Airtel 4G Dongle, Metered connection and Delivery Optimization

Windows 10 has a setting named “Metered connection” that can be used to mark a WiFi network as metered connection which then disables many data hungry features. One of those features is “Delivery optimization” that allows windows to download updates from many other PCs besides from windows update servers. This also make our own PC as seeder and this feature is enabled by default. As it can be guessed, this is a problem on limited connections. Many people may be using lot of bandwidth unknowingly uploading windows update bits on behalf of Microsoft without Microsoft paying them anything. Microsoft has converted entire windows 10 ecosystem as a giant network sharing update pieces with others without their knowledge.

If we are using Airtel 4G dongle, it is recognized as “Dial Up” device by windows 10 and there is no setting available to mark it as “Metered connection”. If we choose to update our laptops while using these dongles, we unwittingly becomes part of peer to peer network sharing updates using valuable limited connection bandwidth.

To save on your bandwidth, make sure to disable “Delivery Optimization” on your laptop. Instructions are given at Disable and Turn Off Windows Delivery Optimization . Failing to do so can give you nasty surprises.

  1. Metered Connection
  2. Delivery Optimization
  3. Airtel 4G Dongle

Strengthening WiFi router security for home network 

My WiFi network got hacked as well as of my neighbors. I had trouble getting reliable network in other parts of house because many unknown devices kept connecting to my network. Same is true with neighbors.

Look at devices names

  • android-d30a64368136fc1 14:1A:A3:8A:8B:4A MOTOROLA MOBILITY LLC, A LENOVO COMPANY
  • android-c84b9e4c6410d964 34:BB:26:08:00:7d Motorola Mobility LLC, USA
  • android-4bda3cc13c03e41e F8:CF:C5:4D:71:58 MOTOROLA MOBILITY LLC, A LENOVO COMPANY
  • android-b2aa46d340f80770 F8:84:F2:D8:00:C2 Samsung Electronics Co.,Ltd, SOUTH KOREA

All these are weirdly named devices that were named as so to avoid being detected. Most probably, MAC addresses are also spoofed one.

I did some research on password crackers tools for WiFi and saw below links. All these claim to be legal but who stopped thieves from using AK 47?

It turns out that first level of attack is via WPS which is open by default on almost all home routers. Another problem factor is DHCP. We do not really need either of these if we can use technology in right way.

Another protection would be to hide broadcasting of SSID name of WiFi network. This will make it a bit difficult to do quick dictionary level attack on network. Most probably, hardware detection would be needed to scan all wifi signal in the vicinity to figure if an unknown WiFi is broadcasting.

Passphrase off course should be somewhere 30 to 40 characters long. 15 character alphanumeric is easy to break.

If living in apartment complex, one good idea would be to check neighbors to see if they are also hacked. Collecting hacker device names from them can help convince society to throw out unwanted elements, read data thieves, from building.

Additionally, MAC filtering can be enabled although it seems that it is very easy to spoof MAC addresses even on mobiles.

Some tools that are useful in detecting hacked WiFi or getting to know if any unknown devices are on network are as follows

  • Fing Android App  This tells the list of devices connected on the WiFi whee the android mobile is connected.
  • Acrylic WiFi can be used to list out the characteristics of WiFis around us. This gives rating of network security and stuff like that. It also tells if WPS is enabled. Disable WPS if you see it enabled for your SSID and see that network safety rating goes up from 2 to 5.
  • WiFi Analyzer is a tool on Android to find out the strength of WiFi signal in graphical manner. If you see too much overlap from other routers. just reboot router once to get new interference free channel.

Intel Proset Wired connectivity software creating WMI problems to fill up event log with error 0x80041010

Below event kept coming up in my system event viewer every 10 second.

Event filter with query “SELECT * FROM __InstanceOperationEvent WITHIN 10 WHERE (TargetInstance ISA ‘Msvm_ExternalEthernetPort’) OR (TargetInstance ISA ‘Msvm_VmLANEndpoint’) OR (TargetInstance ISA ‘Msvm_SyntheticEthernetPort’) OR (TargetInstance ISA ‘Msvm_ComputerSystem’) OR (TargetInstance ISA ‘Msvm_VLANEndpointSettingData’)” could not be reactivated in namespace “//./root/virtualization” because of error 0x80041010. Events cannot be delivered through this filter until the problem is corrected.

There is no indication as to who is registering this event from this log. Matter is not much helped by Microsoft who have removed WMI diagnostic utility from windows 8 onwards. “WMI administrative tools”  also does not work on windows 8.1.

I then tried to search using WMIC in command prompt  and GWMI/register-wmievent in powershell and both keeps giving me same errors as being not able to connected to the event source.

I next tried WINMGMT /resetrepository with the hint given at http://networkadminkb.com/KB/a193/how-to-fix-missing-wbemadap-registry-value-names.aspx. Command line switches in winmgmt have been updated now. It stopped these events in logged on session but reboot brought back the issue.

Finally, I saw the below event by enabling extended logging on the log WMI-Activity as shown in the video https://www.youtube.com/watch?v=IdDzjE2POv0. Notice the client process id there.

Id = {439D3EDE-29K2-0000-803E-5D43F969D801}; ClientMachine = ****HOME; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1852; Component = Unknown; Operation = Start IWbemServices::ExecNotificationQuery – root\virtualization : SELECT * FROM __InstanceOperationEvent WITHIN 10 WHERE (TargetInstance ISA ‘Msvm_ExternalEthernetPort’) OR (TargetInstance ISA ‘Msvm_VmLANEndpoint’) OR (TargetInstance ISA ‘Msvm_SyntheticEthernetPort’) OR (TargetInstance ISA ‘Msvm_ComputerSystem’) OR (TargetInstance ISA ‘Msvm_VLANEndpointSettingData’); ResultCode = 0x80041010; PossibleCause = Unknown

Checking the process id in Windows task manager, I finally figured out the source of these as “Intel Proset Wired connectivity software“. Uninstalling it and reboot has finally got rid of the issue. The issue seems to have started recently (check publish date) only, but thankfully it is gone. Reboot is necessary to reinstall network drivers.

NAS folders inaccessible on windows 8.1 after sleep

Use case

  1. You have some video on Seagate Home NAS and viewing it in windows media player (WMP).
  2. You have mapped NAS public folder as local drive letter on your laptop.
  3. Your laptop is windows 8.1 or windows 8 64 bit. You are connected to NAS via WiFi.
  4. You close the lid thus closing the video.
  5. Start the laptop again after 3-4 hours. Since It had went into sleep mode due to long idle time, power button needs to be used to restart it again.

What happens

WMP is showing a screen which is asking you to resume video. Video is gone from the screen and you cannot restart it.

When windows explorer is opened to check NAS status, you see that the NAS folders are not accessible. Refreshing windows explorer or restarting it does not help.

Solution

Turn off WiFi and turn it again. NAS folders become accessible again. I think turning off WiFi and turning again restarts some network location awareness service which searches for NAS folders again and make them available in WMP.