Even better if as a company they block IE6 access to external sites
How the hell are you going to do that? RegEx on the firewall to block the IE6 User-Agent? Proxy server settings? I'm scratching my head here on how you would implement this, network-wise.
Well that's your own fault, for not reading the release notes on the new revision, and checking to see if there are any Open Issues that affect your particular config. If you're really lazy you can open a TAC case and have one of their front line guys do it for you.
I've been running 12.4T since 12.4.2T2, on over 100 routers, with complex BGP, DMVPN, and QoS configs, with no problem. No problem because I made sure I wasn't going to get hit with a known bug, but yes, I'll agree that there are usually quite a few known bugs in any given release.
The Vic-20 was the wo- rst of both worlds, bad games, crappy basi c, and only 22 columns across. Oh yea, and a 300-baud modem and no disk drive, just casse tte. Still, INFOCOM h ad a few good text adv entures on it.
Despite being quite awful, there's a reference to key parties in the Grinch movie (the remake with Jim Carey, directed by Ron Howard.) As a bunch of Who's enter a who-house for a Christmas party, they all throw their keys into a fishbowl by the window. My kids had no idea why I was laughing my ass off.
I'm a network engineer by trade with responsibility for my company's firewalls, IPS sensors, Network Behavior Detection / Netflow tools, etc. Your post piqued my interest for one of my backburner science projects: a malware research "lab". My company has multiple licenses for VMWare ESX server, VMWare Lab Manager, and the like, and I'd really like to create an environment where I can let specific malware run "freely" and see how well (or more likely, how poorly) my aforementioned firewalls and IPS sensors do at detection / mitigation. Sort of like the xkcd "malware aquarium" comic http://xkcd.com/350/
I know this is an extremely open-ended question, but could please comment on my idea and give any general suggestions on how to get started? Note: I am not a newbie, have been doing some form of computers, networking, and hacking/network security for a long time. I'm just looking for some good Best Practices (or links to them) from someone like yourself who does this for a living.
My idea is to have a few XP virtual machines running through a virtual switch, that connects through a real (and dedicated) interface on the VM server, out to the firewalls, and IPS's, and then back through another dedicated interface into the VM server. I suppose I could also 802.1Q trunk in/out of the VM server and save myself a NIC. I thought I could also create a virtual honeynet with honeyd for simulating destination hosts for the infected hosts.
I'm not quite as interested in getting into the guts of the malware with reverse-engineering, disassembly, and whatnot. I just want to learn a few things, tune my devices, and ultimately better protect my company's network.
Thanks a million in advance (and a huge THANKS for your work as a malware researcher. You are an unsung hero in my books.)
My favorite Q2 mod was "Capture the Chicken" where instead of a flag, a clucking, feather-dropping chicken was the target. When you picked up the chicken, you were "it" and tried your best to keep him for as long as possible, with NO WEAPONS mind you. When the opposing players closed in for the kill you could either take it like a man and get fragged six ways to sunday, or throw the chicken ("Ba-caw!!") away for another player to pick up. Only the "it" person took damage, everyone else was invincible.
That was what 'outed' us to our bosses that we were playing games during work hours. The howls of laughter as we desperately tried to catch that damn chicken filled the halls.
I use my serial port all the time to connect to the console port on network devices (cisco routers, switches, and whatnot) for initial device config, and an analog modem to connect to said routers/switches once they're out in the field and their primary connection (T1 or E1) fails.
Yes, USB-to-Serial converters are commonplace, so I could do away with the serial port, but when a circuit goes down and you need to prove to the ISP that its -not- your equipment at fault, there's literally no substitute for an analog, out-of-band connection.
That's the problem with killing off a technology, there's also a certain fraction of a percentage of users that absolutely must have it. Except for ZIP drives, of course. May they eternally burn in hell, amen..
Is how to answer my 5-year old's question of: "Ok, but whats outside the universe?"
She gets solar systems, and has a pretty good handle on galaxies and that there are lots and lots of them. I'm still trying to explain the Big Bang, and keep getting hung up on what the universe is expanding INTO.
I know, even us Big People don't have a good answer, but what the heck do you tell a kid?
My first job was at a big clothing store, and two guys I knew worked together to steal a ton of stuff. One worked out front on the floor, and the other was a janitor. The first would pick out a bunch of nice clothes and wait for the second to come by with one of those big rolling trash bins, and would then 'throw' away the clothes. The janitor would likewise throw the clothes in the dumpster/trash-compactor out back, and both would come back late at night, unlock the dumpster from the outside and retrieve the clothes. And they never got caught!
I'm all for employee's listening to music at work, but NOT via streaming. I have over 80 remote offices connected up to an MPLS VPN cloud via T1's. Internet (and thus streaming) access is backhauled through the cloud and out through one of two 45Mbps DS3's. All it takes is a half-dozen slackers listening to 128Kbps streams, and another couple watching YouTube and Break.com videos, and the remote pipe is almost saturated. THEN they complain that they can't get their work done because "the network is too slow."
I'm putting proxy servers in place right now, with full intention of first quantifying/aggregating how much bandwidth is being wasted, and next blocking it outright.
Yes, there are definitely business-related streams, and those will get white-listed.
And, to preemptively respond to the "just get more bandwidth" naysayers, here's what's involved with that:
$800/month for the extra T1
$500-$1000 one-time charge to add a second WIC (wan interface card) to the router
about 10 hours (at least) of network engineering time to order the new circuit through the provider, coordinate with the locals to extend the new circuit into our closet, get on a call and do a "hot cut" to switch over to the bonded T1 config and apply new QoS policies, then make sure the monitoring platforms recognize that its now a NxT1 (n=2,3,etc).
All this just so Jason the Temp can listen to WOXY online.
Slashdot Mirror
Even better if as a company they block IE6 access to external sites
How the hell are you going to do that? RegEx on the firewall to block the IE6 User-Agent? Proxy server settings? I'm scratching my head here on how you would implement this, network-wise.
I'm on AA's modified Six Step plan: Every OTHER day at a time.
Well that's your own fault, for not reading the release notes on the new revision, and checking to see if there are any Open Issues that affect your particular config. If you're really lazy you can open a TAC case and have one of their front line guys do it for you.
I've been running 12.4T since 12.4.2T2, on over 100 routers, with complex BGP, DMVPN, and QoS configs, with no problem. No problem because I made sure I wasn't going to get hit with a known bug, but yes, I'll agree that there are usually quite a few known bugs in any given release.
I'm on the 6 step plan: Every other day at a time
how about Shire Reckoning?
Make a lot of money, Keep it Legal, Like your Job. Pick TWO.
Right. Just be nice and set the Evil bit if you're doing anything naughty. Problem solved.
Its great if you can get Chuck from the Nerd Herd to work on your PC, but otherwise the store is full of spies, spooks, and narcs.
The Vic-20 was the wo-
rst of both worlds,
bad games, crappy basi
c, and only 22 columns
across. Oh yea, and a
300-baud modem and no
disk drive, just casse
tte. Still, INFOCOM h
ad a few good text adv
entures on it.
Despite being quite awful, there's a reference to key parties in the Grinch movie (the remake with Jim Carey, directed by Ron Howard.) As a bunch of Who's enter a who-house for a Christmas party, they all throw their keys into a fishbowl by the window. My kids had no idea why I was laughing my ass off.
I'm a network engineer by trade with responsibility for my company's firewalls, IPS sensors, Network Behavior Detection / Netflow tools, etc. Your post piqued my interest for one of my backburner science projects: a malware research "lab". My company has multiple licenses for VMWare ESX server, VMWare Lab Manager, and the like, and I'd really like to create an environment where I can let specific malware run "freely" and see how well (or more likely, how poorly) my aforementioned firewalls and IPS sensors do at detection / mitigation. Sort of like the xkcd "malware aquarium" comic http://xkcd.com/350/
I know this is an extremely open-ended question, but could please comment on my idea and give any general suggestions on how to get started? Note: I am not a newbie, have been doing some form of computers, networking, and hacking/network security for a long time. I'm just looking for some good Best Practices (or links to them) from someone like yourself who does this for a living.
My idea is to have a few XP virtual machines running through a virtual switch, that connects through a real (and dedicated) interface on the VM server, out to the firewalls, and IPS's, and then back through another dedicated interface into the VM server. I suppose I could also 802.1Q trunk in/out of the VM server and save myself a NIC. I thought I could also create a virtual honeynet with honeyd for simulating destination hosts for the infected hosts.
I'm not quite as interested in getting into the guts of the malware with reverse-engineering, disassembly, and whatnot. I just want to learn a few things, tune my devices, and ultimately better protect my company's network.
Thanks a million in advance (and a huge THANKS for your work as a malware researcher. You are an unsung hero in my books.)
There is no Mobile development with VS Express. You either need VS 2005 Standard or VS 2008 Professional.
My favorite Q2 mod was "Capture the Chicken" where instead of a flag, a clucking, feather-dropping chicken was the target. When you picked up the chicken, you were "it" and tried your best to keep him for as long as possible, with NO WEAPONS mind you. When the opposing players closed in for the kill you could either take it like a man and get fragged six ways to sunday, or throw the chicken ("Ba-caw!!") away for another player to pick up. Only the "it" person took damage, everyone else was invincible.
That was what 'outed' us to our bosses that we were playing games during work hours. The howls of laughter as we desperately tried to catch that damn chicken filled the halls.
You mentioned you're in the Boston area. Why not try "Help me Hank" - Channel 7's investigative reporter.
I use my serial port all the time to connect to the console port on network devices (cisco routers, switches, and whatnot) for initial device config, and an analog modem to connect to said routers/switches once they're out in the field and their primary connection (T1 or E1) fails.
Yes, USB-to-Serial converters are commonplace, so I could do away with the serial port, but when a circuit goes down and you need to prove to the ISP that its -not- your equipment at fault, there's literally no substitute for an analog, out-of-band connection.
That's the problem with killing off a technology, there's also a certain fraction of a percentage of users that absolutely must have it. Except for ZIP drives, of course. May they eternally burn in hell, amen..
My wife just called you a sicko, but man that was funny!
Is how to answer my 5-year old's question of: "Ok, but whats outside the universe?"
She gets solar systems, and has a pretty good handle on galaxies and that there are lots and lots of them. I'm still trying to explain the Big Bang, and keep getting hung up on what the universe is expanding INTO.
I know, even us Big People don't have a good answer, but what the heck do you tell a kid?
My first job was at a big clothing store, and two guys I knew worked together to steal a ton of stuff. One worked out front on the floor, and the other was a janitor. The first would pick out a bunch of nice clothes and wait for the second to come by with one of those big rolling trash bins, and would then 'throw' away the clothes. The janitor would likewise throw the clothes in the dumpster/trash-compactor out back, and both would come back late at night, unlock the dumpster from the outside and retrieve the clothes. And they never got caught!
And while you're at it, DON'T get them wet, and NEVER, EVER feed them after midnight.
This is slashdot. People here aren't supposed to know what that means..
I'm putting proxy servers in place right now, with full intention of first quantifying/aggregating how much bandwidth is being wasted, and next blocking it outright.
Yes, there are definitely business-related streams, and those will get white-listed.
And, to preemptively respond to the "just get more bandwidth" naysayers, here's what's involved with that:
$800/month for the extra T1
$500-$1000 one-time charge to add a second WIC (wan interface card) to the router
about 10 hours (at least) of network engineering time to order the new circuit through the provider, coordinate with the locals to extend the new circuit into our closet, get on a call and do a "hot cut" to switch over to the bonded T1 config and apply new QoS policies, then make sure the monitoring platforms recognize that its now a NxT1 (n=2,3,etc).
All this just so Jason the Temp can listen to WOXY online.
Use your damn iPod!
We really want to, but our damn accent turns 'Arrgh' into 'Ahhhh'.
Shut up Mom, Real Girls(tm) count. Now go back upstairs and get out of my basement.
http://www-tech.mit.edu/V128/N30/subway/
Direct link to the presentation PDF:
http://www-tech.mit.edu/V128/N30/subway/Defcon_Presentation.pdf
What is this 'tat' that you refer to, and where can I exchange it for this first thing?