.00 sec 99.8 MBytes 837 Mbits/sec
[ 4] 7.00-8.00 sec 100 MBytes 839 Mbits/sec
[ 4] 8.00-9.00 sec 98.6 MBytes 827 Mbits/sec
[ 4] 9.00-10.00 sec 104 MBytes 872 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bandwidth
[ 4] 0.00-10.00 sec 1019 MBytes 855 Mbits/sec sender
[ 4] 0.00-10.00 sec 1019 MBytes 855 Mbits/sec receiver
iperf Done.
c:\temp\iperf-3.1.3-win64>
Am I wrong in thinking that the difference shouldn't be that great? These results are representative of what I get at all times of day. I had similar results late last Friday when no one else was here so I don't think it is the result of too many users connected.
We're using Cisco Aeronet 2602 access points.
We have an alarm system in our production plant that has an audible alarm in the plant as well as a security company monitors and has a call out list if the alarm goes off and is not acknowledged in time.
We also have a security guard house at the front of our property that is manned 24/7. We're wanting to see if we can set it up such that if the audible alarm goes off in the plant that the security station will also get an audible alarm. I don't think it is a problem to shoot wireless to the security station and get an IP link to there. The question though is how to propagate the alarm signal over it.
I found this product which I think will do what we want. It looks to be a discrete signal relay over IP :
https://www.controlbyweb.com/webrelay/?gclid=EAIaIQobChMIosyt28rM6AIVE2KGCh0zXg4kEAQYByABEgL6lPD_BwE
Has anyone ever used this product or have something similar? I asked our security company but they don't have any real IP knowledge so they weren't sure what to use but they said that if we can find something that they can input their signal inside the plant and it propagate over IP to the security station then we can do what we want.
Thanks.
@scottalanmiller said in Video Conference equipment to integrate with MS Teams ...:
In general? Or "equipment readily available during the shortage from the COVID crisis?"
We have lots of stuff we like. Most of it is sold out right now.
In general. We have time if we need to get past a shortage.
Does anyone have any recommendations on video conference equipment that integrates with MS Teams. We've got 1 big conference room (seats 15) and a few smaller ones that seat 5-8. I was starting to look at some equipment to handle the audio/video part but just wanted to see if anyone had any experience with a system such as this with MS Teams.
Thanks
@syko24 said in Zerotier on Windows firewall rule question ...:
@BraswellJay - check which firewall profile is selected for your ZeroTier interface. Is it set for public on your computer or the computer you are trying to access?
They are set to work networks on both:
All of the firewall rules are set to apply to all profiles:
I've been playing around with zerotier and I had a question regarding firewall rules on windows 10.
I have found that in addition to the rules that the zerotier installer adds, I have to make a custom inbound rule to allow my zerotier subnet. For instance I have to add the following inbound allow rule in the windows firewall where 10.243.0.0/16 is my zerotier network subnet:
Interestingly, if the clients are both Windows 7 machines then this rule does not appear to be necessary, the Windows 7 machines will communicate with each other without it. However once one of the clients is a windows 10 machine then both clients require this rule, even a Win10<->Win7 connection.
I can't find any documentation to support this so it makes me think I have missed something. Has anyone else observed this behavior with the zerotier client on a windows 10 machine?
We're installing an inventory management system and the vendor is using a RHEL server. They have installed a Samba share to put client installation files to install on windows machines.
I'm not having any issues on a Windows 7 machine but the Windows 10 machines are not able to see the share. It does not allow access. I'm thinking this is some kind of SMB version issue but I'm not familiar with Samba shares from Linux so not 100% sure. I did enable SMB v1 on the windows 10 clients thinking that would be necessary but that did not have any effect.
Does anyone know of anything I could check on the Windows clients so that I can see the share?
Thanks
@Pete-S said in Switch for harsh environment ...:
@BraswellJay What kind of environment and how hot is very hot? How much power over PoE? Managed or unmanaged? L2 or L3? What type of mounting - rack, DIN rail or wall? Do the switches need support for any type of fieldbus (like Ethernet/IP, etherCAT, Profinet)?
It's a farm area as a general description. Ambient temperature in the summer will be 100-110 degrees F. PoE will be to drive a typical camera, that's what the new installation is for, to support cameras in our farm area. Would prefer managed, L3 as our intent is to VLAN these cameras in a separate subnet.
Mounting I can be flexible at the moment. It will be inside an enclosure so we can adjust the enclosure size to match the switch we get. No extra support beyond standard TCP/UDP/IP type applications.
All we are aiming to accomplish is to add additional security cameras to cover an area that is currently not monitored.
Does anyone have recommendation on a good network switch to use that will be located in a harsh environment. The location will be extremely dusty and very hot especially during summer months. Plan to put in a NEMA enclosure that will have little air flow inside.
Minimum of 12 RJ45 ports with POE capability and 1 SFP port for link back to server room but 16 or 24 RJ45 POE would be better for expected future needs.
Thanks.
@scottalanmiller said in Remote management of employees personal cell phones ...:
@BraswellJay said in Remote management of employees personal cell phones ...:
Our management team has decided that they want to end company issued cell phones and instead provide a monthly stipend for work use of personal phones. As part of that they want to to be able to protect company data on personal phones. Basically they want to wipe company data if the employee leaves the company.
Let's reword this...
Basically they said...
"We want to stop having the right to wipe devices and protect our data."
And then they said "We want to get back the thing we just gave up."
Which do they want, to not pay for the phones, or to control the data? They have to choose.
This was pretty much my thoughts as well so glad to see I'm not out in left field in thinking that way.
I had objected to the whole notion and told them that I wouldn't want to allow the company to control my personal phone and I doubted other employees did either.
But then one of the managers has a brother whose company has some control over his personal phone so I thought maybe the practice was more widespread than I had thought.
Our management team has decided that they want to end company issued cell phones and instead provide a monthly stipend for work use of personal phones. As part of that they want to to be able to protect company data on personal phones. Basically they want to wipe company data if the employee leaves the company.
My first thought is I'm not sure employees are going to want to allow the company to install anything that will control their personal devices. I know I'm not keen on the idea at the moment myself.
For those who may be in similar situation do your employees allow company control of their personal devices? What kinds of issues should I be looking at trying to protect? Email and VPN access jump immediately to mind but are there other considerations as well?
Are there any tools that others have used to accomplish this and what has the experience with them been like?
Thanks
You can do this with voip.ms. Register the 800 number with them and then in the portal you can forward it to a different number. We do that with one of ours at the moment :
Just set the routing of the 800 number to FWD and enter the number to forward to. As far as I know there is no restrictions on what number you can forward to.
@JaredBusch said in voip.ms atlanta2 issues / am I switching my inbound routing to new server correctly ...:
@BraswellJay said in voip.ms atlanta2 issues / am I switching my inbound routing to new server correctly ...:
@JaredBusch said in voip.ms atlanta2 issues / am I switching my inbound routing to new server correctly ...:
@BraswellJay said in voip.ms atlanta2 issues / am I switching my inbound routing to new server correctly ...:
This morning I'm having issues with voip.ms atlanta2 server. It seems to be intermittently going down. I've moved our outbound routing to the washington2 server but I can't seem to get our inbound routing to move from the atlanta2 server to washington2.
I went in to the portal and from the manage DID section I changed the pop from atlanta2 to washington2 but the routing doesn't seem to be changing to the new trunk. Does anyone know if there something else I need to be doing to get my inbound to switch to the new pop?
Did you update your PBX to register to Washington2?
Yes. That is successful and my outbound routing is going out over the new trunk correctly. It's only inbound that is still trying to come in over atlanta2 instead of washington2
New trunk? do you have multiple trunks? Or did you just edit the existing.
disable the trunk in the PBX, apply changes, enable, apply changes.
It's a new trunk. I had one going to atlanta2 which I left intact but added a new one to washington2. I went ahead and disabled the old one to see if that would somehow force it but that didn't have any effect.
I've opened a ticket with voip.ms.
In theory the only change I would need in the portal to change the inbound routing would be the change the POP in the manage DID I think. Is that correct?
This is how my POP reads for that number in the portal now:
It had said Atlanta-2 before I changed this morning.
@JaredBusch said in voip.ms atlanta2 issues / am I switching my inbound routing to new server correctly ...:
@BraswellJay said in voip.ms atlanta2 issues / am I switching my inbound routing to new server correctly ...:
This morning I'm having issues with voip.ms atlanta2 server. It seems to be intermittently going down. I've moved our outbound routing to the washington2 server but I can't seem to get our inbound routing to move from the atlanta2 server to washington2.
I went in to the portal and from the manage DID section I changed the pop from atlanta2 to washington2 but the routing doesn't seem to be changing to the new trunk. Does anyone know if there something else I need to be doing to get my inbound to switch to the new pop?
Did you update your PBX to register to Washington2?
Yes. That is successful and my outbound routing is going out over the new trunk correctly. It's only inbound that is still trying to come in over atlanta2 instead of washington2
This morning I'm having issues with voip.ms atlanta2 server. It seems to be intermittently going down. I've moved our outbound routing to the washington2 server but I can't seem to get our inbound routing to move from the atlanta2 server to washington2.
I went in to the portal and from the manage DID section I changed the pop from atlanta2 to washington2 but the routing doesn't seem to be changing to the new trunk. Does anyone know if there something else I need to be doing to get my inbound to switch to the new pop?