Support Wars

If I had to describe my job in a few short words, I’d describe myself as a Professional Troubleshooter [TM].   On a rough day, I’m bouncing between Windows, Netware, Linux and maybe a little Mac too.  To make it worse, I could be supporting a small business that doesn’t know anything about their environment because [...]

ISC SANS has updated their list of Conficker links to include more tools and analysis.  Check it out.

Found a good link with some filters for Microsoft Netmon 3.2 that I wanted to share. More to follow.

Dark Reading has an interesting article about emerging threats for 2009. These aren’t your typical enterprise hack attacks. They’re mainly large-scale Internet threats that could trickle down to your organization. We’re talking Internet network infrastructure attacks, radical extremist hackers, Web attacks that adversely affect online ad revenue, and even the unthinkable — human casualties as [...]

Working on a help desk can be difficult.  Are you making your job harder by using some of these phrases? Some phrases sound fine to us, but they can provoke a negative reaction from others. …You might look at some of these phrases and think to yourself, “There’s nothing wrong with saying that” — and [...]

I’ve been following the story of BBC Click for a few days now.  The news program acquired a small botnet with the help of Prevx and sent spam to their own email addresses to demonstrate the their ease of use.  I’m still on the fence about the whole incident, but i wanted to share some [...]

The SophosLabs has a good blog article about the update to Conficker’s call home routine. Although Mal/Conficker-B will generate 50,000 domains per day, the worm will randomly choose only 500 of those domains to attempt to rendezvous with that day. Furthermore, it only tries to resolve each of those 500 domains once per day. This [...]

Here’s a quick WireShark filter to look for Conficker traffic on your network. (tcp.port eq 445) and !(ip.addr eq 192.168.1.1) This filter will display any tcp 445 traffic while filtering out a single address.  You will want to add your file server IP to the filter so we only detect client to client connections.   Multiple [...]

I’ve been following Joel Esler for awhile and found a blog post that reminded me of my daily grind.  Here’s an except, the entire thing can be found at his blog, Finshake. Stop that.  You’re doing it wrong. This is a very puzzling situation that I run across quite often, more often than I should.  [...]

FTA If you can fit a whole computer, keyboard and screen into a tiny, fold-up 7″ box, why not squeeze one into a keyboard? And while you’re there, what about adding a little touchscreen in the space normally inhabited by the number pad? What’s that? Asus did it already?