Author Archives: Hoosier

Network bad, quarantine good

Posted on by
Reply

Well, as previously mentioned, I’ve been disabling URHnet connections like a fiend and yesterday was no exception: about 60 between 9 am and 4 pm and another 40 or so last night. All of this is due to some piece of malware that none of the anti-virus vendors seem to be catching yet. With the rate of change on the sdbot family, I’m not all that suprised.

One thing that’s different this year is that we’re not really disabling the connections, they are being moved to a network that has no connection to the outside world, called the “quarantine vlan”. There is just one DHCP server/DNS server/web server/ftp server machine, with a few instructions for the residents and some tools for our NetTechs to use. Thanks to some hard work by the fine people at CITES backbone and LAN maintenance groups, NetTechs have the ability to change which network a room is on from a webpage. So, really, no more disabled rooms, unless they are doing something Really Bad.

We are open for business

Posted on by
Reply

This is the earliest we’ve ever opened the labs and, knock on wood, this is the smoothest one I’ve had in some time. Very few people are actually here,

The only bump in the road was easily solved, once I thought it through: URHNet users were getting told that our print servers didn’t have drivers for the printers we were sharing. This is not true. Since they are coming in as the Guest account, I figured something had to be up with permissions. The share (servernameprint$) had Read permissions for Everyone, so that’s good. The underlying file permissions, on the other hand, were missing Everyone. So, I re-added that, and all is now good.

And, had I looked in the Microsoft Knowledgebase first, I would have found article 271901.

HP 5308xl and port security

Posted on by

Since my searches on Google came up dry, here’s how you clear existing MAC addresses from port security on an HP ProCurve 5308xl (from pg 237 of the Access Security Guide):

#configure terminal
(config)#show port-security H6
(config)#no port-security H6 mac-address 00b0d0-46b139
(config)#show port-security H6

Copy and paste of the MAC from the output of the show command works just fine.

Battleground state?

Posted on by

This guy must be nuts:

The Keyes candidacy also poses a dilemma for Democratic presidential contender John Kerry, and potentially a dividend for Bush. Illinois is no lock for the Democrats. It’s a highly contested key battleground state.

I mean, come on, even The Daily Show has written Illinois off as a “blue state”. The rest of the column makes some sense, but I think the “carpetbagger” moniker and Keyes own taped quotes about Hillary are going to do more damage than he thinks. As long as Barack doesn’t have any skeletons in his closet, he’s going to skate through this one.

Lab installs

Posted on by

I’ve been busy rebuilding lab machines, hammering the network, as this graph shows:spikes
That’s the gig interface on a Dell 2650 server, working hard. And those spikes correspond to about 120 workstation installs across 5 sites. Graduate sites, that have to be scheduled, start tommorrow morning.
And we get to find out how people are going to react to losing the (free) dot printers. With cheaper laser printing, more lasers and color lasers available in 3 sites, hopefully it will go well.

FreeS/WAN, x509 patches and the Unix epoch

Posted on by
Reply

Just so this gets into google: If you are creating a Windows Certificate Server CA to use with FreeSWAN/OpenSWAN/etc, don’t set it to be valid past the end of the unix epoch (ie 2038). FreeSWAN barfs on the RootCA cert, with nothing resembling a useful error (mentioned here). Now, back to running around like a chicken with it’s head cut off getting the labs ready to open.

Stinky

Posted on by

Stinky thumbnail
Hi, my name is Stinky. I’m sleeping, because it’s sunny in here. Maybe later I’ll pose for some better pictures.
Update: I woke up a bit more and posed some.
Stinky thumbnailStinky thumbnail