It's days like today, where I really hate the wait for getting books from Amazon.
Reasons I hate the wait:
1) one of the books I need is work related, and it would be nice not flail around in front of networking people from other companies. I did what needed to be done, but it would have been nice to do it faster, I don't have a ton of experience on firewalls in general, or the one being used.
2) For the most part it was slow today at work. It would have been nice to have the book from number 1) to read today. It would also have been nice to have the CCNA study guide I purchased to read as well. I haven't done much networking in the last 7 years. That which I have done has been small, or simple. I think the CCNA would be a good review. It would also help with other things t hat I have to deal with at where I'm currently working. Like co-workers who think I don't know anything other than Nix (a comment that has come up a few times now).
For the record, I don't put much faith in certs, not even the Cisco ones. The CCNA was next to useless to me before, when I had 5 years of day in and day out experience. I don't think it will be all that more useful to me now. However, it besides the job performance over the last 3 weeks, can be thrown in the doubter's faces.
Monday, March 31, 2008
Friday, March 28, 2008
FuseSMB.cache
Tuesday night I had to bring a new external server online. While checking the firewall logs I saw something interesting. There was a box on our internal network trying to ping it. So I started checking the log for just that ip address. It was pinging the whole network.
Of course it was failing since we deny pings from our users space. But it was interesting. I was left wondering if someone's box was infected and trying to map our network and spread the disease.
So looking into it more, it turned out to be a Linux Mint box in Engineering. So I had to get a copy of Linux Mint. After several attempts, I was able to finally get a copy, and took it to work yesterday. When I ran it, it wasn't doing it.
So I had the electrical engineer do a TCPDump icmp on his box (which I could have done sooner, but I wanted to see if I could replicate the traffic I was seeing). He left it running for about 2 minutes and saw that it was doing all the boxes on the network. A quick netstat -ep saw it was something called fusesmb.cache.
More looking, at it, it's a way for Samba to be mounted via fuse to the file system and replicate the function of microsoft's network neighborhood. Neat little program, but I wish it didn't ping spam the network.
EDIT*
This seems to be popular (at least comes up in google searchs, according to sitemeter a bit) for a quicker and cleaner answer go to this more recent post
Of course it was failing since we deny pings from our users space. But it was interesting. I was left wondering if someone's box was infected and trying to map our network and spread the disease.
So looking into it more, it turned out to be a Linux Mint box in Engineering. So I had to get a copy of Linux Mint. After several attempts, I was able to finally get a copy, and took it to work yesterday. When I ran it, it wasn't doing it.
So I had the electrical engineer do a TCPDump icmp on his box (which I could have done sooner, but I wanted to see if I could replicate the traffic I was seeing). He left it running for about 2 minutes and saw that it was doing all the boxes on the network. A quick netstat -ep saw it was something called fusesmb.cache.
More looking, at it, it's a way for Samba to be mounted via fuse to the file system and replicate the function of microsoft's network neighborhood. Neat little program, but I wish it didn't ping spam the network.
EDIT*
This seems to be popular (at least comes up in google searchs, according to sitemeter a bit) for a quicker and cleaner answer go to this more recent post
Thursday, March 20, 2008
reasons I like Gentoo
It's in my top five list and growing. It's tied with Knoppix for third choice. Behind Debian and Sidux.
So why do I like it, well Knoppix is taking 5 hours to download, it's only 696.4MB. It'll probably speed up after work.
However... I'm trying to bring "our test" xensource server on line. The person that set it up, was using it for a test box. He had a personal box on there, as well as a couple of company boxes. He left, but guess what. He used his own password for the server, and I don't know it.
I tried fedora live (fedora 8) and it wouldn't boot, I tried the kde version too and it wouldn't boot. I started downloading knoppix but well 5 hours from now I expect to be in a class. So I went back to my distro box, and pulled out Gentoo, it has worked a few other times when nothing else would. So I'm impressed.
I was able to boot into gentoo, as a live cd, and then confirm that the network port was working (question that since xensource's windows client couldn't connect), then I mounted the hard drive with the config files on it, modified /etc/password (there is no shadow file in xensource it appears), and then delted the root password, saved and rebooted.
Lo, root access with no password. Of course I fixed that already.
Which goes to show one more reason to protect your computer with Physical security not just software.
So why do I like it, well Knoppix is taking 5 hours to download, it's only 696.4MB. It'll probably speed up after work.
However... I'm trying to bring "our test" xensource server on line. The person that set it up, was using it for a test box. He had a personal box on there, as well as a couple of company boxes. He left, but guess what. He used his own password for the server, and I don't know it.
I tried fedora live (fedora 8) and it wouldn't boot, I tried the kde version too and it wouldn't boot. I started downloading knoppix but well 5 hours from now I expect to be in a class. So I went back to my distro box, and pulled out Gentoo, it has worked a few other times when nothing else would. So I'm impressed.
I was able to boot into gentoo, as a live cd, and then confirm that the network port was working (question that since xensource's windows client couldn't connect), then I mounted the hard drive with the config files on it, modified /etc/password (there is no shadow file in xensource it appears), and then delted the root password, saved and rebooted.
Lo, root access with no password. Of course I fixed that already.
Which goes to show one more reason to protect your computer with Physical security not just software.
Labels:
computer security,
computers,
Gentoo,
I get paid for this,
linux
Subscribe to:
Posts (Atom)