Outbound Fax over ATA and VoIP failed

Recently I have been converting a lot of offices to VoIP. In addition to QoS & ACL there are other factors that could impact the phone line and quality of the call. One thing that particularly picky about how clean your phone line is FAX machines.

The location I was working on had Fiber network with awesome bandwidth. They had 8 Cisco ATA SPA122 adapters, 7 went into the phone system and 1 went to the fax machine. The ATA adapters were running the 1.21 firmware.

 

 

·         The problem they were experiencing was some faxes going out will fail.

·         No issues with incoming faxes at all.

·         Faxes that go out to fax machines connected to a POTS will succeed

·         Faxes that go out to some online fax services such as RingCentral, efax, etc will fail

·         The failure occurs despite the type of fax machine you use

·         You will hear the fax answer but it sounds like they fail to negotiate the type of protocol or something

 

Cisco’s 1.32 firmware sounded like they addressed the issue

CSCud58060  - ATA fails periodically while sending a v.34 fax in pass-through mode (Method=NSE) to a Cisco gateway.

 

But after contacting the VoIP vendor, they did not want to assist with upgrading the firmware. They were even hesitant with providing the admin password to the ATA (when ATA register to their SIP server, it changed the admin password).

Login into the ATA’s web interface as admin, if you plug in from the built in switch the default IP is 192.168.15.1. After logging in as admin you would need to go into Voice, click on Line 1, then scroll down to “Fax passthrough method” and set it to none.

 

Apply changes and this should fix any fax issues with other online fax services without updating your firmware.

Decommission Windows 2003 Domain Controller

Decommission Windows 2003 domain controller and transferring roles over

 

 

1.     View the current operations master role holders

To view the current operations master role holder

1.      Click Start, click Run, type ntdsutil, and then press ENTER.

2.      At the ntdsutil: prompt, type roles and press ENTER.

3.      At the fsmo maintenance: prompt, type connections and press ENTER.

4.      At the server connections: prompt, type connect to server servername (where servername is the name of the domain controller that belongs to the domain containing the operations masters).

5.      After receiving confirmation of the connection, type quit and press ENTER to exit this menu.

6.      At the fsmo maintenance: prompt, type select operation target and press ENTER.

7.      At the select operations target: prompt, type list roles for connected server and press ENTER.

The system responds with a list of the current roles and the Lightweight Directory Access Protocol (LDAP) name of the domain controllers currently assigned to host each role.

Type quit and press ENTER to exit each prompt in Ntdsutil.exe. Type quit and press ENTER at the ntdsutil: prompt to close the window.

 

2.     Transfer the schema master

1.       Open the Active Directory Schema snap-in.

2.       In the console tree, right-click Active Directory Schema, and click Change Domain Controller.

3.       In the Change Domain Controller dialog box, click Specify Name. Then, in the text box, type the name of the server to which you want to transfer the schema master role. Click OK.

4.       In the console tree, right-click Active Directory Schema. Click Operations Master. The Change Schema Master box displays the name of the server that is currently holding the role. The targeted domain controller is listed in the second box.

5.       Click Change. Click Yes to confirm your choice. The system confirms the operation. Click OK again to confirm that the operation succeeded.

6.       Click Close to close the Change Schema Master dialog box.

 

3.     Transfer the domain naming master

1.       Open Active Directory Domains and Trusts.

2.       In the console tree, right-click Active Directory Domains and Trusts, and then click Connect to Domain Controller.

3.       Ensure that the proper domain name is entered in the Domain box.

                                                                          i.      The available domain controllers from this domain are listed.

4.       In the Name column, click the domain controller (to select it) to which you want to transfer the role. Click OK.

5.       Right-click Active Directory Domains and Trusts, and then click Operations Master.

6.       The name of the current domain naming master appears in the first text box. The server to which you want to transfer the role should appear in the second text box. If this is not the case, repeat steps 1 through 4.

7.       Click Change. To confirm the role transfer, click Yes. Click OK again to close the message box indicating the transfer took place. Click Close to close the Change Operations Master dialog box.

 

4.     Transfer the domain-level operations master roles

 

1.      Open Active Directory Users and Computers.

2.      At the top of the console tree, right-click Active Directory Users and Computers. Click Connect to Domain Controller.

3.      In the list of available domain controllers, click the name of the server to which you want to transfer the role, and then click OK.

4.      At the top of the console tree, right-click Active Directory Users and Computers, point to All Tasks, and then click Operations Masters.

5.      The name of the current operations master role holder appears in the Operations master box. The name of the server to which you want to transfer the role appears in the lower box.

Click the tab for the role you want to transfer: RID, PDC, or Infrastructure. Verify the computer names that appear and then click Change. Click Yes to transfer the role, and then click OK.

6.      Repeat steps 4 and 5 for each role that you want to transfer.

 

5.     Determine whether a domain controller is a global catalog server

 

1.      Open Active Directory Sites and Services.

2.      In the console tree, expand the Sites container, expand the site of the domain controller you want to check, expand the Servers container, and then expand the Server object.

3.      Right-click the NTDS Settings object, and then click Properties.

4.      On the General tab, if the Global Catalog box is selected, the domain controller is designated as a global catalog server.

 

6.      Verify DNS registration and functionality

IPv6 Can Cause failures

1.       Open a Command Prompt.

2.       Type the following command, and then press ENTER:

netdiag /test:dns /v

·         On a Windows Server 2008 or Windows Server 2008 R2 computer, type the following command, and then press ENTER:

dcdiag /test:dns /v

3.       If DNS is functioning, the last line of the response for all operating system versions is

DNS Test…..: Passed. The verbose option lists specific information about what was tested. This information can help with troubleshooting if the test fails.

If the test fails, do not attempt any additional steps until you determine and fix the problem that prevents proper DNS functionality.

1 test failure on this DNS server                          DNS server: 2001:500:2d::d (d.root-servers.net.)                1 test failure on this DNS server                PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2d::d             DNS server: 2001:500:2f::f (f.root-servers.net.)                1 test failure on this DNS server                PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f             DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)                1 test failure on this DNS server                PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30

 

7.      Verify communication with other domain controllers

During the removal of Active Directory, contact with other domain controllers is required to ensure:

• Any un-replicated changes are replicated to another domain controller.
• Removal of the domain controller from the directory.
• Transfer of any remaining operations master roles.

If the domain controller cannot contact the other domain controllers during Active Directory removal, the decommissioning operation fails. As with the installation process, test the communication infrastructure prior to running the installation wizard. When you remove Active Directory, use the same connectivity tests that you used during the installation of Active Directory.

1.      Open a Command Prompt.

2.      On a Windows Server 2003 computer, type the following command, and then press ENTER:

netdiag /test:dsgetdc

If domain controllers are successfully located, the last line of the response is DC discovery test……..: Passed. The verbose option lists the specific domain controllers that are located.

On a Windows Server 2008 or Windows Server 2008 R2 computer, type the following command, and then press ENTER:

nltest /dclist:yourdomain.org

If domain controllers are successfully located, the last line of the response is The command completed successfully.

If the tests fail on any of the operating system versions, do not attempt any additional steps until you determine and fix the problem that prevents communication with other domain controllers.

 

8.     Verify the availability of the operations masters

1.      Open a Command Prompt.

2.      Type the following command to ensure that the operations masters can be located and then press ENTER:

dcdiag /s:yourserver /test:knowsofroleholders /v

dcdiag /s:yourotherserver /test:knowsofroleholders /v

The verbose option provides a detailed list of the operations masters that were tested. Near the bottom of the screen, a message confirms that the test succeeded. If you use the verbose option, look carefully at the bottom part of the displayed output. The test confirmation message appears immediately after the list of operations masters. Press ENTER.

9.      Type the following command to ensure that the operations masters are functioning properly and are available on the network:

dcdiag /s:yourserver /test:fsmocheck

dcdiag /s:yourotherserver /test:fsmocheck

·         If any of the verification tests fail, do not continue until you determine and fix the problems. If these tests fail, the uninstallation is also likely to fail.

 

10.               If the domain controller hosts encrypted documents, perform the following procedure before you remove Active Directory to ensure that the encrypted files can be recovered after Active Directory is removed.

To export a certificate with the private key

1.       Open the Certificates console for the user, computer, or service you want to manage.

2.       In the console pane, select the certificate store and container holding the certificate that you want to export.

3.       In the details pane, click the certificate you want to export.

4.       On the Action menu, point to All Tasks, and then click Export.

5.       In the Certificate Export Wizard, click Yes, export the private key. (This option will appear only if the private key is marked as exportable and you have access to the private key.)

6.       Under Export File Format, do one or all of the following, and then click Next.

1.       To include all certificates in the certification path, select the Include all certificates in the certification path if possible check box.

2.       To enable strong protection, select the Enable strong protection (requires IE 5.0, NT 4.0 SP4 or above) check box.

3.       To delete the private key if the export is successful, select the Delete the private key if the export is successful check box.

1.       In Password, type a password to encrypt the private key you are exporting. In Confirm password, type the same password again, and then click Next.

2.       In File name, type a file name and path for the PKCS #12 file that will store the exported certificate and private key, click Next, and then click Finish.

Note

If a certificate was issued from a Windows Server 2003 certification authority, the private key for that certificate is only exportable if the certificate request was made via the Advanced Certificate Request certification authority Web page with the Mark keys as exportable check box selected, or if the certificate is for EFS (Encrypting File System) or EFS recovery. Strong protection (also known as iteration count) is enabled by default in the Certificate Export Wizard when you export a certificate with its associated private key. Strong protection is not compatible with older programs, so you need to clear the Enable strong protection option if you are going to use the private key with any browser earlier than Microsoft Internet Explorer 5. After the Certificate Export Wizard is finished, the certificate will remain in the certificate store in addition to being in the newly-created file. If you want to remove the certificate from the certificate store, you will need to delete it.

11.               Uninstall Active Directory

1. Click Start, click Run, type dcpromo and then click OK.
2. The Active Directory Installation Wizard appears. Click Next at the Welcome screen.
3. You have an option to select This server is the last domain controller in the domain. If you select this option, the wizard attempts to remove the domain from the forest. Do not select this option. Click Next.
4. At the Administrative Password screen, enter and confirm the password that you want to assign to the local Administrator account after Active Directory is removed. Click Next.
5. At the Summary screen, verify that the information is correct and then click Next to proceed with the removal.
6. The wizard proceeds to remove Active Directory. After it finishes, the wizard displays a completion screen. Click Finish to close the wizard.
7. Click Restart to restart the domain controller.

You may experience an error during the demotion of the Source server, namely:

Active Directory Installation Wizard

The operation failed because:

Failed to configure the service NETLOGON as requested

“The wait operation timed out.”

Go ahead and Click "OK". Then click "Back" until you are at the Welcome screen of the "Active Directory Installation Wizard". Then next back through everything and the demotion process should complete correctly.

12.               Uninstall DNS services

Delete any old records

13.               If the domain controller hosts encrypted documents and you backed up the certificate and private key before you remove Active  Directory, perform the following procedure to re-import the certificate to the server:

 

 

Sniffing to see who done it.. on the network

So, is it a big deal if someone hops on your wireless network? Yes, kind of. It is more of a security risk for someone to be on your wireless network than to plug into a port on your switch. One of the reason is because the wireless access point, like hubs, acts as a single collision domain. Each computer connected to the wireless will be broadcasting all transmissions to one another and using CSMA/CD to control the traffic. Switches are smart enough to only broadcast traffic associated with the MAC so you will have a as many collision domains as you do ports.

With all that being said, those connected to your wireless network can see all the information you send and receive (unless layer 2 isolation is configured on the AP).

Since we installed Backtrack last time we will use it again. It comes pre-loaded with Wireshark so open it up

Configure the wireless networking interface you plan on using to capture the packets and click start.

It should start recording all the information, which is a lot of data so we will need to filter out only the information we need, log in and passwords. Click Expression and scroll down to find what you need. This example I will use HTTP filtering and type in the value "username" to find any information where a username is transferred over clear text

If you want to gather information on a website you can type in the URL, if you know the IP of the workstation you can filter out by IP as well

Once I applied my filter results came up with a HTTP form log in for web mail access that did not use SSL. Expanding the results below displayed the username and password used on the webpage.

If the page was encrypted the user name would have probably been hashed.

Cracking WEP wireless network

     Online encryption is important but most people I’ve come across never give a second thought about it. They don’t think that a hacker will hack them because they are just ordinary people. But we regular folks are the ones they are after! They use minions to achieve their wicked goals because they are disposable. This post will be a 3 part series that demonstrates how to infiltrate a wireless network with WEP encryption, sniff the network traffic, and then use the data collected to impersonate a user. The goal is to raise awareness on how vulnerable wireless connections are.

     There are hundreds of articles online that will teach you how to crack a wireless network. Now there is another one.

1) Download Backtrack ISO and burn it to CD and then boot from the disc.
       You don’t need to install the program but you can
       I will be using the BT5R3-GNOME-32 for this demonstration
2) Once it is installed or booted up, login and start the GUI
       Default user name is root and the password is toor
       Type startx to start the GUI
3) The tool we will use is Gerix
       Navigate to: Applications, BackTrack, Exploitations Tools, WLAN Exploitation, gerix-wifi-cracker-ng

4) Click the configuration tab and highlight your wireless adapter (wlan0) listed under interface
       If there is no adapter present, refer to the notes at the end of this article
5) Click enable/disable monitor mode to create a new interface (mon0)
       Highlight mon0 and set a random mac address

6) Scroll down and click rescan networks
       After the wireless network appears, select one from the list with WEP encryption and decent signal strength

7) Navigate to the WEP tab and start sniffing
       A box will appear, just move it aside, don’t close it
          The number below #Data is what we are monitoring
          The more traffic on the network the more we get, but we can inject stuff to make traffic

If no one is on the network then you will need to simulate traffic, click test injection to see if the AP is vulnerable.

8) Try a Chopchop attack first, Crate an ARP packet to be injected the Inject the create ARP packet
       Another window will pop up and ask you if want to inject with the created packet, type Y and hit enter
       This will help you get more #Data (try fragmentation injection if it doesn’t work)

9) Once you have at least 5000, try and crack
       Click on the Cracking tab and click on Decrypt WEP password

     Another Window will pop up and will display the password when successful

If you don’t have enough #Data it will not be successful, wait to get more and click Decrypt WEP again when you have more (10,000 or 15,000)


     Gerix is just a GUI for the aircrack-ng, for full functionality, your wireless adapter chipset will need to support injection. The list of supported chipsets can be found here the page has not been modified since 2011, so there are probably more chipsets on the market that is supported.

Windows 8 wireless issues

I have 2 SSD drives in my laptop, one is the 180GB Intel 520 with Windows 7 Pro installed and the other is Mushkin Enhanced mSATA 120GB drive with Windows 8 Pro installed. I have noticed issues in multiple locations where Windows 8 would experience frequently dropped packets when connected to a wireless access point. I would boot back into Windows 7 and it did not exhibit the same behavior so I suspect it is not specific to the hardware. While in Windows 8, I plugged in a TP-Link USB wireless adapter (TL-WN722N use the AR9271 Chipset) and did not experience any issues with it either. I only saw issues when running Windows 8 while using the on board wireless adapter. It makes me sad because the Intel Centrino 6205 wireless adapter are great for penetration testing but using it along side with Windows 8 will inhibit your ability to work productively from some locations.

After battling it for many months I think I nailed it down to two things:

1) Change the advanced power settings of the wireless adapter to never go to sleep
2) Disabled the multi-band frequency settings of the wireless adapter

The first part will need to be configured in the Windows control panel, under power options, and advanced power settings & wireless adapter settings – set everything to maximum performance.

The second change needs to be made under the wireless adapter properties. Open the advanced settings tab for the wireless adapter properties and scroll down to wireless mode and change the band to G only.

This is not an ideal solution if you plan on using multiple frequencies but at least it will stabilize your wireless connection. I don't know why it is a problem in some locations and not all. Maybe because it is the wireless router? I have not tested but I bet disabling ABN on the access point and only allowing G will fix the problem as well. But it is much easier to change the adapter's setting on your laptop than every wireless hotspot you visit.

Windows 7 as a file server

Sometimes you want a dedicated computer or file server but you don’t need a full blown server OS. For a simple storage or file sharing system, Windows 7 pro might just work fine. But by default, Windows 7 will limit the amount of open concurrent connections. After a handful users connect to the device, it will start rejecting new connections. You might start seeing errors in the event log that look like this.

Event ID:2017
Event Source: srv
"The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations."

What does this mean? It means you need to spend $4000 on a real server.
:)
Actually you just need to make 2 registry changes and then reboot Windows.

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\LargeSystemCache

Change the key to ‘1’ to allow large system cache

Then

HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\Size

And set it to ‘3’

That should stop those errors from popping up and allow more connections to the workstation.

RADIUS Server on Windows 2008 R2 to Cisco

Yesterday I posted about setting up remote access VPN on a Cisco ASA 5505 with extended authentication to a RADIUS server. Today’s post will be about setting up Windows 2008 R2 NPS to work with the Cisco client.
Open up Server Manager and add a new role.


Select Network Policy and Access Services. Click next and you only need to have the Network Policy Server selected to hit next again and install.
After the installation is completed. Open the Network Policy server and expand Policies, Network Policies and create a new network Policy.
Create a name for the Policy and leave the access server to unspecified click next.



Add some conditions for access like Windows user groups or something



Click add groups and then type in the Group name, I went ahead and added Domain users just for testing. I also added the RADIUS client settings under the condition and specified the name of my ASA



After you are done adding the conditions, click next and select access granted and next again


Put a check make on Unencrypted authentication (PAP, SPAP).




Click next, and select No when it ask you to view the help file.



It will ask for setting additional constraints, we don’t need any, click next.




Under standard RADIUS attributes, deleted PPP and Framed and add a new one.



Access type will be all and attribute is service-type



The attribute value will be Others, then choose Login the drop down box and click OK, then Close.
Specify the vendor under RADIUS Attributes by adding select Vendor Specific.



With Vendor set to “All”, select Vendor-Specific for the attribute and click Add to add in the attribute information.

For the attribute information select “Select from list” and choose Cisco from the menu. Then select “Yes. It conforms” and click Configure Attribute.

For the Vendor-assigned attribute number enter 1, for Attribute format choose String, and in Attribute value type:
shell:priv-lvl=15
Then click OK.


Click OK, Close, Next, then finally click Finish.

Now specify the Cisco router as a RADIUS client in Network Policy Server by highlighting RADIUS Clients and Servers, and then right click RADIUS Clients and choose New.
Fill in the friendly name that you specified earlier and enter the IP address for the device and enter the shared secret RADIUS key.



Activated in Active Directory. Right click the NPS tree root on the left pane, and choose “Register server in Active Directory”. (If it is shaded out do not worry about it.)

Restart the NPS services which might take a few seconds and then everything should be complete now.

Remote Access VPN on Cisco ASA 5505

One of my favorite things to do with new equipment is test the maximum throughput of the device. The Cisco ASA 5505 is a nice firewall appliance but the ASA does not support BGP so be weary if you are purchasing one to study for your CCNA.

In this post I will attempt to explain how to setup IPsec VPN on the ASA (ver. 7.2) for remote users and authenticate with RADIUS using CLI. There are a ton of guides on how to setup and configure the Cisco ASA 5505 so I will just run through the basic stuff I assume you already have configured on your ASA.

Basic stuff:

Setup the host name, interface names, IP address, assign VLAN, and NAT and the default route on the firewall. Enable of disable DHCP on the inside interface.

Delete the existing keys
crypto key zeroize rsa

Configure your domain name
domain-name domain.com

Generate the keys
crypto key generate rsa general-keys modulus 1024 sh crypto key mypubkey rsa wr mem

Allow traffic to go both ways
same-security-traffic permit intra-interface

Create the rules for what goes in and out and stuff
access-list noNAT extended permit ip 192.168.150.0 255.255.255.0 192.168.57.0 255.255.255.0

192.168.57.X is the IP subnet that is assigned to the virtual adapters for VPN clients and 192.168.150.X is the local subnet of my network

Create the range of the IP address that the virtual adapters from VPN connection will receive
ip local pool IPPoolforVPN 192.168.57.15-192.168.57.90 mask 255.255.255.0

Assigned the access list created to allow communication between VPN clients and local network
nat (inside) 0 access-list noNAT

Define the authentication server and type
aaa-server WindowsServer protocol radius aaa-server WindowsServer max-failed-attempts 3 aaa-server WindowsServer deadtime 10 aaa-server WindowsServer (inside) host 192.168.150.11 shadowkey timeout 5

Create and name policy for the VPN group
group-policy ShadowVPN internal group-policy ShadowVPN attributes dns-server value 8.8.8.8 4.2.2.2 vpn-idle-timeout 240 vpn-session-timeout 720 ipsec-udp enable ipsec-udp-port 10000 split-tunnel-policy tunnelspecified default-domain value domain.com split-dns value domain.com exit

Allow all the traffic that enters the security appliance through a VPN tunnel to bypass interface access lists
sysopt connection permit-vpn

Create encryption profile types
crypto ipsec transform-set RemoteAccess esp-aes esp-sha-hmac crypto dynamic-map dyn1 1 set transform-set RemoteAccess crypto map VPN 99 ipsec-isakmp dynamic dyn1 crypto map VPN interface outside crypto isakmp enable outside crypto isakmp identity address crypto isakmp nat-traversal 3600 crypto isakmp policy 10 authentication pre-share encryption aes hash sha group 2 lifetime 43200 exit

Assign attributes to the tunnel group you created earlier
tunnel-group ShadowVPN type ipsec-ra

Specify the address pool you made earlier
tunnel-group ShadowVPN general-attributes address-pool IPPoolforVPN

Specify the RADIUS server
authentication-server-group WindowsServer default-group-policy ShadowVPN exit tunnel-group ShadowVPN ipsec-attributes pre-shared-key Hard.2.Guess.Key exit wr mem

Some commands to help troubleshoot issues
show crypto isakmp sa show crypto ipsec sa show crypto engine connection active debug crypto isakmp debug crypto ipsec

If the VPN connection is established but no traffic is encrypted or decrypted, check your ACL

Interface Rates on Linux Firewalls

I was working with the Cisco SRP541w and noticed something strange when remote users connected to the VPN. Once a VPN connection was established and remote users attempted to download something from the office, the firewall would reboot itself. After a little bit if research the problem seems to be directly related to the QOS bandwidth control under network setup.

It does not matter what this is set to, if it is enabled on any of the interface the problem will still occur when IPsec VPN users connect.

The Cisco SRP541w is running a GNU/Linux OS and I have seen issues similar to this on other variant Linux operating systems. The Zentyal will suffer the same consequence when rates under traffic shaping is enabled.

Enabling this on the WAN interface will cause the OpenVPN users to crash the outside interface after establishing a connection. I have not tested the stability of the connection over PPTP VPN but I suspect it will do the same thing since the issue is related to the uplink on the WAN connection and is present in IPsec and OpenVPN.

First Attempt

Using this blog to keep track of my projects and help my organization skills.
As of today, my current rig includes a

Cisco ASA 5505
Juniper Netscreen 50
Cisco WS-C2950-24
Cisco WS-C2924-X
Netgear GS724T
Cisco 1760 Router
SuperMicro X7DCA-L
Cisco 2651 Router
ZyXEL ZyWALL USG20
FreeNas box with 13 terabytes of data
Dell PowerEdge 2900 with 2 dual core Xeon processors, 21 gigs of RAM, running 2008 R2 Hyper-V, 8 Intel gigabit adapters and 2 Broadcom gigabit adapters.



Not included in this picture is a Asus RTN16 mounted on the wall and used only as an access point and a Netgear GS108T upstairs right next to the ONT.


I currently have Verizon FiOS with 150mbps download speeds and 65mbps upload speeds. Since none of my equipment was capable of 150mbps SPI throughput, I have Zenytal running as a virtual machine in Hyper-V which acts as my firewall.


This blog is not intended educate, inform, or entertain anyone but myself.