Network cabling can be a finicky thing. There was a day when people without appropriate knowledge and training were tasked with running cable by virtue of their other responsibilities. For example, telephone techs and electricians used to be tapped because they were cabling people. However, while telephones cables can sometimes tolerate quite a lot of error, data cabling is less forgiving. I’m focusing here on twisted pair cabling, not fiber. Here are 10 mistakes to avoid when you’re installing network cable.

Mistake 1: Not planning for the future

Perhaps your organization has provisioned 100 Mbps network connections to the desktop for now, even though 1 Gbps has become pretty standard. But suppose your organization is going to move to a new location and you need to install new cabling. Are you going to go with yesterday’s best cabling technology or are you going to install something that will meet today’s needs and your needs for the next few years? Remember, the labour is the most expensive part of your project. While top-of-the-line cable won’t be the least expensive option, you should consider reasonably high-end cable for your installation. Maybe you don’t go with the absolute best — after all, many organizations won’t need 10 Gbps to the desktop for quite some time — but don’t go for cheap, either.

Mistake 2: Using different cabling for voice and data

Twisted pair cabling used to be expensive, so companies used to install different cabling for voice and data needs. Since voice was a less picky service and required only a single pair of wires, less expensive cabling was used for voice while data enjoyed the bulk of the budget.

Today, a complete installation can still be pricey but the bulk of the cost is generally labour; cabling itself really isn’t a massive cost. Further, with the rise of services such as VoIP, voice in many places has transitioned to being a data need and requires data-level cabling. In fact, with the right VoIP equipment, you can often get away with using an existing data cable and then making use of the VoIP device’s built-in Ethernet switch to save on the cost of running multiple cables, if that becomes absolutely necessary.

The point here: Don’t simply assume that you can or should use old style category 3 cabling for voice. If you’re going to run a separate cable for a phone, match the data cable type.

Mistake 3: Not using cable management

Adding cable management is often seen as a “would be nice if” type of scenario. Adding ladder rack, rack-based cable management, and the like does add cost. But it also makes ongoing maintenance much, much easier. Bear in mind that the cabling work won’t stop with the initial installation. More cables will be added, and things will be changed. Make sure that you label appropriate cables, color-code cables, or implement some other kind of process to make it easier to identify cables later on.

Mistake 4: Running cable in parallel with electrical cables

Data cabling used “UTP” — unshielded twisted pairs — to achieve its goals. The magnetic field generated by the low voltage running through the cable is a critical component of the communications chain. When you run this unshielded cabling in parallel with electrical cables, that magnetic field is disrupted and the communication becomes noisy and garbled. In many cases, transmissions will simply not make it from Point A to Point B. In other cases, transmission rates will slow to a crawl as communications are constantly retried.

If you have to go near electrical power lines, cross them in parallel perpendicular instead.

And now for a story: Way back in the late 90s, I was asked to look into why a newly installed coaxial cable wasn’t working. It was a building-to-building connection between two buildings that were very close to one another. Upon arriving at the site, I looked up and saw that the coaxial cable was twisted around the overhead electrical cabling that ran between the two buildings. Needless to say, it was easy to identify the cause of the problem.

Mistake 5: Running cable near “noisy” devices and fixtures

Noise can be introduced onto data cabling by more than just electrical wires. Fluorescent lighting, motors, and similar items that shed electrical or magnetic interference will wreak havoc on your cabling infrastructure as well. Make sure that in your planning, you leave a data cable pathway that avoids these kinds of hazards.

Mistake 6: Not minding distance limitations… to a point

If you’ve run any cabling at all, you know that the typical distance limitation for UTP cabling with typical Ethernet — up to 1 Gbps anyway — is 100 meters. However, if you’re running cabling for some other purposes, such as 10 Gbps or 40 Gbps, be mindful of the distance limitations associated with the type of cabling you intend to use. For example, if you intend to run 10 Gbps for up to 100 meters over twisted pair cabling, you need to use Category 6A or better cabling.

Mistake 7: Not following laws/codes/ordinances

This is really important for many reasons. First of all, failure to adhere to local codes can create dangerous issues for safety personnel. For example, in most places, use of PVC-jacketed cabling is prohibited in air handling spaces. When PVC burns, it creates a toxic stew that can be harmful to firefighters and other personnel that might have to navigate the area in the event of an emergency.

If you fail to follow local codes related to low voltage cabling, you risk fines and may even have to rip and replace your cabling. So make sure you verify your responsibilities before you get started and make sure that any contractors you have working with you are aware of local ordinances as well.

Mistake 8: Not testing your cabling infrastructure

Once the cabling is installed, you should test every cable using appropriate tools to make sure that it will be suitable for its intended use. This includes verifying length and cable specifications matched to needs. If you need 1 Gbps transmission speeds, verify that the cable’s properties will support that need.

Mistake 9: Not following standards

You know, there are only eight individual wires inside a cabling jacket. So why not just terminate them at random, as long as you use the same scheme at both ends and you’re consistent between cables? Well… that’s a bad idea. There are standards in place for a reason. The cabling standards take into consideration just how the cables are twisted and placed in the jacket. If you deviate from those standards, you risk introducing noise and inefficiency into your cable plant that can have a negative impact on overall network performance. The standards I speak of are known as EAI/TIA-568-A and B and dictate the method by which data cables should be terminated.

Mistake 10: Not running a cable when you need one

Recently, Erik Eckel of Tech Republic wrote about the dangers of using an Ethernet switch when a new cable run is really what’s needed. When you start adding Ethernet switches willy-nilly, you risk introducing unknown elements and instability into an otherwise well-designed network. In general, people use mini-switches when they just need to add a port or two, so there is very little traffic planning undertaken. Depending on the reason behind the need for the additional ports, this can be problematic. If the new services require a lot of network resources, you can create bottlenecks where you didn’t intend to. The lesson: Unless you have a really good reason not to, just run another cable (actually, run two; the cabling is cheap but the labour is similar).

BT has announced plans to trial one gigabit fibre broadband in Suffolk and add 40 rural market towns to its current fibre roll-out.

It said the move would support the UK government’s plan to create the best broadband network in Europe by 2015.

It comes as regulator Ofcom reveals that less than 1% of UK homes have a super-fast broadband connection.

Culture Secretary Jeremy Hunt is due to spell out the UK’s broadband strategy next week.

The 1Gb trial in Kesgrave, Suffolk, will begin early next year and is intended to demonstrate the speed capabilities of BT’s fibre-to-the-home (FTTH) technology.

BT has been criticised for not offering FTTH more widely. Most of its fibre roll-out will rely on slower fibre-to-the-cabinet (FTTC) technology.

Only a quarter of the homes it intends to offer fibre to will be connected using FTTH.

The market towns earmarked for broadband upgrades have not yet be named but BT said it intended to begin offering services from late 2011.

The announcement comes ahead of a speech on the issue from Culture Secretary Jeremy Hunt.

“I will be setting out on Monday how we can do even more to boost broadband roll-out – by stimulating competition and creating an environment in which business can flourish by removing barriers and cutting costs,” he said in a statement.

The government is set to provide £830m for firms willing to offer fast broadband services in rural areas, which it will provide “over the course of this parliament and the next”.

BT said that if it was to “win funds on that scale” it would be able to provide fibre to 90% of the UK.

Under current plans, its fibre will extend to 66% of the UK.

“We intend to continually push the limits of our super-fast broadband programme in terms of the technology and the geography,” said Oliva Garfield, BT’s director of strategy.

Article courtesy of BBC News

Although IPv6 adoption seems to be moving at a snail’s pace, there’s no outrunning it. Brien Posey demystifies some of the addressing issues many admins are still trying to figure out.

Over the last several years, IPv6 has been inching toward becoming a mainstream technology. Yet many IT pros still don’t know where to begin when it comes to IPv6 adoption because IPv6 is so different from IPv4. In this article, I’ll share 10 pointers that will help you understand how IPv6 addressing works.

1: IPv6 addresses are 128-bit Hexadecimal numbers

The IPv4 addresses we’re all used to seeing are made up of four numerical octets that combine to form a 32-bit address. IPv6 addresses look nothing like IPv4 addresses. IPv6 addresses are 128 bits long and are made up of hexadecimal numbers.

In IPv4, each octet is separated by a period. In IPv6, the hexadecimal characters are separated by colons. A group of hexadecimal characters can range from two to four characters in length.

2: Link local unicast addresses are easy to identify

IPv6 reserves certain headers for different types of addresses. Probably the best known example of this is that link local unicast addresses always begin with FE80. Similarly, multicast addresses always begin with FF0x, where the x is a placeholder representing a number from 1 to 8.

3: Leading zeros are suppressed

Because of their long bit lengths, IPv6 addresses tend to contain a lot of zeros. When a section of an address starts with one or more zeros, those zeros are nothing more than placeholders. So any leading zeros can be suppressed. To get a better idea of what I mean, look at this address:

FE80:CD00:0000:0CDE:1257:0000:211E:729C

If this were a real address, any leading zero within a section could be suppressed. The result would look like this:

FE80:CD00:0:CDE:1257:0:211E:729C

As you can see, suppressing leading zeros goes a long way toward shortening the address.

4: Inline zeros can sometimes be suppressed

Real IPv6 addresses tend to contain long sections of nothing but zeros, which can also be suppressed. For example, consider the address shown below:

FE80:CD00:0000:0000:0000:0000:211E:729C

In this address, there are four sequential sections separated by zeros. Rather than simply suppressing the leading zeros, you can get rid of all of the sequential zeros and replace them with two colons. The two colons tell the operating system that everything in between them is a zero. The address shown above then becomes:

FE80:CD00::211E:729C

You must remember two things about inline zero suppression. First, you can suppress a section only if it contains nothing but zeros. For example, you will notice that the second part of the address shown above still contains some trailing zeros. Those zeros were retained because there are non-zero characters in the section. Second, you can use the double colon notation only once in any given address.

5: Loopback addresses don’t even look like addresses

In IPv4, a designated address known as a loopback address points to the local machine. The loopback address for any IPv4-enabled device is 127.0.0.1.

Like IPv4, there is also a designated loopback address for IPv6:

0000:0000:0000:0000:0000:0000:0000:0001

Once all of the zeros have been suppressed, however, the IPv6 loopback address doesn’t even look like a valid address. The loopback address is usually expressed as ::1

6: You don’t need a traditional subnet mask

In IPv4, every IP address comes with a corresponding subnet mask. IPv6 also uses subnets, but the subnet ID is built into the address.

In an IPv6 address, the first 48 characters are the network prefix. The next 16 characters (which are often all zeros) are the subnet ID. And the last 64 characters are the interface identifier. Even though there is no subnet mask, you have the option of specifying a subnet prefix length.

7: DNS is still a valid technology

In IPv4, Host (A) records are used to map an IP address to a host name. DNS is still used in IPv6, but Host (A) records are not used by IPv6 addresses. Instead, IPv6 uses AAAA resource records, which are sometimes referred to as Quad A records. The domain ip6.arpa is used for reverse hostname resolution.

8: IPv6 can tunnel its way across IPv4 networks

One of the things that has caused IPv6 adoption to take so long is that IPv6 is not generally compatible with IPv4 networks. As a result, a number of transition technologies use tunneling to facilitate cross network compatibility. Two such technologies are Teredo and 6to4. Although these technologies work in different ways, the basic idea is that both encapsulate IPv6 packets inside IPv4 packets. That way, IPv6 traffic can flow across an IPv4 network. Keep in mind, however, that tunnel endpoints are required on both ends to encapsulate and extract the IPv6 packets.

9: You might already be using IPv6

Beginning with Windows Vista, Microsoft began installing and enabling IPv6 by default. Because the Windows implementation of IPv6 is self-configuring, your computers could be broadcasting IPv6 traffic without your even knowing it. Of course, this doesn’t necessarily mean that you can abandon IPv4. Not all switches and routers support IPv6, just as some applications contain hard-coded references to IPv4 addresses.

10: Windows doesn’t fully support IPv6

It’s kind of ironic, but as hard as Microsoft has been pushing IPv6 adoption, Windows does not fully support IPv6 in all the ways you might expect. For example, in Windows, it is possible to include an IP address within a Universal Naming Convention (\\127.0.0.1\C$, for example). However, you can’t do this with IPv6 addresses because when Windows sees a colon, it assumes you’re referencing a drive letter.

To work around this issue, Microsoft has established a special domain for IPv6 address translation. If you want to include an IPv6 address within a Universal Naming Convention, you must replace the colons with dashes and append .ipv6.literal.net to the end of the address — for example, FE80-AB00–200D-617B.ipv6.literal.net.

Do you know whether your computers are actively using IPv6 or not? Better check, as the bad guys probably already know.

——————————————————————————————————————-

Microsoft began enabling IPv6 protocol by default with the release of Vista. That policy continued with Windows Server 2008 and will with Windows 7. Apple, Linux, and Solaris are also shipping their latest distributions with IPv6 enabled.

Before continuing, I need to explain something. We all understand that IPv6 is important. I even mustered enough courage with Joe Klein’s (director of IPv6 security at Command Information) gracious help to write several articles about it. So that’s no longer on my radar.

What’s on my radar

I’m not sure why, but computers are now shipping with IPv6 enabled. My guess would be that most OS developers figured IPv6 networks would be more predominate by now. Or that there’s no down side to enabling IPv6, so why wait.

I do know of one Microsoft service that requires IPv6. It’s called Windows Meeting Space. It uses the peer-to-peer framework and IPv6 to setup ad hoc networks automatically.

What numbers are we talking about

The number of computers running IPv6 is staggering. Carolyn Duffy Marsan in a NetworkWorld article quoted Joe Klein as saying:

“We’re probably talking about 300 million systems that have IPv6 enabled by default. We see this as a big risk.”

What I’m wondering, is how many of the people using the 300 million computers realize IPv6 is enabled or know what it means?

What’s being exploited

In a concurrent article, Marsan asked experts what they considered the most serious issues of running a dual stack comprised of IPv6 and IPv4. Here’s what they said:

• Rogue IPv6 traffic: Attackers realize that most network administrators aren’t monitoring IPv6 traffic or they can’t. Because existing firewalls, IDS, or network management tools aren’t IPv6-aware. Therefore, an attacker can send malicious traffic to any computer running IPv6 and it will get through.
• IPv6 tunneling: Protocols such as Teredo and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) encapsulate IPv6 packets inside IPv4 packets. The morphed packets can easily pass through IPv4 firewalls and network address translation (NAT) equipment, defeating perimeter defenses purposed to sense and drop IPv6 packets.
• Rogue IPv6 equipment: Because IPv6 uses auto-configuration, an attacker can gain considerable control over computers running IPv6, simply by placing a rogue device capable of issuing IPv6 IP addresses on the network under attack. To make matters worse the device could have router attributes. Forcing all traffic to transit through it, allowing attackers to snoop, modify, or drop traffic at their whim.
• Built-in ICMP and multicast: Unlike IPv4, IPv6 requires ICMP and multicast traffic. That fact will significantly change how administrators approach network security. Right now, blocking ICMP and multicast traffic on IPv4 networks is the accepted practice. That will no longer work and complicated filtering of ICMP and multicast packets will be required to maintain some semblance of security.

Leave IPv6 enabled or not

Whether to leave IPv6 “enabled or not” is about as clear as mud. There’s the yes camp and there’s the no camp with the whole gray area in between littered with other opinions. I thought I’d let the experts introduced in Marsan’s article present their views:

Tim LeMaster: Director of systems engineering for Juniper’s federal group mentions:

“If you’re not prepared for IPv6, then the prudent thing to do is not to allow it into your network,” LeMaster says. “But you shouldn’t be blocking all IPv6 traffic for the next five years. You should only block it until you have a policy and understand the threats.”

Lisa Donnan: Vice president of advanced technology solutions at Command Information has a different viewpoint:

“We don’t recommend that you block IPv6 traffic. We are recommending that you do an audit and find out how many IPv6 devices and applications are on your network. If you have IPv6 traffic on your network, then you’ve got to plan, train, and implement IPv6.”

Sheila Frankel: Computer scientist in the Computer Security Division of the National Institutes of Standards and Technology (NIST) expresses a middle-ground viewpoint:

“Companies need to acquire a minimal level of expertise in IPv6, which will help protect them against threats. The other thing they should do is to take their outward-facing servers, those that are external to the corporation’s firewalls, and enable IPv6 on them. That way, customers from Asia with IPv6 addresses will be able to reach these servers and their own people will acquire expertise in IPv6. This will be a first step in the process.”

Frankel continues:

“IPv6 is coming. The best way is to face it head on and to decide you’re going to do it in the most secure manner possible.”

As soon as I started receiving computers with IPv6 enabled, I turned the protocol off. My rational was why take a chance when it’s not necessary. Apparently, my choice is paying off, as my client’s computers aren’t vulnerable to these new exploit vectors.

That works for me for the time being at least. I don’t pretend to think my choice will work for everyone. From the above opinions, the only thing I do know for sure is that getting up-to-speed on IPv6 is important. As that knowledge will help you determine what’s in your network and computer systems best interest.

How to disable IPv6

Thankfully, disabling IPv6 is quite easy. I’ve provided links to Web sites that explain the process for several of the operating systems, if you’re so inclined:

Disable IPv6 in Linux

Disable IPv6 in Windows Vista

Disable IPv6 in Mac OS X

Final thoughts

This is definitely a thorny subject and full of surprises. Just like every new and untested technological change. I can accept that. What’s hard to accept is that security once again appears not to be a main consideration. I hope it’s just a temporary oversight.

Original Article By Michael Kassner for Tech Republic:

IPv6: Oops – it’s on by default

The UK’s second largest ISP, Virgin Media, will next year introduce network monitoring technology to specifically target and restrict BitTorrent traffic, its boss has told The Register.

The move will represent a major policy shift for the cable monopoly and is likely to anger advocates of “net neutrality”, who say all internet traffic should be treated equally. Virgin Media currently temporarily throttles the bandwidth of its heaviest downloaders across all applications at peak times, rather than targeting and “shaping” specific types of traffic.

The firm argues that its current “traffic management” policy allows it to ensure service quality at peak times for 95 per cent of customers while still allowing peer-to-peer filesharers to download large amounts of data.

The details and timing of the new application-based restrictions are still being developed, Virgin Media’s Kiwi CEO Neil Berkett said in an interview on Monday following the launch of his firm’s new 50Mbit/s service. They will come into force around the middle of next year, he added.

A company spokesman later declined to provide more detail on the CEO’s comments. He said: “Broadband has become integral to delivering home entertainment services and with data consumption growing rapidly, we are exploring new ways to enhance our product offering. Part of this involves intelligent monitoring and understanding the way people use our broadband service.”

Virgin Media has launched its 50Mbit/s broadband package without any form of traffic restriction, but it said it would do so as take-up increases. Berkett said top package customers would be reined in from the middle of next year; the same time he proposes to introduce application-based restrictions.

Asked why the firm would ditch its system of choosing who to throttle based on their total usage, in favour of singling out BitTorrent, Berkett said: “I think it’s an issue of fairness.”

BitTorrent is a major problem for network operators, who characterise its heavy users as “bandwidth hogs”. The US provider Comcast was last year summoned to Congressional hearings over measures it took to reduce the impact of BitTorrent on its network. The Federal Communications Commission subsequently banned the practice and fined Comcast, prompting celebrations from net neutrality campaigners.

In the UK there has been no regulatory opposition to application-based bandwidth restriction. Major ISPs including BT and Carphone Warehouse use specialised “deep packet inspection” (DPI) equipment to monitor and manage the protocols running over their networks.

As recently as June this year, however, Virgin Media told The Register it had no plans to follow suit. “Our policy does not discriminate internet traffic by application and we have no plans to do so,” it said.

That statement was made in response to the suggestion that Virgin Media’s purchase of DPI kit from the Israeli firm Allot was a precursor to restricting bandwidth-hungry applications such as BitTorrent.

“Whilst we do use equipment from Allot within parts of our cable network, this is used to build usage metrics and does not affect customers’ service in any way. It is certainly not used to do any form of packet shaping or change internet traffic priorities,” came the denial.

Yet Berkett was clear yesterday that application-based restrictions would form part of a broader strategy to “monetise the intelligence” in the Virgin Media network. The firm did not, as reported by The Guardian today*, promise “to press ahead with its targeted online advertising technology”.

DPI technology is at the centre of Phorm’s system, but it’s understood Berkett’s comments about DPI yesterday did not refer to a behavioural advertising strategy. He also said comments he made at an analyst presentation in New York last month (“Our next initiative probably won’t be with the Phorms of the world”) did not preclude the possibility that Virgin Media will adopt such technology, but indicated it will look to other services powered by DPI – ones likely to be perceived as more consumer-friendly – first.

For example, Virgin Media is known to be in advanced talks to launch a legal, licensed peer-to-peer music service. DPI would be used to monitor the popularity of music files, enabling it to fairly divide subscription revenues among record labels.

Original Article Taken From The Register

As a wise man once said, “If you leave the coffee pot low, you fail at life.”

Engineers (who are largely powered by coffee) are forced to ask the question:

“If you can create a shared printer that alerts the admin when it needs to be refilled with toner or paper, why can’t you build a coffee maker that is network-enabled that alerts coffee-starved coders when it needs grounds, filters, or water?”

Well, you can, it’s just that people who design coffee makers are really bad at network security.

How bad?

The software allows a remote attacker to gain access to the Windows XP system it is running on at the level of the user.

As the guys at Security Focus warn us all, that’s just the beginning of the trouble this device can cause:

Fun things you can do with a Jura coffee maker:

• Change the preset coffee settings (make weak or strong coffee)
• Change the amount of water per cup (say 300ml for a short black) and make a puddle
• Break it by engineering settings that are not compatible (and making it require a service)

(Found via Serious Eats.)

Network security is only as good as its weakest link – often users’ home Wi-Fi networks. IT managers must examine their exposure to unsecured Wi-Fi networks and take steps to mitigate any risks, such as helping users protect their networks, implementing a good remote access policy, and addressing any compliance issues.

——————————————————————————————————————-

In his Time.com article, “Confessions of a Wi-Fi Thief,” Lev Grossman describes a Wi-Fi filching scenario IT pros are all too familiar with.

Grossman wrote:

“When I moved into my apartment three years ago, the first thing I did after I tipped the movers was sit down on a box, crack open my laptop and sniff the air for wi-fi signals. And I found them: my apartment was chock-full of delicious, invisible data, ripe for the plucking. For the next three years I didn’t pay for Internet access, I got online via the unsecured wireless networks of my neighbours.”

I’ll leave the ethical and philosophical argument for and against Wi-Fi theft for another post, but Grossman’s article reminds us that the chains we put around our networks are only as strong as their weakest links – often our end-user’s home offices.

Using VPN’s, strong access controls and authentication procedures are a must, but IT departments must also stress the importance of end-users securing their own wireless networks and we should provide assistance, even if it’s just informational, if possible.

Now don’t get all up in arms about supporting end-users home equipment. I’m not suggesting you take on the impossible task of manually configuring each user’s home networking equipment, heaven forbid, instead, an information campaign that helps users understand the importance of and common methods for securing their home networks should suffice.

Establish, distribute and enforce a good remote access policy.

Information should start with a good remote access policy, which every remote user should of received and signed (manually or electronically). If you haven’t got a Remote Access Policy then create one for your organization today.

Provide information on general Wi-Fi security techniques

Whether you include them as part of your remote access policy, post them on your IT department’s Intranet site or send them out in an e-mail, the following Wi-Fi security tips are a good place for your users to start securing their home networks:

* Use WPA or WPA2 wireless encryption – not WEP.
* Don’t broadcast your SSID.
* Use a firewall.
* Use a strong passphrase.
* Regularly monitor network access.

If these simple precautions are taken by your remote workers you will be going a long way to ensure the weakest link in your Wi-Fi network is not a well meaning employee who wanted to do some extra work from the comfort of his or her own home.

The case of a Massachusetts state worker who was fired for having pornography on his laptop but later discovered to be innocent because the security software wasn’t working and the computer was filled with malware should be a sobering anecdote for IT departments.

After child pornography was discovered on his laptop, Michael Fiola, a state worker in Massachusetts got fired and had to deal with a smeared reputation and financial fallout. But it has been discovered that his laptop was riddled with malware because the system’s security software wasn’t working. Fiola was likely innocent, and criminal charges against him have now been dismissed.

This is one of those worst nightmare cases. The Massachusetts state government and its IT department failed Fiola. They were trying to do the right thing but ending up getting it wrong in the worst way. The result had devastating personal consequences for Fiola, and the likelihood of significant financial fallout for the state in follow-up legislation.

I’ve heard from a lot of IT professionals over the past 5-10 years that tracking and identifying porn on worker computers has become a quietly significant part of the IT department’s responsibilities, and many IT pros have been struggling with all of the legal and ethical ramifications involved.

The Fiola case will only add to the gut-wrenching complexity of this issue. If you or your IT department are involved in helping to get someone fired or have criminal charges brought against them for something they have on their computer, you better make sure you thoroughly investigate the issue (and possibly hire a forensic specialist to help) before you act on something you discover.

Original Article From Tech Republic

SUMMARY

This article lists the error codes that you may receive when you use Windows 2000, Windows XP, or Windows Server 2003 as a client computer to make a dial-up networking (DUN) or Virtual Private Network (VPN) connection.

Note Error codes with numbers higher than 900 will only be seen if you are trying to connect to a Routing and Remote Access Server that is running Windows 2000 or later.

The following list contains the error codes for dial-up networking (DUN) or Virtual Private Network (VPN) connection:

600
An operation is pending.

601
The port handle is invalid.

602
The port is already open.

603
Caller’s buffer is too small.

604
Wrong information specified.

605
Cannot set port information.

606
The port is not connected.

607
The event is invalid.

608
The device does not exist.

609
The device type does not exist.

610
The buffer is invalid.

611
The route is not available.

612
The route is not allocated.

613
Invalid compression specified.

614
Out of buffers.

615
The port was not found.

616
An asynchronous request is pending.

617
The port or device is already disconnecting.

618
The port is not open.

619
The port is disconnected.

620
There are no endpoints.

621
Cannot open the phone book file.

622
Cannot load the phone book file.

623
Cannot find the phone book entry.

624
Cannot write the phone book file.

625
Invalid information found in the phone book.

626
Cannot load a string.

627
Cannot find key.

628
The port was disconnected.

629
The port was disconnected by the remote machine.

630
The port was disconnected due to hardware failure.

631
The port was disconnected by the user.

632
The structure size is incorrect.

633
The port is already in use or is not configured for Remote Access dialout.

634
Cannot register your computer on the remote network.

635
Unknown error.

636
The wrong device is attached to the port.

637
The string could not be converted.

638
The request has timed out.

639
No asynchronous net available.

640
A NetBIOS error has occurred.

641
The server cannot allocate NetBIOS resources needed to support the client.

642
One of your NetBIOS names is already registered on the remote network.

643
A network adapter at the server failed.

644
You will not receive network message popups.

645
Internal authentication error.

646
The account is not permitted to log on at this time of day.

647
The account is disabled.

648
The password has expired.

649
The account does not have Remote Access permission.

650
The Remote Access server is not responding.

651
Your modem (or other connecting device) has reported an error.

652
Unrecognized response from the device.

653
A macro required by the device was not found in the device .INF file section.

654
A command or response in the device .INF file section refers to an undefined macro

655
The macro was not found in the device .INF file section.

656
The macro in the device .INF file section contains an undefined macro

657
The device .INF file could not be opened.

658
The device name in the device .INF or media .INI file is too long.

659
The media .INI file refers to an unknown device name.

660
The device .INF file contains no responses for the command.

661
The device .INF file is missing a command.

662
Attempted to set a macro not listed in device .INF file section.

663
The media .INI file refers to an unknown device type.

664
Cannot allocate memory.

665
The port is not configured for Remote Access.

666
Your modem (or other connecting device) is not functioning.

667
Cannot read the media .INI file.

668
The connection dropped.

669
The usage parameter in the media .INI file is invalid.

670
Cannot read the section name from the media .INI file.

671
Cannot read the device type from the media .INI file.

672
Cannot read the device name from the media .INI file.

673
Cannot read the usage from the media .INI file.

674
Cannot read the maximum connection BPS rate from the media .INI file.

675
Cannot read the maximum carrier BPS rate from the media .INI file.

676
The line is busy.

677
A person answered instead of a modem.

678
There is no answer.

679
Cannot detect carrier.

680
There is no dial tone.

681
General error reported by device.

682
ERROR WRITING SECTIONNAME

683
ERROR WRITING DEVICETYPE

684
ERROR WRITING DEVICENAME

685
ERROR WRITING MAXCONNECTBPS

686
ERROR WRITING MAXCARRIERBPS

687
ERROR WRITING USAGE

688
ERROR WRITING DEFAULTOFF

689
ERROR READING DEFAULTOFF

690
ERROR EMPTY INI FILE

691
Access denied because username and/or password is invalid on the domain.

692
Hardware failure in port or attached device.

693
ERROR NOT BINARY MACRO

694
ERROR DCB NOT FOUND

695
ERROR STATE MACHINES NOT STARTED

696
ERROR STATE MACHINES ALREADY STARTED

697
ERROR PARTIAL RESPONSE LOOPING

698
A response keyname in the device .INF file is not in the expected format.

699
The device response caused buffer overflow.

700
The expanded command in the device .INF file is too long.

701
The device moved to a BPS rate not supported by the COM driver.

702
Device response received when none expected.

703
ERROR INTERACTIVE MODE

704
ERROR BAD CALLBACK NUMBER

705
ERROR INVALID AUTH STATE

706
ERROR WRITING INITBPS

707
X.25 diagnostic indication.

708
The account has expired.

709
Error changing password on domain.

710
Serial overrun errors were detected while communicating with your modem.

711
RasMan initialization failure. Check the event log.

712
Biplex port is initializing. Wait a few seconds and redial.

713
No active ISDN lines are available.

714
Not enough ISDN channels are available to make the call.

715
Too many errors occurred because of poor phone line quality.

716
The Remote Access IP configuration is unusable.

717
No IP addresses are available in the static pool of Remote Access IP addresses.

718
PPP timeout.

719
PPP terminated by remote machine.

720
No PPP control protocols configured.

721
Remote PPP peer is not responding.

722
The PPP packet is invalid.

723
The phone number, including prefix and suffix, is too long.

724
The IPX protocol cannot dial-out on the port because the computer is an IPX router.

725
The IPX protocol cannot dial-in on the port because the IPX router is not installed.

726
The IPX protocol cannot be used for dial-out on more than one port at a time.

727
Cannot access TCPCFG.DLL.

728
Cannot find an IP adapter bound to Remote Access.

729
SLIP cannot be used unless the IP protocol is installed. 730
Computer registration is not complete.

731
The protocol is not configured.

732
The PPP negotiation is not converging.

733
The PPP control protocol for this network protocol is not available on the server.

734
The PPP link control protocol terminated..

735
The requested address was rejected by the server..

736
The remote computer terminated the control protocol.

737
Loopback detected..

738
The server did not assign an address.

739
The remote server cannot use the Windows NT encrypted password.

740
The TAPI devices configured for Remote Access failed to initialize or were not installed correctly.

741
The local computer does not support encryption.

742
The remote server does not support encryption.

743
The remote server requires encryption.

744
Cannot use the IPX net number assigned by the remote server. Check the event log.

745
ERROR_INVALID_SMM

746
ERROR_SMM_UNINITIALIZED

747
ERROR_NO_MAC_FOR_PORT

748
ERROR_SMM_TIMEOUT

749
ERROR_BAD_PHONE_NUMBER

750
ERROR_WRONG_MODULE

751
The callback number contains an invalid character. Only the following 18 characters are allowed: 0 to 9, T, P, W, (, ), -, @, and space

752
A syntax error was encountered while processing a script.

753
The connection could not be disconnected because it was created by the multi-protocol router.

754
The system could not find the multi-link bundle.

755
The system cannot perform automated dial because this connection has a custom dialer specified.

756
This connection is already being dialed.

757
Remote Access Services could not be started automatically. Additional information is provided in the event log.

758
Internet Connection Sharing is already enabled on the connection.

759
An error occurred while the existing Internet Connection Sharing settings were being changed.

760
An error occurred while routing capabilities were being enabled.

761
An error occurred while Internet Connection Sharing was being enabled for the connection.

762
An error occurred while the local network was being configured for sharing.

763
Internet Connection Sharing cannot be enabled. There is more than one LAN connection other than the connection to be shared.

764
No smart card reader is installed.

765
Internet Connection Sharing cannot be enabled. A LAN connection is already configured with the IP address that is required for automatic IP addressing.

766
A certificate could not be found. Connections that use the L2TP protocol over IPSec require the installation of a machine certificate, also known as a computer certificate.

767
Internet Connection Sharing cannot be enabled. The LAN connection selected as the private network has more than one IP address configured. Please reconfigure the LAN connection with a single IP address before enabling Internet Connection Sharing.

768
The connection attempt failed because of failure to encrypt data.

769
The specified destination is not reachable.

770
The remote computer rejected the connection attempt.

771
The connection attempt failed because the network is busy.

772
The remote computer’s network hardware is incompatible with the type of call requested.

773
The connection attempt failed because the destination number has changed.

774
The connection attempt failed because of a temporary failure. Try connecting again.

775
The call was blocked by the remote computer.

776
The call could not be connected because the remote computer has invoked the Do Not Disturb feature.

777
The connection attempt failed because the modem (or other connecting device on the remote computer is out of order.

778
It was not possible to verify the identity of the server.

779
To dial out using this connection you must use a smart card.

780
An attempted function is not valid for this connection.

781
The connection requires a certificate, and no valid certificate was found. For further assistance, click More Info or search Help and Support Center for this error number.

782
Internet Connection Sharing (ICS and Internet Connection Firewall (ICF cannot be enabled because Routing and Remote Access has been enabled on this computer. To enable ICS or ICF, first disable Routing and Remote Access. For more information about Routing and Remote Access, ICS, or ICF, see Help and Support.

783
Internet Connection Sharing cannot be enabled. The LAN connection selected as the private network is either not present, or is disconnected from the network. Please ensure that the LAN adapter is connected before enabling Internet Connection Sharing.

784
You cannot dial using this connection at logon time, because it is configured to use a user name different than the one on the smart card. If you want to use it at logon time, you must configure it to use the user name on the smart card.

785
You cannot dial using this connection at logon time, because it is not configured to use a smart card. If you want to use it at logon time, you must edit the properties of this connection so that it uses a smart card.

786
The L2TP connection attempt failed because there is no valid machine certificate on your computer for security authentication.

787
The L2TP connection attempt failed because the security layer could not authenticate the remote computer.

788
The L2TP connection attempt failed because the security layer could not negotiate compatible parameters with the remote computer.

789
The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer.

790
The L2TP connection attempt failed because certificate validation on the remote computer failed.

791
The L2TP connection attempt failed because security policy for the connection was not found.

792
The L2TP connection attempt failed because security negotiation timed out.

793
The L2TP connection attempt failed because an error occurred while negotiating security.

794
The Framed Protocol RADIUS attribute for this user is not PPP.

795
The Tunnel Type RADIUS attribute for this user is not correct.

796
The Service Type RADIUS attribute for this user is neither Framed nor Callback Framed.

797
A connection to the remote computer could not be established because the modem was not found or was busy. For further assistance, click More Info or search Help and Support Center for this error number.

798
A certificate could not be found that can be used with this Extensible Authentication Protocol.

799
Internet Connection Sharing (ICS cannot be enabled due to an IP address conflict on the network. ICS requires the host be configured to use 192.168.0.1. Please ensure that no other client on the network is configured to use 192.168.0.1.

800
Unable to establish the VPN connection. The VPN server may be unreachable, or security parameters may not be configured properly for this connection.

801
This connection is configured to validate the identity of the access server, but Windows cannot verify the digital certificate sent by the server.

802
The card supplied was not recognized. Please check that the card is inserted correctly, and fits tightly.

803
The PEAP configuration stored in the session cookie does not match the current session configuration.

804
The PEAP identity stored in the session cookie does not match the current identity.

805
You cannot dial using this connection at logon time, because it is configured to use logged on user’s credentials.

900
The router is not running.

901
The interface is already connected.

902
The specified protocol identifier is not known to the router.

903
The Demand-dial Interface Manager is not running.

904
An interface with this name is already registered with the router.

905
An interface with this name is not registered with the router.

906
The interface is not connected.

907
The specified protocol is stopping.

908
The interface is connected and hence cannot be deleted.

909
The interface credentials have not been set.

910
This interface is already in the process of connecting.

911
An update of routing information on this interface is already in progress.

912
The interface configuration in invalid. There is already another interface that is connected to the same interface on the remote router.

913
A Remote Access Client attempted to connect over a port that was reserved for Routers only.

914
A Demand Dial Router attempted to connect over a port that was reserved for Remote Access Clients only.

915
The client interface with this name already exists and is currently connected.

916
The interface is in a disabled state.

917
The authentication protocol was rejected by the remote peer.

918
There are no authentication protocols available for use.

919
The remote computer refused to be authenticated using the configured authentication protocol. The line has been disconnected.

920
The remote account does not have Remote Access permission.

921
The remote account has expired.

922
The remote account is disabled.

923
The remote account is not permitted to logon at this time of day.

924
Access was denied to the remote peer because username and/or password is invalid on the domain.

925
There are no routing enabled ports available for use by this demand dial interface.

926
The port has been disconnected due to inactivity.

927
The interface is not reachable at this time.

928
The Demand Dial service is in a paused state.

929
The interface has been disconnected by the administrator.

930
The authentication server did not respond to authentication requests in a timely fashion.

931
The maximum number of ports allowed for use in the multilinked connection has been reached.

932
The connection time limit for the user has been reached.

933
The maximum limit on the number of LAN interfaces supported has been reached.

934
The maximum limit on the number of Demand Dial interfaces supported has been reached.

935
The maximum limit on the number of Remote Access clients supported has been reached.

936
The port has been disconnected due to the BAP policy.

937
Because another connection of your type is in use, the incoming connection cannot accept your connection request.

938
No RADIUS servers were located on the network.

939
An invalid response was received from the RADIUS authentication server. Make sure that the case sensitive secret password for the RADIUS server is set correctly.

940
You do not have permission to connect at this time.

941
You do not have permission to connect using the current device type.

942
You do not have permission to connect using the selected authentication protocol.

943
BAP is required for this user.

944
The interface is not allowed to connect at this time.

945
The saved router configuration is incompatible with the current router.

946
RemoteAccess has detected older format user accounts that will not be migrated automatically. To migrate these manually, run XXXX.

948
The transport is already installed with the router.

949
Received invalid signature length in packet from RADIUS server.

950
Received invalid signature in packet from RADIUS server.

951
Did not receive signature along with EAPMessage from RADIUS server.

952
Received packet with invalid length or Id from RADIUS server.

953
Received packet with attribute with invalid length from RADIUS server.

954
Received invalid packet from RADIUS server.

955
Authenticator does not match in packet from RADIUS server.

Earlier this month an anti-piracy accord was being signed in France that could have far-ranging repercussions where file-sharing is concerned.

According to The Register:

A plan has been drawn up by French retail exec Denis Olivennes. It will see signatory ISPs — including France Telecom, which owns Orange in the UK — hand over information on heavy users of file-sharing networks to a new enforcement body which will formally warn them to stop. If they persist, their connection will be cut.

Further to this:

As part of the accord, movies will be released on DVD six months after the cinema run, and music will be offered for legal download DRM-free.

In a landmark speech French President Nicolas Sarkozy reiterated that the rights and recognition of authors, artists, and performers formed an important commitment of his presidential campaign.

He said, “Today an accord is signed and I see a decisive moment for the civilised Internet. Everywhere, in the US, UK and others, industry and government have tried… to find a permanent resolution to the problem of piracy. We are the first, in France, to try to build a national grand alliance around clear and viable proposals.”

The concern here is that France’s deal would set a precedent. Already in the United Kingdom, rights holders have been pressuring ISPs in setting up a similar scheme. In the United States, Comcast is well-known for its bandwidth throttling while Cox has been recently accused of interfering with eDonkey seeding on the sly.

Is this the beginning of the end for file-sharing?