Disable NTLM
Jul02

Disable NTLM

Disable NTLM KB ID 0001880 Problem NTLM (NT LAN Manager) is a suite of Microsoft security protocols intended to provide authentication, integrity, and confidentiality to users in a network. It is an older protocol that has been largely replaced by Kerberos, (since Server 2008 and windows Vista!) In modern Windows environments due to its enhanced security features. NTLM is a challenge-response authentication protocol used to...

Read More
DHCP Scope: Full of BAD_ADDRESS Entries
Feb05

DHCP Scope: Full of BAD_ADDRESS Entries

KB ID 0001651 Problem I had a client machine struggling to get an DHCP address, and when I looked in DHCP the scope it was full of this; BAD_ADDRESS This address Is Already in Use Solution A tour of Google and forums is full of posts by people with this problem, and other than, ‘Oh I looked in the logs and fixed it’ (with no mention of what log, or where this log was), or ‘Yeah I used Wireshark and located a problem...

Read More
Cisco IOS – DHCP Helper (DHCP Relay) – IP-Helper Setup
Mar23

Cisco IOS – DHCP Helper (DHCP Relay) – IP-Helper Setup

KB ID 0001168  Problem Cisco documentation calls this a ‘DHCP Relay’, and uses the command IP-Helper, and I usually call this DHCP Helper, just to confuse everyone. To be fair the term DHCP Relay is an industry standard, it’s not particular to Cisco (as you will see later when I Wireshark the traffic). So If you are reading this you have a DHCP server and you want to use it to lease addresses to clients that are on a...

Read More
Cisco ASA 5500 – Adding New ‘Different Range’ Public IP Addresses
Nov17

Cisco ASA 5500 – Adding New ‘Different Range’ Public IP Addresses

KB ID 0001006  Problem I got an email at work yesterday; “Hello Pete I have asked our ISP to give us two additional real IP addresses so that we can progress the following two projects: Microsoft DirectAccess Publishing documents to a web server from our internal DMS. {ISP Name} have come back and said that they don’t have the next available numbers in our current IP address range, but they do have two other numbers we could...

Read More
Cisco ASA – Policy NAT
Nov17

Cisco ASA – Policy NAT

KB ID 0001042 Problem I’ve been working on a large firewall deployment for a client, each of their DMZ’s have both a production and a management network. nothing particularly strange about that, but each of their DMZ’s has its own firewalled management network and it’s routable from the LAN. So If I’m an admin and I want to talk to a Linux appliance in their DMZ via its management interface, my traffic...

Read More