|
anthonypants posted:On the other hand, the guy in this thread who is upset that Comcast isn't firewalling his internet enough thinks phishing is performed by spammers sending "messages with links" to IP addresses. Oh, original post about it was pretty dumb, expecting your ISP to do firewalling for you seem to just be asking for trouble. I can't wrap my brain around that last part, and I spent an hour a few weeks ago trying to explain to an 87 year old woman that no, googling something doesn't make the information appear there(I had googled her son to prove a point, and a week later he started getting threatening calls for someone else with his name).
|
#
?
Jul 4, 2016 22:50
|
|
|
|
| # ? May 31, 2024 23:12 |
|
|
One weird trick for securing your network - auditors hate him!
|
|
#
?
Jul 4, 2016 22:51
|
|
|
mewse posted:One weird trick for securing your network - auditors hate him! Unplug it!
|
|
#
?
Jul 4, 2016 23:14
|
|
|
Sickening posted:Please install MDT on a share and simply use WDS to host the boot image. You will be happier. Quoted for infinite wisdom. Do not use WDS to do anything other than provide the PXE boot image and the service. It's a dumpster fire. Do all the cool stuff with your image using MDT.
|
|
#
?
Jul 5, 2016 00:06
|
|
|
Wrath of the Bitch King posted:Quoted for infinite wisdom. This.
|
|
#
?
Jul 5, 2016 00:10
|
|
|
xzzy posted:It's funny how much damage Microsoft has done to themselves by being so pushy with Win10. It's definitely a solid update from Win7, at least for home users (don't use windows at work so got no opinion on it there), but I think this campaign has generated so much bad press people are digging their heels in and refusing to try it out. To be fair, if they had made it an optional update that just sat quietly by itself, their upgrade adoption would be near zero. You don't get people actively making a choice about this stuff until you force them to make a choice to continue. The number of Win XP machines still in circulation points to how much users will actually upgrade if you left them choose to do it, to say nothing of users ACTUALLY KNOWING what this is, and the amount of support they'll have to waste on older versions instead of being able to say "well there's only 1m users still on 7, we're not going to bother pushing non-critical security fixes to them anymore" makes this an almost no brainer for them.
|
|
#
?
Jul 5, 2016 00:31
|
|
|
anthonypants posted:On the other hand, the guy in this thread who is upset that Comcast isn't firewalling his internet enough thinks phishing is performed by spammers sending "messages with links" to IP addresses.  The issue I had is they did it with no announcement. The off the cuff examples were just throwaway samples of reasons why IPv6's address space is not a defense for anything and everyone latched on to it like it was the only thing I was saying. You don't just plug end users into an entirely new network without some explanation of what's going on.
|
|
#
?
Jul 5, 2016 00:42
|
|
|
anthonypants posted:On the other hand, the guy in this thread who is upset that Comcast isn't firewalling his internet enough thinks phishing is performed by spammers sending "messages with links" to IP addresses. net send [2a0f:26f0:8390:650:2dbf:de:a39e:6f3c] "lol buttes"
|
|
#
?
Jul 5, 2016 00:48
|
|
|
Volmarias posted:To be fair, if they had made it an optional update that just sat quietly by itself, their upgrade adoption would be near zero. You don't get people actively making a choice about this stuff until you force them to make a choice to continue. The number of Win XP machines still in circulation points to how much users will actually upgrade if you left them choose to do it, to say nothing of users ACTUALLY KNOWING what this is, and the amount of support they'll have to waste on older versions instead of being able to say "well there's only 1m users still on 7, we're not going to bother pushing non-critical security fixes to them anymore" makes this an almost no brainer for them. Well uh, Windows XP also costs real money to leave, either in buying an upgrade or buying a new computer. If Vista was free for the first year you'd have seen that get picked up a lot faster. Also that's not how Microsoft support decisions work: there's a schedule they set from back before 7 came out in the first place and they're not going to break off from that - a lot of their money relies on sticking to the announced support cycles. xzzy posted:
Actually you do, because explaining IPv6 to people who already don't understand IPv4 is a fool's errand.
|
|
#
?
Jul 5, 2016 00:53
|
|
|
xzzy posted:
It is kind of a pain that they did it without notice but unless you don't know what the hell you are doing it shouldn't be a big deal. I don't get the outrage.
|
|
#
?
Jul 5, 2016 00:57
|
|
|
Not mean to trigger people, but is this something really to sample for a song like this? (sample starts at 0:40) https://www.youtube.com/watch?v=5q-2egWw11o
|
|
#
?
Jul 5, 2016 01:17
|
|
|
xzzy posted:
You've also grossly misunderstood the IP provisioning process. You can only use an IPv6 address if the equipment on your side of the modem (e.g. a router) requests one. They can't just assign you a 2601:whatever address and route that to your MAC or your IPv4 address, because networking doesn't work that way. If your router was set up to request an IPv6 address and it's received an IPv6 address, your ISP is doing their job.
|
|
#
?
Jul 5, 2016 01:45
|
|
|
anthonypants posted:You are literally complaining that your ISP has provided you with a public IP address, but you are unable to explain how, specifically, this is a bad thing. The d-link home router I was using at the time requested IPv6 by default, but did not set up a default firewall for it. The end user was obligated to do this themselves. Now I haven't used every single brand of consumer grade router out there but my assumption is this happens more often than it doesn't. I just thought it was funny Comcast willingly exposed some unknown percentage of their customer base to public traffic with no heads up, made a post, and spent the entire weekend getting poo poo on by all the CCIE's that showed up. 
|
|
#
?
Jul 5, 2016 02:50
|
|
|
xzzy posted:The d-link home router I was using at the time requested IPv6 by default, but did not set up a default firewall for it. The end user was obligated to do this themselves. Now I haven't used every single brand of consumer grade router out there but my assumption is this happens more often than it doesn't. You are exposed to public traffic by having an internet connection, dude, you're not freshly exposed. And holding back expansion of a vital service because some people have oddly set up personal routers instead of using the official Comcast routers (which have no problem), would be a terrible idea. If you want Comcast to take care of things for you, turn in your modem and router for one of their modem/router combo systems, which they can directly administer. It's hardly going to be likely for their customer base which has a personal router that can handle IPv6 to be configured to not bother to run its firewall on IPv6 - far more likely to be either something too old to do IPv6 or something new enough to support IPv6 properly.
|
|
#
?
Jul 5, 2016 03:01
|
|
|
fishmech posted:You are exposed to public traffic by having an internet connection, dude, you're not freshly exposed. The basic idea is that if the router has a firewall configured for IPv4 not an IPv6, and that router asks for an IPv6 address, and one day the ISP starts handing them out and routing IPv6 traffic, then that's a new exposure. Seems pretty obvious to me but apparently I don't know poo poo about poo poo. 
|
|
#
?
Jul 5, 2016 04:05
|
|
|
xzzy posted:The basic idea is that if the router has a firewall configured for IPv4 not an IPv6, and that router asks for an IPv6 address, and one day the ISP starts handing them out and routing IPv6 traffic, then that's a new exposure. The basic idea is that you are configuring firewalls without proper planning. I can't for the life of me figure how a firewall that doesn't have ip6 configured defaults to leaving it open. You are either using some poo poo equipment or doing something wrong.
|
|
#
?
Jul 5, 2016 04:17
|
|
|
Sickening posted:You are either using some poo poo equipment Consumer grade routers, synonymous with being poo poo. I'd do a demo with the one I used to use but I recycled it last year. It was a ~2011 D-Link. http://us.dlink.com/technology/dlink-ipv6-solutions/ quote:More importantly, D-Link IPv6 supports home gateway will enable IPv6 by default, which means D-Link IPv6 support CPE will not require any IPv6-specific configuration by users. There was no firewall enabled.
|
|
#
?
Jul 5, 2016 04:27
|
|
|
xzzy posted:Consumer grade routers, synonymous with being poo poo.
|
|
#
?
Jul 5, 2016 04:55
|
|
|
Keys, SSL, Domains and Microsoft Azure. Why the gently caress in TYOOL 2016 am I forced to remember how to use openssl and gently caress around with buying certs, making sure the cer has the right loving country code encoded, exporting to pfx just to launch a secure webapp. Seriously this poo poo should just be in the azure webapp package and I shouldnt have to gently caress around with 3rd parties and DNS records To be fair though I did need to use a godaddy subdomain so there was no getting around the domain stuff and once I got all the poo poo organised it was pretty cool.
|
|
#
?
Jul 5, 2016 04:58
|
|
|
xzzy posted:The basic idea is that if the router has a firewall configured for IPv4 not an IPv6, and that router asks for an IPv6 address, and one day the ISP starts handing them out and routing IPv6 traffic, then that's a new exposure. Don't worry, just edit the Wikipedia article about it and fishmech will change his tune.
|
|
#
?
Jul 5, 2016 05:00
|
|
|
xzzy posted:Consumer grade routers, synonymous with being poo poo. There doesn't need to be a firewall if it does stateful packet inspection, which comes with every ipv6 router listed on that site you linked. Stateful inspection offers the exact same protection as ipv4 NAT. And if D-Link ships their product with ipv6 enabled and stateful inspection disabled, that's stupid as gently caress. Comcast can't be held at fault for lovely security implementation, even in home networks.
|
|
#
?
Jul 5, 2016 05:58
|
|
|
DigitalMocking posted:This. If you tell me how to do unattended installations with it, sure. All I can find for it is using WDS.
|
|
#
?
Jul 5, 2016 07:04
|
|
|
Not pissing me off today: I had an hour-long meeting planned with one of the directors today, teaching him video calls on Skype4 Bizzzzz. He just cancelled with a "I figured it out, no need to waste time." 
|
|
#
?
Jul 5, 2016 09:21
|
|
|
SEKCobra posted:If you tell me how to do unattended installations with it, sure. All I can find for it is using WDS. You google automated deployments with mdt. Mdt doesn't have a ton of prompts but you can answer the prompts ahead of time.
|
|
#
?
Jul 5, 2016 13:33
|
|
|
xzzy posted:The basic idea is that if the router has a firewall configured for IPv4 not an IPv6, and that router asks for an IPv6 address, and one day the ISP starts handing them out and routing IPv6 traffic, then that's a new exposure. The actual basic idea is that you rejected Comcast's modem/router solution in favor of using your own equipment for a router, and you somehow managed to get a very strange router setup that supported IPv6 without having many of its other features setup on IPv6. And they had no way to know that your choice of router was far below the standard of their own modem/router combos. And then you have the gall to claim it's Comcast making you insecure by allowing you to have a modern service.
|
|
#
?
Jul 5, 2016 14:57
|
|
|
I just thought it was a funny anecdote. I'm sorry it triggered you. You can be drat sure I will never make another post regarding network security in any place I suspect you might read it.
|
|
#
?
Jul 5, 2016 15:40
|
|
|
Volmarias posted:To be fair, if they had made it an optional update that just sat quietly by itself, their upgrade adoption would be near zero. You don't get people actively making a choice about this stuff until you force them to make a choice to continue. The number of Win XP machines still in circulation points to how much users will actually upgrade if you left them choose to do it, to say nothing of users ACTUALLY KNOWING what this is, and the amount of support they'll have to waste on older versions instead of being able to say "well there's only 1m users still on 7, we're not going to bother pushing non-critical security fixes to them anymore" makes this an almost no brainer for them. I made my decision to not upgrade like a year ago. The problem is I am still getting these annoying as poo poo popups with deceptive lovely options like [Upgrade Now] [Upgrade Later] every. drat. Day.
|
|
#
?
Jul 5, 2016 15:44
|
|
|
Lightning Jim posted:Not mean to trigger people, but is this something really to sample for a song like this? (sample starts at 0:40) This means war... https://www.youtube.com/watch?v=b6bkvoEo2pc
|
|
#
?
Jul 5, 2016 16:23
|
|
|
xzzy posted:You can be drat sure I will never make another post regarding network security in any place I suspect you might read it. Fishmeched again!
|
|
#
?
Jul 5, 2016 17:48
|
|
|
Manslaughter posted:I made my decision to not upgrade like a year ago. The problem is I am still getting these annoying as poo poo popups with deceptive lovely options like [Upgrade Now] [Upgrade Later] every. drat. Day. Yeah, they don't want you to do that. You are being punished - or coerced, depending on how you look at it. Eletriarnation fucked around with this message at 18:01 on Jul 5, 2016 |
|
#
?
Jul 5, 2016 17:58
|
|
|
"So this custom CRM build and new VOIP provider are going to be ready by the time our current provider runs out right? What happens if they aren't ready on the go live day? I also haven't heard anything about the additional sales CRM that we didn't add to the brief that we want" I spent yesterday yaking my guts out and come in today pretty worse for wear, you can either have the ambiguous answer or the lovely one. (We'd also be more up to scratch if everyone would stop giving me donkey work, and if we had more people than me and the smart digital marketing girl)
|
|
#
?
Jul 5, 2016 21:25
|
|
|
Super Slash posted:"So this custom CRM build and new VOIP provider are going to be ready by the time our current provider runs out right? What happens if they aren't ready on the go live day? I also haven't heard anything about the additional sales CRM that we didn't add to the brief that we want" The correct answer if you are stressing to the point of illness, due to being pulled off and additional points X Y and Z we will not be able to deliver on the date. Due to the length of time needed to get someone up to speed it is too late to add people to get this done in time (site having a baby with 9 women in 1 month if you want). You should be able to work a deal with with your vendor for whatever additional time you need. Now if your boss or PM already said yes we will and is throwing the deadline at you, well push all the blame on them. You have emails saying how behind this project is right?
|
|
#
?
Jul 5, 2016 21:44
|
|
|
I have spent ALL day, so far, trying to figure out this problem with our VoIP system. Each office has a Cisco UC and there is a routed extension between them so you don't have to dial out to reach the other side. Now if I call from A to B, everything rings normally and redirects to voicemail after the no-answer timeout. If I call from B to A, everything rings normally, but after the no-answer timeout the call drops due to an unknown extension when it redirects to voicemail. This is the ONLY direction this problem occurs in, but it occurs 100% of the time. External dialing doesn't experience it either. Clearly this points me at some tiny little gently caress-up in a config somewhere, but I can't find anything that stands out. I'm going crazy while I dig around for this little loving typo or something and just ugh.
|
|
#
?
Jul 5, 2016 22:05
|
|
|
Wireshark it and compare the traces
|
|
#
?
Jul 5, 2016 22:07
|
|
|
Thanks Ants posted:Wireshark it and compare the traces This and most voip setups have a tool you can use to help you track down calls and where they hop to on your systems. See if your setup has any of those you can potentially use.
|
|
#
?
Jul 5, 2016 22:16
|
|
|
I don't do much customer-facing work anymore, but I still act as the ultimate escalation point for the product I deal with. When no one can figure out what's wrong with it, they come to me. And I usually don't mind. But man, there's one guy who drives me crazy. When he actually wants to be, he's our best agent for the product. He's super knowledgeable about it, doesn't mind helping others, and is generally good. But he's also the source of my worst escalations when he's feeling lazy. He's either the best, or the worst. When he's the worst, there's no information. Hell, just as often, it's wrong information. I have to kick stuff back to him all the time. It's frustrating, because even when he's telling me the truth and doing his job, I have to double-check everything. This makes every interaction with him take twice as long as it should. I just wish the guy could stay in awesome mode, because that's the guy I'd tap to replace me (if I ever moved on). But I can't do that when he's a lazy motherfucker half the time.
|
|
#
?
Jul 5, 2016 23:05
|
|
|
porkface posted:If IPv6 is going to cause this much fanatical idiocy I would rather just shut the internet down and go back to paper. We can't. The Post Office is out of PO boxes.
|
|
#
?
Jul 6, 2016 12:10
|
|
|
Ynglaur posted:We can't. The Post Office is out of PO boxes. I've constructed an elaborate system of chutes and conveyor belts behind mine to another set of PO boxes so I'm fine for a while yet.
|
|
#
?
Jul 6, 2016 12:38
|
|
|
You could just do straight point to point with RFC 2549 and ignore the need for PO boxes. Edit: Or we could take the eco-friendly IPv6 approach. Sheep fucked around with this message at 13:43 on Jul 6, 2016 |
|
#
?
Jul 6, 2016 13:29
|
|
|
|
| # ? May 31, 2024 23:12 |
|
|
pixaal posted:The correct answer if you are stressing to the point of illness, due to being pulled off and additional points X Y and Z we will not be able to deliver on the date. Due to the length of time needed to get someone up to speed it is too late to add people to get this done in time (site having a baby with 9 women in 1 month if you want). You should be able to work a deal with with your vendor for whatever additional time you need. Not so much stress but more unlucky stomach bug (the wife had it a couple days before), it's more why ask me instead of the development vendor, and if you didn't know about something now why didn't you know about it before the project started?
|
|
#
?
Jul 6, 2016 14:05
|
|