Sunday, July 18, 2021

I'm STUNed

My router (Asus RT-AC68R) has a nice traffic monitor screen. I check it regularly. One day I noticed that an iPhone had a large amount of traffic attributed to STUN.


Off I went to figure out what STUN was.

It turns out that STUN stands for Session Traversal Utilities for NAT. Interestingly, STUN messages are sent in the lower overhead User Datagram Protocol (UDP) packets, not Transmission Control Protocol (TCP).

Still, what on the iPhone was using STUN?


Here's Apple's chart of port usage that calls out STUN.

Check off that we've learned something today.

Sunday, July 11, 2021

Nearby Share

One iOS feature that I really like is AirDrop. A recent article (archive.is) in Winaero explained a similar Windows 10 feature called Nearby Share.
Nearby Share in Windows 10 allows transferring files between files within the same network. It is a great and somewhat underrated feature that will let you ditch third-party sharing apps and slow USB thumb drives. Being integrated into the OS, Nearby Share ensures the best compatibility with almost any Windows 10 device.
I would add that it is pretty much unknown, even by a geek like me.

You need relatively recent version of Windows 10, e.g. 1803 or later. You also need Bluetooth enabled and having the 2 PCs on the same Wi-Fi network increases the speed of transfer.

To use Nearby Share, on both systems go to Settings > System > Shared Experiences and turn on Nearby Sharing.

To share a file, right click on a file in Windows Explorer and chose "Share".


You'll get a dialog showing the receiving system. Click on it.


You'll get this notification on the sending system.


On the receiving system, you'll get this notification.


Nice!



Sunday, July 04, 2021

Application Layer Gateways - Part III

In Part II, I discussed how certain applications are allowed to "tweak" the router so that traffic to different incoming ports is allowed.
This post is the final part of this discussion (at least for now).

Again, I will reference Steve Gibson's Security Now podcast, this time episode 804.

In this episode, Steve describes how a NAT slipstreaming attack allows a remote attacker to trick the NAT into creating NAT traversal mappings to ANY device on the internal network,

This isn't good.

Armis discovered that routers' Application Layer Gateways (ALGs) have even more issues.
WebRTC TURN (Traversal Using Relay around NAT) connections can be established by browsers over TCP to any destination port. The browsers restricted-ports list was not consulted by this logic, and was therefore bypassed.

These TURN connections are used by H.323, a VoIP protocol similar to SIP.

So what to do? I repeat the recommendation at the end of Part II. In your router, turn off as many of the ALG passthroughs that you can.

Good luck if you're using H.323.

Sunday, June 27, 2021

Windows 10 21H1 Enablement Package

I wrote about how I had forced the upgrade to Windows 10 21H1 in a previous post. I did it the hard way and suffered the consequences. That post described the cleanup I had to do.

Well, I came across another laptop that hadn't/wouldn't upgrade to 21H1. I didn't want to take the hard way again.

If a PC automatically offers 21H1, the installation is QUICK. So I set out to find how to force that laptop to upgrade in the same manner as if it were automatically offered.

And I found it.

It seems that 21H1's functions were actually delivered in previous months cumulative updates. The "Feature Upgrade" that is automatically offered just flips some registry switches and reboots.

That "Feature Upgrade" is simply KB5000736, an enablement package. This enablement package is only available for devices running versions 20H2 and 2004.

If you have a device that isn't offering 21H1, just download KB5000736 (64-bit) and run it. Incidentally, when I clicked on that link, nothing happened. I had to right click and choose "Copy link address" and then paste that link into another browser tab.


Enjoy!

Sunday, June 20, 2021

Happy 40th Birthday 8086

June 8, 2021 was the 40th anniversary of the Intel 8086 microprocessor chip. Today it's usually called the x86 chip.

https://commons.wikimedia.org/wiki/File:Ic-photo-Intel--D8086--%288086-CPU%29.png

Here's an article on its history.

I worked in IT during those 40 years and have a few thoughts.

In the 1990s, there were several competing architectures in the enterprise realm. I especially recall DEC's Alpha and Sun's SPARC. The less said about IBM's PowerPC the better. It took me some Googling to even remember what HP's processor was. And nobody remembers Intel's Itanium. HP went all in on Itanium and look where that got them.

But these architectures locked an organization into a specific vendor. We went through a huge and expensive migration of our SAP systems from PowerPC to SPARC.

During that effort, my architect and I pushed the vendors to propose a mixed environment, i.e. proprietary processors for database servers and commodity processors (x86) for application servers.

None of the vendors would play. We ended up going with SPARC, but in the end, the battle was lost to Intel's x86 architecture.

Ironically, this success wasn't attributable to Intel but AMD.

One of the advantages that SPARC brought us was the ability to move to 64-bit architecture for our database servers. That made orders of magnitude improvements in our I/O response times.

At that time, Intel didn't support 64-bit on x86.

AMD came along and implemented a 64-bit architecture on top of Intel's x86 code. That is known as x64 and has conquered the world.

Intel played catch-up and eventually implemented x64 and, as they say, "The rest is history."

But the fat lady hasn't sung yet.

Sunday, June 13, 2021

Exchange in the Tank

This article came up in my feed recently:


This noted that the Microsoft Exchange admin portal was down after Microsoft forgot to renew the SSL certificate for the website.


That sounded familiar to me so I went back and searched my blog.

Bingo!


In that case Microsoft tweeted:
As Yogi Berra said:
It's déjà vu all over again.

Apparently Microsoft didn't take my advice:

Maybe they should have put a reminder on their Outlook calendar. 

Sunday, June 06, 2021

Windows.old

I know I'm not your normal user. I try things so you don't have to.

Recently I forced the installation of Windows 10 21H1 on my ThinkPad. To do this, I downloaded the Windows Update Assistant and ran it.

Don't try this at home.

Unlike the upgrade from the Windows Update app, this process does a FULL Windows 10 update.

But it all went well. It took a long time unlike using the Windows Update app but worked fine.

Then a week later, I was poking around in my C: drive. (You do this, don't you?)

I found several folders that I wasn't expecting:

$GetCurrent - 4.23 GB
Windows10Upgrade - 3.62 GB
Windows.old - 25.6 GB (that's not a typo)



Those weren't really a problem on my HD but still that's over 33GB of space.

Surely Windows 10 would clean those up. Some of them are supposed to be cleaned up 30 10 days after the upgrade. That period had not lapsed.

Windows 10 has a Storage Sense feature that has an option to "Delete previous versions of Windows".


I ran that and it reported that it cleaned up 17.4 GB by deleting Windows.old. That's a nice start.

Now you ask why did it only clean up 17.4 GB if Windows File Explorer said that Windows.old was 25.6 GB? Read this until your head hurts.

Windows 10 Forums said that uninstalling the Windows Update Assistant will delete the Windows10Upgrade folder. I uninstalled the Windows Update Assistant and the Windows10Upgrade folder was gone.

How-To Geek said that the $GetCurrent folder can be deleted but should be deleted automatically. After 10 days, its size was only 181 KB.