The Lazy Networker

Category: System

  • Microsoft Releases Emergency OOB Update to Fix Outlook Freezes

    If your Outlook has been randomly freezing lately—especially while opening emails, switching folders, or simply trying to work through your inbox—you’re not alone. Microsoft has officially acknowledged the issue and has now released an emergency out-of-band (OOB) update to address the problem.
    This unexpected patch is aimed at restoring stability for users who were affected by frequent Outlook hangs and unresponsive behavior, which has been disrupting daily work for many individuals and organizations.
    What Happened? Outlook Started Freezing for Many Users
    Over the past few days, several Outlook users reported that the app would:
    Freeze unexpectedly during normal usage
    Become unresponsive when opening or replying to emails
    Hang while switching between mail folders or calendars
    Require a force close and restart to continue working
    For businesses relying on Outlook for communication, even a few minutes of downtime can quickly turn into lost productivity.
    Microsoft Responds With an Out-of-Band (OOB) Update
    Instead of waiting for the next regular Patch Tuesday release, Microsoft pushed an OOB update, which is typically reserved for urgent issues that need immediate fixing.
    OOB updates are different from normal updates because they are:
    ✅ Released outside the regular update schedule
    ✅ Focused on critical stability or security problems
    ✅ Intended to quickly stop widespread disruption
    This move highlights how serious and widespread the Outlook freezing issue had become.
    Who Is Affected?
    While Microsoft hasn’t always listed every impacted setup in simple terms, these Outlook freezing issues are commonly seen in environments such as:
    Microsoft 365 Apps for enterprise users
    Systems running recent Office/Outlook builds
    Corporate networks where Outlook is heavily used all day
    If your Outlook suddenly started freezing after a recent Office update, this emergency patch is likely meant for you.
    What You Should Do Now
    If Outlook is still freezing on your system, here’s the recommended approach:
    Check for updates immediately
    Open any Office app (Word/Excel/Outlook)
    Go to File → Account → Update Options → Update Now
    Install the emergency OOB patch
    This should apply automatically once updates are pulled in
    Restart Outlook and your PC
    A restart often completes pending update changes
    For IT admins managing multiple systems, it’s a good idea to roll this update out quickly across affected devices to prevent repeated complaints and downtime.
    Why This Matters
    Outlook is one of the most critical apps in the Microsoft ecosystem. When it becomes unstable, it doesn’t just slow down one person—it can impact entire teams.
    By releasing an emergency OOB update, Microsoft is clearly prioritizing:
    Productivity and stability
    Reduced crashes and freezes
    A smoother experience for enterprise users
    Final Thoughts
    Software updates occasionally introduce unexpected bugs, but what matters is how quickly the issue gets fixed. In this case, Microsoft acted fast with an out-of-band update to bring Outlook back to normal.
    If you’ve been dealing with Outlook freezing issues, updating right away could save you a lot of frustration—and a lot of wasted time.

  • What is the Dark Web?

    The dark web is a part of the internet that is not indexed by search engines and requires specific software to access. It is designed to provide anonymity and privacy to its users, allowing them to communicate and conduct business without revealing their identifying information.

    Key Features of the Dark Web:

    • Not indexed by search engines
    • Requires specific software to access (e.g. Tor browser)
    • Provides anonymity and privacy to users
    • Often associated with illegal activities and selling stolen personal information

    How to Access the Dark Web:

    1. Install Tor Browser: Download and install the Tor browser from the official website.
    2. Use Special Search Engines: The dark web uses special search engines designed to help you find hidden sites.
    3. Navigate .onion Domains: Websites on the dark web end with the “.onion” domain extension.
    4. Stay Safe: Be cautious when accessing the dark web as it can be a dangerous place. Use security measures like antivirus software and avoid downloading files from untrusted sources.

  • Configuring Pi-hole for Ad Blocking

    To configure Pi-hole to block ads, follow these steps:

    1. Set Up Raspberry Pi: First, configure a Raspberry Pi running Raspberry Pi OS. You can use any Raspberry Pi model, but the Zero 2 W is recommended for its low power consumption. Install Raspberry Pi OS Lite (32-bit) to run headlessly (without a mouse and keyboard).
    2. Install Pi-hole: Once your Raspberry Pi is set up, install Pi-hole software on it. You can use a one-line script installer provided by Pi-hole to set up the software easily.
    3. Assign Static IP Address: Ensure your Raspberry Pi has a static IP address that does not change when it restarts or reconnects to the network. This can be done through your router’s settings by specifying the MAC address of the Raspberry Pi and assigning it a static IP.
    4. Configure Router DNS Settings: Log into your router’s admin interface and change the DNS settings to use the static IP address of your Raspberry Pi. This can usually be found under sections like “Internet,” “DHCP,” “Internet Connection,” or “DDNS.” Enter your Pi-hole’s IP address in the DNS field. If your router provides multiple custom DNS fields, add your Pi-hole address in each field.
    5. Direct DNS Queries to Pi-hole: After configuring your router, all devices connected to your network will send DNS queries to your Pi-hole instead of to a DNS server on the internet. Pi-hole will block requests to ad domains before they leave your network.
    6. Access Pi-hole Dashboard: Visit the Pi-hole dashboard using the admin URL (usually http://pi.hole/admin) to manage your Pi-hole settings. You can block or unblock specific domain names and configure other features from here.

    By following these steps, you can effectively block ads across your entire network, including devices that don’t support browser extensions, such as smart TVs and game consoles.

  • Python script to check the Cisco IOS version and perform upgrades or downgrades as needed

    This script will utilize the Netmiko library for SSH connections and the NAPALM library for device configuration management.

    Script Requirements

    1. Python 3.x
    2. Netmiko library (install using pip install netmiko)
    3. NAPALM library (install using pip install napalm)
    4. Cisco IOS device(s) with SSH enabled
    5. A configuration file (e.g., config.yaml) defining the recommended IOS versions for each device model
    6. A directory containing the IOS image files (e.g., images/) matching the device models and recommended versions

    Script Structure

    The script will consist of the following components:

    1. Device Connection: Establish an SSH connection to the Cisco device using Netmiko.
    2. IOS Version Check: Retrieve the current IOS version from the device using NAPALM.
    3. Configuration Check: Compare the current IOS version with the recommended version defined in the configuration file.
    4. Upgrade/Downgrade: Perform the necessary upgrade or downgrade using NAPALM, if the current version does not match the recommended version.
    5. Image Transfer: Transfer the required IOS image file from the images/ directory to the device using SCP (or other transfer method).

    Script Code

    Here’s a sample script to get you started:

    import os
import yaml
from netmiko import SSHNetmiko
from napalm.base import get_network_driver

# Configuration file path
config_file = 'config.yaml'

# Device model to IOS image mapping
device_models = {
    'WS-C3560X-48P': 'c3560e-universalk9-mz.122-55.SE8.bin'
}

# Recommended IOS versions for each device model
recommended_versions = {
    'WS-C3560X-48P': '15.2(4)E8'
}

def get_current_ios_version(device):
    # Establish SSH connection using Netmiko
    ssh = SSHNetmiko(device['ip'], username='your_username', password='your_password')
    # Retrieve current IOS version using NAPALM
    ios_version = ssh.get_facts()['ios_version']
    return ios_version

def check_ios_version(current_version, recommended_version):
    if current_version != recommended_version:
        return True  # Version mismatch, upgrade/downgrade required
    return False  # Version matches, no action needed

def upgrade_or_downgrade(device, current_version, recommended_version):
    # Determine upgrade/downgrade direction
    if current_version < recommended_version:
        direction = 'upgrade'
    elif current_version > recommended_version:
        direction = 'downgrade'
    else:
        return  # No action needed

    # Transfer required IOS image file using SCP
    image_file = os.path.join('images/', device_models[device['model']])
    ssh.scp.put(image_file, '/tmp/')

    # Perform upgrade/downgrade using NAPALM
    if direction == 'upgrade':
        ssh.load_replace_candidate(filename='/tmp/' + image_file)
        ssh.commit_config()
    elif direction == 'downgrade':
        ssh.load_replace_candidate(filename='/tmp/' + image_file, replace='exact')
        ssh.commit_config()

    # Reload the device to apply changes
    ssh.send_command('reload')

def main():
    with open(config_file, 'r') as f:
        config_data = yaml.safe_load(f)

    for device in config_data['devices']:
        current_version = get_current_ios_version(device)
        recommended_version = recommended_versions[device['model']]
        if check_ios_version(current_version, recommended_version):
            upgrade_or_downgrade(device, current_version, recommended_version)

if __name__ == '__main__':
    main()

    Note

    1. Replace your_username and your_password with your actual SSH credentials.
    2. Update the device_models dictionary to match your specific device models and corresponding IOS image files.
    3. Modify the recommended_versions dictionary to reflect the desired IOS versions for each device model.
    4. Ensure the images/ directory contains the required IOS image files.
    5. This script is a starting point and may require additional error handling, logging, and testing to ensure its reliability.

    Remember to test the script in a lab environment before deploying it to production 🙂

  • Ways to avoid social engineering attacks

    Assess Requests Realistically: Take the time to assess if a request is realistic and legitimate. Be cautious of requests that seem too good (or bad) to be true.

    Stay Informed: Familiarize yourself with common types of social engineering attacks and how attackers behave. This will help you identify attempts that get past your initial defenses, such as spam filters.

    Secure Devices: Ensure your Anti-Malware and Anti-Virus software is up-to-date to defend your computer against malware from phishing attacks. Patch your security regularly, including software and firmware updates.

    Verify Email Requests: If an email request seems suspicious, verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information.

    Use Complex Passwords: Train employees to use complex passwords and avoid logging into third-party websites with corporate email addresses to avoid malicious or fraudulent websites.

    Regular Staff Training: Provide regular staff training, including social engineering awareness training, to educate employees on social engineering attack techniques and ensure they follow security best practices.

    Simulation: Conduct simulation exercises to test employees’ ability to recognize and respond to social engineering attempts. This can help identify areas for improvement and enhance overall security.

    Email Gateways: Implement email gateways to flag socially engineered emails as spam in employees’ inboxes. This can prevent up to 99.9% of spam and reduce the risk of social engineering attacks.

    Multifactor Authentication: Enforce multifactor authentication (MFA) to add an extra layer of security and make it more difficult for attackers to gain access to systems.

    Social Media Awareness: Be cautious of social media platforms, as cybercriminals often collect intelligence on victims via these platforms. Limit personal and professional information shared on social media.

    Phishing Detection: Teach employees to identify phishing attempts by looking for red flags such as:

    Spoofed email addresses
    Hyperlinks that don’t match the expected URL
    Urgent or threatening language
    Requests for sensitive information


    Vishing and Smishing Prevention: Be aware of vishing (voice phishing) and smishing (SMS phishing) attacks, and teach employees to verify requests and be cautious of suspicious calls and texts.

    Continuous Monitoring: Continuously monitor your organization’s defenses and employee awareness to stay ahead of evolving social engineering tactics.

    Remember, social engineering attacks rely on human interaction, so educating and training employees is crucial in preventing these types of attacks.

    Photo by Pixabay on Pexels.com

  • What is Identity Theft

    Engage in online harassment or bullying.

    Steal sensitive information, such as login credentials or financial data.

    Scams:
    Fake profiles may be used to promote phishing schemes, investment scams, or other fraudulent activities.
    Common Tactics

    Profile Cloning:
    Criminals create exact replicas of a victim’s profile, often using stolen photos and biographical information.

    Social Engineering:
    Scammers use psychological manipulation to trick victims into revealing sensitive information or performing certain actions.

    Malware and Ransomware:
    Fake profiles may distribute malware or ransomware, compromising victims’ devices and data.
    Consequences

    Financial Loss:
    Identity theft on social media can result in financial losses due to fraudulent transactions, stolen identities, or compromised accounts.

    Emotional Distress: Victims may experience emotional trauma, anxiety, and stress from being impersonated or harassed online.

    Reputation Damage: Fake profiles can tarnish a person’s online reputation, causing harm to their personal and professional relationships.

    Protection Measures

    Verify Profiles: Be cautious when accepting friend requests or connections from unknown individuals.
    Use Strong Passwords: Implement robust password practices and keep them confidential.
    Limit Personal Information: Avoid sharing sensitive data, such as full names, dates of birth, and addresses.
    Monitor Accounts: Regularly check your social media profiles for suspicious activity and report any fraudulent accounts.
    Enable Two-Factor Authentication: Use 2FA to add an extra layer of security to your accounts.
    Reporting and Recovery
    Report Suspicious Activity:
    Inform the social media platform’s support team about any fraudulent profiles or suspicious behavior.
    Contact Authorities:
    Report identity theft to local law enforcement and file a complaint with the Cyber Cell.
    Seek Professional Help:
    Consider consulting with an identity theft resource center or a cybersecurity expert for guidance on recovery and prevention.

    Photo by Pixabay on Pexels.com

  • Introduction to Useful Wireshark Filters

    Photo by Valdemaras D. on Pexels.com

    Wireshark is a powerful network protocol analyzer that helps users capture and analyze network traffic. To make the most out of Wireshark, using the right filters is essential. Filters help narrow down the traffic to specific protocols, IP addresses, or ports, making it easier to analyze and troubleshoot network issues.

    Filter by IP Address: ip.src == x.x.x.x or ip.dst == x.x.x.x to filter by source or destination IP address.

    Filter by Port: tcp.port == 80 or udp.port == 53 to filter by specific TCP or UDP ports.

    Filter by Protocol: http or dns to filter by specific protocols like HTTP or DNS.

    Filter by TCP Flags: tcp.flags == 0x02 to filter by specific TCP flags, such as SYN or ACK.

    Filter by Packet Length: frame.len > 100 or frame.len < 100 to filter by packet length.

    Filter by Conversation: ip.src == x.x.x.x and ip.dst == y.y.y.y to filter by conversations between two specific IP addresses.

    Filter by HTTP Requests: http.request.method == GET or http.request.method == POST to filter by specific HTTP request methods.

    Filter by DNS Requests: dns.qry.type == A or dns.qry.type == AAAA to filter by specific DNS query types.

    Filter by TCP Resets: tcp.flags.reset == 1 to filter by TCP reset packets.

    Filter by Sequence Number: tcp.seq == 12345 to filter by specific TCP sequence numbers.

  • How to check network latency using Wireshark

    To test network latency using Wireshark, follow these steps to effectively capture and analyze packet data:Setting Up Wireshark

    Install Wireshark: Download and install the latest version of Wireshark from the official website.
    Select the Network Interface: Open Wireshark and choose the appropriate network interface to capture packets. This is typically your Ethernet or Wi-Fi connection.

    Capturing Packets
    Start Packet Capture:Click on the “Capture” menu and select “Start” or simply click the shark fin icon.
    Allow Wireshark to run for a sufficient duration to capture relevant traffic.
    Stop Packet Capture:Click on the red square button to stop capturing once you have enough data.

    Analyzing Latency
    Use TCP Stream Graphs:Go to “Statistics” in the menu.
    Select “TCP Stream Graph” and then choose “Round Trip Time” (RTT) graph.
    This graph will display the round-trip time for packets, allowing you to visualize latency over time1.

    Inspect Individual Packets: Click on a specific packet in the capture window.
    In the packet details pane, look for timestamps which indicate when packets were sent and received. You can calculate latency by subtracting these timestamps4.

    Filter for Specific Protocols: Use display filters (e.g., tcp, icmp) to isolate specific types of traffic that may be contributing to latency issues.


    Calculate Latency Using Timestamps: If you have access to both client and server captures, you can compare timestamps from both ends to measure latency more accurately by subtracting the client’s send time from the server’s receive time4.

    Additional Analysis
    Identify Potential Issues: Look for signs of congestion, such as packet loss or retransmissions, which can contribute to increased latency.
    Use other statistics tools within Wireshark, such as “IO Graphs,” to visualize overall network performance.
    By following these steps, you can effectively use Wireshark to measure and analyze network latency, helping you identify bottlenecks and optimize your network performance

  • What is DNS over HTTPS (DoH)

    DNS over HTTPS (DoH) is a protocol that encrypts Domain Name System (DNS) queries and responses between a client (e.g., a web browser or operating system) and a DNS resolver (e.g., Quad9). This encryption protects DNS data from being intercepted, modified, or logged by third-party entities, such as Internet Service Providers (ISPs) or network administrators.

    How does Quad9’s DoH service work?
    Quad9 offers a DoH service that uses the HTTPS protocol to encrypt DNS queries and responses. When you configure your device to use Quad9’s DoH service, your device will send DNS queries to Quad9’s servers over an encrypted HTTPS connection. Quad9’s servers will then respond with the resolved IP addresses, also encrypted.

    How to configure DNS over HTTPS (DoH) using Quad9:
    Android (Android 9 and later):
    Go to Settings > Network & Internet > Advanced > Private DNS.
    Select “Private DNS provider hostname” and enter dns.quad9.net.
    Save the changes.

    iOS (14 and later):
    Note that Apple’s Private Relay feature will override any custom DoH settings. If you want to use Quad9’s DoH, disable Private Relay.
    Configure your device’s DNS settings to use Quad9’s DoH by following these steps:
    Go to Settings > Wi-Fi > [your Wi-Fi network] > DNS.
    Tap “Manual” and enter dns.quad9.net as the DNS server.

    Windows 11:
    Go to Settings > Network & Internet > Ethernet or Wi-Fi > Change adapter options.
    Right-click your active network connection and select “Properties”.
    In the “Internet Protocol Version 4 (TCP/IPv4)” or “Internet Protocol Version 6 (TCP/IPv6)” properties, click “Advanced”.
    In the “DNS” tab, click “Add” and enter dns.quad9.net as the DNS server.

    Other devices and operating systems:
    Consult your device’s documentation or manufacturer’s website for specific instructions on configuring DoH with Quad9.

    Important notes:
    Quad9’s DoH service only blocks malicious domains, not ads or tracking. You may need additional tools to block these types of content.
    If you’re using a VPN, it’s recommended to use the VPN’s built-in DNS service instead of configuring DoH with Quad9.
    Quad9’s DoH service may not work on all networks or devices due to restrictions imposed by network administrators or firewalls.

    Photo by Field Engineer on Pexels.com