Build Your Own NOC

Geminus writes "Ever wanted to build a cheap NOC but had difficulty explaining tech stuff to bean counting managers? Here's the basics on building one for under two grand. Makes for a pretty good dog-n-pony show, and proves useful too! Damn, I want to be an Armchair Network Operations Center General."

to be a noc

[nil5]

don't you need some reason?

i mean, what's the point unless you have subscribers?

Speed kills computers.

NOC=Nitrous Oxide Computing.

Re:Speed kills computers.

Thats NOX u ninney

Re:Speed kills computers.

[High+Hat]

I don't get how Speed is in any way related to nitrous. Speed is a stimulant, while nitrous is a dissociative...

Re:Speed kills computers.

[Billy+the+Mountain]

Nitrous is a stimulant when applied to the air intakes of internal combustion engines.

btm

That was fast

[dunelin]

Only 7 (now 8) comments and they're already slashdotted. Way to go, guys.

Re:That was fast

Redundant to what, exactly, O wise moderator?

Re:That was fast

Number of comments does not indicate number of readers, it indicates number of writers.

Re:That was fast

[Zeinfeld]

Only 7 (now 8) comments and they're already slashdotted. Way to go, guys.

Its like that cult who used to sell instructions on how to make your own UFO for $1000. Sure you can build something that you can call a NOC for $2000. But it won't be capable of running anything of importance. A slashdotting is pretty low on the scale of DDoS attacks.

A NOC is in large part a stage set. The purpose is to impress the customer. You are not going to be able to convince anyone that you are protecting important information without a very high degree of physical security. These turkeys don't even have a card access badge scanner. Most real NOCs go for multi-tier construction and biometric access controls.

There has been something of a retro trend amongst VCs, doing stuff for cheap is fashionable these days. I don't recommend the approach, having aquired companies who went that route. One was using $500 PCs when the cheapest you could get a production one for was $1500. Even though the PCs were 'only' for class use they were a false economy, they were slow and prone to break down. Pretty soon there was a frankenmachine effect, the machines were patched and repaired so often no two machines had the same configuration so you could not flash install an O/S. Great way to impress folk paying $800 per day for training.

I'd steer clear of these NOC folk, particularly if they wear black Nike sneakers or invite you to the local dinner for chicken pot pie (lets see who gets the obscure reference).

hmmm...4 comments and it's slashdotted?

[yroJJory]

I guess you can build your own NOC, but if you don't have enough bandwidth, you can't teach others how to do it.

There have been 4 comments so far and the story is already slashdotted!

Re:hmmm...4 comments and it's slashdotted?

[germanbird]

Obviously the Armchair Network Operations Center Generals did not prepare a contigency plan for the slashdot effect...

Re:hmmm...4 comments and it's slashdotted?

[lithiumcloud]

it's supposed to be a really cheap noc. go figure.

Re:hmmm...4 comments and it's slashdotted?

[Mister+Transistor]

I think the guy just wanted to calibrate the top scale on his ping-o-meter. Set up the net traffic monitors, and then call in /. to do the rest!

Re:hmmm...4 comments and it's slashdotted?

[Spoing]

There have been 4 comments so far and the story is already slashdotted!

Sigh! Remember people, it's make comments FIRST, then read the article!

Re:hmmm...4 comments and it's slashdotted?

[danknight]

That's Because the story is always

SLASHDOTTED

so usually we have no choice but tocomment without RTFA !!!

Re:hmmm...4 comments and it's slashdotted?

[Lars+T.]

Well,at least he saw where it was coming from...

coulda used this two years ago...

[ruebarb]

I was part of a company that wanted to branch into network management for others

problem was, to sell your services as a NOC, you have to already have it built, which we didn't have...we had a bunch of fake looking tools, though...

where was this two years ago when I needed it...LOL

RB

Re:coulda used this two years ago...

This article was barely a page in length and revealed nothing concrete. This is meant as more of a joke than anything else, I assume. I hope you were joking as well... because that is pathetic if you'd need this article to learn how to build a NOC.

Re:coulda used this two years ago...

[Maggot75]

You should have gotten a bunch of real-looking fake tools to show off. Perhaps program some green glyphs scrolling upwards on a black background. Then yell 'look, there it is again, that DoS attack!'

Re:coulda used this two years ago...

[Red+Weasel]

You could always do what the Pentagon did and just setup a huge dog and pony show for the masses.

NOC story for funding.

Awhile back the Commander of Cheyenne Mountain was taking a tour of the Pentagon NOC facilities. At one point of the tour the guide showed off a large board of lights all pretty with labels, flashing and so forth. (picture the bat computer and you'll have a pretty good Idea)

Anyway the CO was so impressed by this that when he got back to Colorado he informed the network folk of this great way to monitor network trafic and for us to get one too.

After a bit of research into this we couldn't find out how this could possibly be useful. A wall of blinking lights? WTF?

We finally got the go ahead to visit the Pentagon ourselves and went on the same tour as the CO. When the tour was over and we finally got a chance to talk to the NOC folk on our own we found out finally how to make our own "NETWORK TRAFIC SECURE DISPLAY".

Hook up a bunch of lights to a randomizer and put labels on it. That's it.

Needless to say we never did make this bitch but if you ever need to impress a PHB go for it.

Just add...

[neiffer]

Just add an LCD projector and I can play a 3d shooter on the big screen while keeping track of network packets.

Re:Just add...

[karnal]

Or, perhaps someone will come up with the bright idea to let you shoot packets whilst in the 3d game...

"Oops, sorry about that boss. That was a nasty zombie.... whaddya mean that was my raise paperwork????!!!"

Re:Just add...

http://members.iinet.net.au/~bofh/newbofh/bofh10ja n.html

Then search for "boss mode". The BOFH is the best thing that I have ever read (well for the point of being in IT that is ad wanting to crush some of my lUusers)

Tim

NOC????

[CyberBill]

What in gods name is NOC?
Nerds on Crack...
Nice/Naughty old Chicks...

-Bill

Re:NOC????

Nobody On Call!!!

Re:NOC????

[bluekanoodle]

Network Operations Center

Re:NOC????

[beeudoublez]

No One Cares

(outside IT that is)

Re:NOC????

[lithiumcloud]

RTFA

Re:NOC????

RTFM

Re:NOC????

How?
I find this article very slashdotted. :)

Re:NOC????

[lithiumcloud]

Well, it's all cleared up by the cut-and-paste karma whores in the comments now, so just read through.

Re:NOC????

[jigyasubalak]

Back home it is usually: No Objection Certificate

Who wants to sit there though?

[beeudoublez]

My NOC is extremely loud, cold and blows air through vents convienently located by my chair or whatever rack I'm working on. But yes, what about the key-card lock? That is what justifies 'value' to the bean counters.

Slashdotted already

[CyberSlugGump]

It must have been a *really* cheap NOC!

Nightmares.

[DAldredge]

This will cause me to have nightmares. I hope they are joking.

Just one minor change...

[jkrise]

The NOC advisory "Your first Monitor should be watching CNN or the weather channel"

Change that to Slashdot, Kuro5in, TheRegister, ThtOnion or something else. No CNN please.... if you have any sense of self-esteem, that is.

-

Re:Just one minor change...

[jkitchel]

No CNN please.... if you have any sense of self-esteem, that is.

Ok, fine. Make that Fox News then.
*runs for cover*

Re:Just one minor change...

[DAldredge]

Fox News Alert.
Perterson Case
Fox News Alert
Jackson Case
Fox News Alert
Toby Case
Fox News Alert
More Mindless crap.

And this is coming from someone who in the past bought dish network so I could watch fox news. But that is before it turned into all trash, all the time.

Re:Just one minor change...

[MicroBerto]

I worked in a Fortune 500 company's World HQ NOC, and of course, we were in the basement. World class NASA launch station looking facility. Anyway, since we were in the basement, we had no windows. So our window to the outside world was CNN.

God does that station play the same annoying commercials all the time, it was horrible. However, CNN generated so many political arguments that work used to fly by. Seeing 9/11 happen live was quite scary. Nothing got done for quite a while after that, as CNN was the only thing being monitored.

Re:Just one minor change...

God does that station play the same annoying commercials all the time

Yeah, but Rudi is waaaaaay hot.

Re:Just one minor change...

[elwinc]

Fox News Alert.
Perterson Case
Fox News Alert
Jackson Case
Fox News Alert
Toby Case
Fox News Alert
More Mindless crap.

Very amusing! But you forgot Chandra Levy / Gary Condit.

Before 9/11, Faux News and others were spinning stories practically continuously, despite dire predictions by the Hart Rudman Commission and the Gore Report.

And this is coming from someone who in the past bought dish network so I could watch fox news. But that is before it turned into all trash, all the time.

Remind me, when wasn't it trash?

Re:Just one minor change...

[erpbridge]

You forgot one of the obvious ones:

Fox News Alert
Steve Case

The article.

A Website Dedicated to Computer Professional...and some not so Professional
How to build a cheap Security NOC
William M. Nett

The Network Operations Center or NOC is the cornerstone of all computer networks. I've worked at AT&T's NOC, been around Government NOCs and seen small scaled versions. Most look like something out of the movie, "WarGames" and surprisingly, whether you're a Linux or Windows fan you can build one for cheap and be your own armchair NOC General.

What does a NOC do? It monitors connections, network activity, spots problems, conducts threat assessments, and calculates scalability requirements with customer demands... it also puts on a pretty good "dog-n-pony" show for potential investors and customers.

What's required? Again, surprisingly not too much! Depending on the size of your company, this can be achieved with as little as an 8' X 10' room, and 4 computers. Trust me, you more than likely do not need a $15,000 Cisco PIX or Nokia firewall (which runs Linux derivatives).

You'll need at least three big monitors (the bigger the better), two smaller ones (17"), a KVM switch, and OOB dialup. Here's the loadout:

1. Firewall: Get a copy of IPCOP... its Smoothwall on steroids and very easy to configure. It has a built in Intrusion Detection System, Proxy logging, and you can use Coyote Linux as a failover if you think you are being attacked. This package uses a web interface, so there's no need for a
monitor, keyboard, or mouse. These software elements are also free. Minimum requirements are a 333Mhz system with 64MB of RAM and a 2.1GB Hard-Drive.

2. Network Monitoring: Download a copy of F.I.R.E. and run it on a barebones 600 Mhz system. Configure and open Etherape on a monitor for an Air Traffic Controller's view of your network activity... bean counters love this. If you're being attacked or infected, you will quickly see where it's coming from. You should also use a receive only sniffer cable on this box to protect integrity... a receive only box has a zero chance of infection as it's physically impossible.

3. Got wireless? Download and run Airsnare with a semi hyped up Wireless antenna, and you'll quickly spot any war-drivers or unauthorized network connections. If you have an old directional motorized TV antenna system lying around you can go uber-elite and connect a cheap phased array panel antenna or cantenna to locate your wireless intruder with NetStumbler. This can all equally run on a 333Mhz Windows based system.

4. Workstation: Here's the beef... a 1.2Ghz, 512MB, 20GB computer, with dual head Matrox card, with dual booting OS (Linux & Windows), Preferably Linux with a Windows VMWARE guest OS. Trust me, once you go Dual-Head, you won't go back. The best Linux Dual-Head OS is SuSE 8.3. Tie this into the KVM to modify any of your servers.

5. Red Phone... afterall, who doesn't want one? You're batman right?

Your first Monitor should be watching CNN or the weather channel (depending on location), the second should be running Etherape, and the third should be running Airsnare or Windows Services Monitors (CPU, Netload, etc.) All of the software here except Windows is free, and easy to configure... except maybe your General's chair. In the end, aside from having your own
WOPR, you have a NOC for just under $2,000.00

William M. Nett

Links:
http://www.ipcop.org
http://www.coyotel inux.com
http://prdownloads.sourceforge.net/biatc hux/fire-0 .4a.iso?download
http://etherape.sourceforge.net/ images/v0.5.5.png An etherape screenshot
http://www.netstumbler.com
http://hom e.comcast.net/~jay.deboer/airsnare/downl oad.htm

Search Now:

E-mail your comments to dougchick@thenetworkadministrator.com
All rights reserved TheNetworkAdministrator.com

Disclaimer: The Opinions shared on TheNetworkAdministra

Re:The article.

[Silvers]

"You should also use a receive only sniffer cable on this box to protect integrity... a receive only box has a zero chance of infection as it's physically impossible."

Am I the only one that balks at this statement? Maybe I am missing something but it does seem that even with rx-only you could be infected, just not by any connection oriented protocols? (Or maybe even still if some really strange bug crops up).

Or am I just missing something...

Re:The article.

[wildchild07770]

So the first guy to post this gets modded down for redundancy and the second up for informative, gotta love slashdot.

Re:The article.

[KrispyKringle]

Probably right. I've wondered about this before, when seeing these statements. But at least you don't have to worry about leaking information or being used as an intermediate host in an attack. Worst case is essentially a DOS. On the other hand, were this a logging host, you could concievably infect it as you mentioned, download to it a simple program (you'd have to hope you download it right, since there won't be any way to do TCP style checksumming, I suppose) and have it grep through the logs to remove entries with your IP address or whatever, all automatically. No? But that'd be a bitch of an exploit, if you could pull it all off all one way.

Re:The article.

[KFK+-+Wildcat]

a receive only box has a zero chance of infection as it's physically impossible.

Huh? I don't get this... How would it be physically impossible to infect a receive only box?? (I figure *transmit* only is secure for sure, but receive?)

Re:The article.

[aardwolf204]

5. Red Phone... afterall, who doesn't want one? You're batman right?

Of course, then you can say stuff like "Get the Pentagon on the horn!" while smoking a stogie

Re:The article.

[psyki]

With a "receive only sniffer", even if the machine gets infected it will have "zero chance" to infect other machines. Eric

Re:The article.

Post marked as redundant has time of December 15, @04:02PM, this one has time of December 15, @03:58PM.

He did not post it first troll, he was 4 minutes late. His post was redundant.

Re:The article.

A receive-only system can still be compromised, and while the one-way communication channel prevents the system from affecting other machines on the network, it can be crashed or otherwise prevented from doing its job. What good is a logging machine which doesn't log? A receive-only cable can only be part of the strategy, not all of it. It should also be noted that a receive-only cable is not simply an ethernet cable with one pair of wires cut.

Re:The article.

interesting. maybe he was in california were the other was in newyork? then the 4 minutes diference would actually be 2 hours and 56 minutes early,

but in any case ot looks like a complete waiste of modpoints. especially when your post is dated by Anonymous Coward on Monday December 15, @02:52AM wich seems to be way earlier than December 15, @04:02PM or December 15, @03:58PM.

it is almost like you anticipated this convo.

Re:The article.

lets think about this. it might be unlikly but not a zero chance, but what virus doesn't look for a victom to infect and durring that expect a reply to know howto stop the looking and start the infecting?
also, as packets are droped, how does the virus or the person know that all the packets made it to the machine? simple colisions happen all the time, it is unlikly that a virus or a person blasting an infection over the net wouln't create a packet loss.

while this alone makes it apear that it would never become infected by the network, i have learned along time ago that you should never say never.

Re:The article.

Or am I just missing something...

A sense of humour?

Re:The article.

[SkewlD00d]

NOCs... oh, like the one Enron had for petrochem market trading? HAHA. All u need is nmap, snort, ethereal, neotrace pro (runs on wine i think), dshield's log generator, etherape, and nagios (netsaint). Nagios is fucking l337. But a whole solution that integrates CRM (ticket manager) and monitor/response would be nifty w/ a slick interface. Something like neotrace + etherape + DIDS monitoring + nagios would be awesome.

Lol, u can't find wardrivers if they have their transmitters turned off. ;)

lmao... red phone... a simple circuit can be used to direct dial a hard line to the boss's office or something. Hell, a VoIP setup should be ez (assuming u have real encryption goin).

BTW, I dont see anywhere to download source for Coyote (www.coyotelinux.com) (Vortech Consulting, www.vortech.net). Isnt that a GPL violation? *Sigh* Yet Another closed-source whoring of modified GPL projects for monetary gain. (YACSWOMGPFMG).

Re:The article.

[boaworm]

Another way of doing that is to connect the machines with a Hub instead of a Switch, and have one machine configured without an IP, only raw logging of network traffic.

The idea is that whatever goes on out there will be logged/dumped, but never executed/analyzed, on this machine. And since it has no IP, it does not show and cannot be addressed. So if you have an intrusion, this machine is uncontactable, but still will hold all network traffic for you to analyze later.

Kind of like making
bash# ln -s /dev/lp /var/log/messages

Pretty hard to clear up the trace now, huh ? :)

Re:The article.

[PowerBert]

I would say you have overlooked ARP.
If it can't respond to ARP requests then it can be talked to.
Not unless you were really *smart* and setup a static ARP for it, but that would probably get you a darwin award ;-)

Re:The article.

[lewp]

I often do this when I'm working late in the NOC. Of course, then my cigar sets off the fire suppression system...

Re:The article.

[Upphew]

How about using your sniffer in the bridging firewall? Wouldn't that be secure?

Re:The article.

[AKnightCowboy]

Am I the only one that balks at this statement? Maybe I am missing something but it does seem that even with rx-only you could be infected, just not by any connection oriented protocols? (Or maybe even still if some really strange bug crops up).

Snort had such a bug once or twice within the last year that allowed a remote attacker to execute code as the user snort runs as (usually people run it as root) just by having the sensor listen to the traffic. Quite spiffy.

Re:The article.

[AKnightCowboy]

The idea is that whatever goes on out there will be logged/dumped, but never executed/analyzed, on this machine.

Wrong. Go look up the RPC pre-processing and stream4 vulnerabilities in Snort. I will also add that a very common way to configure a network sensor is to have one administration interface on an internal trusted network and the other passive listen-only interface without the IP on the dirty network. With the snort vulnerabilities your machine could become infected and used to reach your internal network. Unless you've got a very very simple network that only needs one sensor with a monitor and keyboard attached you'll need some admin interface on it to reach it to dump logs and change rulesets.

Re:The article.

[IGnatius+T+Foobar]

Kind of like making
bash# ln -s /dev/lp /var/log/messages

If I may nitpick ... you could also achieve the same effect, without the symbolic link, by simply pointing to /dev/lp in your /etc/syslog.conf file. That way it would write to both locations without them having to be linked together. Moreover, you could define different logging levels (for example, send everything to the text file but only critical logs to the printer).

syslog is a wonderfully flexible facility.

Re:The article.

[eudaemon]

He lost all credibility with me when he said
Nokia's ISPO box runs a Linux derivative.

I guess when you are that clueless BSD looks like Linux. Bzzt! Next!

Re:The article.

[cptgrudge]

WOPR, you have a NOC for just under $2,000.00

Heh. This is no NOC. This is for people that want to feel important in a dead-end job. The workstation I use in mine cost over twice this.

I can hear the "investors" and "customers" now.

"What? An 8'x10' room? And CRT monitors? Why don't you have triple LCD panels?"

Re:The article.

lolol u r the l33test aoler ever!

Re:The article.

Does anyone have instructions for making an RX only 100mbit capable cable? I'd found instructions for 10mbit (certain type of resistor on Tx to make the link light go on) but had never seen how to do it for bigger, better networking over UTP.

can someone enlighten me?

Re:The article.

Hey! That's:

"Get me the president on the horn"

geeeesh!

Re:The article.

I love the smell of Halon in the morning.

Re:The article.

[subterfuge]

i am not a security weeny but why in gods (tm) name would you want to connect your admin interface to the rest of the LAN - thats just insane on the face of it - the admin NIC should be connected via an isolated cable to the box from which one would administer and that box should not be connected to anything else...

Re:The article.

[BillX]

I think (hope) that they meant 'detection'.

NOC

[chunkwhite86]

For those who are wondering...

A NOC is a Network Operations Center. It is one room, typically filled with many displays of real-time data which display the health/status of a network.

Re:NOC

you mean It's not the National Occupational Classification? *turns off the misson impossible theme music*

Re:NOC

[MyFourthAccount]

For those who are wondering...

A NOC is a Network Operations Center

You mean for those that don't understand the first words on the first line of the article? -- The Network Operations Center or NOC ...

Oh, never mind...

Re:NOC

article is slashdotted

Re:NOC

You know, when tom cruise got the NOC list in Mission: Impossible, it seemed like his whole rig cost a lot more than $2k (suspending from ceiling, fake fire truck, etc.) I'd like to know where this guy gets his figures from.

Re:NOC

[lcsjk]

You mean for those who did not read the three sentences of the /. article?

Re:NOC

[Master+of+Transhuman]

In other words, most of /.

Re:NOC

[chunkwhite86]

You mean for those who did not read the three sentences of the /. article?

Yes. That's precisely the audience I was targeting. Think about it.

Re:WOPR

War Operation Programmed Response

from the movie War Games

The scary thing is....

[beeudoublez]

what if your boss/manager saw this and decided this is all you needed for your budget?
Hard to justify higher costs when your proof of concept is some webpage discovered by your boss, we've all been there.

Re:The scary thing is....

[appleLaserWriter]

[quote]
Trust me, you more than likely do not need a $15,000 Cisco PIX or Nokia firewall (which runs Linux derivatives).
[quote]

what if your boss/manager saw this and decided this is all you needed for your budget?

You will quickly find out if you need a hardware firewall or not.

Re:The scary thing is....

[lucifuge31337]

You will quickly find out if you need a hardware firewall or not.

Of course, with the limited use of the tools mentioned, I'd hardly say that a hradware firewall appropriate for this "NOC" would cost $15,000. Try a $600 PIX 501, if you must have a PIX.

N/A

[mrpuffypants]

Trust me, once you go Dual-Head, you won't go back.

I soooo wish that I'd get 'dual head' in my NOC...

Re:WOPR

Geezus... Everyone who's a true nerd knows that the WOPR is the War Operations box that was in the movie WarGames (Matthew Broderick)....

You know, the movie that made it absolutely *impossible* to get a dial-up into any BBS in the country for about 3 weeks after the movie came out...

Then again, I've been hacking around since about '76, so maybe I'm just showing my age...

Re:WOPR

[Dave+Beta]

They use the acronym WOPR in the article and i think they just might mean Weapon of Public Relations

Considering the earlier reference in the article to WarGames, I think it's safe to say they are using WOPR to mean "War Operations Plan and Response".

SuSe Linux 8.3

>

1. SuSe 8.3 does not exist, it's in fact either 8.2 or 9.0.
2. There is curently no dual head driver from Matrox Parhelia. Olders Matrox's video card has dual head driver, but they don't work anymore with "recent" motherboard since motherboard's voltage is changed from 3.5 to 5 volts. And yes, 1.2 ghz-era computer are affected by this voltage change.
3. Vmware will be too slow with this configuration do to something really useful. Especially with dual heading.
4. This article is either a fake or a troll.

Re:SuSe Linux 8.3

So it makes lots of technical errors. How is it a troll? How is NOC-building such an emotional issue? But even more, how is it fake? A fake of what? A real article? IT"S TELLING HOW TO BUILD A DAMN NOC!!!!!!!

Re:SuSe Linux 8.3

The writer simply never builded the damn NOC, as this is a impossible to build configuration. I even saw a MS-office clipboard picture. Even more, he don't even own a noc, because he already slashdoted since the first four hits.

Re:SuSe Linux 8.3

There is curently no dual head driver from Matrox Parhelia. Olders Matrox's video card has dual head driver, but they don't work anymore with "recent" motherboard since motherboard's voltage is changed from 3.5 to 5 volts. And yes, 1.2 ghz-era computer are affected by this voltage change.

So that would make the dual head AGP G400 in my Via KT133A motherboard running a Duron 1100 totally impossible. I'm glad you told me or I might have continued with these delusions for some time.

Of course the article is a joke you fucking idiot! What the fuck happened around here, did AOL add a link to Slashdot from their users home page? Did KMart start giving away free Slashdot user accounts? Why don't all of you drooling, barely computer literate, think you know it all retards crawl up your own fucking asses and die. Now.

Re:SuSe Linux 8.3

[RedK]

Actually, I agree this article is skimpy on the meat and is pretty much useless and filled with factual errors. However, i'd like to respond to your post

2. There is curently no dual head driver from Matrox Parhelia.

This is of course bullcrock. Matrox does have a driver for the Parhelia based cards which supports, amongst other things, dualhead configurations (and even triple head! Yes, on Linux). The second head is not accelerated however, so it might be a bit on the slow side.

3. Vmware will be too slow with this configuration do to something really useful. Especially with dual heading.

Oh please. Dualheads do not noticably affect the speed of the computer it's running on. Plus, i've run Windows installation within VMware on a P2-333 with a Linux host, all running a very good speeds and using only 288 megs of RAM (2x128 + 1x32). At work, we have a workstation that's a P3-1.0ghz and it runs 2 VMware sessions with Windows 2000 Server for tests, on a Linux host busy running most of our NOC tools. This is all nice and dandy and running along smoothly.

4. This article is either a fake or a troll.

Actually, it's not fake since it's posted there and I don't believe it's a troll since you can see a basis for something in there. It's just very badly researched and probably as never been tested in real life. This guy needs do to a lot more trials and research before he has a fully functionning NOC capable of monitoring more than the coffee machine.

Re:SuSe Linux 8.3

[Geminus]

My bad on Suse 8.3... I'm using Suse 8.2. I have a Matrox G450 dual head video card on a 1.4 Ghz Intel machine. It works just fine. G.

NOC-Stock Market.

"A NOC is a Network Operations Center. It is one room, typically filled with many displays of real-time data which display the health/status of a network."

Sounds similiar to the setup at a financial trading house.

For a real opensource NOC

[losttoy]

You need:
1. A good network management system (Open-NMS)
2. A good systems monitoring system (MRTG+RRD Tool)
3. A good helpdesk software to follow trouble tickets.

Re:For a real opensource NOC

Unfortunately, as someone who has had to support real NOCs for real networks on a tight budget, I can state without reservation that the open source tools you mention (MRTG/RRD, OpenNMS) are mediocre to the point of unusability.

Some people might find this puzzling, but the best NOC systems I've used on tight budgets were homegrown applications, usually after trying out and discovering the deficiencies of the open source tools. It isn't that hard to write a good NMS, but once someone rolls their own good one in-house, it rarely gets released into the wild. For that matter, many of the commercial packages are steaming piles, so if you have a talented programmer or two on staff, you can add value to your company by just writing your own NMS and not waste time with mediocre packages.

This is one of those things that SOMEONE could do well in the open source domain, but I haven't seen it. When someone hacks together the foundation of a really slick NMS at some company that needs it, it inevitably becomes a competitive asset and therefore cloistered in the bowels of engineering. Having a killer NMS is a significant competitive advantage, and the field is populated with enough mediocre solutions right now that there is significant financial pressure to keep NMS code bases proprietary.

Re:For a real opensource NOC

[Ponfyr]

Ummmm, Have a look at Nagios (www.nagios.org)

Re:For a real opensource NOC

[losttoy]

When someone hacks together the foundation of a really slick NMS at some company that needs it, it inevitably becomes a competitive asset and therefore cloistered in the bowels of engineering.

Now you know why the Opensource NMS tools are mediocre.

Re:For a real opensource NOC

[ectoraige]

You didn't cite any open-source helpdesk software, so I'll just mention RT.

Re:For a real opensource NOC

[Cramer]

• (MRTG/RRD, OpenNMS) are mediocre to the point of unusability

I cannot speak to OpenNMS, although I am aware of it. However, MRTG is quite usable and valuable. No, it's not the best, most optimal traffic collection system out there, but it is simple, fast, and gets the jobs done when used appropriately. I've used it for many, many years. It does suck if you try to have one instance monitor thousands of interfaces on hundreds of devices, but more than one instance is perfectly functional. I suspect what you want is far beyond what MRTG was designed to provide. I'll admit, I'd like to have a database filled with millions of data points, but MRTG isn't designed to do that. (And at my previous job, monitoring all the ports I'd've liked to would've consumed a few hundred meg per year without archiving or consolidation.)

(FWIW, I know of one place that uses MRTG instead of HP OpenView, for which they paid $$$$$$, because MRTG is faster and simpler and runs on a 200$ PC.)

Homegrown applications are great... when the company will allow it. Many places simply do not want the responsibility or liability of creating and maintaining their own software. If it doesn't work correctly or fails, who do they have to blame but themselves? Plus, the people who wrote the app may not be there in a year thus creating a support issue. I've created a number of homegrown apps to deal with my job, but I'm the only one who completely understands them; when I'm no longer there, that's a problem. Additionally, let's be real here. Given the quality of commercial software, just how good do you expect internally developed software from one or two programmers (who may not understand the problem they are fixing) will be? The best stuff will be coming from the grunts who have to work with and fix stuff everyday -- shell, perl, tcl, etc. scripts born out of necessity. That stuff will not be "quality" nor will it make much sense to anyone other than the author. (I've been here way too many times.)

Re:For a real opensource NOC

This is one of those things that SOMEONE could do well in the open source domain, but I haven't seen it.

We recently installed Argus at work. Ebven my boss thinks it's kick ass.

Re:For a real opensource NOC

[JerkBoB]

I can state without reservation that the open source tools you mention (MRTG/RRD, OpenNMS) are mediocre to the point of unusability.

Can't say anything about OpenNMS, but I'm surprised that more people haven't heard of Cricket. Scales well, and the configuration isn't too bad once you get past the initial learning curve. Uses RRDs for sample storage. I'm in the process of phasing out MRTG in favor of Cricket at the ISP I run.

Re:For a real opensource NOC

[SuiteSisterMary]

I'm in the process of switching to cricket, after MRTG's faults were just too glaring. Like claming that an integer can't be a negative number.

Oh, and terrible scalability; but that's what's happen when you start bolting functionality on. MRTG was designed to read ifcounter from routers, and nothing else, originally, and it shows.

Cricket takes a little bit of head wrapping, but once you realize that data collection is data collection, and graphing is graphing, and all of the neat aggregation and comparison features you can do, not to mention the rather nifty 'config tree' setup, you grow to love it.

As I recall, it was WebTV's 'home grown' application that they did decide to release.

Oh brother.

I was intrigued by the title of this story and I read the article but it's a complete piece of fluff that is devoid of a point. Why would anyone build a NOC if they have N to monitor? The article suggests having a TV tuned into CNN. Is this a joke?

How do stories like this get through? (This isn't a rhetorical question. I'm sincerely curious.)

Re:Oh brother.

[Inthewire]

Easily.

Duh.

Re:Oh brother.

It supposed to be funny, thus the refernece to being like "War Games". Whether it is or not is up to you, but I say nay.

My NOC is 66 square feet,3TB of traffic

Bashed out a window so a fan can circulate air, installed 4 of the cheap open frame racks, use a OpenBSD firewall and all of our servers run FreeBSD. It costs next to nothing to set up. Idiots down the hall from us spend $1.5 million on their room, $100K just for the air conditioner. The funny thing is they do 1/100th of the traffic we do. Believe me, the "IT" industry is set up to rip you off if you don't know what you're doing. This stuff can be done a lot cheaper than the suits lead you to believe. This is how we survived the bubble while the floor outside our door got marked up from other occupants expensive equipment getting moved in, and then out!

Re:My NOC is 66 square feet,3TB of traffic

[1s44c]

Believe me, the "IT" industry is set up to rip you off if you don't know what you're doing.

So very, very, true.

If only the pointy haired ones would understand that.

Re:My NOC is 66 square feet,3TB of traffic

LOL, idiots problably using RH (RHEL?), Windows and/or Cisco.

Re:My NOC is 66 square feet,3TB of traffic

We wanted better air....

so I installed a window air conditioner through the wall behind every 2 racks, and then we walled off the front of the racks so you had 36 inches in front of them and 24 behind them. plenty of room to work, and swap out heavy equipment and servers. and my airconditioning costs $250.00 per air conditioner, and cince each unit only draws 7 amps, no wiring needed.

We have a "rogue" NOC here cine corperate is filled with prima-donnas that want it their way and not right... so we firewall off from corperate and run our own NOC.

we boast 99% uptime.. they can't. we havent had a virus infection for over 2 years in our WAN (16 offices covering 3 states) they cant keep them out for a month, we have fended off 3 break in attempts (ALL FROM THE CORPERATE FEED BTW!) they cant.

Re:My NOC is 66 square feet,3TB of traffic

[Skal+Tura]

i agree with that!
It is very simple mathematics, and a bit has to be knewn before actually trying first time(that little is that you know you can try it out:D)
Anyways, when everyone else offers server hotel services for 150e/month minimum, this is being 1:10 shared 10mbps half-duplex con, sharing based on 'best-effort'(no qossing even oO;), with a max of 5ips... and at MAX nameserver usage for _1_ domain.

Well, with simple arrangements, i managed to cut the price to half, plus increase the bw per user (1:7 sharing), plus putting on top: hardware firewalling, nameservers and e-mail servers.
Didn't even make hard, and i have still several hundred percentages profit per 10mbps half-duplex link.
and still, datacenter is in very expensive area, in the core of our capital, and not even on core but the most expensive area anywhere in our country! (well, atleast as far as i know).

Re:My NOC is 66 square feet,3TB of traffic

[Chanc_Gorkon]

Well, if you need more then your typical office air condition in your NOC, then you have way too many things in there. A NOC should not ALSO contain your servers. They should be in a computer room. The NOC does typically need more wiring then another office though mainly because of the monitoring machines you have running all of the time. These could be servers, but they don't have to be. A NOC could simply be setup with low walled cubes and a PC running a large display filling it with info your servers and switches are reporting back to you. Those large plasma's better be showing good info otherwise everything you could see just fine on your own machine. It would also be nice to have a lab near the NOC, but labs don't need anything more then a rack in a office environment. You shouldn't typically have more then maybe 5 to 10 servers in your lab anyway.

NOC's can be useful, but I have seen more of these that were just setup for blikenlights and not any more useful then giving all of the NetOPS their own machine with a couple monitors running a dual head setup.

Re:My NOC is 66 square feet,3TB of traffic

Its more fun having the servers in the same room, it gives you a better sense of where the traffic is and how hard the machines are working, i.e. blinking network hubs and hard drives. A NOC with just monitors and terminals can be very boring.

One of our machines had a cheap motherboard that began to give off a burning smell which we were able to replace before the machine failed, so there are advantages of being close to the servers.

Re:My NOC is 66 square feet,3TB of traffic

[illumin8]

Bashed out a window so a fan can circulate air, installed 4 of the cheap open frame racks, use a OpenBSD firewall and all of our servers run FreeBSD.

That is a great use of resources and I commend you on your ability to setup a low cost and inexpensive data center, but there's a reason why a large company would never do it that way:

Risk.

The thing is, I bet you're a brilliant sysadmin and probably setup that OpenBSD firewall and all of those FreeBSD boxes yourself. You probably know how to route IP in your sleep and rarely need help with anything. This is great because you've now done the work of 5 regular sysadmins and 10 vendor support people all on your own. ... But what happens if you step in front of a bus tomorrow?

Your company is out of business. Where can they get support on an OpenBSD firewall? Is there a vendor they can call that will fix the custom virtual hosting application you wrote for the FreeBSD webservers?

The reason why big companies spend 100 times what you spend is because they have to have contingency plans. If the one fan burns up and all of your servers burn up, you'll kick yourself for not having a backup AC unit. If some of their key personnel quit and leave for better pastures, they have to be able to train someone to take their place. They spend hundreds of thousands of dollars on vendor support contracts just to make sure this happens.

While your solution is admirable for is cost effectiveness and real-world usefulness, when it all comes down to it, YOU are the single point of failure.

Mirror

[TPS+Report]

Mirror Here. I'll mirror the rest of the page, as soon as he recovers from the shock and replaces the charred, smoking remains of the server he once had.

Re:Mirror

[KrispyKringle]

I managed to mirror my browser's cache of it, sans a couple of images, here.

This article sucks

[0x0d0a]

There is *not* a heck of a lot of content here.

Most of the information is more than obvious to anyone interested in running a NOC (incidently, left out of the Slashdot story is that this is a *Security* NOC).

I've seen random Slashdot posts that would be a lot more useful to someone interested in building a NOC than this thing.

That being said, my own two cents:

If you're using SNMP to manage your network, snmpwalk+scripts is good. If you can stomach not using open source software, Intermapper is really nice. Unfortunately, the two big open source competitors don't quite measure up -- Scotty is kind of old and grotty and rather TCL-oriented, and GxSNMP appears to be dead.

Etherape, as suggested in the article, isn't the greatest choice either...IIRC, it doesn't support satellites, which means it needs to be running on the actual network it's monitoring. Not really acceptable for a NOC tool. Etherape is also, in my experience, rather CPU-hungry. There are a lot of commercial traffic flow visualization tools...not sure what's best, as I haven't played with many.

All in all, while the article's worthy of a post in a random discussion, it really isn't worthy of a Slashdot story.

Re:This article sucks

[nEoN+nOoDlE]

it really isn't worthy of a Slashdot story.

Then your standards are too high... or you must be new here. In that case, welcome to Slashdot! (Some of us regulars here call it "/.")

Re:This article sucks

or better yet "./"

Re:This article sucks

[dannyelfman]

''Scotty is kind of old and grotty and rather TCL-oriented, and GxSNMP appears to be dead.''

That is what I use Nagios and Cacti.

The RRD home page has links to TONS of other tool sthat make use of it and SNMP.

Re:This article sucks

[MrResistor]

I think it's safe to say that this article is a joke. They recommend Suse 8.3, which does not exist and never will.

You've been trolled.

FYI

[HoneyBunchesOfGoats]

WOPR is the supercomputer from the movie War Games, and it stands for War Operations Plan Respopnse.

psDooM?

[runlvl0]

Or, perhaps someone will come up with the bright idea to let you shoot packets whilst in the 3d game...

Kind of like psDooM (as seen on Slashdot), but at the network level? I'll betcha it could be done.

My NOC is my PowerBook.

[Mordant]

With very few exceptions (military, financial, public utilities sectors), it's pretty passe to have a 24/7/365 manned NOC, anymore, given VPN technology, the quality of remote-administration tools, etc.

It just isn't necessary, anymore.

Re:My NOC is my PowerBook.

[KrispyKringle]

Many large networks with critical infrastructure like to have something that's manned most of the time, though 24/7/265 gets pricey. The reason's pretty obvious. If at 3 AM your network goes down, you don't really want all your customers to be up the creek 'till 9 on Monday.

If you're talking about corporate networks, you're probably right. But if you're talking about hosting companies, ISPs, companies that host their own critical infrastructure (like those you listed above), then the NOC, in some form or another, makes sense, doesn't it?

Re:My NOC is my PowerBook.

Me too! I just keep one window open with the Weather Channel, another with the Naked News, Naked News, one for Slashdot (to get the latest Windows security problems), and one for email so the users can tell me when things stop working! NOC in a box!

Re:My NOC is my PowerBook.

[anticypher]

24/7/265

24 days per month, 7 hours per day, 265 days per year is pricey? That is good reliability in an all micro$oft environment :-) Oh, powerbook! never mind.

the AC

Re:My NOC is my PowerBook.

[ratpack91]

just because americans write the date the wrong way. its not exactly logical is it?

Re:My NOC is my PowerBook.

[Cramer]

YYYY-MM-DD That way, any idiot can sort it. (sep. optional)

Re:My NOC is my PowerBook.

yeah, micro$oft

Re:My NOC is my PowerBook.

[jafuser]

Why wait until 9 on monday? If the network goes down, you can just connect in with your VPN and ...

oh... um nevermind =D

Please hook me up with your vendor!

[Zero__Kelvin]

The article calls for:

1) At least three big monitors (the bigger the better), two smaller ones (17"), a KVM switch, and OOB dialup.
2) A 333Mhz system with 64MB of RAM and a 2.1GB Hard-Drive.
3) A barebones 600 Mhz system
4) A 333Mhz Windows based system.
5) A 1.2Ghz, 512MB, 20GB computer, with dual head Matrox card, with dual booting OS (Linux & Windows), Preferably Linux with a Windows VMWARE guest OS

All the above for under $2000.00? Can we also assume that the author works for free, so that setup cost is $0.00? I haven't priced VMWARE in a long time, but if memory serves, that should be near or over the 2K mark by itself. Perhaps the author meant under $20,000.00? What am I missing here folks?

Re:Please hook me up with your vendor!

[richie2000]

I haven't priced VMWARE in a long time, but if memory serves, that should be near or over the 2K mark by itself.

You need to refresh your DRAM. VMWare Workstation 4 costs $299 from vmware.com. The rest of the stuff can be had for free, more or less. 17" monitors are $100 a pop new (CRT, that is), the 1.2GHz box can be built new for around $200 (1300 Duron, 256MB RAM, 40GB disk) and the rest of them are dumpster-diving fodder. The only things in his list that actually may cost Real Money (TM) are the big screens, but you can get old 24" Sun monitors on Ebay for a song and maybe a little dance and then you just need to get/make a VGA-Sun adapter to be in business.

Re:Please hook me up with your vendor!

[Soko]

Perhaps he meant "$2000 Capital Investment"?

Most of what he calls for can usually be gleaned from the office "PC Bone Yard". The most expensive item is the big dual head computer with associated software. Getting it all for under $2K would be a challenge, but not impossible. As for working for free - he set this up for his employer (An assumption - I'll RTFA when it's not /.ed), so they'd be paying him anyway. Since he's trying to make himself more productive, they'll get more for less in the end. I can't see a problem with that, as long as his other duties are kept up as well.

Sliping stuff you need in under the coprorate radar is easily done with FOSS. When setting up a NOC, if you spread any purchases you need out a bit most of them will be cheap enough that they can be bought on an expense account or with petty cash - you avoid Budget Comittees and/or the Accounting Dept. Call it a "Test Case", and use it to prove that a NOC is a good investment, not just some toy or geeky buzzword. Being able to have concrete numbers that say "See? My NOC isn't really expensive, but it adds a ton of value." will keep the bean counters happy. Once the NOC is in place and you show it has value, you will get to keep it - and sometimes expand it.

This is one of the ways that FOSS shines - you can (most times) just get the job done without getting caught up in coprorate red tape, since the inital capital outlay is usually minimal.

Soko

Re:Please hook me up with your vendor!

[MyFourthAccount]

Right, if you consider your own time worth $0.- (but that subject has been beaten to death on /.)

the 1.2GHz box can be built new for around $200 (1300 Duron, 256MB RAM, 40GB disk)

Not on pricewatch at least.

and the rest of them are dumpster-diving fodder

Riiiiight. Just like how homeless people would argue that a diner can be had for free then, eh?

(no offense to homeless people, I don't think any of us has any idea how hard it must be...)

Re:Please hook me up with your vendor!

Where "dumpster" here refers to the office PC boneyard.

Re:Please hook me up with your vendor!

[DesertFalcon]

What's FOSS?

Re:Please hook me up with your vendor!

[richie2000]

Not on pricewatch at least.

Maybe not, but that's what I pay (in parts, not counting time of course) in Sweden. The Duron is $30, 40GB Seagate Cuda $50, box (Q-Tec smiley) $20, RAM $30, an Asus MX all-in-one mobo for $40 and with floppy, CD, rat, keyboard and cables for another $30 you're home. Or, if you don't want to build one yourself, go to Walmart - they have several sub-$200 models, with or withour Lindows, hell they even have one for a few dimes under $160 (no harddrive in that puppy, but I bet it runs Knoppix just fine).

Riiiiight.

Right. Seen any 333MHz 1.2GB PCs on dell.com lately? No? That's because there aren't any. They are obsolete. You'll find them in dumpsters, yard sales or on Ebay for free or a reasonable facsimily of free.

Re:Please hook me up with your vendor!

[Soko]

Free/Open Source Software as I've heard the term.

Soko

Re:Please hook me up with your vendor!

[ddent]

5256375678 -- its somewhere in the first 10,000 digits of pi.... I want my cookie now! :)

Re:Please hook me up with your vendor!

[burns210]

FOSS = Free Open Source Software.

Re:Please hook me up with your vendor!

[cdrudge]

More specifically, the string 5256375678 is found at position 9991 counting from the first digit after the decimal point. The 3. is not counted.

Re:Please hook me up with your vendor!

A chap 22" CRT is $600 today. 3x$600 = $1800. The KVM switch is not cheap either. Those systems become exponentially more expensive (a 1x4 is far cheaper than an 8x32). I doubt the rest of the equipment can be had for under $200. If you ignore the dog-and-pony aspect of a NOC, you can go a bit cheaper. In reality, though, you often have KVM extenders, VGA splitters, and variou other contortions to get the pretty pictures onto big screens in front of the room while operators get more modest screens (17" - 19") for their workstations. Throw in the cost of building the room (often with a confrence room that has mirrored glass so that the big screens may be watched during conferences) and you are way over $2000.

Re:Please hook me up with your vendor!

[Geminus]

I get my goods at a local computer show or recycling computer dealer like http://www.sdiego.com. Ok, so drop VMWARE and use http://bochs.sourceforge.net

Basement NOCs - They're the Future!

[Jason+Scott]

I used to host with a fine place, but disagreements over costs and bandwidth usage charges inspired me (along with the purchase of my home) to host in my own basement. I have 3-4 customers, and we'll keep it at that. Bandwidth is a T-1. And I think the place looks pretty sharp. This is also where textfiles.com and bbsdocumentary.com are hosted, so it works for me.

Re:Basement NOCs - They're the Future!

What a pile of old junk!

People like you are the reason I can sell old worthless crap on ebay for a lot of money. You have your own personal landfill. Please continue buying the stuff I find on the side of the road.

Re:Basement NOCs - They're the Future!

People actually pay you money to host their websites in that basement? Please let me know what form of hypnosis you used on your costumers. *scarcasim off* Seriously beyond the basement, how can you possibly compete price wise with any half-decent provider? Are these friends of yours or something? Just no way that you could afford a T-1 and still make money by hosting 3 customers. Unless they are a bit "sheltered" and don't realize what a few hundred dollars gets them on the open market.

btw that bbs documentary looks interesting. I'll have to look out for it when it comes out.

Re:Basement NOCs - They're the Future!

[das_katz_socrates]

"What a pile of old junk!" She'll make .5 past lightspeed kid, she might not look like much but she's got it where it counts.

Re:Basement NOCs - They're the Future!

[strictnein]

that room would get me killed
my wife would stab me...

Re:Basement NOCs - They're the Future!

[appleLaserWriter]

Where are the diesel tanks for 24 hours backup?

Re:Basement NOCs - They're the Future!

[Jason+Scott]

People actually pay you money to host their websites in that basement? Please let me know what form of hypnosis you used on your costumers. *sarcasm off* Seriously beyond the basement, how can you possibly compete price wise with any half-decent provider? Are these friends of yours or something? Just no way that you could afford a T-1 and still make money by hosting 3 customers. Unless they are a bit "sheltered" and don't realize what a few hundred dollars gets them on the open market.

Even though this thread is well on its way to death, I wanted to respond to this (currently 0 rated) comment, since I think there's something worth discussing in it. Likely a version of this will go into a "my basement data center" page I should really build.

There are several considerations you're not aware of or missing. There is no shame in this, since all you've had to go on is a paragraph and a picture.

First of all, I am an additional customer along with my other 3-4 customers. I use an awful lot of bandwidth (imagine how much goes out the door on artscene.textfiles.com alone) and so I pay a good portion of the monthly costs, more than anyone else in fact. What opening my basement to others does is turn what would be a crushing monthly recurring charge into a merely indulgent one. Since the vast majority of my work and public face comes through these machines and the network, I think it's a worthwhile expenditure.

I will take this moment to say that my T-1 comes from Speakeasy, and is an amazing bargain at about $520 a month. I've had people say "how do you afford the thousands for one" and the answer is I don't. They give me incredible service and top-level support. I've had a total of 30 minutes of outage in 11 months. They're good people and you should consider them instead of cable companies, who are, in fact, distilled evil.

I might have lost you (or others) when I displaced the notion of a profit motive behind the setup of my home. I don't really call these folks "customers", I call them "roommates", with a lot of the needed give-and-take that comes from that. When they need a reboot, they call me on my cell phone and I go do it. I've done part installs and troubleshooting, all part of the deal, just like roommates help each other out. When they need an extra IP or two, I get one to them. If they ask for a reverse lookup change, I go do it. And so on. I answer questions and make myself available. Also, we do things month to month, no contract. If one person leaves for whatever reason, I can swing the cost until I find a new person.

So I don't think it's hypnosis or delusion or sheltering; you will find most places give you "virtual hosting" or charge a lot for rackspace or will not give you the access to a dedicated person that I give, and can really only give if it's a small number of people. Will it ever be a full-on Colocation Facilty? No. Do I want it to be? No. Am I in competition with these places? I don't think so.

The 1990's imbued otherwise-rational geeks with this inherent need to justify everything as a business case. It really sours everything, if you ask me. This is more a little community than anything else. Don't worry, I'm not putting any colos out to pasture.

WTF?

[bazik]

The best Linux Dual-Head OS is SuSE 8.3.

WTF has Dual-Head support to do with the distribution?

Re:WTF?

[thempstead]

Well its an amazing distribution ... seing as SuSE went from 8.2 to 9.0 .... there is no SuSE 8.3!

t

Re:WTF?

[TheDarkener]

I'd assume it has something to do with ease-of-setup. Ever tried getting dual-headed Debian to work, as opposed to Windows XP? A little easier with the latter.

Re:WTF?

[bhima]

I was just thinking that! but none the less 8.2 is easy to set up dual head.

For those with a higher budget

[Maskirovka]

This company has some products that will REALLY impress the suites. Round the setup out with a few 1337 dvorak gesture keyboards, comfortable chairs, and a network camera outside the door. Did I miss anything?

You forgot the critical part...

[kjba]

Where is the self-destruct button?

Re:You forgot the critical part...

And a trapdoor to a shark pool by the door. No self respecting control center/secret base can be without these things. Those old klaxon horns and caged red flashing lights add humorous effect if you set them to greet important visitors as you run very quickly past them shouting "we're all doomed!".

Basement [Museums] - They're the Future!

I see two Lisas. So that would be Basement NOC/Museum. Just charge admission.

Re:Basement [Museums] - They're the Future!

love your website...brings a tear to my eye when i read all the text files that were once part of my BBS days ;-)

Re:Basement [Museums] - They're the Future!

[Bastard+Operator+Fro]

That would be a Mac Xl

The second one is a photo ghost. So there's only one there.

bah, I'm a sad sad person for correcting this.

Re:Basement [Museums] - They're the Future!

[Cramer]

And two apple's (II+?) So where's the machines actually connected to that T1?

Re:Basement [Museums] - They're the Future!

"The second one is a photo ghost. So there's only one there."

Well you should be sad. There's one straight ahead, and the one to the far right of the picture. Look very carefully around the two machines and go hmmm...

Proves useful?

[InfiniteWisdom]

Makes for a pretty good dog-n-pony show, and proves useful too!

Don't forget the chance to come up with NOC NOC jokes

Glaring omission!

[Ridge]

How can they not mention a giant display-oriented map of your region/country/world on the wall!? Minimally this display should:

• Be in color.
• Be at least 12'x6'.
• Numerous people wearing headsets must be employed to stare at it with a sick fascination for the entire day.
• It should be able to animate interesting events, e.g. incoming ICBMs, lightning strikes, or Godzilla attacks with appropriate context-sensitive graphics.
• Bonus points if you can surf porn or play tic-tac-toe on it.

Re:Glaring omission!

And:

-night/day colouring

-bouncing red lines following traceroutes

-scrolling front pages of news sites and government departments

-targeting crosshairs for missiles

-guys with loud hawaiian shirts and russian accents

Re:Glaring omission!

[nEoN+nOoDlE]

You forgot one thing,

- You can't let any Russians into the room to view it.

"But he'll see the big board!"

Re:Glaring omission!

[khallow]

Maybe you and me are thinking of the same VC honeypot. Aboutnet had an "operations center" that had the Big Map with all the trimmmings in their downtown San Jose collocation site. You'd walk in the entrance, down some stairs and then behind a 20 or 30 foot high clear glass wall (bullet-proof no doubt), you'd see the chumps diligently typing away at the computers while overhead the huge screen would flash maps of various parts of the world (presumably other Aboutnet collocation sites). One of the better works of dotcom performance art I've seen.

For those of you wondering about "F.I.R.E"

[Tyndareos]

This is the website: http://fire.dmzs.com/

The Christmas tree

[BrookHarty]

How many other people out there, went over the correct shade of yellow for the alarm lights with a vendor? Funny stories about NOC design. This thread could have some very interesting stuff, if people would let some company secrets slip. ;)

But onto my point.

Biggest thing about a noc, is you need to see the alarm, other than taking action, missing an alarm is the worst design flaw. Filter, Page, auto-ticket, there are many things a professional NOC can lend some experience on design. Not everything has to cost, in fact many opensource software works great. (Big Brother anyone?)

BTW, windows and vmware? Pfft.. Worst thing you want is a crash in the middle of working, Solaris and xterms. Eye-candy is the worst thing to get in the way of working outages.

Humm, also a good ticketing system is important, if you want to page out someone, you need to have enough detail for the person to do their job.

Oh yea, give me an Aeron Chair also. I know, its .com ish, but they do feel great.

Re:The Christmas tree

[bogie]

*sigh* that dam Aeron chair is STILL like $799 bucks online. I also think its the most comfortable chair I've used and I should have stolen one from my last job while I had the chance. Anyone know where to buy ~$200 clones that work almost as well?

Akamai NOC Tour

[mcbridematt]

You might want to have a look at Akamai's NOC at http://www.akamai.com//en/html/about/nocc_tour.htm l

Pictures of Akamai's NOC also were in the Wired article about the Slammer Virus a few months ago.

Re:Akamai NOC Tour

link not working...try again please...

Re:Akamai NOC Tour

[linuxwebadmin]

http://www.akamai.com/en/html/about/nocc.html this link works for me, the other was broke...

Re:Akamai NOC Tour

[mcbridematt]

yes, I got that wrong for some reason, but it suprises me how mnay people can't learn to 'patch' a link :(

Akamai NOC tour

Wired article about Akamai's 'gods-eye' view of the Slammer virus

For those with a higher budget-Lights! Camera! NOC

For those who like the "show" in show-and-tell. Find someone who does set design for movies and TV. Come up with something out of Minority Report. Your NOC can look futuristic while the grunt work is in a closet somewere.

Wonder what it said as it died

[Alcimedes]

I wonder what showed up on the screens as it was blown off the map.

Fat lot of good a NOC does you if you're dead.

You really don't want to work there...

[yalla]

I used to work in a NOC of a major cellphone carrier. Working in shifts, staring at your HP Openview, no coffee/food at your desk, boring calls from the staff "Oh, the connection to server ABC isn't working. Do something!" - and when really something goes wrong you feel you want to be an octopus - you need 8 arms for 8 phones.

Essentially the job is: Stare at network map, wait for thingys to blink, make calls.

Yalla.

Secret password

[momerath2003]

ProtoVision Game Server

Enter the super-secret backdor password.
>yourmom
Incorrect password. Try again.
>wargames
Incorrect password. Try again.
>Z1ON0101
Third incorrect attempt. Password hint: it's my son's name.
@End Carrier@

ProtoVision Game Server

Enter the super-secret backdor password.
>Joshua

Thanks, but I'll go open source.

Dual-headed video

[John+Courtland]

...is indeed the greatest thing since sliced bread. I've had it for about 2.5 years now, and one day when my primary monitor went out, I almost couldn't function. Being able to have Visual studio open in one screen and All sorts of Docs and a web browser in the other, I don't know how I did it before...

In the same vein, nVidia included a really nice feature in their latest drivers (I think it's been around since the 4x.xx series, but it wasn't as refined) that lets you "throw" a window. Pure genius, whoever invented that. With 2048 pixels of desktop space, it actually takes over an entire mousepad to move a window across the desktop. With throwing, I just flick my mouse. If I have a few IM windows open, a few Putty terminals, etc etc, it's great to just get stuff out of the way real fast and put it all into a known area.

Re:Dual-headed video

slap another PCI video card in there and try three...

makes 2 almost unbareable... and makes quake III an absolute blast with the right patch, although unfair as I now have 180 degree vision..

but then I do 3d and video editing in my spare time at home.

Re:Dual-headed video

[aardwolf204]

Yes but with your PCI video card in the mix your 180' Quake 3 is going to run at 25 FPS... Did this with UT original, it was terribly slow even with a 2.5ghz setup with a dual head radeon 9500 and a PCI Radeon 7000.

if you truly mean that this works well send a linky link ;)

NOC's Have a Purpose

[Nazmun]

Although, some companies may have NOC's for no good reason... NOC's do have their places. I am a webhost (a small one) and our servers are in datacenters with thousands (in many cases tens of thousands) of other such machines. There are always at least one or two techs around in the wee hours of the night and a NOC is most certainly necessary to monitor all these machines and the network.

There is NO way a laptop can replace a NOC in such a case. You need a centralized area where everything is monitored. As for remote administration, it's always been pretty decent with Unix (and in our case it's linux mostly) but that just helps the NOC become more useful for us.

NOC

[mirko]

as in "-knock knock! -who's there ?-go fuck yourself !
or
as in Network operations center

Re:WOPR

[ncc74656]

They use the acronym WOPR in the article and i think they just might mean Weapon of Public Relations...

You can turn in your Geek ID on the way out, as you won't have any further need for it. The geek that has not seen WarGames is not the true geek.

Re:WOPR

[Mister+Transistor]

It really is what you hear the Burger King employee whisper into that gooseneck microphone:

"WOPR, large Fries"

A bit thin

[AchmedHabib]

A bit thin article, not much insight

please say no to unexplained acronyms

[altaic]

It would really be better if stories like this were not chosen for the front page. Whenever a story is posted with unexplained acronyms, tons more people click the links to see wtf it's talking about. More people who don't care about the actual (obscured) topic needlessly eat up the bandwidth, and the links are slashdotted much sooner. I know this is off-topic, however it does pertain to this story...

You're Kidding, Right?

I count *three* Lisas. One Commodore PET (God I hated those.) One possible Apple IIish. One possible TVI term. Much other disconnected-looking monitors, printers, crap.

Data center pictures are supposed to inspire confidence, not fear...I don't want to know how much hosting the PET is responsible for..

Nagios...

[helzerr]

How is it there is an article about a homebrew N.O.C. that doesn't mention Nagios?

And furthermore...

what's with the crooked tree in the center of the room?

are you hosting from middle earth someplace?

Re:And furthermore...

[Jason+Scott]

Everyone's so Anonymous Coward these days! Shame.

Quick explanation for the shot. It's a stitched together panorama shot, using software. It didn't come out like I'd like it to, so I will obviously have to retake it at some point. There are two lisas; there's an artifact of the one lisa looking like two. If you look around it, the shelf blends as well.

Other machines in there that might not be obvious: Vic-20s, C-64s, Apple IIc, Apple IIs (5), Macintosh SE (painted cow colors), Sun Ultra 2, Amiga 500s (3), Commodore PET (my first computer, given to me by dad when I was 9), Atari 800, and a metric ton of PC Compatibles. Oh, and a Microwave.

As for the tree, my home is about 110 years old, and they used actual tree trunks for supporting beams. Multiple inspectors say they're as good or better than other choices for supports, so they stay. I like them, and they're great conversation pieces.

Re:And furthermore...

hey! I'm all for your basement! Its given me a few ideas for mine... I too have a nice collection of
old machines...and they are all on and active (and in my case, the Amiga A1200 is my main system - PowerPC and Voodoo3 gfx man! ;-) ). What is really missing from your setup are a couple of big screens...or a VGA projector. my setup also contains a rack of consoles (video game consoles that is! ;-) )

Re:And furthermore...

[Dr.+Smeegee]

Hi Jason,

I got an unresolved hostname from your link. Added "www" and connected.

Re:And furthermore...

[rk_nh]

I like the Miller High Life box! What a classic!

Retro-NOC

[Animats]

How about a retro-looking NOC? Chart recorders, walls of blinking lights, big dials, keyboards with buttons that light up, teletype printers, brass railings, and red battle lighting.

The SFFD fire dispatching center used to look like that. Now it's just a roomful of PCs.

The NOC list?

[farnerup]

I thought you had to steal that from the computer in Langley?

Re:The NOC list?

You sir, get a big fat :: rolleyes ::.

Re:WOPR

Idiot.

If they'd called it HAL you'd have been scratching your head too, wouldn't you?

Worthless article..

[Thomas+Charron]

This article was a complete waste of time..

I could just as easily post an article saying 'Get *4* Tires, *2* axells, and engine, and a few other things. Toss them all together, and you just made your own CAR!!'

I mean cripes. It's not talking about ANYTHING besides 'buy cheap puters and put neat graphics up'.

I've had bosses that could have written this article.. Heck, I bet they did. 'Whatcha wantt a fluke for? I mean, we BUILT you a NOC for a grand!!' Bear in mind, the 'NOC' was a closet with two monitors I salvaged..

I dunno, perhaps I'm just getting old but..

I fee like I just wastes a good minute of my life reading that..

Find me this article instead.

[Knightsaber2003]

How to Get Out of Your NOC Career That You Got Suckered Into Like an Idiot. I'd love that one, please.

Linux?

you more than likely do not need a $15,000 Cisco PIX or Nokia firewall (which runs Linux derivatives).

Correct me if I'm wrong, but does not the Nokia firewall run a BSD derivative? And, last time I checked, there is no connection between Linux and BSD.

Re:Linux?

[bunco]

Nokia IPSO is based upon FreeBSD 2.2.6.

Vulnerability of receive-only

[puhuri]

There are some vulnerabilities for passive monitoring also. A search of CERT database for snort or tcpdump gives you a following list:

• Heap overflow in Snort "stream4" preprocessor
• Buffer overflow in Snort RPC preprocessor
• tcpdump enters infinite loop when parsing crafted ISAKMP packets
• tcpdump vulnerable to buffer overflow via improper decoding of AFS RPC (Rx) packets
• tcpdump vulnerable to buffer overflow via parsing of AFS ACL packets
• tcpdump, ethereal vulnerable to DoS

A listen-only box gives you some protection but it cannot be the only protection for your traffic recorder.

Re:Vulnerability of receive-only

[KrispyKringle]

I've seen vulnerabilities in tcpdump, ethereal, and Snort, but I never looked close enough to see if they'd work on a receive-only setup. Just because the initial attack is against a passive listener doesn't mean that it doesn't rely on some response to carry out an exploit (to do more than a DOS, in other words). If I get time (and I won't), I'll check into it. Thanks.

Re:Vulnerability of receive-only

[Lumpy]

first of all you have to FIND it. It's not going to be admitting that it even exists on the network. so you either needto make a bunch of wild ass guesses, have inside information, or start systematically attacking all the non-sctive IP addresses in the subnet.

all of which will set off lots of NOC alarms before you even get to the machine.

Re:Vulnerability of receive-only

first of all you have to FIND it

Right, it's watching all traffic on the network, so all you have to do is send the exploit to any IP address on that network. I see hundereds of attacks a day and no one had to "find" me first. They just look at random.

Re:Vulnerability of receive-only

[Lumpy]

if you send your exploit to 192.168.1.1 and I'm at 192.168.1.8... even though I'm looking at ALL traffic, I wont get it until you hit my IP address, and ONLY if I have that port open to the OS..

If' I have the card in permiscious mode with no IP address set and using sniffer software you CANT exploit me with anything but an exploit for the sniffer software/ or the device driver as the Operating system's IP stack isn't even near it.

and my sniffer/intrusion detection would detect you before you found me unless you were extremely lucky and found me on your first try.

That's like the guys from IT complaining that my FLUKE network analysis tool doesn't have a virus-scanner installed on it.... because it doesnt run a OS and cant be infected... but they cant understand that.

If you are running a vulenerable OS like windows and allow the OS to use/monitor the netowrk hardware then yes... it's infectable... but if you use BSD or Solaris and have your app directly use the hardware it's a really slim chance anything can get through.

You can probably get it under a grand

[CrypticSpawn]

Office space around here goes for around 200 (well, your location it might be different) a month, and bandwidth these days is pretty cheap. So after everything is said and done, you are looking at spending around 1-2k a month. If you aren't going to use alot of bandwidth, hell it could be less than a grand a month.

Forgot the most important things

[bkeeler]

1. An array of 24-hour clocks displaying the local time in places the company doesn't even do business, and
2. A huge red button on the wall labelled "Emergency Network Shutdown". When the boss is showing the big-wigs around you leap up from your chair, shout "OH MY GOD!" and hit the button.

No thank you!

[Spoing]

1. Some people might find this puzzling, but the best NOC systems I've used on tight budgets were homegrown applications, usually after trying out and discovering the deficiencies of the open source tools. ... For that matter, many of the commercial packages are steaming piles, so if you have a talented programmer or two on staff, you can add value to your company by just writing your own NMS and not waste time with mediocre packages.

Now that I doubt.

Just in the last year, I've had to introduce 3 different people to closed and open software instead of them just making thier own for a variety of projects. In each case, they didn't know what existed then didn't want to modify some else's code, or just wanted to do one or two things better -- and those 'missing' parts were what made the whole app 'unuseable'. Custimizing what's there isn't usually an option...I guess since they want to show how nifty they are at programming.

The sad thing is that these apps are done in VB or MS Access and are monolythic (1 MDB) and don't contain comments. Great, you die and who's going to maintain it let alone understand the 'intuitive' interface?

Re:No thank you!

Actually, he's right. MRTG is significantly less than optimal for doing large-scale network monitoring. Last time I checked, it was limited to populating 700,000 variables a minute or so, which is a trivially small number. Where I work, our monitoring software is pushing 8 million variables a minute and that's just the tip of the iceberg for us.

The problem with some open source software is that the engineers simply do not have larce scale environments in which to test. They also tend to (in most cases) design software specific to their problem, not efficient in general.

sig

SCOndomware: A new s/w wrapper in linux kernel 2.6 and up, to prevent SCO screwing around!

Heh :-)

More analagous to "prevent problems when they *do* screw around". But I laughed anyway.

There's something missing

[AndroidCat]

They mention all the cool toys and stuff to run your own NOC, but leave out the most important part: LUSERS!

What's the point of being Napoleon and BOFH of your own NOC if you don't have lusers to abuse? I think I might have an answer, however.

Tapping the vast pool of cheap out-of-work IT workers, LUSERS'R'US can provide a simulated load of lusers on your network -- Even with an adjustable rate of phone calls with silly-assed questions and problems for home NOC commanders to deal with.

If you want to be a real BOFH, you can't reign in hell without some damned souls to boss around. You need us. You need LUSERS'R'US!

Thin Article, now do it for real

[coofercat]

We had a spare Sun Ultra 1, so I pinched it and run Netsaint, MRTG, Nessus and smsclient on it. I'd like to put SmokePing on as well, but haven't got around it it yet.

I'd also like to get some sort of I/O capability, so it could monitor the temprature in the computer room, or check if the aircon's dribbled water over the floor. I guess it could also switch on a "red alert" light over the computer room door too (or just blink the light inside the red phone).

I don't have any dual-headed machines around, just the Netsaint status screen on my PC from time to time. I've even got the users trained to look at the status page themselves (I've got nice simple "Internet Access, Email, Office Network" statuses on the intranet home page too). I can see, at a glance, what's up and what's not, and get weekly security scans of the entire network. I guess some sort of network sniffer would be good too, but switches make that a bit of a pain. All that, and it can send me text messages when things go wrong.

Keep 'em peeled, someone's going to make an off the shelf product like this soon...

Re:Thin Article, now do it for real

You can monitor temperature in the server room dead easy with some dallas semiconductor ds1820's hooked up to the serial port of a monitoring box.
If you want a easy route to this, grab a ibutton link controller (rj45 version since we all have crimpers right?) and go get the fuse kernel module and onewire filesystem, voilla temperatures accessable by userspace as text files.
A link isnt expensive, and ds1820's should run you about 2e a piece....
Happy hacking, my whole house hvac is controlled like this...

Slashdotted.

Must be hosted on a cheap NOC.

~~~

This article is great...

[ApheX]

Unless you suffer from a power outage. Then your 'NOC' is down, your servers down. Everything is useles and out of your control.

Author should mention either hopping on eBay and getting a used rackmount UPS or building a battery backup yourself using car batteries. As crude as it sounds if you have the space (a seperate room) you can build a huge battery back up system for (relatively) next to nothing and be able to simply add more batteries for longer uptime, etc.

Re:WOPR

Yeah, I remember having to design a lameness filter on my BBS password system.

if pass$ = "pencil" then o$="Idiot":gosub 40:goto 6300:rem logoff idiot

CNN

[pyite]

Can't underestimate the importance of some news channel on at all times. During August of this year, we were in our NOC and we saw our power blip for a second and heard the UPS alarms from the adjacent machine room. Shortly thereafter, we found out we were on diesel power. Our monitoring tools began to show remote devices going down, some coming back, some not. I noticed my SSH session to home died around the same time. I began to worry. I called my house to see if my answering machine would pick up. No dice. It was at this point we realized a big power failure had hit us. A few minutes later, the reports started coming in on CNN that all of New York had gone down, etc. Eventually it all made sense, but it was definitely important to have CNN... even if we knew about the power failure before they did.

Re:CNN

[gmhowell]

You knew about the power failure before they reported it. Slight difference.

Re:CNN

[pyite]

This is true, and I thought about it after I submitted.

Site down??

Is this site down? I get a timeout error every time I try to connect to it.

http://www.thenetworkadministrator.com/HowToBuil dA CheapNOC.htm

ummm

[djupedal]

I've worked deep inside a NOC, and this is no NOC...

If you are a geek of 30 years of age...

... then you were drinking out of your sippy cup when this movie came out. Microsoft phased your version of geek out already.

power backup?

Yep - nothing like a NOC without UPS to make life interesting!

At least while watching the weather channel you can get a heads-up on when the boxes are going to be going down.

Build NOC

Thats cool and all but after sitting on top of many large networks I prefer Netview 6000 on AIX with lots of ram.
The easy of setting up the traps.

Can't underestimate the importance

[lildogie]

Perhaps you mean "can't understate."

Where did this "can't underestimate" idiom come from? Must have been nucular radiation.

Re:Can't underestimate the importance

[BitHive]

Well, if Google is any indicator of a phrase's frequency of use:

"can't understate" - 291 results
"can't underestimate" - 4,470 results

Or maybe IHBT.

Re:Can't underestimate the importance

[pyite]

I kinda meant what I said. When you underestimate, you don't recognize the full impact of something until the deficiency is fully realized. WordNet dictionary says "v 1: assign too low a value to" and that's what I meant.

Home surgery theater

[JohnnyBolla]

Get some x-acto knives, a bottle of rubbing alcohol, and a copy of Gray's anatomy.
Now you're a surgeon!

Obscure Reference: Could it be...

[Pii]

...The Heaven's Gate cultists?

Re:Obscure Reference: Could it be...

[Zeinfeld]

...The Heaven's Gate cultists?

Yep, they started by printing up a goofy 'how build a spaceship' manual back in the 70s... This makes about as much sense.

I have SSH on my laptop, what else do I need?

Things I have seen in actual NOCs that you REALLY need:

- Big Huge projected Openview display that is really a screen shot of some other network, with all the pretty green host icons.

- Big screen TV running CNN, with premium cable channels, so the staff can watch ESPN during those long nights.

- Big screen TV with a "tail -f" of some random syslog so it looks like something is actually happening.

Re:you're a fooking fucktard

Wahh, poor baby....

Just because he can do things you only dream of.. and HAVE A JOB doing it ...

Boo fricking hoo... nothing like a unemployed HACK to bitch about someone who is doing something they can't.

get a job you worthless wannabe.

bzzt! you're a retard!

that helmet looks good on you.

http://archives.neohapsis.com/archives/sf/ids/20 01 -q4/0330.html

try google next time, you fuckdumb. stop drooling all over yourself.

where's the fun in that?

[butane_bob2003]

Who wants to sit in a 4X8 closet with a bunch of cheap windows boxes? I want floated floors with forced air cooling, an inert gas fire suppression systems (and gas masks for everybody!), huge monolith UPSs (built in), a biodiesel/fuel cell backup generator, 3 fiber trunks on major internet backbones (gotta have multi-homing), an isolated command and control center, rackspace out the wazoo, a top 500 supercomputer or two, bullet proof glass walls with opacity dimmers, biometric security scanners, armed guards, NORAD like bomb shelter construction. Oh yeah, and a cafeteria. And armed female guards cloned from Lucy Liu's DNA. Now we're talking.

Evil on a Budget

[EvilTwinSkippy]

They must be subscribers to the Evil Lair on a Budget school of design.

A better article?

How about this one:

Managing Wide Area Network with GPL
products
http://www.ssgrr.it/en/ssgrr2003s/p apers/223a.pdf

Here is the Article

How to build a cheap Security NOC
William M. Nett

The Network Operations Center or NOC is the cornerstone of all computer networks. I've worked at AT&T's NOC, been around Government NOCs and seen small scaled versions. Most look like something out of the movie, "WarGames" and surprisingly, whether you're a Linux or Windows fan you can build one for cheap and be your own armchair NOC General.

What does a NOC do? It monitors connections, network activity, spots problems, conducts threat assessments, and calculates scalability requirements with customer demands... it also puts on a pretty good "dog-n-pony" show for potential investors and customers.

What's required? Again, surprisingly not too much! Depending on the size of your company, this can be achieved with as little as an 8' X 10' room, and 4 computers. Trust me, you more than likely do not need a $15,000 Cisco PIX or Nokia firewall (which runs Linux derivatives).

You'll need at least three big monitors (the bigger the better), two smaller ones (17"), a KVM switch, and OOB dialup. Here's the loadout:

1. Firewall: Get a copy of IPCOP... its Smoothwall on steroids and very easy to configure. It has a built in Intrusion Detection System, Proxy logging, and you can use Coyote Linux as a failover if you think you are being attacked. This package uses a web interface, so there's no need for a
monitor, keyboard, or mouse. These software elements are also free. Minimum requirements are a 333Mhz system with 64MB of RAM and a 2.1GB Hard-Drive.

2. Network Monitoring: Download a copy of F.I.R.E. and run it on a barebones 600 Mhz system. Configure and open Etherape on a monitor for an Air Traffic Controller's view of your network activity... bean counters love this. If you're being attacked or infected, you will quickly see where it's coming from. You should also use a receive only sniffer cable on this box to protect integrity... a receive only box has a zero chance of infection as it's physically impossible.

3. Got wireless? Download and run Airsnare with a semi hyped up Wireless antenna, and you'll quickly spot any war-drivers or unauthorized network connections. If you have an old directional motorized TV antenna system lying around you can go uber-elite and connect a cheap phased array panel antenna or cantenna to locate your wireless intruder with NetStumbler. This can all equally run on a 333Mhz Windows based system.

4. Workstation: Here's the beef... a 1.2Ghz, 512MB, 20GB computer, with dual head Matrox card, with dual booting OS (Linux & Windows), Preferably Linux with a Windows VMWARE guest OS. Trust me, once you go Dual-Head, you won't go back. The best Linux Dual-Head OS is SuSE 8.3. Tie this into the KVM to modify any of your servers.

5. Red Phone... afterall, who doesn't want one? You're batman right?

Your first Monitor should be watching CNN or the weather channel (depending on location), the second should be running Etherape, and the third should be running Airsnare or Windows Services Monitors (CPU, Netload, etc.) All of the software here except Windows is free, and easy to configure... except maybe your General's chair. In the end, aside from having your own
WOPR, you have a NOC for just under $2,000.00

William M. Nett

Links:
http://www.ipcop.org
http://www.coyotel inux.com
http://prdownloads.sourceforge.net/biatc hux/fire-0 .4a.iso?download
http://etherape.sourceforge.net/ images/v0.5.5.png An etherape screenshot
http://www.netstumbler.com
http://hom e.comcast.net/~jay.deboer/airsnare/downl oad.htm

nokias

[el_guapo]

do NOT run a linux derivative, they run ipso. a bsd derivative, supposedly a "hardened bsd" which is a bit bogus :/

It depends on who writes the checks...

Depending on your organization, it may be easier to get hundreds of thousands to build a glass palace that with no real functionality than a couple grand for a handful of small machines in a closet that do everything but the laundry.

It all depends on the "vision" of your IT management (and whoever he/she/they/it report(s) to). This could run from getting a truly mission-critical job done (what we techies all assume) to having something to impress visiting customers with (not entirely unreasonable--they don't want to trust *their* precious data in a pig wallow) to the CTO wanting to be able to impress his old frat brothers with what a swingin' dick he is (regrettably, all too common).

The last place I worked, the new VP we trolls found ourselves reporting to was practically coming in his pants talking about what a big, impressive gold-plated NOC he was going to put in, while at the same time arranging to outsource practically *everything*.

The place I worked before that, the owner had our servers put into an Exodus data center, *specifically* because they were the most expensive cage farm in town. At the time, there may have been a little more than ego-masturbation going on--the appearance of a "class act" tended to impress the investors.

The real reason...

[Click+0+Nett]

I think we can all agree that the real reason we geeks have invented this NOC stuff is so we can act like commanders of our own personal starships:

*beep beep beep*

Underling: "Sir, incoming connections are increasing..."

You: "What?! What is the nature of the increase?"

U: "Exponential!"

Y: "By the gods..... bring up all status displays, throttle incoming connections, make sure engineering has that backup DNS online!"

U: "Yes, sir!"

*fast forword to the NOC is dissarray, sparks flying, servers dying*

Engineering: "She canna hold much longer!"

Y: "That does it.... time for the last resort... ban all links coming from the reference slashdot.org, authorization omega 8 pi!"

This article sucks-The "/ {hole}" in the wall.

"In that case, welcome to Slashdot! (Some of us regulars here call it "/.")"

The "regulars" call it something else, but we're regularly modded down.

Re:Join the Simoniker Fan Club!

GOBBLE GOBBLE

Red Phones

[suky]

So where can one buy an infamous "red phone" like you might see in the Pentagon?

Or, preferably, one that blinks and goes "beep beep beep" like the Bat-Phone in stately Wayne Manor.