Category Archives: Uncategorized

Is it possible to host web server or some other web service on Starlink? Yes! With IPv6 and Cloudflare reverse proxy …

Leave a reply

Yesterday I was asked to help colleague to properly setup IPv6 that he received by Starlink. Starlink uses CGN (Carrier Grade NAT) so you are “sharing” public IP address with other users so it is not possible to “port forward” services on your router to your internal servers. But Starlink provides you with /56 IPv6 prefix delegation – it means that you can have 256 /64 prefix networks inside your home or company. That’s great!

So first thing is to have a router (in our case MikroTik) that uses IPv6 DHCP-Client to receive IPv6 /56 prefix. After that you need to assign (let say first) /64 prefix to your internal interface (Please remember to setup your IPv6 Firewall to drop/allow access on input and forward chains accordingly!) and activate Neighbour Discovery (router advertisement) so your devices will autoconfigure (stateless autoconfiguration) IPv6 addresses. You can still setup fixed IPv6 address on your server.

If you have your server setup with IPv6 address (able to ping google.com 🙂 ) and your web server is running you need to go to Cloudflare, activate your free plan and use their reverse proxy to publish your service. As Cloudflare is and will be accessible via IPv4 and IPv6 (and will do the magic to serve content from your (IPv6 only) server, everyone (also internet users that are using only IPv4 will be able to access your content.

Understanding and demystifying Windows DNS Dynamic Updates in relation to DHCP server

Leave a reply

To better understand and actually see it in action I have recorded a short video that filters out only DHCP client / server communication from a Windows (10) workstation and AD (DNS / DHCP) server.

As you can see when machine is started, first it needs to get the IP address that it receives from DHCP server message. When IP is assigned there are more activities going on in DNS context but I have filtered out only Dynamic Updates (by using filter dns.flags==0x2800 and dns.flags==0xa800).

As you can see in the video (as DHCP lease is set only to 1 minute) renewals are happening every 30 seconds (which is correct) – as you probably know (https://www.ietf.org/rfc/rfc2131.txt) when lease is assigned there are two “timers” that are started – renewal (that happens on 50% of lease exhaustion) and rebinding (that happens on 87,5% of lease exhaustion (on 52 second) and after every renewal there is also DNS dynamic update happening towards Active Directory DNS servers.

Basically – Active Directory DNS dynamic updates are by default done from client side without any need for DHCP server to do the update (yes, you can configure that also but by default all the magic is done by domain joined client).

MikroTik LtAP – switch SIM card every X hours

Leave a reply

If you have MikroTik LtAP with two SIM cards you can make simple scheduled task that changes currently active card with other:

Script looks like this:

:global simSlot ([/system routerboard modem print as-value]);
:if ($simSlot=”sim-slot=down”) do={:system routerboard modem set sim-slot=up; :log error message=”SIM UP active!”} else={:system routerboard modem set sim-slot=down; :log warning message=”SIM DOWN active!”}

Example (for testing purposes I have reduced time to 3 minutes but it works also with 24 hours …):
up down

 

Exchange 2010 to Exchange 2016 mailbox move useful Powershell cmdlets

Leave a reply

It is time to migrate last Exchange 2010 servers as they are going end of support soon …
As I am doing this migrations I just wanted to put some Powershell cmdlets into this blog post that can be useful when doing it.

If you want to speed up things a bit:

New-MoveRequest -Identity “xxx@xxx.si” -TargetDatabase “DBEX1601” -Priority Emergency

If you want to check status of your requests:

Get-MoveRequest

If you want to remove completed move requests you can do:

Get-MoveRequest -MoveStatus Completed | Remove-MoveRequest

If you want to get more information about the moves you can try:

Get-MoveRequest | Get-MoveRequestStatistics | Sort-Object PercentComplete -Descending

 

Get e-mail alert for failed logon attempt on Outlook Web Access (OWA)

4 Replies

Just for fun I tried to establish a mechanism that will allow me to get information for failed logon attempt on Outlook Web Access (OWA).

If you open event viewer on your CAS server (where OWA is located) you can find out that failed requests are logged with Event ID 4625.
003

001
In general information you can find interesting things like – username which was used and IPv4 or IPv6 address from where the attempt was made.
002
All you need to do is to Attach task to this event
004
As all other actions are deprecated you should use the option to Start a program – here we will run a Powershell script to do the job.
005
We need to create a PS1 (powershell script) with content:

$EventMessage = get-winevent -FilterHashtable @{Logname=’Security’;ID=4625} -MaxEvents 1 | fl TimeCreated, Message
$eventmessagetstring = $EventMessage | Out-String
$EventMessageAccountNameText3array = $EventMessagetstring | Select-String -Pattern “Account Name:\s+\S+” -AllMatches | Select -ExpandProperty matches | Select -ExpandProperty value
$EventMessageAccountNameText3 = $EventMessageAccountNameText3array[-1]
$EventMessageAccountNameText = $EventMessagetstring | Select-String -Pattern “Failure Reason:\s+\S+\s+\S+\s+\S+\s+\S+\s+\S+\s+\S+” -AllMatches | Select -ExpandProperty matches | Select -ExpandProperty value
$EventMessageAccountNameText2 = $EventMessagetstring | Select-String -Pattern “Source Network Address:\s+\S+” -AllMatches | Select -ExpandProperty matches | Select -ExpandProperty value

$EmailTo = “admin@domain.com”
$EmailFrom = “alert@domain.com”
$Subject = “OWA attack from $EventMessageAccountNameText2”
$Body = “Owa attack from: `n $EventMessageAccountNameText2 `n $EventMessageAccountNameText3 `n $EventMessageAccountNameText”
$SMTPServer = “IPOfYourSMTPServer”
$SMTPMessage = New-Object System.Net.Mail.MailMessage($EmailFrom,$EmailTo,$Subject,$Body)
$SMTPClient = New-Object Net.Mail.SmtpClient($SmtpServer, 25)
$SMTPClient.Send($SMTPMessage)

So in task properties we should choose:
007
In Add arguments (optional) field we should add:

-ExecutionPolicy ByPass -File X:\PathToScript\OwaAttack.ps1

So if everything is correct – next time someone fail to enter correct password or an attack on OWA is performed you will get an e-mail like this:

006

“Demystifying” – Windows server 2012 Hyper-V 3.0 network virtualization – part III – (two hosts / two subnets)

2 Replies

In this part III I would like to show you how network virtualization works between two Hyper-V hosts in different subnet (in my example connected HV01 – Router (IPSec VPN) – WAN – WAN – Router (IPsec VPN) – HV02).

You can see how to do that by clicking on a link to video tutorial:
http://www.screencast.com/t/pRDC7Z4UKrg  – Hyper-V 3.0 – Network virtualization Part 4

* at 1:48 – I have already copy pasted that before – you should do it on both hosts
* at 2:04 – there is mistake as those parameters were already there so I removed them and resumed with video recording
* at 2:43 – I did not paste the second part to HV02 (I already did that in previous demo)
* at 3:59 – You will not see GRE traffic until you add Ethernet card to monitoring

In my environment I have two hyper-v hosts called HV01 (10.17.217.177 with gw 10.17.217.1 (router – that makes IPSec VPN)) and HV02 (10.17.218.177 with gw 10.17.218.1 (router – that makes IPSec VPN)).

So only Hyper-V hosts “see” each other over VPN (two different subnets).

I have used folowing powershell cmdlets:

First we need to enable ms_netwnv component on !PHYSICAL! nic – not on virtual switch NIC!
Run it on HV01 and HV02:

Enable-NetAdapterBinding “Ethernet” -ComponentID ms_netwnv

Now we create Lookup record and CustomerRoute (we use IP addresses of our virtual machines, their mac address and IP address of Hyper-V host) This is explained in my previous post.
Run it on HV01 and HV02:
New-NetVirtualizationLookupRecord -CustomerAddress “10.10.10.11” -ProviderAddress “10.17.217.177” -VirtualSubnetID “5001” -MACAddress “AAAAAAAAAA01” -Rule “TranslationMethodEncap”
New-NetVirtualizationLookupRecord -CustomerAddress “10.10.10.12” -ProviderAddress “10.17.218.177” -VirtualSubnetID “5001” -MACAddress “AAAAAAAAAA02” -Rule “TranslationMethodEncap”
New-NetVirtualizationCustomerRoute -RoutingDomainID “{11111111-2222-3333-4444-000000000000}” -VirtualSubnetID “5001” -DestinationPrefix “10.10.10.0/24” -NextHop “0.0.0.0” -Metric 255

Now only on HV01 you should configure provider address and provider route (this is how hosts will get connectivity to each other…):
New-NetVirtualizationProviderAddress -InterfaceIndex 12 -ProviderAddress “10.17.217.177” -PrefixLength 24
New-NetVirtualizationProviderRoute -InterfaceIndex 12 -DestinationPrefix “0.0.0.0/0” -NextHop “10.17.217.1”

The same thing on HV02:
New-NetVirtualizationProviderAddress -InterfaceIndex 12 -ProviderAddress “10.17.218.177” -PrefixLength 24
New-NetVirtualizationProviderRoute -InterfaceIndex 12 -DestinationPrefix “0.0.0.0/0” -NextHop “10.17.218.1”

At the end we need to add VirtualSubnetID parameter to our VM’s sitting on HV01 and on HV02

HV01 (Where Blue01 VM sits):
Get-VMNetworkAdapter -VMName Blue01 | where {$_.MacAddress -eq “AAAAAAAAAA01”} | Set-VMNetworkAdapter -VirtualSubnetID 5001

HV02 (Where Blue02 VN sits):
Get-VMNetworkAdapter -VMName Blue02 | where {$_.MacAddress -eq “AAAAAAAAAA02”} | Set-VMNetworkAdapter -VirtualSubnetID 5001