Category Archives: Networking

Spamhaus RBL issues with Google Public DNS

Leave a reply

Today I noticed a very busy Exchange server. Looking more closely the logs showed up that lots of spammy messages were being allowed in and not rejected despite the fact that Spamhaus RBL was set up.

The Exchange server (or rather the network the server is on) was set to use Google DNS (8.8.8.8 and 8.8.4.4) for all queries to provide a little bit more protection to the clients. The reason for doing this is that Google DNS seems to block some sites that are harbouring malicious software etc - every little bit of protection helps :-)

After some research I found that the issue lay with the Google DNS set up. Spamhaus does not seem to allow queries made via Google DNS. As soon as I changed the servers back to the “ISP default” the RBL look ups started working again. Exchange server now back to sleep…

Battling SageLine 50 network performance issues

Leave a reply

I have seen another client with issues with SageLine 50 in a multi-user environment. Sage of course will blame “the environment” and tell  you that you need PC/network/server upgrades.

The truth of the matter is that the database behind SageLine 50 was never designed for multi-user network access. SageLine 50 operates on a flat file database system. Sage 50 should really be on SQL by now – this way the client would request the data, SQL would query and find it and return it to the client without pulling lots of data across your network. But it’s doubtful that Sage 50 will move to SQL – the opportunity to upsell to the next version makes more money for them.


Best tips for Sage 50 network multi-user usage

Here’s what we found in our tests and some tips for optimisation in an environment using Sage 50:

1. Exclude all Sage data and program files from antivirus scanning.

2. Store the Sage data share on a machine that does not have someone sitting at it. It’s better for all machines to access the data in the same way i.e. network access as opposed to a mixture of network and direct disk access from the console).

3. Ensure all Sage clients are accessing the share via a mapped drive and not a UNC path.

4. Ensure you are using gigabit Ethernet (recommended but a bit hit and miss – see below).

5. If you are using Windows Vista or 7, disable the network autotune feature.


Sage and the Gigabit Ethernet myth

Gigabit Ethernet is a bit hit and miss though – the Sage 50 program does not use the available bandwidth. To test this we had 2 machines – A & B.

We tested the bandwidth available by copying a large file from machine A to machine B across the gigabit network (the file was actually Win XP SP3) using Windows Explorer  and UNC paths. Looking at the Task Manager Network monitor we could see the utilisation was a healthy 15% (well healthy for two desktop machines on gigabit!).

Then using Task Manager Network monitor again we observed the bandwidth in use in Sage 50 with the data stored on machine A and the Sage 50 client on machine B. Even when Sage 50 appeared to lock up or act really slowly, the bandwidth in use never rose about 4%. So Sage just doesn’t use the bandwidth available. Much of the reason for this will be down to the TCPIP window / MTU and that some of the data files are small (lots of small files take longer to copy than a large big one).

 

So although it’s possible to improve user experience a bit, it will never be that great. It’s a shame really.

Exchange 2010 SMTP and Cisco ASA ESMTP inspections

Leave a reply

I’ve been observing problems on an Exchange 2010 server receiving email via SMTP. Certain hosts (especially Google Mail servers) would not complete connection to SMTP and the sending messages would eventually fail and be returned to sender.

The problem turned out to be the Cisco firewall between the Exchange server and outside world. The Cisco box was inspecting incoming SMTP traffic and obfuscating/re-writing the server banner.

Removing the Inspect ESMTP rule cleared the problem and mail flowed fully again.

Cisco 877 ATM DSL stability issues

1 Reply

I’ve experienced some problems getting a Cisco 877 with integrated Alcatel ATM port to work solidly on UK ADSL. The ADSL firmware provided with the 877 was version 3.0.014. I read somewhere that stability greatly improves by upgrading to version 3.0.33.

So I upgraded and found that I still kept getting drop outs even with the newer firmware.

In the end I fixed the stability issue by keeping the newer firmware version and additionally telling the ATM interface to operate in ITU-DMT mode (dsl operating-mode itu-dmt).

Previously the ATM interface had been set to run in auto mode.

DNS poisoned router

Leave a reply

Today I saw a Netgear DG834GT gateway poisoned with bad DNS servers (213.109.66.237 & 213.109.65.28). Even though the router had a strong password set, an infected machine within the network had found a way to change these settings. Because of this the user was getting lots of popups and diverted to different sites whilst browsing.

This is something I hadn’t seen before (well not on a strong password-protected box at least). There must be vulnerabilities with the firmware of the Netgear despite it already running the latest firmware (v1.03.23).

I hope we don’t see more of this type of attack.