Categories
NetworkToolbox news

About VPN – be careful what you do

VPN is a buzzword, used for different things, sometimes for something which is the complete opposite.

Most people think of increased protection or privacy in connection with VPNs.

That is not fully true and, in some cases, (read further below) you can instead jeopardize your security and privacy when using a VPN.

I am personally using a VPN almost whenever I am outside my home. I am using it regardless of whether I want to connect to my devices at home or any other website or server. This way, I can use virtually any WiFi hotspot without risking a Man-in-the-Middle (MITM) attack or other common issues like tracing by browsing activities etc. Moreover, I can benefit from my Pi-Hole installation (see here for more about Pi-Hole) from any location so I can enjoy ad-free and faster browsing.

Evil VPNs

However, some people are using so called “VPN” Apps or VPN providers. DON’T DO THAT!

Recently, it was revealed that several of these Apps and services are spying their users out. Very popular names are on a list of Apps that have been identified to track their users, possibly to make money by selling this information. As I used to say, “don’t trust the evil”.

You may ask, which VPN App or service I would recommend? The answer is simple: None of them.

But why? And what is the difference between those and “my” VPN.

The thing is, I would not even call those solutions a “VPN” because “VPN” stands for Virtual Private Network. These solutions might be virtual and a network, but they are by no means private because your data is routed through their servers and at any point, technically, they have access to your data. You will never know if they respect your privacy or (as it happened) tapping into your data. And if you would trust a VPN provider today, can you trust them in the future? After they found they are not making enough money and are looking for additional opportunities. Some of these providers are even free of charge. How crazy is that? How can one maintain a secure infrastructure for people around the world and give it away for free? There is probably something they don’t tell you.

So should you rather omit any VPN? No, just use the right one and the right one needs to be your own, private VPN. It is essential that the starting point of the encryption and the endpoint is under your control.

A typical VPN is “tunneling” your data over the line. Tunneling means you data can’t go any other than the predefined route and it is usually encrypted from the beginning (of the tunnel – which is the device from where you want to access the network) and decrypted not sooner than at the end (of the tunnel – which is where it goes back to the public or ideally the destination server).

Corporate VPNs

VPNs can be used between your device and the destination network. This is, what companies are using (or I should rather say have to use) for their employees if they want to give their employees access to the company infrastructure like mail, access to files etc. while they are not located inside the company. For example, if they are working from home. Of course, this is getting more popular these days due to Covid-19. In these cases, the tunnel goes from the PC or mobile device of the employee up to the company’s network. Regardless which internet provider is being used or if the employee is working from a Hotel or insecure WiFi in a coffee shop. Such a solution is secure.

VPNs to access a Server

The very same solution can be used if you want to securely connect from your home network to another server on the internet. I am using that whenever I am maintaining my Servers around the world.

Home VPN – my recommentation

But such a solution is also viable for home networks. If the tunnel would start on your mobile device and would end on your network at home, you could benefit from the much higher protection degree of your home network (which is hopefully under your control) even if you are on the road and using any (probably insecure) network.

And that’s exactly what I would suggest to everybody. Setup or use your own VPN and don’t rely on or trust anybody outside your network.

Of course, this needs a bit extra work and at least some networking knowledge but it’s not as complicated as you may think. And it’s really worth to dig into this. Once you set it up, you don’t want to miss it anymore. Especially if you are also using Pi-Hole.

I can suggest at least two possibilities.

VPN on a Raspberry Pi

One would be to buy a cheap Raspbarry pi and use it as VPN server. Better use a separate one which will solely run the VPN. There are several instructions available on the web, especially for installing a VPN on a Rasperry pi. Just use your favorite search engine and look for instructions that best suits your skills and requirements. My favorite VPN software is Softether. I am not fond of the old OpenVPN and the new WireGuard technology, but both are better than nothing. At least WireGuard might be worth a try. But I personally don’t like VPN solutions that require an App or additional software on your device because chances are, that this software might have a security vulnerability.

When setting up a VPN, normally you can decide between different VPN technologies to be used. My recommendation is to use L2TP with IPSec which is very secure and doesn’t require an App on your mobile device because it is natively supported by iOS (and Windows and Android – by the way).

“L2TP” is the name of the technology for the Tunnel and “IPSec” the name of the technology for the encryption. There are others but for the aforementioned reason I would recommend L2TP/IPSec. However, by no means use PPTP instead because that’s outdated and insecure.

So the basic steps are:

  • Install the piece of Software (e.g. Softether) on a Raspberry pi
  • Open the necessary ports (and only those) in your router so that it lets traffic of these ports pass through to your Raspberry pi (usually these ports are 500 and 4500 for UDP traffic).
  • Configure the VPN on your mobile device

While talking about ports: If you currently have additional ports open because you want to access your NAS or Camera from outside your home, you can now close these ports because in the future you will not need them anymore because once you switch on you VPN on your mobile device, it’s like if you would sit at home, inside your home network.

Or use a device with built-in VPN Server

So this is one possibility. The other possibility, if you don’t want to (I say “want to” because you definitely can, believe me) setup a VPN on a Raspberry pi, you can see if your Router or any other device on your network offers a VPN feature. Some Routers do. If not, you can even buy and attach an additional Router just for the purpose of a VPN. However, and that’s why this is not my preference, you never know how good their VPN Server implementation is and if it is being updated timely. Often they also “just” offer openVPN but it’s probably worth an investigation.

Give it a try!

So I really recommend to give it a try. You will not regret it.

But still you might say: wait, what about watching Streaming videos that are not offered in my country and what about my privacy?

Yes, these are two things that might have been another reason why people are using a so called VPN Service. But again, this has nothing to do with privacy but both can not be accomplished by a home VPN as described before.

If you want to hide your identity on the Web, better use Tor with a Tor Browser.

If you really have to watch streaming videos that are not available in your country, better use one of those browser plugin based solutions – but ideally use it on a separate PC because even plugins can be harmful.

Looking forward to your feedback.

Stay safe and healthy – and, don’t trust the evil.

Marcus


Categories
NetworkToolbox news

Version 13.3 available

I am happy to announce Version 13.3.1, which contains the following changes, improvements and bug-fixes:  

BUG FIXES:

■ Additional IOS 13.3 fixes

■ Bug fixes in the Pi-hole tool

■ Moved the Glossary tool to Resources

■ The Verizon Supercookie check is now back working

NEW FEATURES:

■ New Blacklist tool

You can now query various Blacklists services for domains or IP addresses, to see if they are listed.

■ New Elasticsearch tool

Since more and more Elasticsearch database are involved in recent data breaches, I added Elasticsearch queries to Shodan and Morpheus.  

Also, a new Elasticsearch tool can now be used to browse Elasticsearch databases.  

■ Telnet Security check

DDOS Bots are using IOT devices around the world that are poorly secured by standard or easy to guess passwords.

A new Telnet Security Check was added to the included Security Check tool which can be used to check for all known weak passwords on a Telnet server.  

■ Have I been Pwned

I did remove this tool some time ago because Troy Hunt, the provider of this feature, had to ask for money to use the API.  

Now, I decided to pay the monthly fee for it to support Troy and his amazing service.  

This said, I brought back the tool to the App and you all can use it for free.

I have also updated the online manual so for details, you can learn more about the new features and tools.

PLEASE NOTE: All new tools will be added at the end of the Icon list. Of some devices, you need to scroll the main screen to see these new tools. In order to arrange them in line with the other tools, just visit Settings -Appearance -Organizer and select the action button […] at the top and choose Reset to defaults.

Many thanks for your great support and reviews which really keeps this App going.

For those of you having questions or experiencing issues, please contact me. I cannot stress enough that I am highly interested in knowing about any issue so I can fix them for you and for others.

Please use the support Email address or the button under Settings of the App.   Thank you and stay safe!

Best regards,

Marcus


Categories
NetworkToolbox news

New Version 13 available

Version 13 of NetworkToolbox is available

The main focus for Version 13 was not just compatibility but also taking advantage of iOS 13. There was a lot coding necessary under the hood but here are the main features of this version:

  • IOS 13 Dark Mode compatibility
  • Support for new iOS 13 UI elements (e.g. pulling down the Help screen)
  • New NFC Reader. New NFC Tags can also be written (iOS 13 required)
  • Improved Bonjour Tool
  • Improved advanced Scanning (now turned back on per default)
  • Fonts will now not just be listed but also displayed
  • Improved IP Geolocation detection
  • The Pi-Hole tool now shows the IP Address if the Network Name is not available
  • The Pi-Hole tool now supports a filter
  • Updated MAC Database
  • Added SHA256 Hash to the Base64 Tool
  • A new Tool Two-Tone has been added
  • The Tool Pwned had to be removed (see below for details)

Besides several UI improvements, there are two highlights. There is the new NFC Reader and Writer which allows write to NDEF NFC Tags and the new Bonjour Tool and advanced Scanning improvements.

New NFC Reader / Writer

Apple has opened their API for improved NFC Tag reading and also writing in iOS 13. For implementing the new NFC Features I bought several different types or Tags for testing. Such Tags are available as Stickers, small or large and as Credit-Card size cards.

Using and writing such Tags is quite funny and could even be useful. For instance you can write a website link to a Tag and whenever you get close to the Tag with your iPhone (even without using my App), you will be prompted to open the website. This even works with Phone number if you would write something like ‘tel:1234’ to the Tag.

There are several different NFC standards available but I was able to read and write at least NDEF Standard Tags. What can’t be read are still Credit-Cards or Passports even though it’s technically possible but App Developers need to get permission from Apple to be able to develop Apps that can read such Tags as well. I did not apply for this because I doubt that Apple will give me permission.

Bonjour and Advanced Scanning

iOS 13 also adds some more networking and background processing features. This allowed me to completely re-write the Bonjour implementation and advanced scanning feature.

This way, you will now see way more information when performing a Network Scan or even when looking up IP Addresses from within other Tools (e.g. even the Pi-Hole Tool).

Since some networks were causing problems in the past when “Advanced-Scanning” was turned on, I changed it to be off by default.

I have changed this now back to on by default but if you are experiencing issues (e.g. unintentional crashes or freezes), please try to turn advanced scanning off (either in the settings or in the Network scan tool).

Had to remove the pwned tool

Unfortunately, I had to removed the “Have I been pwned” Tool. This tool used to use an API offered by Troy Hunt. . This API had been misuses by others so Troy had to remove free and public access to the API. However, you can still check your Email address on his website haveibeenpwned.com for free and I really recommend using this from time to time.

iOS 13 ceveats

As this version is now compatible with iOS 13 and even takes advantage of several new APIs and features of iOS 13, there are two disadvantages. One is, that the SSID and BSSID is no longer available for displaying in the Devices Tool. Apple has removed that information like others in the past for privacy reasons. This is debatable because there is additonal privacy related information still available to Apps and both SSID and BSSID can still be displayed from the Settings App or Apples Tools. However, it’s positive in general that Apple cares for privacy and it’s not such a big disadvantage. Another, also minor, drawback of this Update is, that it now requires at least iOS 11 and no longer iOS 10 as the previous version.

I hope you enjoy this update. Let me know if you are experiencing issues or have feature suggestions.

Stay safe!

Regards,

Marcus


Categories
NetworkToolbox news

Best security and privacy solution

I am wondering, how many of you are already using a Pi-hole server or have installed a Pi-hole server as described in a previous blog here.

For those, who have not or don’t want to read my TL/DR, here is a quick summary:

  • Pi-hole is a solution that dramatically reduces spying of your privacy and security
  • It blocks Ads on your network
  • It works on any network for any PC (Mac or Windows) and even all Apps on your mobile devices
  • It helps to see what's going on on your network
  • It is easy to install without much network expertise
  • It just needs to be attached to your network with a regular network cable
  • It is free, OpenSource and you only need a small cheap ($ 40) Raspberry-Pi mini computer
  • It speeds up internet access
  • You can easily block unwanted connections or traffic
  • If there is any issue, it's easy to revert back
  • It is supported by NetworkToolbox

There are other solutions available with higher costs, even recurring costs but they are not better.

I personally don’t want to miss Pi-hole anymore.

So again, let me know what you think. Are you as happy about Pi-hole as I am ? Or do you think you don’t need it ? Or is it too complicated to install or is my instruction too complicated ? Or don’t you trust the Pi-hole guys?

Just drop me a mail using the form on my website or use the support button inside the App.

Keep safe,

and don’t trust the evil.

Regards,

Marcus


Categories
NetworkToolbox news

What a drama !

Yesterday, soon after the 12.9.3 update was finally released by Apple after several days and some unfortunate discussions about HealthKit and the Sensor Tool, I received reports from users where the App didn’t start anymore after downloading the update.

By that time, I had no idea why this happens since many users reported successful installations and also my testing on several devices and different iOS Versions didn’t reveal any issues.

Around 9pm it got obvious that at leaset several, but not all, older iOS Versions before and until 12.1. were affected. On the iOS Simulator, where I usually test everything on different iOS Versions, everything was fine.

So I started looking into my drawer to find an iPhone or iPad with an old enough but not too old iOS Version and finally found an iPhone 6 plus with iOS 12.1. After charging the completely empty device, I luckily was able to reproduce this issue.

Usually, once it’s possible to reproduce an issue it is immediately solved but not in this case. The App didn’t even start so there was no chance for debugging. It was clear that it has to do with Swift (the development language) because a certain Swift library could not be loaded. I was wondering if older iOS Versions didn’t support the version of Swift but that should not be an issue.

I tried everything like removing code that I recently added, restored and tried older code etc., nothing helped.

Then I tried to run the latest update of my Electronic Toolbox App on that iPhone 6 plus because Electronic Toolbox has received similar changes recently and to my surprise (and relief) it ran.

So I started looking for differences and after some time, I found the reason. It was a minor compiler setting out of hundreds of other settings which was the root cause. This setting will normally never be touched by a developer since it’s set correct by the Development environment automatically. For some reason it was now set in a way to let the App crash on older iOS Versions. It even has nothing to to with the error or with iOS Versions. However, once I changed that setting, the App ran on the iOS 12.1 device.

Around 2am I sent another Update to Apple. After that, I contacted Apple and explained the situation and asked for an expedite review.

This morning at 11:30am Apple indeed started their review but…

..rejected the App and claimed that it is marked as App that uses Bluetooth LE but the App is no Bluetooth LE App. I was able to sort this out with Apple and on 11:52am they released the update 12.9.5.

Sorry guys for this issue and the trouble you have had and thanks for your patience. Thanks also to Apple for their quick response.

To be honest, I don’t need that every day.

Regards,

Marcus


Categories
NetworkToolbox news

New Version 12.9.3 is available

Finally, the new Version, which is now 12.9.3 is available.

Unfortunately, Apple left me other choice than to remove the Sensors feature of the Device Tool. Even though this has had nothing to do with Networking, I found this feature quite nice and it took some time to get developed – anyways, there are more important things so let’s tick this matter off.

As previously posted, this update is again a larger update with many improvements and new Tools.

There were a couple of changes necessary for preparation to the next iOS Version. Also, major parts of the App have been re-coded in the newest Swift development language.

Improvements

But more important for you are the following improvements:

  • Improved VPN Support
  • Improved Bonjour Tool (now also displays readable Service names)
  • Under Device -> System, more information about the current Model
  • Improved Network Neighbor Tool

The Network scanning engine has again been further improved:

  • Additional scanning methods to find ‘hidden’ devices
  • You can now select Quick scanning for a faster (even though less deep) scan
  • Advanced scanning will reveal more information about devices​

New Tools

And finally, there are four new Tools.

New Info Tool

This Tool provides tables with network related information:

  • List of Ports and their services​
  • List of HTTP Status codes and their meaning​
  • HTML Tags
  • Bonjour Services and descriptions
  • URL Encoding Characters for Windows-1253 and UTF-8
  • Common User Agents
Server Check

This Tool can be used to check a Web-Server for leaked information or unintentionally exposed files or content.

Due to wrong configurations, bugs or security issues on the Web-Server, a Server may expose information or files that should normally not be exposed. Such information may help Hackers to break into the system or even steal confidential data.

This Tool reveals such issues.

Dorks

This Tool can be used to find information which was unintentionally indexed by Google.

It offers pre-defined Google Dork queries, also known as “Google Hacking” and conveniently collects the results for further investigation.
 
Pi-hole

This Tool interfaces to your Pi-hole Server, if available.

This way, you can use the App to further analyze DNS queries made on your network. This can now also be used to replace the former connections tool because it is also possible to analyze iPhone or iPad App communication.

Best of all, this Tool can replace the former Connections Tool.

 

I hope you will enjoy this update!

I am especially glad to provide the Pi-hole Tool. I am using it every day. Of course, you will have to setup your own Pi-hole server but don’t be scared, that’s quite easy and once that’s done, you will be amazed about the improved security on your network and all the Ads which are gone, instantly. I have created a small documentation on how to setup a Pi-hole server on a cheap Raspberry Pi here.

If you like my App, please let others know and don’t forget to leave a review. That helps! – Thank you!

If you have issues, ideas, suggestions, please contact me. I want to know about it. Ideally, for this, use the Support button or the Form on my Website.

Stay safe and … don’t trust the evil.

Best regards,

Marcus


Categories
NetworkToolbox news

Block everything evil using Pi-hole

Until recently I was using my own solution to block Trackers, Ads and other unwanted network traffic. My solution works pretty well for years. Now I have replaced it by Pi-hole which is an open-source software which can run nicely on a cheap Raspberry Pi.

Pi-hole is easy to install, easy to use and offers a great user interface that gives you a great overview of what’s going on on your network and easy black- and whitelist maintenance.

Pi-hole also offers an API which will be integrated in NetworkToolbox soon.

I have created a small tutorial on how to install Pi-Hole on a Raspberry Pi.


Categories
NetworkToolbox news

Office 365 private data collection

Microsoft has not yet learned their lessons. They still can’t stop collecting private data whenever they can.

I am using Office 365 for several years and reasons (lack of alternatives). Office 365 will be updated in the background and often I didn’t noticed that it has been updated a couple of times.

With one of these latest updates, Microsoft seemed to have added some new features (from their point of view).

They have added features that are “analyzing my content“. When I read this, I had to read it twice because I couldn’t believe what I read:

You will find this option (intentionally hidden) as follows:

  • Start Word
  • On the left side at the bottom of the screen select Options
  • On the new screen select “Trust Center”
  • Click on “Trust Center Settings…”
  • Select “Privacy Options”
  • Click on “Privacy Settings”

(quite hidden, isn’t it?)

Now, it’s up to you to keep everything enabled or disable everything – which is what I did.

But be aware: Microsoft will strip down the functionality once you do that (see the yellow box below the setting) and I was wondering if I will get some money back due to the fact that they remove features they were advertising – probably not.

Don’t trust the evil!

Regards,

Marcus


Categories
NetworkToolbox news

WiFi Finder App collected WiFi Passwords

I still get requests from users to add a WiFi scanning tool to my App. My Answer is always that this is not possible for any App because Apple restricts access to the WiFi interface – which is good. (See also wifi-scanning)

What could happen if unrestricted access to the WiFi interface would be possible can be seen recently in an incident on Android.

A quite popular “WiFi Finder” app has collected private WiFi passwords. Those Passwords were stored as plain text along with SSID, Geolocation on a server maintained by the Chinese App developer. Even worse, that information left exposed and unprotected, allowing anyone to access and download the contents in bulk.

The App has already been banned from the Google Play Store and the Server was shut down.

Don’t trust the evil!

Best regards,

Marcus


Categories
NetworkToolbox news

Update 12.2.1 available

Update 12.2.1 is basically a maintenance update.

  • A few bugs and crashes were fixed (thanks for reporting these issues)
  • The network scanning engine has been further improved (it is now faster than ever and finds previously hidden devices)
  • The SMB Tool can now be used to upload and delete files
  • The MAC Database has been updated

The next update will bring new Tools.

Thanks for your great support!

Best regards,

Marcus


Categories
NetworkToolbox news

New version 12.1.1. available

Update 12.1.1 of NetworkToolbox is available. This will be the final update for this year and more is to come next year.

Before talking about this update, I would like to announce a link to the NetworkToolbox Post Archive:

networktoolbox.de/all-posts

Here, you can easily find older Posts which are still valid (like the “Wifi Scanning” or “iOS 11 and MAC Addresses” posts)  but, as I found, it is sometimes difficult to find older Posts either in the News Section of the App or the Website Blog.

Version 12.1.1

Among some other smaller changes and fixes, here are two highlights of this update:

1.) Improved Import/Export

You can now Export lists from various scanning Tools.

Also, you can now export the Password and Devices Lists, edit them with your preferred Software like Numbers on your Device or Mac or Excel on your PC. These files can then be Imported back to the App.

Along with this, the “Add to Custom Devices” functionality in Network Scan has also been improved so it’s now easier to maintain the missing MAC Addresses and custom names manually.

Details are explained in the Manual.

2.) New Batch Tool

This new Tool can be used to perform actions like Ping, Port-Scan, Deep-Scan etc. over a list of Addresses.

The addresses for this new Batch Tool can be collected from other Tools (Menu -> Add to Batch).

You can also import Address lists to this Batch tool from csv files maintained in Numbers or Excel.

Lists and results can be exported back to CSV files.

Also this Tool is explained more in detail in the Manual.

Thank you for 2018!

Finally, I like to thank you for a fantastic 2018 with NetworkToolbox. Thanks to your feedback and suggestions, I added several new Tools and features this year and of course was able to fix some bugs which may happen even after in-depth testing.

Thanks again and to all of you all the best for 2018!

Don’t trust the evil.

Marcus


Categories
NetworkToolbox news

Spyware detection and dial codes

Before talking about Spyware detection, a few words about Spyware in general.

If you are using at least iOS 10, Spyware can only be installed on Apple devices by somebody having physical access to the device and it requires quite some time to install the Spyware and requires the device to be jailbroken. The newest iOS Version (at the time of this writing it’s iOS 12.1) can not be jailbroken at all.

There are other Spying possibilities e.g. based on iCloud Access but that’s another subject and simply changing the App ID password will prevent that.

So if you are using iOS 12.1 you can ignore the following because there can’t be Spyware on your device.

I have already written about how to detect if your device is jailbroken but again, that’s impossible if using iOS 12.1 but here are some additional tests which can easily be performed:

1.) Dial Codes

Some Spyware programs are using dial codes, to open the Spyware user interface. The following list contains known dial codes of the most common spyware software:

*#900900900 Opens the FlexiSpy uninstall Menu
*00# Opens the mSpy User Interface
*123456789# Open the MobileSpy Menu

(The last one is only known to be available on Android but it would not harm to try the code)

For trying these codes, just open the Phone App and type in the code combination and hit the dial key. If nothing happens or you get a “not available” message, all is good – at least regarding these Spyware programs.

1.) Browser History

If somebody installed Spyware on your device, he or she might have been in a rush and forgot to delete the browser history so you can try the following:

Open Safari, tap on the book Icon then tap on the watch Icon to see the browser history. Here look for one of the following addresses:

mflx.biz
mspy.com
flexispy.com
djp.cc

Next, open Settings -> Safari -> Advanced -> Website Data and also look for the same addresses there.

If you can find one of these addresses, at least somebody (maybe you) visited these websites which usually will be needed when installing one of these Spyware programs.

Other Dial Codes

While talking about dial codes and even though most of you will know the following, just in case, here are some additional dial codes for other purposes:

*#06#

Will show your IMEI number. (The International Mobile station Equipment Identity number is a number used to identify a device that uses terrestrial cellular networks)

*3001#12345#*

This is the so called “Field Test” which provides information about cell signal, including more precise reception reading.

*67 followed by a phone number
or…
#31# followed by a phone number

Hides your phone number to the call destination

*43#

Enable call waiting

#43#

Disable call waiting.

Call waiting is the feature that allows you to hear another incoming call when you’re already on active phone call, often referred to as a ‘beep’. Turning off Call waiting means that incoming callers will be sent directly to voicemail if you’re actively on any call with the iPhone.

Stay safe,

Marcus


Categories
NetworkToolbox news

New Version 12 available

A few minor adjustments for the new iPhone Models XR, XS / Max and iOS 12 were necessary.

These adjustments are included in Version 12 of NetworkToolbox which will be available later today.

Even though Apple increased security of iOS 12 by restricting some more APIs, I was able to keep the functionality of the App by using some (official!) workarounds.

This App update also fixes a bug in the Health check tool, where the Ping feature didn’t work anymore after the last update.

Also, the WiFi BSSID Vendor name will now be displayed in the Device tool, if it can be reveled.

Some other reported minor bugs were also fixed of course.

Stay secure!

Best regards,

Marcus


Categories
NetworkToolbox news

New Version 11.5.5. available today

Today, another update (Version 11.5.5) is available containing these changes:

  • The Ping tool now offers the possibility to enter TTL and packet size
  • The telnet (Socket) tool can now also directly be used to test passwords

New tools:

  • new ARP / NDP Network neighborhood tool

This tool displays the contents of the so-called ARP Table (for IPv4) or NDP Table (for IPv6).

These tables are providing information about devices (IP Addresses) on your network that have once be seen or are still communicating with your device.

For this reason, this Net Neighbor tool is a valuable addition to a Network Scan.

A Network Scan always lists all devices that can currently be reached. It is basically a snapshot of the current network situation.

Some devices might be missing in a Network Scan because they might not actually be ‘reachable’ at the time of the scan. Or they may got woken up by a scan very slowly and did not yet respond to connection request.

Such devices can be found with the Net Neighbors tool.

  • new Routing Table tool

The Routing tool was previously integrated (slightly hidden) inside the Devices tool but is now available as separate tool with additional features and information.

Like the new ARP / NDP tool, separate tables for IPv4 and IPv6 addresses, ordering by network interface and detailed routing information are provided.

 

Dear users,

these changes and improvements have been implemented upon your requests and suggestions and I was happy to be able to implement these features for you for free. There are several additional ideas and requests on my list and I am continuously working on them so you can expect further updates, like usual.

Most if the time I receive your requests and ideas by using the Support / Feature request button from inside the App. This is perfect and that’s the best option for me and for you. Alternatively, you can use the Form on the website.

Sometimes (to my surprise sometimes once per month), I receive suggestions or questions using the website form where the author had a typo in the Mail address. My usual response then results in an error – which is not nice. This issue can be prevented by using the Support button.

But moreover, I sometimes (still!) see suggestions or questions in App reviews. Even though it’s now possible to add a developer response message to the review, it’s quite difficult to communicate this way. So please, if you have a suggestion, question and especially if you think you discovered a bug, please please use the support button and let me know.

Thanks a lot!

Regards,

Marcus


Categories
NetworkToolbox news

New App Version 11.5.4 available

On Friday, the long awaited and overdue update will be available.

This is again a larger update with many improvements, new Tools and fixes:

Improvements:

The Devices Tool has been completely rewritten

  • It provides more and individual information about Wifi, Cell, Lan and VPN connections
  • Hardware information about Capture Devices (e.g. Cameras) added
  • Information about Maximum Frame Rate added
  • URL Cache can now be Cleared
  • Cookies can now be Cleared
  • Detailed information about Clipboard content added
  • Information about all installed Fonts added

Local Files Tool

  • This tool now fully integrates into Apple’s Filesharing feature. Now, downloaded files or files that should be uploaded can also be accessed from the iOS Files Tool.

Health Check Tool

  • A new test has been added to perform a simple connection test

Other minor changes

  • The App also includes several improvements for the iPhone X and iPhone x plus devices.
  • Necessary changes for iOS 11.4.1
  • The Icon size can now be changed even smaller (Settings -> Appearance -> Icon size)
  • The HTTP Tool can now also display structured JSON data
  • Further improved Network and Port Scanning
  • The Resources section has been updated (please have a look)

New Tools:

New Base Conversion Tool

  • Encode / Decode Base64 or Hex data

Have I been pawned

  • This Tool uses the HIBP API to check if an Email address has been compromised

Lan Cable support

And finally, the App now supports the Redpark L5-Net Ethernet Cable which is a very nice solution to connect the App to a cabled network and do in-depth analysis without WiFi or Cell.

You can read more about the Cable on my Blog Redpark LAN Cable for NetworkToolbox or in the News section of NetworkToolbox.

The manual has already been updated for the new version so if you can’t wait and want to get more details about the changes, just have a look to the manual.

PLEASE NOTE: All new Tools will be added to the end of the Icons. This way, you can see what’s new. If you want to have them sorted using the default order. just go to Settings -> Appearance -> Organizer -> […] and select Reset to defaults.

I hope you will enjoy this new update but as always, I am already working on the next update.

Please, don’t forget to write or update your review.

Best regards,

Marcus


Categories
NetworkToolbox news

Redpark LAN cable for NetworkToolbox

NetworkToolbox uses the available interfaces (WiFi or Cell) to connect to the Internet or your local Network. Sometimes, you may want to physically connect a cable from your iPad or iPhone to a certain network device. In this case, you can use a solution I proposed in 2016 here in my post NetworkToolbox with wired Ethernet connection.

This solution uses an official Apple USB Network Adapter along with Apple’s USB to Lightning connector. The disadvantage of this solution is, that the USB to Lightning connector needs to be powered because otherwise the USB Network Adapter won’t work.

I am in close contact to Redpark for several years now. They are providing fantastic Adapters. Now, just recently they introduced a new Ethernet Cable for iPad and iPhone called L5-NET. This Adapter is better than the previously proposed solution with Apple Adapters because it’s way cheaper and because, and that’s the most important point, it doesn’t require additional powering. It can just be plugged into the Lightning socket of your device and the other end offers a plain regular network Plug.

Version 11.5 of NetworkToolbox now directly supports this cable. It now shows when the cable is plugged in and what IP Addresses are assigned to it.

Now, you can attach your device, wherever you are, to a local LAN and perform security checks directly using my App.

If you connect the cable to your iPhone or iPad, this cable is being recognized by iOS but you never know if iOS already uses the LAN Cable and it’s connection as default network device. Ideally, better switch off WiFi and Cell if you want to be certain, that the cable is used.

Now, you can also use NetworkToolbox to find out if this is the case. Just head to the Device Tool, select Network and you can see which Network interfaces are still enabled and which one is used as default interface.


Categories
NetworkToolbox news

Venmo and the Web-Service Tool of my App

Venmo (about 1.5 million users) allows people to send payments to other Venmo accounts. Venmo belongs to PayPal and is quite popular in the US especially among young people. The Venmo service lacks (for some time and still) of essential security safeguards.  Most of Venmos accounts can be freely accessed via a Web-Service by anybody. It is completely unprotected. The information available from this Web-Service includes very private and intimate data including chat messages, picture and payment information. Venmo don’t see this as an issue as their users have the possibility to opt-out for data sharing with the public but most users are not aware about that.

Now, back to my App:

NetworkToolbox contains a Web-Service Tool and this Venmo security issue is a very nice example on how to use this Tool.

We know that the so called ‘endpoint’ for the Venmo Web-Service is https://venmo.com/api/v5/public?limit=x (where x is the number of accounts you like to receive).

To use this Web-Service, we first, open the Web-Service Tool and tap on the [=] button in the ‘Service:’ line.

On the following screen, we enter venmo.com as URL for the Endpoint. Next we enter /api/v5/public?limit=20 in the URL Parameter field and hit the check-mark button to save and close this screen.

Next, back on the main page of the tool, we enter 443 for port as this is a https:// connection.

Next, we hit the Get button and will see the following results:

So we have 20 data-sets as to be expected because of the limit=20 parameter. When tapping on the data line, you will see the details of these data-sets:

And when drilling further down you will see details about the person behind this account:

Including their picture:

Don’t trust the evil.

Marcus

P.S. A new update for my App will be available soon. Today I am finishing the tests, fix a few things that were reported from Beta testers (Thank you!!!) and once that’s done, I will send this update to Apple. This was indeed overdue.

P.P.S. My “Don’t trust the evil” signature was derived from Google’s “Don’t be evil”. As Google (aka Alphabet) now removed it’s slogan (probably for a reason) I wonder if I should find a new one as well ? – maybe not as this term still remains true whereas Google’s slogan was wrong all the time.


Categories
NetworkToolbox news

New Windows update 1803

Some of you may have already updated to the newest windows version 1803. In general, it is always good to update to any latest version of any Operating System or other software update because this is the only chance to stay up to date with security patches. So if you have not already updated, it’s better to do it sooner rather than later.

However, here is what I would recommend to do after installing the update:

1.) Check your privacy settings (again)

Unfortunately, with every update, MS introduces new features where privacy is turned off per default. Even worse, sometimes your privacy settings of a previous version will be disregarded and need to be enabled again.

So this 1803 update is a good opportunity to review your privacy settings again. For this, just press the Windows Key and S simultaneously and enter the term privacy in the Cortana search field of Windows.  Next, select Privacy Settings. I usually turn off almost everything.

Just go though the permissions on the left side of the screen and decide whether or not you want to enable certain permissions on the right side. Please note: often, you have to scroll on both sides (permissions and settings) and some delicate settings are only available after scrolling. I am wondering if Microsoft had a reason for that.

2.) Cortana Web Search

I use Cortana Search quite often, as described above. However, I use my favorite browser and search engine to search the web. I usually don’t like Cortana to search the web when entering a search term in the search field of Windows. Not just that Microsoft then knows what I am searching for, it’s also cumbersome to pick the right findings in the search results of Cortana if it’s mixed with web searches.

The Registry settings I was using in the past to disable this web searching behavior has changed. To disable web searching, now follow these steps:

  • Open regedit (Windows -R and enter regedit)
  • Drill down to the registry entry HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Search
  • Here, create a new 32-Bit DWORD entry called BingSearchEnabled with a value of 0
  • Next, create another 32-Bit DWORD entry called CortanaConsent also with a value of 0
  • After a restart, searches will only be performed locally

To change this back to normal, just delete these two registry entries.

Don’t trust the evil,

stay secure!

Marcus


Categories
NetworkToolbox news

Getting information about an IP Address

A dear user came up with a question and I would like to share my answer with you as you might have the same question.

The question was, why is the IP Address (e.g. 1.2.3.4) not working in the Whois tool and why is this IP Address converted to 3.4. ?

Short Answer: The Whois Tool requires a base domain name and not an IP Address.

But why is 1.2.3.4 converted to 3.4 ?

TL;DR: When entering 1.2.3.4, the Tool assumes 1.2.3.4 is a domain name with 1.2. being a subdomain of domain 3 with TLD 4. For your convenience and because Whois queries require a base domain without subdomains, it strips the subdomain part (1.2.) from what has been entered.

So far so good.

But why can’t this Tool simply automatically resolve an entered IP Address and use the resolved domain for the query. The reason is, that an IP Address could host many domains and not just one.

So what is the best way to find out more about an IP Address ?

There are basically two options in my App:

1.) The (I) Inspect Tool

First, you can try the (i) Inspect Tool. This Tool is quite powerful and provides a lot of information about any IP Address available on the network such as Domain, Reverse Domain, Provider and DNS Records – if available. From here, you can tap on the […] button and perform a Whois for each discovered Domain.

2.) The Certificates Tool

I mentioned this option a few times before, but it is still often forgotten or underestimated. What this Tool does is, it looks for any certificate available on the given IP Address. If it finds a certificate, it decodes the content and displays the result. The result reveal domain names running on that IP Address.

Below is an example for IP Address 8.8.8.8.

First, the results of the (i) Inspect Tool:

Second, the results of the Certificates Tool:

So you can see, there is a lot information that can be revealed from a single IP Address using my App.

To all of you celebrating Christmas, have a Merry Christmas and all the best for 2018!

Stay safe and secure!

Best Regards,

Marcus


Categories
NetworkToolbox news

Version 11.0.5 available

This is my Christmas Update with the following Changes:

  • Couple of bugs fixed in the Devices Tool
  • Now you can also call Wake on LAN from the Devices Tool
  • A few bugs were fixed in the IP Calculation Tool
  • Some Screen layout issues fixed in the Logbook

Some Improvements:

  • You can now clean the “recent lists” without switching to the settings
  • The Speed Test Tool has been improved

And finally, there are now two new Tools:

  • An NFC Tool to scan NFC NDEF Tags (other types are not supported (yet?) by Apple)
  • A Unit Conversion Tool has been added

I still have to update the Manual but I thought that I don’t want to let you wait any longer. The Manual update will follow during the next days.

Thanks for your suggestions and support,

Regards,

Marcus


Categories
NetworkToolbox news

A few words about KRACK

You will have heard about the KRACK (Key Reinstallation Attacks) vulnerability. I think all information (even – as usual – some over hyped and misinterpreted) is available from many sources. If you are interested, I would recommend reading Mathy Vanhoef’s information on his website www.krackattacks.com.

However, here is a summary:

  • The WPA2 WiFi encryption has a weakness that can be used to sniff network traffic
  • Your WPA2 password can not be discovered by this attack, however it is not necessary for sniffing the traffic by using this attack
  • Almost all routers and WiFi Network devices are affected (including iPhones and iPads using the current iOS Versions)
  • This vulnerability can (only) be fixed with updates on both ends, Router AND Client

What to do:

  • Look for updates (for your Router AND your Clients). Throw away devices that can’t be updated.
  • Until updates are installed, prevent using sensitive information (e.g. Banking) on any WiFi device. Better use cabled devices for this.
  • If you really have to, double check if you are indeed using HTTPS while submitting sensitive information. Man-in-the-middle attacks, which are possible by using this vulnerability, will most of the time cause HTTPS connections to end up as HTTP connections in order to capture the traffic.
  • Carefully look out for unusual logins on your accounts or anything else unusual. In doubt, change passwords for accounts using cabled devices.
  • After everything calms down, take this opportunity to change all your passwords

Don’t trust the evil,

Regards,

Marcus

 


Categories
NetworkToolbox news

Next update 11.0.3 now available – UPDATE 2

After finishing and submitting my Update, I contacted Apple and asked for an Expedite review. Within one hour, Apple reviewed and released the App.

This was probably world record. A big thank you to Apple!

Background:

Unfortunately, there was a bug in the UPnP Scanning engine which was causing the App to crash when there is a ‘misbehaving’ UPnP device.

As this happened in the UPnP Scanning engine which is also used for the new Advanced Scanning feature, the new feature wasn’t working for some of you.

I hope that the new update will now work for you as expected.

To locate and fix this bug, it was very helpful that some of you enabled Crash-log submission in the Settings ( iOS Settings -> Privacy -> Analytics -> enable: Share Analytics as well as Share with App Developer). This way, I was receiving the anonymous crashlog via Apple and was able to analyze the cause. Thank you!

Have a great weekend (at least I will have one now as the update is out),

Regards,

Marcus

UPDATE Sunday 1st Oct:

In case some of you are wondering about the availability of the update, Apple currently has major outages. They maintained some of their servers yesterday, now claim that everything should be up and running but that obviously is not the case. Some support websites are not available and other Apple websites have wrong contents. So much to Apples world record of releasing Network Toolbox.

UPDATE Monday 2nd Oct:

Finally, the new update seems to be available after almost two days.

Thanks for your patience.

Regards,

Marcus


Categories
NetworkToolbox news

Version 11 of NetworkToolbox will be available Thursday!

Good news though. The new update will be available Thursday, September the 28th!

I have just updated the manual. For instance the chapters for Network Scanning and the new tools like Whois, DNS and UPnP. So if you want to see what’s coming, just have a look to these manual chapters.

This is, what has been changed:

Added:

► New WhoIs Lookup Tool (see details about any domain and who has registered it)
► New DNS Tool (query ANY! DNS Server for domains, see records and response times)
► New visual Traceroute (see trace routes on a map)
► New UPnP Tool (see which UPnP devices are noisy on your network)

Improved:

► Extensive improvements of the Network Scanning engine
► Improved Morpheus Map
► Improved Bonjour Browser
► Terminal and SSH support for Backspace and CR/LF

Bug Fixes:

► Fixed Crash in External Apps Tool
► Special Keyboard Bar are now visible, no longer transparent
► Display of wrong MAC Addresses fixed
► Bug in MAC Database fixed which caused some Vendors not to be found
► Fixed bug in traversal test or Password test where entries, already tried were not marked accordingly

As always, this version was again a challenge. Please note, with iOS 11 MAC Addresses can no longer be displayed as the API has been removed by Apple for privacy reasons. However, the vastly improved scanning engine now combines many other information available about any IP Address on your network. This not just compensates the missing MAC address. Now you can see as much information as discoverable in one single place. Network scanning was never easier and more convenient before.

As this was again a major update with several weeks of development time, please consider to rate my App to keep it rolling.

In case you may find any bug, please let me know, I want to fix it!

Thank YOU!

Regards,
Marcus


Categories
NetworkToolbox news

☛ NetworkToolbox, iOS 11 and MAC Addresses

Last time, when iOS 10.2 has been introduced, the ability for NetworkToolbox to show MAC Addresses was no longer available as Apple has removed access to MAC Addresses due to security concerns and to increase our privacy. (see MAC Addresses are back)

It was a real challenge to find a workaround to be able to show the MAC Address again. My solution still works under iOS 10.3.3.

Now, with iOS 11 knocking at the door, you may wonder if it will still work. The answer is no. Unfortunately. Apple made my workaround unusable again in iOS 11.

I already investigated into this again for several days (and nights) but it seems, this time, Apple did a great job. They even fixed some additional (severe) security issues I found last time while I was looking for an alternative to get the MAC Address.

However, the consequence of this on iOS 11 is now, not only the lack of the ability to show the MAC address. The main disadvantage is, that I no longer can display the device Vendor, which is derived from the MAC Address using the internal MAC Database. This is and was a very valuable information while scanning a local network as it often helps to identify a device. Unfortunately, this is gone now.

I spoke to two Apple employees. Both told me, that Apple wants to protect users against Developers who misuse the MAC Address to track user activities and they said that this has precedence over the missing feature for my App.

I told them that this is a very good approach with good intentions but even without a MAC Address there are a couple of (even easier) ways to track user activities and, depending on the setup, a MAC Address can even be derived from IPv6 Address and that there isn’t much Apple can do against it.

I also recommended to add a security setting which could be used to allow/disable MAC Address access similar to camera or microphone access. So users can decide which App should be allowed to have access to the MAC Address.

One of these Apple employees told me that he is using my App quite often and found my statements and suggestions quite reasonable.

I am not sure (I even doubt) that my conversation with Apple will change the situation but maybe if more people (like you) would let Apple know, maybe it will.

Nevertheless, here are the plans for my next steps:

  • Shortly after iOS 11 has been released, I will create another Update of NetworkToolbox

(Shortly ‘after’ because I want to create an update based on and for the final iOS 11 version which makes sense as the App already runs just fine on iOS 11 (except for the MAC Address) and thus, wouldn’t require an immediate update)

  • I will give the MAC Address issue another (short!) try but will not waste too much time. Instead, I will polish the Network Scanning tool that it will provide as much usability as possible even without a MAC Address
  • Finally and in addition, that next update will include things, I already worked on (most of them have already been finished).

 

Thanks for your suggestions, which helped to make this App even better.

Stay tuned,

Regards,

Marcus


Categories
NetworkToolbox news

To Petya or NotPetya

You will have heard about the recent attack to Windows PCs called Petya or NotPetya.

The reason why some people say NotPetya is, that it is not a new version of the former Petya malware, even though it looks so.

This one is again (like WannaCry) based on the recently released NSA Tools (see my related post here).

But it is worse than WannaCry and was just built to create chaos and damage on as many systems as possible. The current damage is already massive. I bet you will hear more about it during the next days.

I will not repeat all the rumors about the source or intentions here.

Here is just, what I have done and what you should do (sorry, I should rather say “have to do”):

  • BACKUP BACKUP BACKUP (everything you don’t want to loose, your Pictures, Movies, Documents, Source-code, Letters, Tax Statements, Banking Documents etc.)
  • UPDATE UPDATE UPDATE (everything PCs, Routers, NASes, Mobile Devices)
  • Replace or switch off your Windows XP PCs
  • Do this on every Windows PC:
    • Start a command prompt with admin rights (right click on the Windows Icon in the lower left corner and select ‘Command Prompt (Admin)’
    • And type:

These commands will create three files perf, perfc.dll and perfc.dat and will mark them read only. The current version of NotPetya will stop working if these files were found. This is a very simple thing and most likely, a new version of NotPetya will disregard these files. However it doesn’t hurt and has no other side effect.

Finally, if you are already infected, for instance if you see a sudden Checkdisk message trying to repair your hard-drive or anything else unusual:

  • Immediately switch off your PC (even if Checkdisk says you should not)
  • Disconnect your PC from your network
  • Try to boot it stand alone. If this doesn’t work anymore, most likely, your data is lost.
  • Switch off your router / disconnect from the Internet
  • Check your other PCs as you might have a chance that they are not yet infected.

Don’t trust the evil.

Regards,

Marcus


Categories
NetworkToolbox news

NSA Tools available to everybody – Update your PCs. Quick!

As you may have heard, a Group called Shadowbrokers have stolen Hacking tools from the NSA and made them available to the public.

I had a chance to take a look at these tools. A few days ago they already released some tools but those tools were quite outdated and not really harmful if you don’t use an old Windows XP or Vista PC. But these new tools are indeed up-to-date and I was able to use the tools to compromise one of my Windows 10 PCs which hasn’t been updated for a few days. After it was updated with the latest Creators Update from Microsoft including all security updates, that was no longer possible.

The NSA Tools also include tools to disable or hide themselves against all known virus scanners, including Microsoft.

There are rumors that NSA has informed Microsoft about the fact that their tools were stolen along with information about the vulnerabilities these tools are using so Microsoft was able to fix these vulnerabilities. This makes sense as these vulnerabilities are existing for quite some time now and it is interesting that Microsoft has created these fixes before Shadowbrokers have released the Tools to the public.

About the NSA tools

Some people already asked if these hacking tools are indeed from the NSA or ‘just’ from Hackers. I have seen many similar tools by many developers and of course developed my own. The available tools have been developed in Java, Python and Perl, some are available as binaries.

Even though I found some humor like in the Zippybeer tool which contains an ASCII image like this:

I found the code really really well organized and straight forward. Typical hacker code contain typos, they often don’t really care about code quality and a lot of code I have seen looks really ‘messy’ or even contains messages to other hackers. This code looks excellent, very reliable and foolproof with a lot of try/catch and exception handling to ensure that the tools are doing what they are supposed to do or fail and let the user know why and not leaving a trace. This code hasn’t been developed in a rush and it is indeed professional, just like a commercial software. This is why I am pretty sure that it comes from the NSA.

What you need to do

So if you didn’t already, hurry and update your Windows PCs. If you are using older Windows Versions than Windows 10, disconnect them from the internet.

This is not because of the NSA as they may have already (or soon) finished new tools which will still be able to compromise your PC. This is mainly because these NSA tools are now available to the public. They are easy to use and I suspect not only by people with good intentions.

Don’t trust the evil.

Happy Easter.

Marcus