What's new
What's new

Ask me anything IT related

Wouldn't go through a cpl months ago.
Maybe try again ? Or maybe it is their web interface ? I use the smtp and pop method ... in fact, have to because I can't get to the web interface from here :)

But in this case, I'd imagine that if some admin is so concerned about attached Excel files, they are more than likely to strip zip files too.

btw, even when they were stripping them for me, the renaming trick worked fine. Just had to remember to tell the other end to rename back.
 
Got my problem fixed. My IT guys explanation:

Figured it out. XLSM files were getting stripped, not XLS, the system removes docs with macros whether they’re malicious or not. I removed the XLSM filtering but retained DOCM filter. Avast will catch it if it’s actually malicious.

So it was on my end.
 
Maybe try again ? Or maybe it is their web interface ? I use the smtp and pop method ... in fact, have to because I can't get to the web interface from here :)

But in this case, I'd imagine that if some admin is so concerned about attached Excel files, they are more than likely to strip zip files too.

btw, even when they were stripping them for me, the renaming trick worked fine. Just had to remember to tell the other end to rename back.

Our MTA were configured to block on 7 or 8 Microsoft WinCrobe-carrier formats AND/OR "fingerprints" that indicated a WinCrobe OS submitting MTA.

Didn't so much "strip" them as to simply drop the connection and add the miscreant servers sending them to Local Black List PostgreSQL records by source IP, HELO string, and such.

That way, the fools didn't take up any further bandwidth going forward.

Clients didn't mind.

You were not one of ours to begin with if you were a WinSerf - couldn't have even have logged-in.

Those staff with a technical need - as for malware analysis? Shell account. Sandbox. sftp, not ftp.

KISS methods.

All this stuff is free-as-in-beer as well as free-as-in-speech. All yah have to do is actually give enough of a damn to bother to learn to use it.

Not as if it were hard, even then.

So long as "use it, as had" rather than "code it from scratch" applies.
 
makezee are you still listening? I'm having a terrible time getting all the PCs on my network to see each other. I've tried everything on the first 3 pages of google search results and still frustrated. I have 3 W7 machines and 4 W10 machines. Most of the W10 machines can only see 2 other Pcs, one W7 and 1 W10. If i map a drive from another machine on a W10 machine it disappears when restarted. One W7 machine can see all the others, and all the others can see it, it's the second oldest machine on the network, nothing really unique about it. All are 64 bit Pro systems. Have any place to start that I may not have seen in a search?

If you are trying to use peer discovery on Windows, don't. It is almost kinda usable in the best case. In a business critical situation with more than 2-3 computers you will never get it working.

In an ideal situation you have an active directory server controlling everything. That would be a central server that does DHCP, DNS, AD,Group Policy, File Sharing, etc. Every other computer on the network would be defer to the wishes of the server and follow it's instructions blindly. No room for ambiguity.

If you dont have the luxury, i would recommend setting static IP on everything, and manually doing drive maps via those addresses.

You should also consider power saving issues on desktop network cards. Most card by default will turn off to save power after an idle period. At this point connections will be dropped.

Mapped drives will never disappear if they mapped as persistent drives. They may show up as disconnected, but will never disappear.

A key concept with Windows is to tell it exactly what you want it to do in no uncertain terms. Of you give it an inch it will take a mile. Reach out privately if you want me to take a look.
 
We have 2 cad/cam PC's running windows 10. We also have an older one in engineering that was our main one when we started years ago that's 32bit with Pro-E running XP. In the shop we have some older PC's that aren't online running windows 98. They are used just for DNC purposes. We have a server where all our files are kept. The 32 bit XP computer and the new ones all have access to files on the server. That all seems a little confusing when I reread it but hears my questions. Our IT guy says the only PC that can transfer files to the DNC pc's is the Pro-E computer as it is 32 bit. He says the newer windows 10 pc's cannot load and down load files to the older PC's
Here's my problem with this set up. It's a PITA to draw and program on the new PC's, transfer the files to the server, then open them on the XP computer so I can send them to DNC PC's. I'm told the only way to change that is to update all the computers in the shop. Seems a little weird and expensive, to me so I thought I'd ask.

Is my problem clear as mud? please let me know if I need to clarify this

Thanks much

Steve

There are some issues with old SMB version depreciation. It is not a matter of bits by any means. it is that by default super old versions of SMB are disabled because all kinds of security issues exist in the protocol.

Easier to just disable than to patch.

All of these settings can be bypassed if you dont feel you have a security risk.

Reach out privately if you want me to take a look at it.
 
I have a customer (they have a huge IT department) that is trying to send me a small excel spreadsheet as an attachment to an email. All I get is an attached .txt file:



ATTENTION!

Content control has removed the following attachments due to policy reasons.
To release the blocked attachments please contact your administrator!

Attachments:
(filename) .xlsm : Scanned file contained macros.

My IT guy says its on their end, their IT says they can send this to all their other vendors. Any ideas?

Hard to say without more info. looks to be an email filter dropping it because it has macros. Macros are code that is run inside the file and is generally frowned upon from a security perspective. Reach out if this is still an issue.
 
If you dont have the luxury, i would recommend setting static IP on everything, and manually doing drive maps via those addresses.
One little addition I discovered the hard way - Windows is not too good with user names. Dig in there and make sure the user id's match across boxes as well as the name.

I had a lot of trouble with mysterious crap until I discovered that usernames in windows are kind of meaningless, it's the numeric id that counts.
 
yeah in windows the sid numbers are different even if the usernames or groupnames are the same and then they wont work anymore, because allthough the program displays it as a username or groupname, it actually records it as the sid number, and it matches things based on sid number comparisons

also, using windows active directory and all that is no good, because when the domain controller has to get rebooted or shuts down from a problem, all the other computers might stop working or resolving network addresses etc until they get rebooted too. So what happens is unbeknownest to anyone, the domain controller rebooted over the night. then the next day no one can access everything properly, until they try rebooting their computer then it works.

It is better to just use a DNS server. And instead of setting up custom DNS on a router dns cache on the dhcp server, you are better off adding global/public records to your website domain name. if your business was mikesmachining.com, and you already had stuff like

mx.mikesmachining.com
losasso.com — Servers
sft.mikesmachining.com

you would add:

bobslaptop.lan.mikesmachining.com 192.168.0.101
webserver.pub.mikesmachining.com 57.34.128.97
webserver.lan.mikesmachining.com 192.168.0.201
kateslaptop.lan.mikesmachining.com 192.168.0.102
fredslaptop.lan.mikesmachining.com 192.168.0.103
hpprinter.lan.mikesmachining.com 192.168.0.202
fileserver.lan.mikesmachining.com 192.168.0.203
fileserver.pub.mikesmachining.com 57.34.128.98

then you can mount network drives on these dns addresses, and it will resolve them reliably because DNS with long TTL seems to work better than netbios

and give them all huge TTLs. Then the only technology you need to make your network work (and rock solid too I might add) is to use mac pining on the dhcp server. run blue network cables and use the ethernet mac, turn wifi off.

You can use a NAS as a fileserver (a bit slow but easy).They have a system where you can access your NAS over the internet without setting anything up or having to use :portnumber in your address bar to access it. Not sure if it uses nat-tunneling with a polling service or if it uses UPnP to setup a port forward to itself, but might be interesting if you only have 1 ip address that is already used for your self-hosted website. It works via a free subdomain that then redirects you to a login page, not sure if it uses virtual hosting and if so how it extracts the subdomain from the domain string but it might be possible to CNAME to it from your own domain name and have it still work, like if it just takes everything up to the first dot as your usename, look it up in a list, and then proxy the connection to your ip:UPnP port, then it should work otherwise you can setup a custom redirect page on your site that will forward to a url with the correct port number, or just a link in your web banner to fileserver login even. Just make it so that you can put your website in your browser on your phone, click something, login, and access the files.
 
Hard to say without more info. looks to be an email filter dropping it because it has macros. Macros are code that is run inside the file and is generally frowned upon from a security perspective. Reach out if this is still an issue.


Have them ZIP it up first.

Paul
 








 
Back
Top