|
ChubbyThePhat posted:Surely this is because you don't wanna be physically in the office to deal with that poo poo and not because it has taken three days to fix right.... More than three days now, might be because it’s managed by AT&T.
|
# ? Feb 20, 2020 20:22 |
|
|
# ? May 28, 2024 07:11 |
|
Btw speaking of AT&T, does anyone use one of their dedicated business wireless broadband plans?
|
# ? Feb 20, 2020 20:58 |
|
WELCOME TO AT&T WOULD YOU LIKE TO REPORT A TROUBLE THANKS FOR REPORTING THE TROUBLE *click*
|
# ? Feb 20, 2020 22:00 |
|
Nuclearmonkee posted:You'd have to do something insanely bad to be able to gently caress a network up so badly that spanning tree is causing an office to be dead for three days. I can't even imagine what that would be. Worst case I can think of is if you increase network diameter until it just fails and is unable to work, which can be remedied by removing the switch you added and being less dumb, or even just loving with timers a little bit until you can get someone in there who knows a thing to unfuck it over time. Correct. But when its not your equipment and you cant access it, yet it touches your network what are you supposed to do? Like I said its a very strange setup, that will thankfully be going away as that particular customer goes out of business in the next year or so.
|
# ? Feb 20, 2020 22:04 |
|
You should use root guard not bpdufilter in that scenario fyi
|
# ? Feb 20, 2020 22:07 |
|
BaseballPCHiker posted:Correct. But when its not your equipment and you cant access it, yet it touches your network what are you supposed to do? Like I said its a very strange setup, that will thankfully be going away as that particular customer goes out of business in the next year or so. Sharing an l2 domain with an untrusted 3rd party is an interesting choice.
|
# ? Feb 20, 2020 22:18 |
|
Every MetroE deployment ever
|
# ? Feb 20, 2020 22:43 |
|
BaseballPCHiker posted:Correct. But when its not your equipment and you cant access it, yet it touches your network what are you supposed to do? Like I said its a very strange setup, that will thankfully be going away as that particular customer goes out of business in the next year or so. As Methanar wrote, can it connect on an L3 interface?
|
# ? Feb 20, 2020 23:16 |
3rd layer best layer. Even if you have some goofy thing that requires L2 between sites I would not bridge entire networks through a metro-e connection. Can do layer 2 tunneling where required.abigserve posted:You should use root guard not bpdufilter in that scenario fyi Nuclearmonkee fucked around with this message at 23:33 on Feb 20, 2020 |
|
# ? Feb 20, 2020 23:30 |
|
If you think you need to split a broadcast domain between sites then try literally any other way of achieving what you want
|
# ? Feb 20, 2020 23:36 |
|
Defenestrategy posted:Just be in an office space where your leadership team is mostly older technology inept people who insist on printing everything to a common room printer rather than have their own printer for ~reasons~ and then don't promptly get what ever they printed out/forget about it entirely. Let me tell you about the long-time administrative assistant we had who printed out emails and kept them in (several!) binders to refer to. We very much enjoyed throwing those away when she finally retired.
|
# ? Feb 20, 2020 23:58 |
|
Thanks Ants posted:If you think you need to split a broadcast domain between sites then try literally any other way of achieving what you want Three jobs ago my company got bought by a company that had a datacenter, a main office and a satellite office all using a combined 192.168.1.0/24 range. It was insane. They had a single DHCP server in the data center that would gleefully hand out up addresses to anything that asked, their production servers showed up and were browsable in windows network, and they were so IP constrained (more than 254 devices on a network spanning three different sites? Who knew?) that their IP lease time was fifteen minutes. Hibernate your laptop and when it wakes up you probably lost your IP address and connectivity to the network. Printers were on leased IP addresses as well and not reserved either with predictable results. When we asked why they would use a single class C space for three different sites including production, their IT guy said “it’s way easier this way”.
|
# ? Feb 21, 2020 02:16 |
Thanks Ants posted:If you think you need to split a broadcast domain between sites then try literally any other way of achieving what you want I have ancient industrial devices that have their IP address set via rotary switch and do not understand what a gateway is Fortunately, there are only two instances on our network in which they have to talk to something far away where I have configured a shamecube VLAN for them to sit in and bridged them back to the rest of their IO network via L2TP.
|
|
# ? Feb 21, 2020 02:19 |
|
Agrikk posted:when we asked why they would use a single class C space for three different sites including production, their IT guy said “the gently caress are subnets"
|
# ? Feb 21, 2020 05:00 |
|
Nuclearmonkee posted:I have ancient industrial devices that have their IP address set via rotary switch and do not understand what a gateway is Shove something that can do proxy ARP between it and the rest of the network
|
# ? Feb 21, 2020 13:50 |
|
Methanar posted:Sharing an l2 domain with an untrusted 3rd party is an interesting choice. Yeah not my choice. Hopefully soon we're rid of this customer and I'll have one less thing to worry about. The amount of layer2 on this network is staggering, no one in their right mind would design it like it is now if they were starting fresh but its what I get to deal with day to day.
|
# ? Feb 21, 2020 14:32 |
|
Methanar posted:Sharing an l2 domain with an untrusted 3rd party is an interesting choice. We have, for contrived reasons that are complex even for university IT, a /26 allocated to one of our computer pools. However, policy apparently was to allocate VLANs per building, so we are actually within an l2 we share with the other networks carved from the /24 allocated to the building. It's fascinating to watch. One neighbor institute has a server 2003 machine running there that is broadcasting garbage and there's nothing we can do about it because we don't know who that is or who is responsible. Listening in on their traffic is equal parts entertaining in a "ha ha look at those freaks" kind of way, but also horrifying because we are network room mates…
|
# ? Feb 21, 2020 15:10 |
|
Whew I picked a real good day to be sick. We got a call from DHS saying that they have poof that our systems have been compromised, and now it's all-hands-on-deck.
|
# ? Feb 21, 2020 17:14 |
|
GnarlyCharlie4u posted:Whew I picked a real good day to be sick. Do you work for Slickwraps? https://www.droid-life.com/2020/02/21/slickwraps-appears-to-have-suffered-a-massive-data-breach/
|
# ? Feb 21, 2020 18:42 |
|
klosterdev posted:WELCOME TO AT&T You forgot the intermediary step where you wait on hold for two hours and then someone tells you you called the wrong number for your particular issue and you need to call this other number that is not actually documented anywhere.
|
# ? Feb 21, 2020 19:05 |
|
siggy2021 posted:You forgot the intermediary step where you wait on hold for two hours and then someone tells you you called the wrong number for your particular issue and you need to call this other number that is not actually documented anywhere.
|
# ? Feb 21, 2020 19:11 |
|
Our executive PM thought that a data field in our application wasn’t updating, so we started a big managed incident call with 20+ people, only to find out that according to the developer that data doesn’t always update. Efficiency in action!
|
# ? Feb 21, 2020 20:07 |
|
bull3964 posted:Do you work for Slickwraps? oof. Thankfully, no. And since the Medium post is down, here's a wayback snap: https://web.archive.org/web/20200221151606/https://medium.com/@lynx0x00/i-hacked-slickwraps-this-is-how-8b0806358fbb
|
# ? Feb 21, 2020 20:31 |
|
Today is my 5 year anniversary which means I am officially vested in the pension. ...and here I am resetting passwords for users on a Sunday because I am on call and we nuked everyone's accounts on Friday.
|
# ? Feb 23, 2020 23:10 |
|
GnarlyCharlie4u posted:Today is my 5 year anniversary which means I am officially vested in the pension. Congrats on hitting the 5 year point! And speaking of call... listening to some of of my new team members talk about how the past 2 people hired before me quit before they were assigned their first week of call. My internal dialogue was thinking it's soon to be 3.
|
# ? Feb 24, 2020 05:00 |
|
I just built a firewall auditing tool to check our 200+ firewalls against a database of accepted and rejected rules. It collects real time data from two different firewall vendors using two other micro services I spun up in the last four months. The tool is 100% rest API driven. I built a front end auditing interface in powershell, using out-gridviews and prompts. This ui guides admins through each firewall audit from a single command. 90% of all firewall rules match the database definitions so admins only need to audit the never-before-seen one off rules per firewall. The focus this provides allows us to flag many rules that don't belong or are way too wide open. And I did it in 3.5 days because somebody royally messed up the audit scheduling. 5 MRs, hundreds of commits, ~3000 lines of code. I feel like a drat superhero.
|
# ? Feb 24, 2020 06:45 |
|
GnarlyCharlie4u posted:Today is my 5 year anniversary which means I am officially vested in the pension. You get a pension after 5 years? I think I got a t-shirt.
|
# ? Feb 24, 2020 07:55 |
|
Nuclearmonkee posted:You'd have to do something insanely bad to be able to gently caress a network up so badly that spanning tree is causing an office to be dead for three days. I can't even imagine what that would be. Worst case I can think of is if you increase network diameter until it just fails and is unable to work, which can be remedied by removing the switch you added and being less dumb, or even just loving with timers a little bit until you can get someone in there who knows a thing to unfuck it over time.
|
# ? Feb 24, 2020 08:07 |
Thanks Ants posted:Shove something that can do proxy ARP between it and the rest of the network It also uses broadcast UDP packets for data transmission (modern CIP stuff uses multicast but this system is old), so you'd have to do proxy ARPing and directed broadcasts which is doing basically the same thing in a different way.
|
|
# ? Feb 24, 2020 18:36 |
|
I’ve had a domain controller down since Sunday morning because of patching. Does it count against SLA if nobody noticed? 🤔
|
# ? Feb 24, 2020 23:39 |
|
devmd01 posted:I’ve had a domain controller down since Sunday morning because of patching. Literally no. Microsoft doesn't payout unless you have SCOM or something proving there was a violation.
|
# ? Feb 24, 2020 23:43 |
|
I don’t even care. It took me all of an hour to excise the old domain controller properly, shut down the old physical server and disable the switchport, provision a 2019 vm from template and get it re-joined with the same Dc name as the physical.
devmd01 fucked around with this message at 00:34 on Feb 25, 2020 |
# ? Feb 24, 2020 23:49 |
|
Judge Schnoopy posted:And I did it in 3.5 days because somebody royally messed up the audit scheduling. 5 MRs, hundreds of commits, ~3000 lines of code. I feel like shouting into the void to say that I used this tool to single handedly audit 400 firewalls, 13,000 rules today, each being individually tagged with an audit determination. Only took 3 hours of auditing with the rest of the day dedicated to bug fixes.
|
# ? Feb 25, 2020 01:07 |
|
Judge Schnoopy posted:I feel like shouting into the void to say that I used this tool to single handedly audit 400 firewalls, 13,000 rules today, each being individually tagged with an audit determination. Only took 3 hours of auditing with the rest of the day dedicated to bug fixes. lol You did good man. It can be frustrating when you're really proud of a piece of work and no-one else seems to get it, but don't let that take away from the fact that you built something good and it is a real accomplishment.
|
# ? Feb 25, 2020 01:09 |
|
The Fool posted:lol I mean this is just every day at my job to be honest. My supervisor gave me a 'woohoo' when I finished with 49 minutes to spare on the audit deadline, despite it being impossible for anybody else to have accomplished the same thing. He won't sing my praises to anyone higher up, this project won't be noticed beyond the engineer team, and my efforts will be forgotten.
|
# ? Feb 25, 2020 01:12 |
|
Judge Schnoopy posted:He won't sing my praises to anyone higher up, this project won't be noticed beyond the engineer team, and my efforts will be forgotten. IT.txt
|
# ? Feb 25, 2020 01:15 |
|
Judge Schnoopy posted:I feel like shouting into the void to say that I used this tool to single handedly audit 400 firewalls, 13,000 rules today, each being individually tagged with an audit determination. Only took 3 hours of auditing with the rest of the day dedicated to bug fixes. Jfc, you guys have that many firewalls? Is it all on-prem?
|
# ? Feb 25, 2020 01:16 |
|
PBS posted:Jfc, you guys have that many firewalls? Is it all on-prem? I could believe that it's all on a single server.
|
# ? Feb 25, 2020 01:20 |
|
Shut up Meg posted:I could believe that it's all on a single server. Fair, I was thinking network appliance as opposed to iptables. My company disables iptables because managing firewalls on servers is hard. (/s)
|
# ? Feb 25, 2020 01:23 |
|
|
# ? May 28, 2024 07:11 |
|
I was actually being facetious about 400 firewalls installed on a single machine : like how you encounter desktops with 4 antivirus packages installed, to be extra safe.
|
# ? Feb 25, 2020 01:28 |