Unoffical empeg BBS

Quick Links: Empeg FAQ | RioCar.Org | Hijack | BigDisk Builder | jEmplode | emphatic
Repairs: Repairs

Topic Options
#69177 - 09/02/2002 14:34 The lengths I will go to for my job and my hobby.
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31600
Loc: Seattle, WA
I forget who is attributed with the original phrase... something along the lines of "those who can combine their vocation with their avocation are truly blessed". I think "blessed" was a typo, they probably meant "cursed".

Here's my story...

Last night, Tod and I went to a small LAN party. For those who are interested, Serious Sam 2 is just aweshum for deathmatch. The level with the santa claus dropping presents around the little alpine town was just insanely fun for the four of us. The gathering wrapped up at about 3am as usual. We packed up and headed out, I dropped Tod off at his house and was on my way home at about 4am.

I just happened to have the radio on and was listening to a news/talk station. The ABC news report was on, and they reported a security hole in some server product. "Big deal," I thought, "that stuff happens all the time," but then they said the name of the product: Black Ice Defender. Uh-oh, Black Ice is the only thing currently protecting one of my company's critical web servers.

I scramble into the house (suddenly a lot more awake for some reason) and inform my wife that I won't be climbing into bed just yet. She recommends that I use her laptop to check the bulletin rather than trying to hook my computer back up, bless her heart. Sure enough, this report describes a buffer overrun bug which contains the four most fearsome words in a network administrator's vocabulary: "execution of arbitrary code".

Of course the day of/after a security bulletin is usually when the script kiddies do most of their hack attempts on new exploits, so there was no time to lose. Instead of climbing into a warm bed after an all-night LAN party, I had to drive 20 minutes in to my office to go patch our web server.

I fully expected to arrive to discover a hacked web server, but it seemed all was well. I patched the server and was back in bed by 6am. Even managed to sleep until noon or so, despite being awakened intermittently by my neighbor's chainsaw.
_________________________
Tony Fabris

Top
#69178 - 09/02/2002 15:46 Re: The lengths I will go to for my job and my hobby. [Re: tfabris]
muzza
Pooh-Bah

Registered: 21/07/1999
Posts: 1765
Loc: Brisbane, Queensland, Australi...
Jeez Tony! Close call. I hope your boss recognises this extra effort. I suppose he/she might say "it's your job" but do they drive in to work when they suddenly remember a point to put in the annual report?
At least you have a very understanding wife.

maybe you were 'meant' to hear that news item at that time?
_________________________
-- Murray I What part of 'no' don't you understand? Is it the 'N', or the 'Zero'?

Top
#69179 - 09/02/2002 17:48 Re: The lengths I will go to for my job and my hobby. [Re: tfabris]
svferris
addict

Registered: 06/11/2001
Posts: 700
Loc: San Diego, CA, USA
My only question is this:

Why were you listening to the radio? You've got an empeg!
_________________________
__________________ Scott MKIIa 10GB - 2.0b11 w/Hijack MKIIa 60GB - 2.0 final w/Hijack

Top
#69180 - 09/02/2002 19:20 Re: The lengths I will go to for my job and my hobby. [Re: svferris]
muzza
Pooh-Bah

Registered: 21/07/1999
Posts: 1765
Loc: Brisbane, Queensland, Australi...
just as well he was!
_________________________
-- Murray I What part of 'no' don't you understand? Is it the 'N', or the 'Zero'?

Top
#69181 - 09/02/2002 19:39 Re: The lengths I will go to for my job and my hobby. [Re: muzza]
lectric
pooh-bah

Registered: 20/01/2002
Posts: 2085
Loc: New Orleans, LA
Chuckle... We usually have our LAN parties AT work. And play a LOT of Starcraft, Total Annihilation, and that ilk. The only first-person shooter we play now is return to Castle Wolfenstein. (Kicks ASS btw)

Top
#69182 - 09/02/2002 19:55 Re: The lengths I will go to for my job and my hobby. [Re: lectric]
Anonymous
Unregistered


What is a LAN party?

Top
#69183 - 09/02/2002 20:21 Re: The lengths I will go to for my job and my hobby. [Re: ]
lectric
pooh-bah

Registered: 20/01/2002
Posts: 2085
Loc: New Orleans, LA
Hehe... Basically a sausage party where everyone brings their computer and plays network games for like 16 hours straight... Or were you kidding..... ;8^)

Top
#69184 - 09/02/2002 23:36 Re: The lengths I will go to for my job and my hobby. [Re: ]
time
enthusiast

Registered: 20/11/2000
Posts: 279
Loc: Pacific Northwest
Networked empeg's with everybody hijacking....

Nah, not our Tony.

Top
#69185 - 09/02/2002 23:43 Re: The lengths I will go to for my job and my hobby. [Re: tfabris]
drakino
carpal tunnel

Registered: 08/06/1999
Posts: 7868
For those who are interested, Serious Sam 2 is just aweshum for deathmatch.

Grr, it's not in stores here yet, so our LAN party today ended up consisting of Counter Strike, Medal of Honor, and a bit of DAoC.

I had to drive 20 minutes in to my office to go patch our web server.

Remote managment solutions are your friend...

Top
#69186 - 10/02/2002 00:37 Re: The lengths I will go to for my job and my hobby. [Re: time]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31600
Loc: Seattle, WA
Networked empeg's with everybody hijacking....

No, not necessary. Of the people we usually play LAN deathmatch with, only Tod and I have empegs. And we both keep our MP3s on our PC's hard disks, so if we want to share music, we can do it without involving the empegs (and at 100 megabit, too).

The empeg does happen to be great for providing background music for LAN parties, though.
_________________________
Tony Fabris

Top
#69187 - 10/02/2002 00:44 Re: The lengths I will go to for my job and my hobby. [Re: drakino]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31600
Loc: Seattle, WA
Remote managment solutions are your friend...

I knew someone would say that.

I do use remote management software on all of my other servers. However, I am painfully aware of the fact that most remote-management packages have security holes of their own, sometimes the holes are big enough to drive a truck through.

One of my basic tenets of security protection is to deliberately reduce the number of services on a given box to the bare minimum. Disable everything that isn't explicitly needed. You should see the bootup event log on this server, there's a bunch of internal Windows services that refuse to run because of some of the Windows 2000 bloat that I've deactivated.

This particular server is the only publicly-exposed web server on our premises, and as such, gets extra-special treatment with regard to security. So, no remote management packages.
_________________________
Tony Fabris

Top
#69188 - 10/02/2002 02:52 Re: The lengths I will go to for my job and my hob [Re: tfabris]
danthep
enthusiast

Registered: 29/08/1999
Posts: 209
Loc: new zealand
One of my basic tenets of security protection is to deliberately reduce the number of services on a given box to the bare minimum. Disable everything that isn't explicitly needed

I'd argue that remote management is an explicit basic minimum requirement to keep a server secure.

I wouldn't trust windows type products like PC Anywhere, given past security holes. But any SSH v2 based product is a pretty safe bet.

Top
#69189 - 10/02/2002 05:23 Re: The lengths I will go to for my job and my hob [Re: danthep]
bonzi
pooh-bah

Registered: 13/09/1999
Posts: 2401
Loc: Croatia
But any SSH v2 based product is a pretty safe bet.

Or (and especially *and*) physical security like access via modem with hardcoded single call-back number.
_________________________
Dragi "Bonzi" Raos Q#5196 MkII #080000376, 18GB green MkIIa #040103247, 60GB blue

Top
#69190 - 10/02/2002 08:35 Re: The lengths I will go to for my job and my hob [Re: bonzi]
drakino
carpal tunnel

Registered: 08/06/1999
Posts: 7868
Yep, for security reasons, hardware is definitly the way to go. The "Remote" link in my last post points to a hardware based bord that has a graphical remote control java applet built into it, and it has had no security holes that I am aware of. Dell also offers a similar hardware based card, though I have never worked with them. From a quick glance, it looks like they require extra software to be ran somewhere to access them, and no PDA access exists for them.

If that much remote control is not needed, the BIOS on most of the servers I work with supports a modem or serial link, and the callback feature bonzi talks about. Though it's text mode only, so most would be out of luck for routine maintaince under GUI based OS's. (It's also the reason newer servers in the pipeline have an integrated version of the above discussed card.)

Top
#69191 - 10/02/2002 11:56 Re: The lengths I will go to for my job and my hobby. [Re: tfabris]
wfaulk
carpal tunnel

Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
I love the fact that you can't make Windows boot up cleanly without enabling almost every single one of its features. [evil grin] How do you know when something actually goes wrong on boot? Do you have some sort of utility that strips out all of the ``standard'' errors?
_________________________
Bitt Faulk

Top
#69192 - 10/02/2002 11:57 Re: The lengths I will go to for my job and my hobby. [Re: wfaulk]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31600
Loc: Seattle, WA
I just know which ones to ignore when I look at the event log.

For the record, the Windows event log is (in general) a mess. I would be happy if I could configure windows to simply never record certain events, but I can't.
_________________________
Tony Fabris

Top
#69193 - 10/02/2002 12:08 Re: The lengths I will go to for my job and my hobby. [Re: tfabris]
charcoalgray99
enthusiast

Registered: 14/05/2001
Posts: 279
This article explains every service in WinXP and what can be disabled or set to manual. After following this it significantly reduced my boot time and got rid of all of those annoying background processes like indexing.

Tom

Top
#69194 - 10/02/2002 12:41 Re: The lengths I will go to for my job and my hobby. [Re: charcoalgray99]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31600
Loc: Seattle, WA
Thanks. Someday, when I'm dragged kicking and screaming to XP, I'll need that link.
_________________________
Tony Fabris

Top