RSS

Blog

Your Name - Our meeting today at 8:00 PM ... - SPAM!!!

Your Name  - Our meeting today at 8:00 PM ... - SPAM!!!

More from our fraudulent friends at 'Who's Dumb Enough to Think you can be a Bitcoin Millionaire'

This email is disingenuous from start to finish, as befits these people.

Of course there is no meeting and they have no idea of your name, they just extracted the text field from your email address, but let us have a look at the email and site anyway as these people do need to be publicly 'outed' or they will continue to prey on the weak and poor...

From: Arleen Weatherly <arleen.weatherly@r.meeting-online.ml>
Sent: 13 November 2018 16:15
To: Your Name
Subject: Your Name - Our meeting today at 8:00 PM ...

Hey,

I wanted to remind you of our today's meeting at 8:00 PM on this website:
http://r.meeting-online.ml/bL5j9gTqAx

At this meeting, I will explain in detail how you can effectively invest in the Bitcoin market and start
earning 1,293,186 pounds annually.

Yes, 1,293,186 pounds a year! Exactly that much I managed to earn in 2018by using this extremely
simple technique.

Watch the video and see how easy it is:
http://r.meeting-online.ml/bL5j9gTqAx

Register your free account and activate your trading account, and at 8:00 PM you will be able to
participate in our online meeting, where I will share my knowledge and investment techniques.

What is your dream? New home? A car? Or maybe a financial security?

Thanks to Bitcoin, tens of thousands of people have become millionaires. It is still possible - and I will
prove to you at the meeting tonigh!

Do not waste your time and register now:
http://r.meeting-online.ml/bL5j9gTqAx

Your personal Webinar access code:
0DQNBHZGMP4QRS

See you at the meeting!
Arleen Weatherly

Now we have no idea what the website meeting-online.ml is supposed to be but the owner is registered at:

Mali Dili B.V. 
Point ML administrator 
P.O. Box 11774 
1001 GT Amsterdam 

Which doesn't help much.

Either way the website doesn't seem to function at it's route - it just shows the apache hello message.

But at the link above, it shows our friends:

Bitcoin-System.me

 

Now I don't know who that person is or how they got this way so young but that definitely looks like their parents house to me, I wouldn't buy that lamp now, never mind at that age. 

As usual, if you try and leave you get a message saying:

https://en.bitcoinmillions.xyz/?a=6707&o=7613&s=181113mtuk

 

This page is reproduced across many domain names such as:

https://en.bitcoinmillions.xyz/?a=6707&o=7613&s=181113mtuk

As you can see from the EN part, they reproduce their scam in most european languages...

In fact they have:

DNS name=de.bitcoinmillions.xyz
DNS name=en.bitcoinmillions.xyz
DNS name=es.bitcoinmillions.xyz
DNS name=it.bitcoinmillions.xyz
DNS name=nl.bitcoinmillions.xyz
DNS name=pl.bitcoinmillions.xyz
DNS name=se.bitcoinmillions.xyz

So please report this domain as fraudulent to as many government bodies as you can.

You're A Winner - The National Lottery - Winning Notification Letter 2018-dispatched Spam

You're A Winner - The National Lottery - Winning Notification Letter 2018-dispatched Spam

Occassionally there is a spam email circulating that really makes you giggle, and here is a perfect example. Not only is this email sent to a generic email address - in this case a support@ address.

The message has only one piece of text and a PDF. The text reads:

'This message was sent to name@domain.local. If you are not the owner of this email and you receive this message. Please discard the letter.'

 

 

I don't know who William@icswiss.biz is, but I suspect he will not be receiving that many emails and the phone number appears to have been left off of the hook.

I'm really not sure what the purpose of this email is unless the phone number and email are just of someone that the originator doesn't like.

The best part by far though, is that the promotion director happens to be Annie Lennox acting in the role in her spare time.

Thie email has the feeling of someone playing a prank rather than trying to steal, and for that, it definitely received the 'Spam of the Month' award!

password (r9vrts4) for address@domain.suffix is compromised

The following email is very common at the moment:

From: address@domain.suffix
Sent: 22 October 2018 16:05
To: Recipient
Subject: password (r9vrts4) for address@domain.suffix is compromised

Hello!

I'm a hacker who cracked your email and device a few months ago.
You entered a password on one of the sites you visited, and I intercepted it.
This is your password from address@domain.suffix on moment of hack: r9vrts4

Of course you can will change it, or already changed it.
But it doesn't matter, my malware updated it every time.

Do not try to contact me or find me, it is impossible, since I sent you an email from your account.

Through your email, I uploaded malicious code to your Operation System.
I saved all of your contacts with friends, colleagues, relatives and a complete history of visits to the
Internet resources.
Also I installed a Trojan on your device and long tome spying for you.

You are not my only victim, I usually lock computers and ask for a ransom.
But I was struck by the sites of intimate content that you often visit.

I am in shock of your fantasies! I've never seen anything like this!

So, when you had fun on piquant sites (you know what I mean!) I made screenshot with using my
program from your camera of yours device.
After that, I combined them to the content of the currently viewed site.

There will be laughter when I send these photos to your contacts!
BUT I'm sure you don't want it.

Therefore, I expect payment from you for my silence.
I think $883 is an acceptable price for it!

Pay with Bitcoin.
My BTC wallet: 1JTtwbvmM7ymByxPYCByVYCwasjH49J3Vj

If you do not know how to do this - enter into Google "how to transfer money to a bitcoin wallet". It is
not difficult.
After receiving the specified amount, all your data will be immediately destroyed automatically. My
virus will also remove itself from your operating system.

My Trojan have auto alert, after this email is read, I will be know it!

I give you 2 days (48 hours) to make a payment.
If this does not happen - all your contacts will get crazy shots from your dark secret life!
And so that you do not obstruct, your device will be blocked (also after 48 hours)

Do not be silly!
Police or friends won't help you for sure ...

p.s. I can give you advice for the future. Do not enter your passwords on unsafe sites.

I hope for your prudence.
Farewell.

 

This email is particularly annoying because it is not actually an email at att - just a telnet session being run against the email server pretending to be an email from your own mailbox. It is bypassing SPF and spoofing detection in some cases but it does not mean that any passwords have been hacked in any way or that they have compromised your computer in any way.

It is fairly obvious from the quality of the email that this is just an email  sent out en masse in order to try and recover a few bit coin payments. The IP address can be found to show the originating IP in the email header and it is changing constantly perhaps suggesting that this is an email fired out by smtp viruses on various computers around the web.

The best action to take is to ensure that your own email address is not in yoru whitelist so that anti-spoofing and SPF measures block this email rather than letting it through.

Recipient@domain.suffix Documents Received OneDrive Spam

Recipient@domain.suffix Documents Received OneDrive Spam

This email is an impersonation of Microsoft but has a homespun email address and so should be quite easily to spot.

 

 

From:                              Marissa Carnahan [MCarnahan@gmarmol.com]

Sent:                               18 October 2018 17:49

To:                                   Recipient

Subject:                          recipient@domain.suffix Document Received

 

ΟneDriυe

recipient, Yοu have new dοcuments sent tο yοu via ΟneDriνe

Receive # Document  #Fοr PΟ (DF70508900)

(ReνiewDοcs (DF70508900)  

Τhank Yοu

 

They have apparently respelt OneDrive in order to avoid detection which seems odd as you wouldn't really think that 'OneDrive' would make even a component of rejection rules on any system, as anyone could be using it in conversation with anyone.
 
The way they reformat the address to add the email name in the sentence is effective though, although they have not thought to check if the email is firstname.surname and just added the pre '@' string instead.
 
 
Which has already been marked as deceptive by Google Chrome and unsafe by Microsoft Edge so there should not be too many successful cons from this one. :)
Netflix Spam: Update Account Payment Information

Netflix Spam: Update Account Payment Information

This email has been seen this week:

 

 

Request

 

From:                                                       Netflix Team <netflix@customersupport.com>

Sent:                                                         16 October 2018 01:59

To:                                                            Accounts Team

Subject:                                                   Update Account Payment Information

 

 

Image

 

 

Please Update Your Payment Method

Dear Valued Netflix User

Sorry for the interruption, but we are having trouble authorizi ng your Payment Method.
Please visit the account payment page at
https://www.netflix.com/YourAccountPayment to enter your payment information aga in or to use a different payment method.
When you have finished, we will try to verify your account agai n. To protect the information of our customers, our system has temporarily pla ced restrictions on your account until your information has been validated by our system.

You can validate your information by either clicking on the link above or b elow, this will only take a few minutes and your account functions will be fully restored.

If you have any questions, we are happy to help. Simply call us at 01800-91 7844.
-The Netflix Team

 

<![if !vml]> Rectangle: Rounded Corners: LOG ON <![endif]>

 

 

Netflix Inc. : Netflix Corporate Headquarters 100 Winchester Ci rcle Los Gatos, CA 95032.
You can un-subscribe to security alerts by configuring your online account.
We are sending this email to provide support for your personal online Netfl ix account.

 The actual 'log on' link points to; https://www.neftlix.su/accountbilling/index.php which has already been marked as hazardous by Google and Microsoft so no great worries here. Do be careful that you do not wander onto this site with an older browser as they have amazingly been granted a netflix domain on another suffix. The screen looks relatively convincing:

 

Fake netflix.su screen

 

If you go to the site and ignore any warnings you get a standard looking netflix login that accepts any password:

fake netflix logon

and then provides you with manufactured proof that other users have accessed your account:

Fake netflix android usage

 

Whether you respond or not you are sent through to screens requesting your name, address and card details:

 

Netflix.su enter details

 

it appears to have no validation so you can just leave them rude messages.

 

Fake netflix.su thank-you page

 

All in all a good web page visually but the idea that you need to enter your name after logging back in is a weak link and you should never enter card details into a site unless you have trple-checked teh URL in the address bar.

 

Stay safe!

Server Security Alert Youremail@Domain.com Delete Request !!! Spam Warning

Server Security Alert Youremail@Domain.com Delete Request !!! Spam Warning

This spam email has been received by some people this morning and earlier this week...

 

 

 

From:                              domain.com [Mailserver@servers.com]

Sent:                               17 September 2018 21:02

To:                                   recipient

Subject:                          domain.com  Server Security Alert:  youremail@domain.com Delete Request !!!

 

 

 

 

 

 

yourdomain.com

 

Dear recipient,

Our record indicates that you recently made a request to shutdown your email youremail@domain.com and this request will be processed shortly today.

If this request was made accidentally and you have no knowledge of it, you are advised to upgrade to cancel the request now

 

 

However, if you DO NOT cancel this request, your account will be shutdown and all your email data on the yourdomain.com server will be lost permanently.

Regards.
yourdomain.com Email Administrator®

 


This message is auto-generated from E-mail security server.
This email is meant for: youremail@domain.com 

 

 

 

The actual 'cancel server deactivation' link points to: https://www.enwise.com.au/wp-content/plugins/solve/modify/index.php?email=youremail@domain.com which is a live site with a valid security certificate.

The webpage looks real enough:

 

server security alert delete request

The spammer page appears to just keep asking you for the password - I think it actually tries to verify thr login against your email whilst you wait - so be very careful with this site.

This is another wordpress compromised by a certain Bangladeshi hacker looking to retrieve passwords and subsequently blackmail people or steal from them. He leaves his name on the wordpress site after hacking:

 

Sid Gifari Bangladeshi Wordpress Hacker

 

Report this website as phishing.

Report the orignating email address as a spam source.

Stay Safe!!

Sonicwall NSA-250M Set-up and IPSec VPN Connection to DrayTek Vigor 3900

Sonicwall NSA-250M Set-up and IPSec VPN Connection to DrayTek Vigor 3900 

 Firstly, to set-up the Sonicwall NSA 250M we must set our IP address to connect to the routers address of 192.168.168.168

We are using Windows 7 in this example and so we find our network icon on the Windows Taskbar at the bottom of the screen, right click and select Network and Sharing Center to take us to our network settings:

 

Network and Sharing Centre

 

Our wireless network in the above example does not connect us to the NSA 250M - we are plugging straight in to the firewall and so we click on Local Area Connection which signifies our cable connection to the firewall.

Local Area Connection Status

 

Currently we have no network access and this is expected as the Sonciwall is currently set at 192.168.168.168 and the DHCP server on the device is disabled.

Now click on the highlight Properties button to enter the configuration section for the network protocols:

 

Local Area Connection Properties

 

We ened to configure a static IPv4 address and so we double click the above Internet Protocol Version 4 (IPv4) item to enter the IP addres configuration section:

 

IPv4 address configuration

 

Change the above options to be Use the following IP address and enter the IP we will be using which needs to be in the same Class C subnet as the Sonicwall firewall. In my case I am choosing 192.168.168.169/24

 

 

There is no need to enter a default gateway or anything else as this is just a temporary state for the network card.

You wil see that the status for the conncetion now displays the new IP address:

 

Sonicwall IP assignment

 

Press the OK button and we should now be able to ping 192.168.168.168

If you cannot ping 192.168.168.168 then try resetting the firewall again with a 10 second hold of the reset button with a pen or similar to ensure the firewall is back in its's default state.

 

We should now be able to browse to http://192.168.168.168 to enter the web configurator of the Sonicwall NSA 250M, the user is admin and the password is blank. As soon as you gain access you be asked to change the password:

 

Sonicwall web interface change password

 

Enter a new password in the two boxes to set security for your device - make it a good one if you intend to allow external HTTPS access...

 

Sonicwall changing password

 

 Now we set the appropriate time-zone:

 

Sonicwall set time-zone

 

Next we configure the USB ports:

 

Sonicwall modem set-up

 

Which we will configure later...

 

Sonicwall modem configure later

 

Now we must select the WAN mode, in this case the sonicwall is plugged into a dedicated fibre router that broadcasts DHCP and so we will select the appropriate mode below:

 

Sonicwall WAN

 

Now set your WAN response level - do you want ping or HTTPS responses to be met - most cases you would just want PING but I am choosing HTTPS  to ease along the VPN setup-.

 

Sonicwall allow HTTPS administration

 

As you can see we are being warned about the security of this idea - it is a bad option, especially if you only have one IP address as it prevents hosting a web server.

Now we can set the LAN IP and subnet:

 

Sonicwall LAN set-up

Sonicwall DHCP config.

 

In the above we are stting the DHCP server on the firewall. The DHCP server is a decent version but you may wish to use Linux or Windows DHCP service instead, in which case you can disable this later or leave it disabled.

Now we move on to the ports assignment page:

 

Sonicwall ports assignment

 

The above simply means that we are keeping the default option of XO being our trusted LAN port and X1 being our first WAN untrusted port.

We can now review all of our choices in the summary section:

 

Sonicwall Configuration Summary

 

In the above I have blanked out the IP addresses as they are in use but you can see the options that were chosen clearly.

 

Now the device will reset and our PC or laptop will lose connctivity.

 

Sonicwall set-up wizard complete

 

If you have enabled the DHCP server on the firewall we can now return our laptop to its deafult IP setting:

Return to the network and sharing centre:

 

Network and Sharing Centre

 

Click the Local Area Connection link and choose properties, then double click the IPv4 item to get to your IP address settings:

 

Local Area Connection Status           IPv4 Properties

 

Return the IP address assignment to automatic as in the below:

 

IP address auto-assignment

 

Now when you have rebooted the firewall, the laptop will gain an IP from the Sonicwall DHCP server if enabled. Otherwise you will need to manually set the IP address as you did before but with an IP address in the new subnet which you have just allocated for the Sonicwall.

you should now be able to browse the web using the local area conncetion via the Sonicwall.

 

Setting the VPN on the Sonicwall

Now that the Sonicwall is online and meeting with internet traffic we can begin the set-up of the IPSec VPN.

Log into the firewall and head down to the VPN settings page:

 

Sonicwall VPN Settings Page

 

There are some default policies already but we are creating a new policy so lcick the Add button:

Add VPN Policy Sonicwall

 

So in the above we are entering our VPN network details. Firstly we enter the type which we will leave as Site-to-Site

The authentication method can remain as IKE using Preshared Secret

The Name can be what you wish to help you identify the VPN

In this case we enter the Ipsec Primary Gateway Name or Address as the WAN IP address of the DrayTek 3900 we are connecting to.

The secondary we are leaving as this is not a VPN equipped with redundancy.

In the shared secret we enter outr preshared secret which should be a randomly generated string that you must enter precisely into both devicesa at either end of the VPN

The local IKE ID will be left as IP addresses and you can leave the corresponding boxes blank to use the default IP addresses which we will do in this case.

Now we mov on to the Network setcion:

 

VPN network page Sonicwall

 

We are using the subnet of the LAN port in the above and the easiest way to choose this without adding any other networks that might disuade the DrayTek from allowing the connection is to choose the subnet attached to just the LAN port X0

We create a new subnet from the drop down which has already been performed in the above. We are presented wih the new remote subnet dialogue:

 

Sonicwall create remote VPN subnet

 

In the above we enter the LAN segment behind the DrayTek to which we are trying to gain access. This will be the network made available to us through the Sonicwall-DrayTek VPN tunnel.

Click OK to return to the previous dialog and then progress to the Proposals tab:

 

Sonicwall-DrayTek VPN Proposals

 

In the above we are matching the Sonicwall to the default DrayTek 3900 proposals which means we are using AES-256 with group 5 and SHA1

In this case we are also enabling PFS with group 5. Enter the details as above and move onto the advanced tab:

 

Sonicwall VPN advanced tab

 

Here we only need enter a tick in keep alive and enable Windows Networking (NetBIOS) broadcast boxes, everything else can remain as it is.

We can now complete the VPN settings and return to the VPN setting page and turn our attention to the DrayTek end of the VPN.

 

Setting the DrayTek Vigor 3900 VPN Endpoint

 

Log into your DrayTek webpage and proceed down to the VPN IPSec Profiles page and click Add to create a new profile:

 

DrayTek to Sonicwall IPSec VPN Set-up

 

Enter your details as above and make sure that the local IP subnet are those behind the DrayTek router and not the Sonicwall.

In the above example the Remote Host entry is set to 0.0.0.0 but this must be set to the WAN IP address of the Sonicwall

 

The Remote IP / Subnet Mask is the local LAN subnet behind the Sonicwall to which you wish to gain access from the DrayTek LAN.

The IKEv2 option is chosen and PSK (PreSharedKey) is chosen to match the entries we made on the Sonicwall. Here you must exter exactly the key which was entered into the Sonicwall pre shared key box.

The security protocol is left set as ESP

Now we move onto the Adcanced tab:

 

DrayTek-Sonicwall IPSec VPN Advanced Tab

 

Some of the above is left as the default as we chose the settings on the Sonicwall to match - the timeouts are still the same for instance.

We are selecting Perfect Forward Secrecy and Dead Peer Detection and allowing NetBIOS traffic onece more.

We now need to configure the Proposals tab:

 

DrayTek-Sonicwall IPSec VPN Proposals

 

We are once again selecting AES256 Group 5 as our proposals and allowing ALL and Accept All as the Sonicwall will only be offering SHA1 anyway.

We now complete the IPSec VPN by clicking apply/OK and return to the VPN configuration page:

 

 

DrayTek VPN Profiles

 

We can see there is some activity from the status above but if we continue to the conncetion status page as below:

 

DrayTek-Sonicwall IPSec VPN is Up

 

we can now clearly see that the DrayTek Vigor 3900 believes the VPN to be active and if we check the Sonicwall:

 

Sonicwall-DrayTek IPSec VPN is Up

 

Cisco RVS4000 DrayTek Vigor 3900 VPN IPSec

Cisco RVS4000 DrayTek Vigor 3900 VPN IPSec

In this example we are going to fashion a VPN from a Cisco RVS 4000 VPN router sitting behind a home ISP router/firewall just to show that VPN for your home users isn't difficult to set-up, even if you are segregating part of their network for just their work hosts, such as a desktop and printer.

The Cisco RVS 4000 VPN SoHO Router

Cisco RVS 4000

After a full reset the Cisco will have the IP range 192.168.1.1/24 and as this will very likely be the subnet your workers will have at home it is best to choose something else. In my example here I am just sticking with 192.168.1.0/24 because the network I am plugging into has a different range but you get the idea.

To start with We are going to configure the Cisco before the users take it away.

As I said I am starting with a fully reset router - you will obviosuly want to adjust the password and rig up any remote administrative features beforehand in case the VPN does not come up straght away.

Now we move on to configure the VPN.

Go to the VPN Ipsec page of the router and enter the relevant details:

 

Cisco RVS 4000 IPSec settings

 

In the above we are configuring the VPN as an IP only gateway only as this will allow the VPN to connect easily from the home environment.

The enabled option has been chosen and the destination office chosen as a name for the VPN

Local security type is Subnet and the IP address is the IP address of the Cisco router LAN port

In this case the internal network of the Cisco RVS 4000 will be 192.168.1.0/24 but in your case it may well be best to choose an alternative as mentioned earlier.

The subnet mask is a class C of 255.255.255.0 as normal on a home network.

Next we are configuring the remote network behind the DrayTek Vigor 3900, the gateway is the externalk WAN IP address associated with the VPN you are connecting to.

The IP address and subnet mask are the internal network for the DrayTek router, in this case another Class C network.

We move down the page...

 

Cisco RVS 4000 IPSec settings

 

We are choosing IKE with preshared key

We select 3DES encryption for phase 1 as this is the best that the Cisco will do but if youa re using a later model, feel free to select AES256 if you have it.

Phase 1 authentication is being set to SHA1

We select Group 5 1536-bit authentication and leave the key lifetime at 28800 as this is also the DrayTek default

Phase 2 we set as 3DES, SHA1, enable PFS and enter the preshared key. The authentication has been left at Group 1 768-bit 

We move down to the 'advanced' settings:

 

Cisco RVS 4000 IPSec settings

 

We are stting NETBIOS broadcast as on just to keep the machine naming up-to-date on each network for Windows machines. 

 

Now we move onto the DrayTek Vigor 3900.

Once logged into the device, we are setting a new IPSec profile under VPN and Remote Access > IPSec Profiles

Choose to create a new profile and you are presented with the new IPSec profile dialogue:

 

DrayTek Vigor 3900 IPSec Profile

 

We tick the Enable box at the top to enable the profile.

We can leave the first two boxes as we are receiving only and expecting a router rather than a user.

In this case the DrayTek is expecting the VPN at the IP address associated with WAN1 so we leave that.

The local IP Address/Subnet mask are the same as those we set as the remote network details on the Cisco and represent the internal network we are granting access to the Cisco router network.

The Local Next Hop and Remote Host can remain as they are as the home user network will almost certainly have a dynamically assigned IP address.

The IKE protocol and Phase 1 settings can reamin as defaults

Auth Type is set to PSK - Pre Shared Key and enter the same key as you entered into the Cisco earlier.

The security protocol is set as ESP

 

Now we moved onto the second page:

 

DrayTek Vigor 3900 IPSec VPN Advanced

 

We are leaving the Pahse 1 & 2 lifetimes as they are as they already match the Cisco - you should update these to be the same as yoru Cisco settings if you chose other than default periods.

Perfect Forward Secrecy (PFS) is on

All the other settings can remain as they are, except that once again we are setting NetBIOS naming packet as on.

Apply and save the changes.

INow looking back at the Cisco, we click the connect button under VPN status to connect:

 

Cisco RVS 400 IPSec VPN Status

 

We can see from the above a network VPN has been established.

And from the machine we are using, we can ping the remote 192.168.x.0 network...

Separating public WiFi from your terrestrial LAN with a DrayTek Router and Netgear Switch

Separating public WiFi from your terrestrial LAN with a DrayTek Router and Netgear Switch

In this example we are going to use an older Netgear switch as it is the one in place but this method will work equally as well for the GS752 or XS series, although the interface has been updated somewhat.

Fist of all it is important to not that the default DrayTek setup for ports is an untagged VLAN ID 10 and for Netgear it is a default untagged VLAN of ID 1

What this means is that by default, all the ports on the Netgear assume they are in VLAN1 if the data traffic packets are not 'tagged' with a number. So if you plug in your DrayTek AP910 and use the default VLAN of 10 then your WLAN will not reach your router. In this case we are not going to change any untagged port settings as we are onyl making a single 'tagged' VLAN so there will be no confusion. The important thing to note here is that each port can only have a single VLAN for 'untagged' becuase if there is no tag (no label to tell the device which VLAN to send the traffic to) then there can only be one default failback choice. There can only be one default for anything after all.

So bearing that in mind we are going to take the following action:

  1. We will make a VLAN on the DrayTek 3900 called sirclesPUB VLAN ID: 3
  2. To this VLAN we will tag the LAN port connected to the Netgear switch so that th e traffic labelled with VLAN ID:3 knows it should go to the Netgear switch.
  3. We will make a subnet associated with this LAN on the DrayTek with a different subnet to our usual 192.168.1.0/24 network
  4. We will use the inbuilt DHCP server onm the DrayTek and assign the ISPs DNS servers to the DHCP clients as they will not have access to the local Microsoft AD/DNS
  5. We will make an associated VLAN on the Netgear with VLAN ID: 3
  6. We will tag the ports connected to the DrayTek 3900 and the DrayTek AP-910 with this VLAN ID so tha the traffic know where to be routed
  7. We will associate the public WLAN with the VLAN ID so that the traffic that is tagged by the WLAN as VLAN ID: 3 remains separate and can be routed straight back to the router without interraction with the untagged default private LAN.

 

So let's get started, we login to the DrayTek 3900 and open up the LAN > General Set-up section.

 

Click Add to add a new LAN Profile, in this example we will use a Class B Subnet of 172.16.0.1/16:

 

DrayTek Vigor 3900 add LAN

 

The VLAN ID is set to 3

Our mode is NAT

Our touer IP will be 172.16.0.1

We are choosing a /16 subnet

We enable DHCP server

We have chosen a huge range in this case but the WLAN is restricted to 64 clients at once by the defaul of the AP-910

We add the ISP DNS server addresses

Everything else can be left at default in this example as it is only a public Wi-Fi

Click Apply

 

In our example we see that the LAN has been successfully created:

 

DrayTek Vigor 3900 new LAN set-up

 

Now we move on to LAN > Switch section:

Under the 801.1Q VLAN section we click the Add button to add the new VLAN:

 

DrayTek Vigor 3900 new VLAN

 

We are making the SFP (fibre module) the tagged member in this case (DrayTek just call it a member rather than tagged) and we do not touch the untagged settings as we could lock ourselves out of the router if we do! In this set-up the DrayTek connects to the Netgear via SFP but you may well be selecting LAN_Port_1 in your example.

Click Apply to create the VLAN.

Now we have a separate network on a separate IP range with a tagged VLAN ID of 3, we must tell the Netgear switch to expect this tagged information on certain data packets and tell it what to do with them.

 

Open up the Netgear interface on your switch by browsing to the IP address.

Open up switching > VLAN

Create a new VLAN: 

Netgear GS748 add VLAN

 

We have given it a name to show what it is for but the name is just a label and only the VLAN ID: 3 is important

 

We now go to the member ship of the VLAN to choose the ports under Advanced:

 

Netgear GS748 VLAN Advanced

 

We choose the VLAN ID at the top to be our chosen new VLAN ID of 3

in this case the switch is describing itself as unit 1 and so we click the text to reveal all the ports:

 

Netgear GS748 VLAN Membership

We are tagging the ports and so they need to be populated with a T for Tagged

Port 5 is where our DrayTek AP910 is plugges in (there must be no other switches in between or you will have to configure them for the VLAN also)

Port 45 is our SFP for the fibre

Now we click Apply and we are ready to configure our public Wi-Fi:

I am using the central AP management feature of the DrayTek 3900 and so I browse to the WLAN profiles and select the SSID of the public network:

 

DrayTek central AP management public Wifi VLAN

 

As you can see we have set the VLAN ID to be 3 and the security as Disabled

 

Using a mobile device I connect to sirclesPub wifi:

 

 Public Wi-Fi Mobile IP Address confirmation

 

As we can see under the information section in the Wi-Fi settings  the system has been assigned the correct IP range and cannot communicate with the private LAN.

Spam Warning: Automated Intuit Notification

Spam Warning: Automated Intuit  Notification

 

This email has been spotted this week:

 

 

 

From:                                                       Intuit Inc. <quickbooks@busek.com>

Sent:                                                         Tuesday, July 17, 2018 3:28 PM

To:                                                            Recipient

Subject:                                                   Automated Intuit  Notification

 

 

Stop waiting weeks for checks to arrive.

 

Intuit QuickBooks

 

Dear customer,

 This message has been sent to you by Intuit Inc. Make sure you click on the web link listed below to view Invoice details.

Your Invoice ID: INV15725381 has been settled and available below.

See your receipt

We appreciate your business with us and thank you for working with Intuit.

 

Need help?.

Call 800-267-3519

Talk to a Pro

 

Facebook

Twitter

Youtube

LinkedIn

Download the QuickBooks App for iOS on the App store

Get the QuickBooks App for Android on Google Play

 

 

 

 

Intuit and ProConnect are brand marks of Intuit.

Terms and conditions, pricing and service options are subject to change without the need of notification.

Personal privacy.

2008-2018 Intuit Services Inc..  All rights reserved..
1600 W. Commerce Center Place, Tucson, AZ 85506

 

TrustE Verified

                                                           

The originating email is obviously wrong - Busek.com

 

The 'See you receipt' link takes you to: http://njdiscrim.com?3Xf80q=QAUSY1CQVUFS1QXOBsGSJTHS

 

Which is obviously not an Intuit Quickbooks link, they have not bothered with a certificate or any other measures to fein authenticity.

 

The offending website has already been removed so no immediate danger.

 

Most of the Intuit company links are as they would have been originally.