yes, try shutting down their funcking email access and im traffic and then complaining.
Most of the pub providers are using https for
access, block it. As a matter of fact block everything but 80 and then do string checking on download urls and implement CAR for your stuff.
Problems tend to fade away, as do troublemaking assqueefs.
Yes, and it's upnp service for those bandwidth challenged individuals looking to piggyback on
clueless dsl/cable guys xp machines was considerate as well.
Keep Smiling happy,happy..
I am in the same position,only after 3 years of
janitoring the problem, last year I went proactive and blocked everything but http from the instructional subnet with vanilla dst filtering and a transparent, url controlled,
proxy.
Then the requests started for exceptions from the teachers, "we need so and so for our interactive internet trek..", administrators came to me "Why doesn't hotmail work?->you did what?->fixit."
Policy policing in the comp labs became hazardous because kids still download
their warez, get pissed off that it doesn't work and then vandalize the machines or try to infect the machine with viruses. The teachers
resent technologies' interference in "their" labs and secretly(private web sites) encourage
the kids to "..most importantly, have fun.." in class and advocate game software and plugins
that have no place in the curriculum (and eat
up system/network resources).
There are 230 hosts on our network and two guys,
one who is over 60, trying to arrange licenses,
upgrade and maintain an aging fleet of crappy
winblowz pcs and assorted printers, and run 10 servers.
It sucks in an unbelievable way.
In short, you can either lose your job for seeming incompetence, quit from frustration or resign yourself to being a janitor and hope for the best.
"..Communist mindset engendered by Stallman and co..."
Warning:
Author of the previous statement may be a card
holding subscriber to the fascist mindset popular with repressive oligarchies and used
to great effect by 'truly' Communist countries like China.
What a disappointment: Grew up reading and idolizing ellison for his graphic anti-authoritarian ideals. I guess he just got old and burnt out, like a lot of 9-5 hippies.
$175/hour No.Va unix consultant.
$150/hour No.Va netware consultant.
This is the going price for consultancy
around here.
BTW: They make the same mistakes and config errors that anybody does...but they get to laugh about it and walk away...it's in their contract.
you don't catch it at the end of the day, and there is no liability...nice.
Obviously the guy is pissed..and frustrated.
The point here is that the work they do is enabled by the tools they use which is in our
care. If you rented a room in a non-smoking
house and smoked all the time you'd get kicked out eventually. Your reasons for doing this:
whether, stupidity, assumption of intellectual
superiority, addiction, etc..is not the issue.
There should be consequences for fouling up
the works.
If managment cannot control the situation it is
unfair to assume that the SA can do any better.
As far as talking down to users...
There are some users who will browbeat, circumlocute and sneak their way into trouble
consistently. If managment will not act then
as self defense I tend to treat them like shit.
I can empathize with the guy to some degree:
If you are willing to take home a paycheck you should be willing to obey all the rules set
out by IT staff towards enabling and keeping
your environment working. Without this the end
user and policy is the problem and the SA attitude is a natural outgrowth of the situation.
A strong, policied and enforced environment is productive and secure, a loose "do what you
want" environment is recipe for disaster unless
everyone has the technical acumen of the SA.
Okay..
Think of this situation in a typical k12
where the best they can afford is the 35k
please hire me tech monkey.
Now think, "we need more computers for
our teachers.." tech monkey says : NAT.
That's as far as most tech monkeys go.
As far as filtering misconfigured nodes dns requests or sap broadcasts , or multicast,
or wins requests: if the firewall wasn't smartly configured by the consultants when it came in..
You can see: lost cause: nimda and code red still
rage on in these networks, dns problems are the least of their worries.
Hi,
I agree with your initial sentiment, but many
people believe that a firewall is something
that it is not.
Egress filtering is one thing.
Programs on the receivers sides that redirect
data are another. What looks like http connects,
icmp traffic, and dns traffic may not be, and may not have been for the last three/four years.
The only way to "truly" restrict backdoors is to have per internal host accounting, NAT and
proxy auth with egress filtering IMO.
Disagree as you will:)
i find your rhetoric tiresome.
i abhor your self-righteousness
and petty,rambling morality.
you obviously have not read enough
history or cared enough to understand
all the issues involved in any sort
of religious proscription of science,
whether it be disguised in "morality"
or some political propaganda machine.
what you think is right is borrowed from
some piece of history and a precedent made by individuals concerned with control and power
for their own betterment and continued dominance.
you are naive if you believe otherwise.
I find that my hairline receeds more rapidly on brisk winter nights on New Years eve under the
combined elmental adjacencies of moon,saturn and
jupiter.
Just a personal note for those interested.
I consider myself a reptile,in the antediluvian sense. Unfortunately, my spiritual predecessors
have given up the ghost in the tarpits and fossilfields of unmarked time and I am alone with
the realization that what is happening will happen because it is happening and it will happen until it is done happening. This changes nothing.
I will fade away and pass into the west and remain
the last melodramatic iguana.
REAL EXPERIENCE:
Try babysitting 150 teachers that want
outlook express on the desktop and complain
about their virus protection slowing down
execution and opening of files.
Now that's a shitter.
Politics suck.
Why can't people leave the jerkin machine
junkies alone and listen to something without
being so gawddamn sensitive.
If I correct my superior then one of us is
wrong: the end.
I once was at a consultants meeting where
the topic was how to restructure a network.
The conclusion was to go with MS proxy server
on the basis of it's ability to perform NAT and proxy services. This was arranged by my boss
who didn't want to hear about linux/bsd.
The people who came to this conclusion was
an older "expert" and the head management
guy from the consultants.
The consultants technical guy: MCSE, CCNA, etc..
didn't say a word. He knew better.
I went home and looked it up. MS proxy 4.0
didn't do NAT.
We didn't use them again.
If I am scared to say a word about crap
like this then it costs my company
thousands of dollars in lost revenue
Slashdot Mirror
yes, try shutting down their funcking email access and im traffic and then complaining. Most of the pub providers are using https for access, block it. As a matter of fact block everything but 80 and then do string checking on download urls and implement CAR for your stuff. Problems tend to fade away, as do troublemaking assqueefs.
Yes, and it's upnp service for those bandwidth challenged individuals looking to piggyback on clueless dsl/cable guys xp machines was considerate as well. Keep Smiling happy,happy..
Do you work for microsoft by chance?
What a really, really, bad idea.
Here trollie is this close? eval "echo -e `printf "\x066\x055\x063\x06B \x055"`" The confusion is all yours prick.
"..Communist mindset engendered by Stallman and co..." Warning: Author of the previous statement may be a card holding subscriber to the fascist mindset popular with repressive oligarchies and used to great effect by 'truly' Communist countries like China.
What a disappointment:
Grew up reading and idolizing ellison for his
graphic anti-authoritarian ideals. I guess he just got old and burnt out, like a lot of 9-5 hippies.
Not really, I think you lack perspective on the situation. Walk a mile in his shoes then come back.
$175 /hour No.Va unix consultant.
$150 /hour No.Va netware consultant.
This is the going price for consultancy
around here.
BTW: They make the same mistakes and config errors that anybody does...but they get to laugh about it and walk away...it's in their contract.
you don't catch it at the end of the day, and there is no liability...nice.
Obviously the guy is pissed..and frustrated. The point here is that the work they do is enabled by the tools they use which is in our care. If you rented a room in a non-smoking house and smoked all the time you'd get kicked out eventually. Your reasons for doing this: whether, stupidity, assumption of intellectual superiority, addiction, etc..is not the issue. There should be consequences for fouling up the works. If managment cannot control the situation it is unfair to assume that the SA can do any better. As far as talking down to users... There are some users who will browbeat, circumlocute and sneak their way into trouble consistently. If managment will not act then as self defense I tend to treat them like shit. I can empathize with the guy to some degree: If you are willing to take home a paycheck you should be willing to obey all the rules set out by IT staff towards enabling and keeping your environment working. Without this the end user and policy is the problem and the SA attitude is a natural outgrowth of the situation. A strong, policied and enforced environment is productive and secure, a loose "do what you want" environment is recipe for disaster unless everyone has the technical acumen of the SA.
Okay.. Think of this situation in a typical k12 where the best they can afford is the 35k please hire me tech monkey. Now think, "we need more computers for our teachers.." tech monkey says : NAT. That's as far as most tech monkeys go. As far as filtering misconfigured nodes dns requests or sap broadcasts , or multicast, or wins requests: if the firewall wasn't smartly configured by the consultants when it came in.. You can see: lost cause: nimda and code red still rage on in these networks, dns problems are the least of their worries.
Hi, I agree with your initial sentiment, but many people believe that a firewall is something that it is not. Egress filtering is one thing. Programs on the receivers sides that redirect data are another. What looks like http connects, icmp traffic, and dns traffic may not be, and may not have been for the last three/four years. The only way to "truly" restrict backdoors is to have per internal host accounting, NAT and proxy auth with egress filtering IMO. Disagree as you will :)
Um, what could be easier than an install
that gives you the option of:
"default with office"
i find your rhetoric tiresome. i abhor your self-righteousness and petty,rambling morality. you obviously have not read enough history or cared enough to understand all the issues involved in any sort of religious proscription of science, whether it be disguised in "morality" or some political propaganda machine. what you think is right is borrowed from some piece of history and a precedent made by individuals concerned with control and power for their own betterment and continued dominance. you are naive if you believe otherwise.
You fearless hippie antipropagandizer, I love you man.
Do you code in c# too?: That would make it perfect.
You livin that name son: when you gonna run out of spaces to kill brotha?
I find that my hairline receeds more rapidly on brisk winter nights on New Years eve under the
combined elmental adjacencies of moon,saturn and
jupiter.
Just a personal note for those interested.
Did you spellcheck before you sent the letter?
modern man has no bowl, no pot, no buzz.
I consider myself a reptile ,in the antediluvian sense. Unfortunately, my spiritual predecessors
have given up the ghost in the tarpits and fossilfields of unmarked time and I am alone with
the realization that what is happening will happen because it is happening and it will happen until it is done happening. This changes nothing.
I will fade away and pass into the west and remain
the last melodramatic iguana.
I like you. You is my kinds of folk.
I think you and me should get a beer and tear
the town a new asshole, thats what I think.
REAL EXPERIENCE:
Try babysitting 150 teachers that want
outlook express on the desktop and complain
about their virus protection slowing down
execution and opening of files.
Now that's a shitter.
Politics suck.
Why can't people leave the jerkin machine
junkies alone and listen to something without
being so gawddamn sensitive.
If I correct my superior then one of us is
wrong: the end.
I once was at a consultants meeting where
the topic was how to restructure a network.
The conclusion was to go with MS proxy server
on the basis of it's ability to perform NAT and proxy services. This was arranged by my boss
who didn't want to hear about linux/bsd.
The people who came to this conclusion was
an older "expert" and the head management
guy from the consultants.
The consultants technical guy: MCSE, CCNA, etc..
didn't say a word. He knew better.
I went home and looked it up. MS proxy 4.0
didn't do NAT.
We didn't use them again.
If I am scared to say a word about crap
like this then it costs my company
thousands of dollars in lost revenue
Which means that jumping jobs when you get bored
is the way to go.
Every day I learn something new, even if it
isn't related to my job per-se.
Tell you the truth If newness is what you want
then a production network where stability is
of paramount importance is not where you should be anyway.
Yes, I'm an old shit.