Is Your Office Haunted?
WormholeFiend writes "You know Halloween is around the corner when websites like Forbes.com releases a story wondering about the supernatural. From the article: 'Maybe the spirits have decided that spooky mansions and creepy battlefields are passé. Maybe they want to cash in on the glamour of corporate life. Maybe they just wanted the sushi.'" Anyone out there have any encounters with a spiritual Milton?
The article didn't shed much light on paranormal experience nor did it even lead me to be much more curious. In my opinion it's mostly goofiness.
However, the article did contain a gem, and delivered as a parting word of wisdom:
Nicely put, and 'nuff said.
At my office, some mysterious creature keeps "watering" the floor of the men's restroom. Does that count?
Here at MIT, we regularly see ghostly figures walking around in distress at 4 in the morning. We call them grad students.
There is some value in it; it tells you what a significant portion of the population are believing. That's scarier than their profits. Wooooh! (Do ghosts go "Wooooh!" all over the world or just here in Little Britain?)
Yours Sincerely, Michael.
You know you can turn that "Clippy" guy off right?
(Bob is a analyst at a security operations center for an ISP. He sent me this email and I decided I'd pass it on to you guys for review. Is this even possible? I'm not sure, but it sure did freak Bob out. He can't bring himself to go back to the SOC anymore, and he's looking for telecommuting jobs on Monster. --Alice)
Alice,
I know you're gonna think I'm crazy but you're the only one I can think who would possibly listen to what I'm about to say without immediately dismissing it. Please, read my whole account of what happened to me tonight before writing me off.
I went into work last night for the graveyard shift. Yeah, graveyard shift on Halloween, haha. We'd just ramped up to 24/7 ops the previous week so this was going to be my first night alone in the SOC. I was pretty excited at first, since I wouldn't have any of these other knuckleheads in my hair while I was doing some hard core analysis, you know? I logged into my station, started some queries for deltas in the previous 24, and went to get some coffee, since it was going to be a long night.
Little did I know...
After returning to the SOC with my joe, Carol gave me the briefing on the days events (in a nutshell, nothing - apparently all the s'kiddies were gearing up for Trick or Treating and not harassing us). She did mention something that didn't show up in any of the reports though - a general "weirdness" to the traffic in the DMZ. She couldn't really qualify it, but she said she though something kind of odd was going on. Okay Carol, I'll keep my eyes open (as I roll them back into my head). She punched out and I was all alone.
Or was I?
I threw some tunes on WinAmp and started to rock out while pouring over the output of my earlier queries. My attempts at scripting up some rudimentary anomaly detection in our aggregation console appeared to be woefully inadequate or simply functioning properly with a dearth of anomalies when I saw it.
A new host in the DMZ.
A host which had apparently come up at midnight local, October 31st. Who the hell stands up a box in the DMZ at *midnight* on a Saturday night? It had to be the mouth-breathers in development relying on the assumption that no one would be monitoring the network over the weekend. Heh, nice try chumps, but you've just tweaked the wrong BOFH. To cover my bases, I looked up the latest network diagrams for the DMZ. Just as I thought, nothing authorized or even submitted regarding a new box in the DMZ. Finally, after months of slaving away over reports I was going to get to demand someone take a box down. I could feel the power coursing through my fingertips as I began to compose the flame to end all flames.
"Dear clownboats,"
I hesitated. What would they come back with? I needed more ammunition to stave off a possible counteroffensive. I decide to scan the box, to see how much risk these "developers" were actually exposing my DMZ to. A quick nmap returned results the likes of which I had not seen since my days at that dot bomb in Sunnyvale.
"Remote operating system guess: Linux 2.0.35-37"
W
T
F
Two-oh? Was this some sort of prank? These guys are dullards to be sure, but no one is this stupid. It's gotta be some sort of security through ob-fu or something. I had to know. Telnetting quickly confirmed my worst fears.
Trying 10.31.10.31...
Connected to 10.31.10.31.
Escape character is '^]'.
Red Hat Linux release 5.2 (Apollo)
Kernel 2.0.36 on an i486
login:
I stared, dumfounded, at the prompt's ever-blinking cursor. I tried to wrap my head around what I was seeing. Red Hat FIVE DOT FSKING TWO? Even if this was a honeypot, this was ridiculous. What were they trying to do, find out which kiddie has the oldest sploits?
I did what any sane security professional would do in my situation.
I typed "root".
The box retorted with "Password:"
I reiterated, "root".
[root@zion root]#
A chill crept out of my keyboard and up my spine as I realized that