Digital Choke Daynotes |
What's a Daynote?"Daynotes" are daily (usually) journal entries of interesting happening and discussions. They are not 'blogs', which are often just a collection of links to other information (although we do include links occasionally). Daynotes are much more interesting (we hope). These "Digital Choke Daynotes" were inspired by the collection of daily journals of the "Daynotes Gang" (see sites at .com, .net), a collection of daily technical and personal observations from the famous and others. That group started on September 29, 1999, and has grown to an interesting collection of individuals. Readers are invited and encouraged to visit those sites for other interesting daily journals. If you have comments, send us an email. A bit more about me is here. You might also enjoy our little story about the death of the 'net. |
Reports
|
Been a bit busy, and worn out by the time the evening rolls around, which is my current excuse for lack of content here.
Working on some vmWare partitions and testing various OS patch levels. Although a great program, it takes a bit of time to set up a OS partition from scratch. The 'snapshot' makes it easier to freeze an vmWare partition, so you can revert back to that setting when you want to repeat a test. Also been working with some more Bindview auditing reports, along with some reading of computer forensic books.
Yesterday morning I got a call while still on the way to work. One of the web servers had mysteriously gone off-line since Monday. So after the first-thing-in-the-morning status meeting (we discuss any production issues with the company network), I wandered into the data center to see what was wrong.
The server was up and running, but unable to PING outside itself. A PING of localhost and the server's IP address was OK, so the problem wasn't in the server. A look at the network card icon showed it was disconnected. I went to the back of the box, saw that the cable was there, but no link or activity lights. The cable disappeared into the raised floor, and looked OK ... until I started pulling the cable out of the floor, and came up with a cut cable. (As Dr. Jerry Pournelle has said, 90% of all computer problems are cabling.)
Seems that there was some on-going cleanup of the underfloor cabling (think of a massive pile of spaghetti), and there was an inadvertent cut of the wrong cable. A temporary cable from the server to the patch panel fixed that until the cabling guys could run a new cable under the floor.
At the same time, the web filtering server wasn't web filtering. Again, the server was OK (and cabling OK, so we're into the other 10%), but no traffic from the 'span' port on the switch. There was some troubleshooting of that switch Monday night, with the addition of another span port. That was configured wrong; although the 'new' span port was working OK, it borked the span port used by the web filter. The switch guy got that working, so all was well in the web filtering department.
Then I spent some more time yesterday and today working with a test version of the Software Update Server software (version 1.0 from Microsoft; free, and pretty good stuff; version 2 is better). I wanted to use that server as the update source for my vmWare partitions. Then I'll install version 2 (now known as Windows Software Update Server) and see how that works with the vmWare partitions. We'll be converting to WSUS next month, I think, but this set up will give us some 'play' time with the new version. Lots of good features in WSUS that will make automatic updates much more versatile.
Then there were the usually calls about VPN connectivity problems (most were PBDAC -- Problem Between Desk And Chair), some questions about web filtering, and a couple of new server security audits. A bit busy, but OK. New stuff learned; skills improvement.
Noticed that there were two arrests, in Morroco and Turkey, of the alleged creators of the Zotob worm. The reports indicate that Microsoft helped out the FBI in identifying these guys. (One report here; others at your favorite news source. The FBI news release is here.)
Arrested in Morocco was Farid Essebar, 18, a Moroccan national born in Russia who went by the screen moniker "Diabl0." Arrested in Turkey was Atilla Ekici, aka "Coder," a 21-year old resident of Turkey. Both individuals will be subject to local prosecutions.
So, while the Zotob worm was released within a day or two of the notification of the patch, the arrests took only about 8 days after the release of the worm.
I've been spending some time in forensic tasks relating to a user's emails. Interesting techniques are available for doing that. It gets harder if you want to do it stealthily, and also depends on the mail system that you use. And you have to be careful about doing it, as you could run afoul of major felonies. For you new guys, I did a report a while back about "Is There a Felony in Your Computer?" (pdf, and opens a new window, as do all links around here). Comments invited.
Getting hot around here again, with temps approaching 100 degrees (F). I'm going off to the tomato processing plant tomorrow evening for some volunteer work. Lots of tomatoes (a semi-truck's worth, or more) going into lots of cans. It's something that I do once every year. The canned tomatoes are used for a church welfare program, which distributes them world-wide. Our little tomato cannery is the only one in the whole system (which is quite extensive). Lots of tomatoes around here.
Which is why we locals also call this town "Sacratomato".
... more later ...
|
||||||
Visitors
|