Wanted to share this with some of the other geeks that are here on XDA......
I am a ShoreTel Administrator (VOIP) at work, as well as the company Sales Engineer for Managed Services and crap. This week we were experiencing some really crazy issues with our phone system that had me, our SysAdmin and and Shoretel Support baffled.
On March 17th I upgraded the software for our Shoretel, the following day I left for Vegas for a long weekend. You'll understand why I mention this later in the post. This Monday, April 11th, our phones would randomly drop calls and reboot so I immediately logged into our phone system to see what was going on.
I was seeing that our phone switch was disconnected so I rebooted it. When it came back up, all of our phones were still out of service, WTF? I called ShoreTel support and gave them access to our Shoretel Server. They dug around all the log files and the server's Event Viewer to see what the problem was.
We traced back to the beginning of the problems starting on March 21st, my first day back from Vegas and the problem would only happen from 0730 to 1630, my work hours.................Hmmmmmmm
Although we were seeing some errors all that way back to March 21st, we did not see major issues until this past Monday. Our first thought was we had problems with our upgrade. We had the phone connectivity issues up until this afternoon when we discovered what was causing the problem.
To make this LONG story short, my Samsung Galaxy S Captivate was the root cause. How you may ask................
When we rebooted the ShoreTel system after the upgrade, for some reason the phone switch went from a static IP address to DHCP, the upgrade is NOT supposed to cause that to happen. Unfortunately that MAC address on our switch and the mobile phone are the SAME. The phone switch and my mobile were fighting with each other and my phone was winning.
What are the odds of having two of the same MAC addresses at the same physical location?? Once I turned the WiFi off on my phone all of our issues disappeared.
We discovered this by running WireShark, when we saw that there was a MAC address conflict we Googled the MAC address and discovered that it was for a Samsung device. Immediately I knew that it had to be my phone or a co-workers, we are the only ones that have Samsung Smartphones.
Needless to say, we were absolutely surprised but stoked that the problem is solved. It also shows that with the amount of devices now with MAC Addresses we will start seeing all kinds of issues like this in the future. WOW, an IT nightmare............
id try to pull some lotto numbers out of those mac addresses. id google the odds of 2 macs..
When the iPhones first came out we had problems with the company wifi dropping off every few minutes. Come to find out, people were leaving the wifi on on their iPhones causing the routers to run out of ip addresses. The phone would connect to the access point then it wouldn't have the right credentials so it would get rejected then a few minutes later it would try again over and over. We ended up having to block mac addresses at the access point level to prevent the phones trying to authenticate every few minutes.
Sent from my SAMSUNG-SGH-I897
Related
Hello all. I am new to the thread and I am at wits end trying to figure this out. I have talked to Novell about the Mobility Server we have, HTC and US Cellular.
Here is the story:
I had my HTC Desire setup and running exchange on our Mobility Server for a month or so with no problems until I did the Froyo 2.2 update on Feb 11th. Being the IT person that supports all the phones in the department I wanted to do the updated to test for issues. Well I found one. I am not able to sync my phone with the Novell Activesync Mobility server that I was able to sync to before I did the update. After working with server admins checking every thing and making sure nothing on there end changed it still failed. Username, password, server address, no domain and SSL checked it still failed. Monday morning before we called Novell, I just happen to try this over our Wi-Fi network and it immediately synced emails, contacts and calander. I could send email and receive emails. Now I turn off Wi-Fi and try to send an email and it immediately fails with invalid username/password. Turn on Wi-Fi and it is fine. We tested another account and it had the same exact outcome. I have tried this at my home on my Wi-Fi network and it will sync immediately. Same with from a friends house. But 3g still fails in Both locations.
Novell call:
They had the same result with the test account we gave them. We tried to connect to their test server over 3G and it failed too. Wi-Fi was fine. They setup WireShark Protocol Analyzer and found that over wi-fi you could see the phone connect to the server, get the Certificate and then sync. Over 3G you saw the phone connect to the server, get the Certificate and then there was a 22 second delay before it would respond and by that time the server timed out and the authentication faild on the phone. They watched this happen 3 or 4 times on my phone. They had me do a factory reset on the phone, same result. They were able to duplicate the issue on a phone that they had running Froyo 2.2. Until today I have not heard back from them and in an email they stated they are still looking into it.
HTC call:
Pretty much the same result and they were able to duplicate the same result. They had me take another Desire without the Update to 2.2 and try it and it synced immediately over 3G and wi-fi. Okay now they are lost. They had me do another factory reset on my phone and it still failed. Now they wanted me to update the other phone I had to 2.2 and I did. Now it fails over 3g and works on wi-fi. Now that was all that they could do at this time. They are going to look into it. They wanted me to download Touchdown and use it. Already did that and it failed. I have also downloaded 2 other email clients and they fail too.
US Cellular:
They were not much help, they filed over wi-fi and 3G. They were located in Canada, not sure if that mattered but it may have. But the local Store tech was able to duplicate the issue and was not sure what it could be. I felt like I knew more about it and how to troubleshoot it more than they did.
Now I have tried downloading the certificate and installing on my phone and that did not work either. I got another new Desire today that came preloaded with Froyo 2.2 and it would not work either.
If some one out there has any idea of what I can do next it would be GREAT!!! We are suppose to go live with the Mobility Server within the next week or 2 and this is going to be a Major problem. Yes we can do IMAP but there are problems there, no contacts or calendar being synced.
I would be willing to try any ideas or even talk to you about what else to try or test. I really need a fix for this as soon as possible so if you have any idea's please email me or reply to the post and I will update as needed.
Thanks for taking the time to read this.
Doug
Froyo 2.2 Fixed Exchange Problem Fixed!!!!
In short, have actually found the problem after months of testing and changing things we found that the Servers that have Exchange on them needed to have PRT Records turned on by our Server Administrators. Once they turned this on or enabled it everything worked like is suppose to.
I'm helping out with a number of upgrades and issues at a medical clinic where my wife works. It's a small business so there's not much in the way of an 'IT dept.' It's just been one issue after another and still being in school for this stuff it's been an experience to say the least. Half the programs I've never dealt with, the server was full of junk , out of date on everything (running server 2008 on top of it), only had 2 HDD's setup on raid0, was only running on 1 network cable even though there was an entire other and newer NIC installed with 2 more ports, and had a number of viruses that forced us to wipe it and re-install everything.
Now that that's working and I've got all the other computers connected and all that jazz we have another issue.
The modem-router has an issue. We can't get to the config page. It's a DSL modem-wifi router (upgrade??) from AT&T. After hard wiring a computer directly to it and going to it's login address (192.168.1.1) it asks for the username and password. Type that in and nothing - the page is blank. It's the correct IP, the username and password is correct, so what gives? Power cycling accomplished nothing and I'd prefer not to reset it since over a dozen workstations connect to it. Not to mention being wireless and in a medical facility I'm sure HIPPA wouldn't be to thrilled about an unsecured connection.
Is this a perfect time for AT&T to come out and give them a new one or is there something I'm missing? They're obviously not very bright since last nights resolution from them was to reset the connection on their end. "that should help with the speeds and make it faster" - umm, right. Since that sounds like the issue we called about...
--
The best you can hope for from AT&T is ti replace the gateway. If you're absolutely sure the admin name & password are correct, I say reset it. If they exchange the router, you're gonna have to re-enter all that stuff anyway.
-- Sent from my TouchPad using Communities
Has anyone else been having weird notification problems the last few days? Internet problems? Please read this whole post, especially the bottom paragraph.
So far I've been getting double and triple notifications.
Sometimes nothing at all.
I've noticed on a few messaging apps that I would receive a notification showing the person's I'm talking to photo and name but the text would be the text I just sent them.
Also my eBay notifications just turned themselves off without warning and I actually lost 2 items I bid on because of it.
I have my gmail set to vibrate on notification and it hasn't when I get an email.
Sometimes I delete an email and then login to gmail on the PC and it's not deleted out of my inbox.
It doesn't matter if I'm on wifi or 3g, it still happens.
Besides the phone I've noticed google.com in general being very slow and sometimes just not loading at all on my PC and a few others are having the same slow internet issues.
I have a N-7100 on AT&T running stock 4.1.1 rooted with the latest cwm and my FrankenBeats audio installed. I haven't done any modifications or installed any new apps to cause an issue, yet I'm having these problems.
This may be the conspiracy theorist inside me talking but I'm starting to think there is a massive cyber attack going on in the USA. Four of my family members (that I know of so far) have been experiencing slow internet (sometimes to the point of a time out) and their router logs show numerous back to back DoS attacks. I've done traces to the IP addresses that show in the logs and some are coming from GoDaddy servers, Cox ISP, Comcast, and all around the country? The four people are all located in different parts of the country. All different ISPs. But I find it hard to believe that Google's servers are being slow. In the history of the internet I don't think it ever has been acting the way it has in the last 2-3 weeks, and it's only getting worse. Not to mention the recently published articles of Facebook, Microsoft, and Apple being hacked or infected with viruses. What do you guys think?
I understand this is only tangential to phone security, but my phone is connected to the LAN and I know there are some great experts here.
Here's my situation: a few days ago I had some equipment installed that required wireless access. I had to give the installer my LAN password in order to set it up. After he finished and left the house I noticed he was still in his truck for more than 5 minutes and appeared to be using a laptop. My paranoia kicked in and I unplugged my modem.
My question is what's the worst could someone do on short notice with your LAN password? I've only noticed one oddity since then. I listen to SiriusXM streaming every day. Today it told me that I was listening on a different device (which I wasn't) and did I want to continue on my desktop. That's the only unusual thing I've noticed. Malwarebytes and Norton scans don't show anything. WinPatrol hasn't noted any new bootup programs.
I know I should have changed my LAN password immediately but I have probably more than 25 devices that connect to it and it's a major PITA to go to each one and change the connection password. I will do that today but I'm still wondering what a bad guy can do with my LAN password and SSID. I do live in a semi-rural area and a stranger would stand out immediately, so I'm not concerned with some sort of war driving event.
If someone knows of a better forum to post my questions I would appreciate that as well.
Thanks!
Windows 8.1
Apple Airport Express router
Bob Coxner said:
My question is what's the worst could someone do on short notice with your LAN password? I've only noticed one oddity since then. I listen to SiriusXM streaming every day. Today it told me that I was listening on a different device (which I wasn't) and did I want to continue on my desktop. That's the only unusual thing I've noticed. Malwarebytes and Norton scans don't show anything. WinPatrol hasn't noted any new bootup programs.
Click to expand...
Click to collapse
You are talking about you´re WLAN password, right?
Yes. WLAN password.
Well, the worst thing I think is infecting one of you're device inside you're LAN or changing you're router configuration to allow access from outside.
If you're device are secure and up-to-date I don't think he could have done anything harmful (except downloading illegal things)
Worst case
If they came prepared and had everything set on their laptop beforehand they could set up a man in the middle attack on the router such that everything you get is also routed though them. Do not worry most websites use ssl to encrypt traffic which is mostly unbreakable on a well setup website. I wouldn't use anything from a "small website" only google Facebook twitter and the big name, they are reliably secure. He will still be able to see the sites but not the data. One thing to be careful of is that google directs searches inside the url so he will still be able to see searches and even which search page. He could have also setup a backdoor in the router so he can get in later and do more. If you want more pleas pm me with the router model so I can look into it. do not give me the external address or password I dont want that only the modle number.
Just theoretically this is the worst case scenario of five minutes. he would have to have everything ready beforehand and be skilled and type faster than most people but the mere possibility of this is why I got my own router sealed and set it up myself.
long story short- we live in a big house, one of the guys is way behind on rent, the cable/internet is in his name. as one last "f*** you" to the rest of us while he's being evicted, he changed the wifi login to something the rest of us don't know (we've been splitting the cable bill among the 4 of us this whole time)
so the modem is a comcast/xfinity branded XB2 "all-in-one" modem/router made by Arris.
the default network name and password are printed on the outside of the modem.
also printed on the outside is the serial number (alphanumeric 15-character), a CM MAC, an E-MTA MAC, and a WAN MAC.
now of course I could just hold down the reset button for 30 seconds, use the default login, change it to something new, and take over the modem, but that only lasts as long as it takes him to call comcast and get them to override the modem/internet service.
I've got an old android that I've rooted just for this purpose. (I don't have access to a laptop or pc with a wifi adapter right now) I've tried using androdumper to brute force the wifi to no avail.
i think the best way to go about this is... hard reset the modem... log into the modem using default info... and then what? that's where i'm stumped. i'm pretty new at this (if you couldn't tell)
is there any info I can pull off of the comcast/arris modem screen (10.0.0.1 I believe is the address) that I can later use to pull the wifi password?
any android apps I can use to pull the wifi password?
Security is WPA
Before this guy changed the password, I looked at the security settings using 10.0.0.1 and they were set to "very lax" or whatever comcast calls it.
If you have any questions for me I'll try to answer them the best I can
Thank you in advance for all the help
Just hard reset it and change the password to something your crew agrees with..
I can't think of a worse punishment than to have anyone deal with customer service repeatedly.
Even more so if you can keep his hands off of it..
nutpants said:
Just hard reset it and change the password to something your crew agrees with..
I can't think of a worse punishment than to have anyone deal with customer service repeatedly.
Even more so if you can keep his hands off of it..
Click to expand...
Click to collapse
i hear ya, especially comcast customer service, but it's not really a solution. i've given this a lot of thought, i'd rather not go through all the hassle, but i've already gone to the trouble of rooting my phone and scouring the internet for android apps and wordlists and brute force solutions, all to no avail
if we "misplace" the modem that gives the guy an excuse to get the cops involved and trust me he'd love an excuse to call the cops and stir up even more s***
could anyone please recommend an app to crack the wifi?
or maybe a link to some instructions/things to try?
FYI the phone I have rooted is a samsung galaxy centura
Just hard reset the damn modem. it takes less than 5 minutes. Once you reset it, change the default password. Reset the wifi as the same SSID, and put in a new password.
What's going to happen is this: He'll reset the modem again, and do the exact same thing, again. your problem is this: the Comcast service agreement is in HIS name. He doesn't even have to get the cops involved. All he has to do is call Comcast and THEY will come after you for theft of service, and they do not back down easily. Give up while you're ahead.
Your best option is this - Call Comcast. tell them you evicted this person, and that he left an active cable internet account at your address. You would like to get new service installed to replace this account. They will work with you on this. I've had to do this a couple times before.