|
MiniFoo posted:A ticket came in: Someone's got their personal and work PCs linked on Dropbox and their personal PC is a cryptowall'd mess?
|
# ? Sep 23, 2015 19:34 |
|
|
# ? Jun 8, 2024 09:26 |
|
MiniFoo posted:A ticket came in: Nick is a sack of poo poo, final answer.
|
# ? Sep 23, 2015 19:46 |
|
Report the file as a false positive.
|
# ? Sep 23, 2015 19:55 |
|
Dr. Arbitrary posted:Report the file as a false positive. Honestly HELP_DECRYPT.whatever isn't gonna hurt anything (based on my understanding of cryptowall anyway).
|
# ? Sep 23, 2015 20:05 |
|
Japanese Dating Sim posted:Honestly HELP_DECRYPT.whatever isn't gonna hurt anything (based on my understanding of cryptowall anyway). The existence of the file is what indicates "THIS IS A CRYPTOWALL INFECTION", I think, since obviously any encrypted file is indistinguishable from an unencrypted one as far as the antivirus software is concerned. being that if you mark it as a false positive, cryptowall infections won't be alerted on. Now excuse me while I dissect this frog.
|
# ? Sep 23, 2015 20:21 |
|
OriginalPseudonym posted:The existence of the file is what indicates "THIS IS A CRYPTOWALL INFECTION", I think, since obviously any encrypted file is indistinguishable from an unencrypted one as far as the antivirus software is concerned. being that if you mark it as a false positive, cryptowall infections won't be alerted on. That makes sense, though I have heard of some antiviruses helpfully deleting that file, removing even the option for people who might want to actually pay to get their stuff back. I didn't really think about there not being any other indicator though.
|
# ? Sep 23, 2015 20:54 |
|
larchesdanrew posted:Nick is a sack of poo poo, final answer. He is a gross human being (a literal hoarder, actually - I dread whenever I have to go onsite), so I'll give you that. This wasn't his fault, though. One folder in the Dropbox was shared with editing permissions to a client of his, which in turn held a single file (a .pdf). Checking the Dropbox event logs, this file was modified on Saturday morning, with three other files uploaded alongside it (HELP_DECRYPT.txt/.png/.url). Dude's computer probably got Crypto'd at that point. On "Nick's" laptop, the .pdf is the only file that won't open, and the .url file was the only one not downloaded yet because Avast caught it. Multiple times. Literally every fifteen seconds, because Dropbox kept on trying to sync it. The entire folder's since been deleted via the account's web interface, and a full scan of the laptop revealed nothing else pertinent. Still have to check the other computers in his office, though.
|
# ? Sep 23, 2015 21:06 |
|
OriginalPseudonym posted:The existence of the file is what indicates "THIS IS A CRYPTOWALL INFECTION", I think, since obviously any encrypted file is indistinguishable from an unencrypted one as far as the antivirus software is concerned. being that if you mark it as a false positive, cryptowall infections won't be alerted on. 6-time Cryptowall/locker warrior here. This is in fact the case, the help_dec.html/txt/etc file is put into every folder that the crypto virus found files it could encrypt. Most of the time, it is nailing readme.txts or other such non-vital .txt files so you will see the Help_Dec files all over the drive (and shares) but the virus itself does not reside in those folders. It is usually somewhere in appdata. The virus itself is easy to knock out, but this is because the purpose of the virus is not to hide, it wants to be seen in the form of help_dec files after the damage has been done so they can attempt to collect the ransom. Many antiviruses will detect the help_dec, not because it is a virus but because it has been told to look for that particular file name. So yeah, if you delete all those help_dec files you will delete your instructions to pay the ransom. Then again, everyone backs everything up so there's no worry about lost data, right?
|
# ? Sep 23, 2015 21:12 |
|
FireSight posted:Being a former Ubiquiti employee (and tech support at that), I can say that the Ubiquiti AP's are incredibly good. If you just want a general AP, the UniFi line is your best bet. But knowing your boss, he's going to want to go for some cheapass consume grade linksys poo poo. We've been running it for over a year with no issues. The AP Pros replaced the terrible Juniper AX411 that generated at least weekly complaints and were managed through an SRX firewall. Running the controller on a Debian VM is a huge bonus for having one less Windows dependent application. OmniCorp fucked around with this message at 21:20 on Sep 23, 2015 |
# ? Sep 23, 2015 21:18 |
|
I have had less than great experiences with UniFi APs as well, but their point-to-point radios are really good. Cisco have some crazy deals on at the moment for a controller, 2 APs and 25 licenses bundle. So that could be an option. If you want to admin it all yourself though then get Aerohive/Meraki.
|
# ? Sep 23, 2015 21:59 |
|
Can UniFi APs handle guest networks on their own without VLAN fuckery on the switch/router side of things?
|
# ? Sep 24, 2015 00:20 |
|
Inspector_666 posted:Can UniFi APs handle guest networks on their own without VLAN fuckery on the switch/router side of things? Yes. You will need to have the controller running if you want to pair that with landing page. This is done by having the AP's block traffic to or from certain IP ranges (eg: corporate network) so it can be setup in an insecure way, whereas the vlan method only works if it's set up a secure way.
|
# ? Sep 24, 2015 01:14 |
|
larchesdanrew posted:I managed to find a Cisco E1200 in the basement that may work if I can set it up with DHCP forwarding. I'll keep your offer in mind though if this dumb thing doesn't work. Meraki if you can afford it or Ubiquiti if the hardware costs are more important than the personnel costs. Now that Ubiquiti has centralized management it is a lot easier to find a problem.
|
# ? Sep 24, 2015 01:35 |
|
The lovely Avid Unity that we're replacing with a StorNext SAN just did something super wacky. It "recovered" a missing drive to a spare drive and brought a bunch of unmountable workspaces back online. The "missing" drive had hosed up firmware or something. What the gently caress Avid, I was not expecting that to actually work
|
# ? Sep 24, 2015 01:41 |
|
pr0digal posted:The lovely Avid Unity that we're replacing with a StorNext SAN just did something super wacky. It "recovered" a missing drive to a spare drive and brought a bunch of unmountable workspaces back online. The "missing" drive had hosed up firmware or something. The workspaces may be back but the files contained therein are probably hosed, which is what happened when my old boss forgot he'd turned mirroring off to get more storage and then had a drive fail.
|
# ? Sep 24, 2015 01:56 |
|
Japanese Dating Sim posted:Someone's got their personal and work PCs linked on Dropbox and their personal PC is a cryptowall'd mess? DING DING I had to deal with 2 infections like this with a client, both people had Dropbox, both had files synced on their home PC to their work PC. Only the PCs got infected (we've got a script that will detect the changed Crypto files and auto-disables all network connections) and ended up being wiped, and policies changed on personal file sharing/backup apps. larchesdanrew posted:An angry email from the GM came in. Man, and I half expected you to just waltz in and drop a box of duct tape and flashlights on the floor. Definitely put a reminder on your calendar for the last day to poo poo in both the GM and CE offices, preferably somewhere stealthy. BOOTY-ADE fucked around with this message at 02:05 on Sep 24, 2015 |
# ? Sep 24, 2015 02:00 |
|
My CEO was asking if I could come up with a really good 1-to-1 teleconferencing solution. Like, a camera and laptop at one office to the same thing at another office. We have Skype for Business, Bluejeans, GoToMeeting, and WebEx, and they all kind of suck from a quality/latency standpoint. Isn't there something more like NVidia Gamestream or Steam In-HomeStreaming where it is a very low-latency, high bitrate peer-to-peer connection? Something like those but designed for a webcam.
|
# ? Sep 24, 2015 02:16 |
|
Zero VGS posted:
You get that those only have very low latency when they only have to travel within a house, right? Once you're going out on the internet with Gamestream, you'll start to have latency issues.
|
# ? Sep 24, 2015 02:27 |
|
Dr. Arbitrary posted:Just a personal gripe, but I think 12am or midnight should never be a valid user input for anything important because of the potential for misunderstanding. Use 11:59 PM or 12:01 AM. Dell warranties expire at 12:59 am so if you have a problem with them on the day the warranty expires, oops too late.
|
# ? Sep 24, 2015 02:42 |
|
Simple solution is to build a site to site vpn connection with qos enabled on both sides, but when that traffic is out on the internet you're at the mercy of the providers as far as latency goes. Expensive solution is to purchase a private Ethernet link between your sites and detectable latency should practically disappear. Either way I doubt it's the software services you're using.
|
# ? Sep 24, 2015 02:44 |
|
We had to implement an MPLS connection to get good video conferencing between two sites. VPN over the internet just sucked.
|
# ? Sep 24, 2015 02:57 |
|
Chickenwalker posted:The workspaces may be back but the files contained therein are probably hosed, which is what happened when my old boss forgot he'd turned mirroring off to get more storage and then had a drive fail. Thousands and thousands of files starting with Badfile The team doesn't seem too concerned about it though which is nice.
|
# ? Sep 24, 2015 03:17 |
|
GreenNight posted:We had to implement an MPLS connection to get good video conferencing between two sites. VPN over the internet just sucked. I mean, I built us a site-to-site VPN from Boston to London, I checked just now and it gets 70ms ping round trip. That'd imply that UDP would only take 35ms to reach. But if you ever go to use say the camera on your phone, you can see that already introduces at least 100ms lag. I guess I'm wondering what I can do with regards to the hardware I'm using, codecs, etc, before going after the network which is going to be the most expensive component to improve upon. Nintendo Kid posted:You get that those only have very low latency when they only have to travel within a house, right? Once you're going out on the internet with Gamestream, you'll start to have latency issues. I Gamestream from a 100 mile distance when I visit my friend, that only gets 20ms lag total, I know that's not exactly a long haul but it's pretty impressive since that's actually what I get in practice after taking everything into account. Probably helps that we're both on the same ISP. Still, the is a whole different thing since video allows for more lag than gaming, but also introduces more lag due to the webcams. Zero VGS fucked around with this message at 03:37 on Sep 24, 2015 |
# ? Sep 24, 2015 03:34 |
|
larchesdanrew posted:I asked the GM in passing about if wifi would ever be a possibility and he said 100% yes and to draft up a complete quote and proposal to present to corporate Seriously what kind of poo poo-rear end facility do you work at and where
|
# ? Sep 24, 2015 04:23 |
|
Zero VGS posted:My CEO was asking if I could come up with a really good 1-to-1 teleconferencing solution. Like, a camera and laptop at one office to the same thing at another office.
|
# ? Sep 24, 2015 04:52 |
|
AP chat: We're an open plan office in downtown SF, old brick building (20+ stories), lots of people on wifi, everyone streaming twitch all the time (). We've got Aruba gear and it works great, but you'll need some time to fine-tune it.
|
# ? Sep 24, 2015 06:58 |
|
Zero VGS posted:My CEO was asking if I could come up with a really good 1-to-1 teleconferencing solution. Like, a camera and laptop at one office to the same thing at another office. Cisco Be6K and SX or EX endpoints. If you put a decent hi - def camera and speaker / microphone then webex can work for one to one. It all depends on bandwith really. You can do a reasonable call in 1Mb each way.
|
# ? Sep 24, 2015 07:29 |
|
I just had to share this one, as i'm in a pod at the new job, and never have good poo poo to share anymore. Overseas NOC wakes me up as i'm oncall. Simple "Server is down, but i can't get to the iLO" Its an HP blade in a dell shop, so I figure they are just confused or something. But nope, its legit: (I made the noc wake them up and fix it, and it's already fixed, but I just found this hilarious)
|
# ? Sep 24, 2015 08:03 |
|
Reading this thread somehow makes we wanna keep learning stuff. U guys inspire me. During downtime, or times where it just isn't that busy, I prefer to study up on stuff, experiment, but today the head of our department caught me making some java code. He then told me. Do that stuff at home. Is there a way I can say that I prefer to keep studying on stuff during down time? Tactfully? without killing my career? Or do I just keep my head down and keep studying at home? Sefal fucked around with this message at 10:29 on Sep 24, 2015 |
# ? Sep 24, 2015 10:26 |
Hurrah! Today's our turn to get crypto'd. At least we have decent backups.
|
|
# ? Sep 24, 2015 12:16 |
|
As everyone on #BOFH may have noticed we're being DDoS'ed. It's periodic but still happening. At least the users aren't mad at me. I took the time to write an extensive explanation outlining what is happening, how it works, what's affected, what we're doing, how long it is expected to last, and other useful bits of information in a mail to the IT-teachers and the headmasters. All of them have informed their staff and so far we're getting nothing but praise for keeping people informed while we try to get our ISP to put in a DDoS defense. At this time I'm practically hanging in the phone waving a check at them but they have their (slow!) procedures to follow so for now we're just riding it out. At least it's not a permanent DDoS, but rather scattered attacks throughout the day.
|
# ? Sep 24, 2015 13:07 |
|
Don't you work for a school system? Who the hell DDoS's schools?
|
# ? Sep 24, 2015 13:26 |
|
Malachite_Dragon posted:Don't you work for a school system? Who the hell DDoS's schools? Crowley works for a TV station IIRC?
|
# ? Sep 24, 2015 13:28 |
|
It is entirely possible that I'm mixing up two different posters.
|
# ? Sep 24, 2015 13:30 |
|
Malachite_Dragon posted:Don't you work for a school system? Who the hell DDoS's schools? I had a classmate who ddossed his own school. I'm pretty sure students would DDos their own school
|
# ? Sep 24, 2015 13:33 |
|
Sefal posted:Reading this thread somehow makes we wanna keep learning stuff. U guys inspire me. What does your scope of work look like? Are you t1/helpdesk? Junior systems admin? Make your studying pertain to your job and suddenly it's business development. You may want to learn java right now, but maybe some powershell scripts can automate some tasks for you and your boss. It will be much easier to justify studying powershell on the clock in that case. Right now I'm getting away with learning Kali Linux on a personal laptop at work (on a secluded private sandbox network I built) because network security is within my job scope. I can make the case that studying pen testing makes me better at my job.
|
# ? Sep 24, 2015 13:38 |
|
Crowley posted:As everyone on #BOFH may have noticed we're being DDoS'ed. It's periodic but still happening. Talk to Akamai/Neustar, be ready to spend $25K for emergency onboarding but they will filter that poo poo no problem. Can you see what the type of attack is? UDP reflection is the most common recently. Maybe you cao do something with that. If the attack is only to one IP just tell the ISP to blackhole it (you might have to gently caress with BGP routes for this).
|
# ? Sep 24, 2015 13:57 |
|
Judge Schnoopy posted:What does your scope of work look like? Are you t1/helpdesk? Junior systems admin? I'd say T1 helpdesk. I've been hired to do T1. I answer calls from users and solve tier 1 tickets and a few tier 2 tickets. but I also build, manage and migrate servers, I write powershell scripts, I started studying powershell at work using the "powershell in a month of lunches" book. Didn't hear anything about it. in fact my coworkers had emailed me some useful pdf's on powershell. If they ever bitched about powershell, I could make a good case, but I don't do anything with java at work. Maybe I could get away with studying for the 70-410 mcsa exam that's coming up soon. Currently I'm trying to grasp how dhcp works and i''m going to try and migrate it to windows 2012. The reason that I truly want to know how it works, is so I can troubleshoot and fix it fast incase it stops working for whatever reason or if I gently caress the migration up.
|
# ? Sep 24, 2015 14:09 |
|
Malachite_Dragon posted:Don't you work for a school system? Who the hell DDoS's schools? Haquer posted:Crowley works for a TV station IIRC? Used to work in TV, yes. I last year for a bigger job at a municipality. It's a bit further away from home, but the job is nice, the salary is better, pension is better, the hours are better, and my coworkers are simply awesome. Who'd DDoS a school? hosed if I know. Our ISP tells us a number of municipalities are being hit so it's not just us. It's not consistent though, and hitting ramdonly 4-5 times per day for 2-12 minutes per time. deimos posted:Talk to Akamai/Neustar, be ready to spend $25K for emergency onboarding but they will filter that poo poo no problem.
|
# ? Sep 24, 2015 14:48 |
|
|
# ? Jun 8, 2024 09:26 |
|
"My computer is really slow and Premiere crashes when I try to open it. " Well let's see wh-... 85% of your C:\ drive is taken up by folders on your desktop. Your media cache folder has 160k items in it and is using up another 18% of your drive. I think I found your problem.
|
# ? Sep 24, 2015 16:07 |