01/2017 SWISSCOM Aproved A, V-DSL Router/Modem

One of the most sold Routers in Germany and Switzerland the Fritzbox model 7390 is not Aproved anymore on swiss DSL lines.

Extract from file: bbcs_supporting-documentproved-equipmentv14-15.pdf

 

 

Recently tested BBCS (ADSL, ADSL2+, VDSL2, VDSL2 G.vector, G.fast) equipment

 

 

1.1 xDSL-modems and routers

 

The xDSL Equipment mentioned in the list, are tested and approved by Swisscom (Switzerland) Ltd.

Swisscom recommends the End User to use the xDSL modems and routers tested and approved by Swisscom (Switzerland) Ltd.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

1.2     Not-Approved VDSL-modems and routers

 

The xDSL equipment mentioned in the list, are tested and but did not met some necessary VDSL requirements of Swisscom (Switzerland) Ltd for approval. Swisscom(Switzerland) Ltd.

will accept further usage only with under terms and conditions of a valid and countersigned declaration " Erklärung der FDA in Bezug auf den Weiterbetrieb der Fritzbox 7390".

 

 

 

 

 

 

2    BBCS approved ADSL equipment

 

 

2.1    ADSL-modems and routers for POTS

 

The ADSL equipments mentioned in the list, are tested and approved by Swisscom (Switzerland) Ltd.

Swisscom recommends the End User to use the ADSL modems and routers tested and approved by Swisscom (Switzerland) Ltd.

 

 

Type of

Equipment

Type / Description

DHCP / PPP

ADSL

@IP DSLAM

Manufacturer

Link Documentation

ADSL over

POTS

SpeedTouch Home

Ethernet interface

PPP only

Thomson (Alcatel)

www.speedtouch.com

ADSL over

POTS

SpeedTouch Pro (also with Firewall) Router; Ethernet interface

PPP only

Thomson (Alcatel)

www.speedtouch.com

ADSL over

POTS

SpeedTouch 530

Ethernet and USB interface

PPP only

Thomson

www.speedtouch.com

ADSL over

POTS

SpeedTouch 536

Ethernet and USB interface

PPP only

Thomson

www.speedtouch.com

ADSL over

POTS

SpeedTouch 580

WLAN 802.11g, USB and Ethernet 4 Port interfaces

PPP only

()

Thomson

www.speedtouch.com

ADSL over

POTS

Cisco 827

Router; Ethernet interface

PPP only

()

Cisco

www.cisco.com/univercd/cc/td/doc/pcat/827.ht m

 

Type of

Equipment

Type / Description

DHCP / PPP

ADSL

@IP DSLAM

Manufacturer

Link Documentation

ADSL over

POTS

Cisco 837

Router; Ethernet interface

PPP only

()

Cisco

www.cisco.com/univercd/cc/td/doc/product/acce ss/acs_fix/837/qsg/837qsg.htm

ADSL over

POTS

Cisco 877

Router; Ethernet interface

PPP only

Cisco

http://www.cisco.com/en/US/products/ps6202/i ndex.html

ADSL over

POTS

Cisco 1700 with WIC-1ADSL Router; Ethernet interface

PPP only

Cisco

www.cisco.com/univercd/cc/td/doc/pcat/1721.ht m

ADSL over

POTS

Cisco 2600 with WIC-1ADSL Router; Ethernet interface

PPP only

Cisco

http://www.cisco.com/univercd/cc/td/doc/pcat/

2600.htm

ADSL over

POTS

Cayman 3341EU-SC ADSL Modem

USB and Ethernet interfaces

PPP and DHCP*

Netopia

www.netopia.de

* Only with Firmware Version 7.6.0r4 and further releases.

ADSL over

POTS

Cayman 3347WEU-SC Wireless, 4 Port

Router

802.11g and Ethernet interfaces

PPP and DHCP*

Netopia

www.netopia.de

* Only with Firmware Version 7.6.0r4 and further releases.

ADSL over

POTS

Cayman 3346EU-SC 4 Port Switch

Ethernet interfaces

PPP and DHCP*

Netopia

www.netopia.de

* Only with Firmware Version 7.6.0r4 and further releases.

ADSL over

POTS

Cayman 3347W-SC Wireless, 4 Port Router

802.11b and Ethernet interfaces

PPP and DHCP*

Netopia

www.netopia.de

* Only with Firmware Version 7.6.0r4 and further releases.

ADSL over

POTS

3347NWG-VGX Wireless, 4 Port Ethernet

Switch

802.11g and Ethernet interface

PPP and DHCP*

Netopia

www.netopia.de

* Only with Firmware Version 7.6.0r4 and further releases.

 

 

ADSL over

POTS

3346N-VGX 4 Port Ethernet Switch

Ethernet interfaces

PPP and DHCP*

Netopia

www.netopia.de

* Only with Firmware Version 7.6.0r4 and further releases.

ADSL over

POTS

Arcadyan SMCA1T-A

1 Port Ethernet interface

PPP only

SMC

www.smc.com

ADSL over

POTS

Zyxel P-642ME-11 / P-642R-11

PPP only

ZyXEL

www.studerus.ch

ADSL over

POTS

Zyxel P-630-11

PPP only

-

ZyXEL

www.studerus.ch

ADSL over

POTS

Zyxel P-650ME-11 / P-650R-11 / P-650H-11

/ P-650HW-11 / P-652R-11

PPP only

ZyXEL

www.studerus.ch

ADSL over

POTS

Zyxel P-650ME-31 / P-650R-31 / P-650H-31

/ P-650HW-31 / P-652H-31 / P-652HW-31

PPP only

ZyXEL

www.studerus.ch

ADSL over

POTS

Zyxel P-630-C1

PPP only

ZyXEL

www.studerus.ch

ADSL over

POTS

Zyxel P-650R-E1 / P-653HWI-11 / P-653HI-

31

PPP only

ZyXEL

www.studerus.ch

ADSL over

POTS

Zyxel P-623ME-T1

PPP only

ZyXEL

www.studerus.ch

ADSL over

POTS

Zyxel P-660R-61 / P-660H-61 / P-660HW-

61 / P-662HW-61

PPP only

ZyXEL

www.studerus.ch

 

ADSL over POTS

Zyxel P-2602R-61 / P-2602HW-61  

PPP only  

ZyXEL  

www.studerus.ch  

ADSL over POTS  

Zyxel P-660ME-T1  

PPP only  

ZyXEL  

www.studerus.ch  

ADSL over POTS  

Zyxel P-660H-D1 / P-660HW-D1 / P-661HW-D1 / P-661H-D1 / P-662H-D1 / P-662HW-D1 / P-2602RL-D1 (Orange BabyBox)

PPP only  

ZyXEL  

www.studerus.ch

FW 3.40(APE.0)D1

Baugleich mit 660HW-D1  

ADSL over POTS  

Zyxel P-660ME-D1 / P-660R-D1

PPP only  

ZyXEL  

www.studerus.ch  

ADSL over POTS  

Zyxel P-660HN-F1Z  

PPP only  

ZyXEL  

www.studerus.ch  

ADSL over POTS  

Zyxel P-660HU-T1 / P660HNU-T1  

PPP/DHCP  

ZyXEL  

www.studerus.ch

Firmware: 1.02(VLM.2)D0

Datapump: 3.16.20.7A  

ADSL over POTS  

Router DrayTrek Vigor 2600 Ethernet interface  

PPP only  

-  

Boll Engineering AG  

www.boll.ch  

ADSL over POTS  

Modem D-Link DSL-500 Ethernet interface  

PPP only  

D-Link  

www.xicom.ch  

ADSL over POTS  

Netgear DVG1000-1WGSWS

Chipset Broadcom 63283KFBG  

DHCP  

Netgear  

www.netgear.com

FW V1.1.01.11_1.01.11, DP A2pD030h.d23c  

 

 

Additional CPE ADSL@IP-DSLAM (POTS) OK:

AVM Fritzbox 7170

CISCO 2610; 1417

D-Link DSL-2740B

Linksys WAG160N-EW

Netopia 2240-NVGx; 3342-EU-SC; 3346-x; 3347-x

SAGEM Livebox 5916 (Orange CH)

Netgear DG834

Additional CPE ADSL@IP-DSLAM (POTS) NOT OK:

Linksys/Cisco WAG54G2-EW

SAGEM F@st 900PE

 

 

 

3.1 ADSL-splitter and filter for POTS

 

The ADSL equipments mentioned in the list, are tested and approved by Swisscom (Switzerland) Ltd. Swisscom recommends the End User to use the ADSL- microfilters and splitters tested and approved by Swisscom (Switzerland) Ltd.

Note:Since the middle of May 2003 Swisscom does not recommend any ADSL over POTS microfilter or splitter which does not comply with the ETSI Standard TS 101 952-1-1.

 

ADSL over POTS microfilters and splitters which comply with the ETSI Standard TS 101 952-1-1 V1.1.1 or V1.2.1 (incl. VDSL over POTS) have the remark "ETSI OK" .

 

Type of Equipment

Type / Description  

Manufacturer  

Link Documentation  

POTS Microfilter  

Telephone Equipment DSL0236SW ADSL POTS Microfilter

"ETSI OK"

Telephone Equipment  

www.telequip.com.au  

POTS Microfilter  

ATF 053B1

"ETSI OK"

LinCom GmbH  

www.linecom.ch  

POTS Microfilter/ Splitter  

SW10-GJ-ADSL-E

SW13-GJ-ADSL-E

SW14-GJ-ADSL-E

SW15-GJ-ADSL-E

SW16-GJ-ADSL-E

"ETSI OK"

POTS Splitter

ADSL POTS Splitter TM-586345.1

"ETSI OK"

Teletech Media GmbH  

www.teletech.ch  

POTS Splitter  

YCL DL000451 A0746R10002

"ETSI OK"

YCL Electronics Co.,Ltd.  

www.ycl.com.tw  

POTS Microfilter  

Please go to the VDSL2 section: All CeCoNet VDSL2 filters and splitters are ready to use on ADSL.  

CeCoNet AG  

w 

Ransomware, Ransom MONGO Database owners under attack

A lot of Ransom against Mongo DB owner running currently. The attacker pumps off the data and replaces so tables and fields with information on how to contact. Worst seems that around 80% of the people don't have and actual backup of this exotic DB. Whoever thinks this will be safe in the Cloud (Amazon AWS) without paying large amount of money additional for protection or backup services gets waked up hardly.

As mentioned in Blogs before we are just waiting until in a first wave the once take down all "Sql Express DB" like Backup exec, Veeam and Antivirus Servers and then after some days hours empty SQL's. Tape Loader producers are happy. It's time to rethink you backup strategy.

 

https://de.wikipedia.org/wiki/MongoDB

Table gets replaced by sample

{ "_id" : ObjectId("58727a840c6c83c222c"), "Info" : "Your DB is Backed up at our servers, to restore send 0.1 BTC to the Bitcoin Address then send an email with your server ip", "Bitcoin Address" : "1J5ADzFv1gx3fsUPUY1AWF9P6hiF", "Email" : "kraken0@india.com" }

 

https://docs.google.com/spreadsheets/d/1QonE9oeMOQHVh8heFIyeqrjfKEViL0poLnY8mAakKhM/edit#gid=0

https://forums.aws.amazon.com/thread.jspa?amp%3Btstart=0&messageID=760366

 

Powershell: List/Export Active Directory users UNDER certain OU incl. Home share

Powershell: List/Export Active Directory users UNDER certain OU incl. Home share

Searchbase = distinguishedName

How to find this out:

  • Start Active Directory User and Computers Console
  • Go to the OU you want to export and Right click > Attribute Editor
  • Copy the distinguishedName into the script below behind search base
  • Change your Domain controller behind Server

Searchbase = distinguishedName

 

 

IMPORT all Active Directory attributes under certain OU

Change all READ to your site info as mentioned above

import-module ActiveDirectory

 

$ADUserParams=@{

'Server' = 'yourdomaincontroller'

'Searchbase' = 'OU=User,OU=Schweiz,DC=butsch,DC=ch'

'Searchscope'= 'Subtree'

'Filter' = '*'

'Properties' = '*'

}

 

$SelectParams=@{

'Property' = 'SAMAccountname', 'CN', 'title', 'DisplayName', 'Description', 'EmailAddress', 'mobilephone',@{name='businesscategory';expression={$_.businesscategory -join '; '}}, 'office', 'officephone', 'state', 'streetaddress', 'city', 'employeeID', 'Employeenumber', 'enabled', 'lockedout', 'lastlogondate', 'badpwdcount', 'passwordlastset', 'created','homeDrive','homeDirectory'

}

 

get-aduser @ADUserParams | select-object @SelectParams | export-csv "c:\edv\users.csv"

 

Save Powershell as c:\edv\dump.ps1

Logon on to Domain Controller

Start Powershell

Run .\dump.ps1 from c:\edv folder (Notice the .\ infront of dump.ps1)

 

You will get a COMMA Seperated list like this

#TYPE Selected.Microsoft.ActiveDirectory.Management.ADUser

"SAMAccountname","CN","title","DisplayName","Description","EmailAddress","mobilephone","businesscategory","office","officephone","state","streetaddress","city","employeeID","Employeenumber","enabled","lockedout","lastlogondate","badpwdcount","passwordlastset","created","homeDrive","homeDirectory"

 

MCAFEE ATD: Sandbox stays at STATUS BAD

We just had a case where an MCAFEE ATD-3000 Sandbox was staying at the Status BAD.

A person hat submitted a file to analyze with XVIEW (Look into the Sandbox) and did shutdown the W7 VM after that analyze.

NO > Rebuild of the VM's did not solve

NO > Reboot of the Sandbox did not solve

Logon to Sandbox with SSH and PORT 2222 not 22 (Logon with cliadmin)

CLI: reboot active

Logon to Sandbox with SSH and PORT 2222 not 22 (Logon with cliadmin)

CLI: removeSampleInWaiting

After this the FILE in the queue which may generated the error did disappear and the status went back to "GOOD"

Found in doku file: ATD_3.6.2_Product_Guide_revA.pdf

Switzerland: Embedded WinWord OLE Ransomware active around Switzerland 26.10.2016

 

Embedded WinWord OLE Ransomware active around Switzerland 26.10.2016

Files: Abrechnung_XXXX.DOCX,

Format: Microsoft WinWord 2007

MALWARE: LNK/Agent.A5E3!tr.dldr

 

Following WinWord with Embedded OLE Object drops through most of the Fortigate/Mcafee/Trend Spam, Firewall, IPS, TIE, Sandboxes. Most only scanners does not detect it.

Microsoft describes this here:

https://blogs.technet.microsoft.com/mmpc/2016/06/14/wheres-the-macro-malware-author-are-now-using-ole-embedding-to-deliver-malicious-files/

26.10.2016, 14:00 Uhr

This how the WinWord Looks

If you click

You MAY have to click again….. ;-)

 

 

MCAFEE ATD Sandbox did not detect anything 15:38 Uhr, 26.10.2016

Summary

Threat Level

Informational

File Name

Abrechnung_129.docx

MD5 Hash Identifier

B147662DDFDAE09D7BECD016CB3C6801

SHA-1 Hash Identifier

451157E2807E4E0E511BAFF1BACB4B6659219A4F

SHA-256 Hash Identifier

0EDE5F8D769B2E8F16793ACB90FD61BC88AB400AC0A5CB54B66E481EA63F96CD

File Size

39750 bytes

File Type

application/vnd.openxmlformats-officedocument.wordprocessingml.document

File Submitted

2016-10-26 14:42:33

Duration

45 seconds

Sandbox Replication

39 seconds

 

 

 

Some others in that direction:

After running the OLE Object it does HIT on the Sandbox.

On most commercial Sandbox you have to activate the OLE manual…

Sites it connects to:

 

URL

Port

Reputation

Category Name

Risk Group

Functional Group

198.20.239.21

80

Clean

---

---

---

37VIRGINIASLIM.TOP

80

Failed

---

---

---

46.101.10.156

80

Failed

---

---

---

WPAD

80

Failed

---

---

---

 

It does use CALC.EXE ONLY on the "Sandbox Systems" since these are old state and thus extra not patched. Or it's a new discovered 0day for calc.exe on real machines.

File download with Powershell:

 

Fortigate takes business serious and did report back to us after the sample was submitted around 1.5hr later

 

 

Around 18:XX o'clock Mittwoch

Thank you for submitting your sample to Fortinet. The sample "___Abrechnung_129.docx" with MD5:b147662ddfdae09d7becd016cb3c6801 should already be detected as LNK/Agent.A5E3!tr.dldr

This signature was released in AVDB v40.307 on October 26th, 2016 at 10AM PST

 

If for any reason you believe that the file is still not being detected, please let us know.

 

We have escalated this sample to our Fortisandbox team and we will conduct further investigation as to the nature of Fortisandbox missing this sample.

 

Regards,