Good link with lots of details and other links.
And, the MS knowledge base article about removing disabled network cards is handy too
Good link with lots of details and other links.
And, the MS knowledge base article about removing disabled network cards is handy too
And this plugin makes it even easier.
The server mentioned in this post (from 2003, wow) has gone full circle, it’s now running on CentOS, the free, rebuilt from sources version of RedHat Enterprise Linux. And it’s in a VM on our ESX infrastructure.
5 years is pretty good life out of a gentoo box, I would have to say.
Is it just me or can 2 ESX 3.5 boxes not have access to the same SAN LUN without VirtualCenter controlling things?
So far, I’m having fun with the SAN, ESX hosts and converting VMware Virtual Server VMs to ESX VMs with VMware Converter. And lots of misc tasks that slipped to the bottom of the list for far too long.
As part of the application/interview process with Housing, I was asked to give a 15 min presentation on a significant project I had been involved with, preferably one I had lead, including timeline, technical skills and lessons learned. I chose to talk about my experiences virtualizing hosts at Hoopeston Area Schools. Little did I know just how similar Housing was to where Jim and I were.
Continue reading
Your DNS May Be EOL
So, I’ve gotten 2 separate notes from 2 separate vendors over the last couple of days proclaiming similar things. Recently, ISC has declared several older versions of BIND “End of Life“. These older versions are no longer supported and may or may not have security issues. But, if your boss gets one of these, you can be sure that he/she will forward it on to the technical people out on the pointy end of the stick to answer for. I hope you don’t even have to think twice, you shouldn’t be running this stuff anymore.
It’s not my job anymore, but I can’t pass up the opportunity to comment on KC’s post about Exchange 2000 and Windows Server 2003.
I’ll count myself as one of those customers, though I never got a chance to comment directly to KC or anyone else at Microsoft. But, it’s good to know that MS isn’t always just a looking for another way to make a quick buck or using forced obsolescence. Also, I can only imagine what happens when someone two or three levels above you tells someone else two or three levels above them that you said it can’t be done.
Who would have thought I’d be talking about the Windows Server 2003 SP1 firewall? But, it really works. And it’s almost tolerable to configure from the command line.
REM Set variables:
set Network1=192.168.1.0/255.255.255.0,192.168.10.128/255.255.255.224
set Network2=172.16.0.0/255.255.0.0
set Network3=10.12.0.0/255.255.254.0
REM Concatenate addresses here, MUST HAVE ONLY COMMAS (",") between them
set ADDRESSES=%Network1%,%Network2%,%Network3%
REM Allow MSSQL from All
netsh firewall add portopening protocol = TCP port = 1433 name = MSSQL mode = ENABLE scope = CUSTOM addresses = %ADDRESSES%
REM Allow RDP from Network1 only
netsh firewall add portopening protocol = TCP port = 3389 name = RemoteDesktop mode = ENABLE scope = CUSTOM addresses = %Network1%
REM Allow BackupExec from Local Subnet only
netsh firewall add portopening protocol = TCP port = 10000 name = BackupExecAgent mode = ENABLE scope = SUBNET
REM Turn on logging of dropped packets
netsh firewall set logging filelocation = %windir%pfirewall.log maxfilesize = 4096 droppedpackets = ENABLE
REM Clear variables:
set Network1=
set Network2=
set Network3=
The logfile generates too much useless information, especially if you use DHCP on your network, but it also shows that you didn’t waste your time configuring it:
2006-08-11 05:36:28 DROP TCP 67.108.111.43 192.168.1.130 27726 1433 48 S 3572543340 0 65535 - - - RECEIVE
So now we need to worry about our drivers being exploited? SANS and Intel say so.
Update: I’d like to echo what F-Secure has to say: 129MB for 1 device driver patch? That must be some hole, but I’m sure glad I’m on broadband….
Since I mentioned this process at lunch today:
Recovering from an SOA typo: DNS Tricks
Resetting BIND serial number