Diary of a Network Geek

Frustrated with email limitations on big attachments?

Lately, I seem to be offering up solutions for email problems. I guess, email is on my mind lately. Don’t get me wrong, I love email. I frankly think it’s one of the most incredible things about the internet and quite possibly the greatest invention since sliced bread. Seriously. Think about it. Email connects us almost instantly with virtually anyone else in the world who has an email address. No time spent waiting for postal carriers to get a letter from where we are to where they are which might take days or weeks. Just near instantaneous communication.
Of course, there are some limitations. Obviously, I can’t send someone physical objects directly via email. I suppose, though, that when 3D printer technology catches up to our imaginations, we could send the digital files for some object and then you could print it locally, but that’s far, far in the future. Also? Most email systems have pretty strict limits on how big a file you can even send. Most top out around 25 megabytes, but some are really strict and are capped at as little as 5 megabytes. So, what can you do to keep those limits from killing your ability to share your big, beautiful Photoshop files? Where there’s a will, there’s a way!
In this case, the way is Send by Firefox. Yes, by the people who make the Firefox web browser, but, no, you don’t have to have Firefox to use it. You can watch a small video of how it works here, but really, it’s just a matter of uploading a file and following the instructions. They do recommend that you keep files under 1 gigabyte, but if you’re sending files that big, you’re really better off talking to your IT Department about setting up an FTP server for you. (Don’t worry, they’ll know what that means.)
In any case, this should be a simple solution for you under most circumstances.
And, that’s about the best you can hope for on a Friday!
Enjoy your weekend and I’ll see you back here next week!

This post originally appeared at Use Your Words!

Our streaming-only television plans may have failed, but I’ve been enjoying the Amazon Prime membership we got for it.

There’s a part of me that’s a little terrified of Amazon, because that much power in the hands of one commercial organization is scary, but there’s another part of me that really likes the incredible variety of products they sell at amazing prices. So, while I do shop there, taking as much advantage of our Prime subscription as possible, I still think I’m right to be a little suspicious of them and vigilant. For instance, I think it’s better if I can comparison shop and make sure that Amazon really does have the best price. That’s not always easy to do. But, a new-ish set of tools on a website called CamelCamelCamel.com can help. Among other things, they have trackers that help you find the best price and watch for price drops, not to mention tools that show you the price history of a particular item. And, they have a browser add-in called The Camelizer that help you do all that right from your favorite browser. If you sign up for a free account, you can set up notifications for price changes or even set a target price notification so you can snag what your heart desires at the best price possible.
And, if you have the problem my wife and I always seem to have, and need to fill in just a couple dollars worth of something to get the free shipping, there’s the handy website FillerItem. All you need to do is hit the site, put in your minimum dollar amount and FillerItem will serve up a list of things from Amazon that will tip you over the limit. It’s pretty clever.

So, there you go, some tools to help your conspicuous consumption this weekend.
Enjoy!

This post originally appeared at Use Your Words.

Digital photographers almost never print their work, but they should.

Why?
Well, for one thing, while digital formats change, printed work stays the same pretty much forever.  Also, a nice print hangs on the wall a lot better than a digital image stored on a drive.
On a personal note, I know I don’t print enough of my own work.  When we were dating, my wife printed a shot I took of that year’s “super moon” and gave it to me in a…
Read More

Or, at least, all robocallers.

So, lately, I’ve been digging through my files, finding links I saved ages ago to share with you, my few loyal blog readers, and I’m the first to admit that it’s been a mixed bag.  Some have been fun.  Some have been lame.  But, this one actually solves a problem for you.

Do you get automated calls?  Maybe you signed up for a catalog ages ago, or maybe you thought that timeshare in Miami was going to…
Read More

DNS has inherent weakness.

In it’s current form the Domain Name System, by it’s open nature, is pretty primed for exploitation.
Some of these attacks are more obvious than others, but there are two that I find particularly troubling.  More so that I can see them being used together to really mess with a website owner.
The first of these two attacks isn’t new.  But, the fact that it isn’t new and has been dealt with before doesn’t mean that it has suddenly stopped being effective.  The attack is called “DNS poisoning” and it works by corrupting the DNS cache on a server, which then forwards those poisoned DNS records as legitimate to other, unsuspecting servers.  The end result is that the attackers can redirect traffic from a legitimate website to their own site.  It’s hard to flat out stop right now, though, once discovered, it can be fixed with relatively little trouble.  This attack was used recently against several websites who were supporting SOPA and PIPA.  Of course, since these folks were trying to make a statement, it was pretty clear what had happened, so techs were working to fix it pretty quickly.
The second attack, which I would think include the first attack at its initial stages, is sub-domain hijacking.  In this attack, the attackers redirect the sub-domain of an existing site to another location.  This is a little more subtle and hard to detect.  In this case, the attackers are looking to profit from a well-established domain by “piggy-backing” on their reputation.  They poison the DNS records to point something like Viagra.google.com to their actual website, selling Viagra, or a site filled with spammy links that redirect a potential victim to their website selling Viagra, or whatever.   This attack takes a proactive system administrator to catch.  Since it doesn’t redirect any of the main, honest, actual site anywhere, but only uses its reputation to improve their own spammy links, it’s not always obvious that it’s going on.  Regular DNS record audits are about the only way to catch this, barring an angry end-user contacting the main site.

The internet is still a wild and wooly place sometimes, folks.  The reasons the professionals get paid what they do is because, theoretically, they have to deal with all that stuff and keep us safe!  Which reminds me, I have to go check my own company’s websites and DNS records, not to mention my own!
(The title, incidentally, was inspired by the movie that helped get me into this business, Sneakers. “Cattle mutilations are up.“)

I’m seeing traffic about this, so I thought I’d write up what I found.

I tweeted about a strange DNS-based network/malware attack that I saw on Friday, but, at the time, I didn’t see any interest, so I didn’t go into any real details.  Besides, I may be a hardcore geek, but I do have a life and was going out.  But, now, I’m seeing search engine traffic hitting my blog apparently looking for details, so I thought I’d describe the attack, as I saw it.

First of all, let me mention that I’ve seen a higher-than-usual occurrence of malware infections the past couple of weeks.  I mean, it’s a hazard of my business that, sooner or later, people are going to get infected, either through bad behavior or by accident, but the past three weeks or so I’ve seen way more problems like that than is even remotely normal.  So, bearing that in mind, I’ve been on a kind of high-alert status looking for any malware problems, but this was something new.

It started with someone from another location, who’s on a totally, physically separate network which uses a different internet service provider to connect to the Internet, calling me with a problem.  It was, apparently, a recurrence of a virus he had previously that we cleaned.  He described being taken to a webpage that featured a maroon graphic background with a white icon of a policeman holding up his hand to indicate “stop”.  The text on the page gave a message that said the user’s browser was not the correct version to access the page and that an upgrade was required.  Helpfully, it provided a button to press to receive the “upgrade”.  Obviously, the “upgrade” was an infection.  (You can see an example of the graphic here.)  Thankfully, I trained my users well enough to be suspicious of these kinds of things and no one who reported this actually clicked on it.

About the same time this happened, I noticed that my iPhone wasn’t connecting to the wifi hotspot I have setup in my office.  I checked the configuration and noticed that the DNS servers listed were wrong.  In fact, they’d all been replaced with a single DNS server; 188.229.88.7  Obviously, that seemed suspicious to me, so I opened a command prompt on my PC and did a tracert to see if I could figure out where this server was and, from that, why it had become the default DNS server on part of my network, despite my having very carefully configured totally different DNS servers that I knew were safe.  It looked like the tracert results showed me a network path that led out of the country somewhere, which was, to me, very suspicious.

Before I could really pursue that, though, I got another call from a user at my location reporting the exact same error message and graphic, but going to a totally different website! I went to his computer and checked the IP configuration and found that his DNS servers had been replaced by the rogue server as well.  I refreshed his network config, several times actually, and the DNS servers reset, but, when I thought to check some other people in the same area of the building, his configuration set itself back to the rogue DNS server!  So, I reset the local network equipment to clear the DNS cache, and whatever other caches may have gotten poisoned by this attack, and the problem seemed to go away.  Unfortunately, whatever had caused the compromise was still active and seemed to poison the DNS cache and the DNS configuration again.  It did seem sporadic, though, as if the ISP was trying to correct the issue at their end.

As far as I can tell, the attack actually seemed to be network-based in some way.
At least, I couldn’t find any computer on my network that was infected with anything that AVG, Norton Anti-virus, or Malware Bytes could find.  It is, I suppose, possible, that this attack was so new that no of those programs had an updated detection pattern for it, but, based on the lack of detection, and the fact that it happened on two physically separate networks almost simultaneously, leads me to believe that this was a network-based attack.  I suspect that an ARP cache or DNS cache or something similar was attacked and compromised on a major network router somewhere.  Possibly one of the edge routers at a trans-continental connection somewhere.  From the tracert results I had, it looked like it was the East Coast somewhere, leading to Europe via London to France, though I could be wrong.  It’s possible that was a blind alley meant to throw researchers off the trail in some way.
Also, as of this writing the rogue DNS server seems to be out of commission, though that might change, too.

The Internet is a wild and wooly place, ladies and gents, and you can’t always count on your friendly, neighborhood Network Geek to watch over you and keep you safe!  So, be careful out there!
(And, if you’re a fellow professional who’s seen this, too, leave me comments and tell me what you found!)
UPDATE: Looks like the server is still active, but my ISP has blocked DNS traffic to it, to fix the problem.
Also?  I hate the bastards that do these things.  I hate every last one of the little rat bastards!

UPDATE/FOLLOW-UP: So, it seems like a lot of people have been effected by this problem!
Check the comments for what other folks did and tools they might suggest to help with the problem.  Frankly, I wish I’d had known about those tools when I started my day!  Yes, I was *totally* wrong when I said it looked like it was coming in from outside the routers.  It was, in fact, *several* PCs that were infected with whatever it was.  I found it, much like at least one commenter, by checking the results of “ipconfig /all” in a command prompt.  I noticed that the DHCP server listed in the config was NOT my actual DHCP server!  So, as I went from machine to machine, I saw several PCs that kept coming up as DHCP servers.  I used Malware Bytes to scan the infected PCs and it seemed to clean them off.  At least, for now.  I’m not sure what I’ll find in the morning.
Apparently, Friday, when it looked like the problem was getting cleaned up, it was really just people shutting their workstations down early for the long weekend.
In any case, as at least one commenter has mentioned, it looks like updates for the various scanners should be coming out this week, so keep updating your antivirus and antispyware programs and scan your networks!  Well, scan them more completely and carefully than you already have.
And, as always, if you have any new information or suggestions for tools to clear up the issue, please, leave them in the comments!

Websites lie.

There, I said it.
Well, I wrote it.  Anyway, you and I and everyone else with half a brain know that these “free” websites are paid for in some way.  Mostly, that way is advertising.  Sometimes, that advertising involves selling personal data that they’ve collected.  Oh, c’mon, don’t act so shocked.  You know it’s true just like I do.  The big [amazon_link id=”B0001EQIFQ” target=”_blank” ]Internet Bust of 2000[/amazon_link] showed us all that companies without a good revenue model will, ultimately, fail.  And, the best revenue model of all on the Internet is selling your data to advertisers.

The thing is, wouldn’t it be nice if they just admitted that up front?
Well, Dan Tynan over at IT World has a modest proposal; The first truly honest privacy policy.

Watch out, because I may just start using this on my sites!
But, I won’t warn you ahead of time…

…for teens?

Okay, so according to LifeHacker, Microsoft has released an on-line book about internet safety and security aimed at kids and teens.  It’s called “Own Your Space – Keep Yourself and Your Stuff Safe Online“.  No, seriously.  They describe it as a way to “…[h]elp teens ‘own their space’ online.”  Apparently, also meant for adults to help their “tweens” and teens “… keep up with the latest computer and online safety issues and help kids learn to avoid them.”  The book was written in “partnership” with security expert and author Linda McCarthy, who I honestly have never heard of before.

So, it’s hard to argue with the alleged intent behind this free, downloadable book, but I’m wary of anything from Microsoft that claims to be related to “security”.  On the other hand, what little I actually saw of the book was okay and had fun illustrations, so it may not be all bad.  I mean, at least it’s a starting point for parents to talk to their kids about on-line safety and security.  But, Microsoft has a long way to go to make up for Internet Explorer and holes it created in so many systems over the years.

In any case, it’s a fun looking book and you’re obviously not doing anything important or you wouldn’t be here reading my blog this Friday, so why not check it out for yourself?

A cigarette sure would taste good about now.

So, as my regular readers know, I missed my NaNoWriMo goal by a factor of about, oh, 10 or so. I managed just under 5,000 words of the 50,000 goal. So, in that sense, it was a total failure. However, that was 5,000 more words of fairly not terrible fiction than I’ve written in, well, in a very, very long time. So, in that sense, it at least got me writing some more. (You can see the drivel I managed to produce at my other blog, Fantasist’s Scroll.) What I learned from all this is that working 10 to 12 hour days and weekends does not make for a good writing schedule. I just wish I had more to show for all that work than I do.

You see, after a good two-and-a-half weeks of soul-crushing, mind-numbing work, I still have “issues” with our new phone system and voice and internet provider. The main issue with the new phone system is voice-mail. The phone switch itself, a Nortel BCM 400, is actually quite nice, as far as I’m concerned. Loads of features, quite easy to use and, once you get used to the interface, easy enough to manage. It also came with some nice tools that I can use to monitor the switch from my PC via my network. Now, granted, we have an issue with one of the cabinets having a bad backplane, but, once I moved those cards to the second media cabinet, it seemed to stabilize quite nicely. Of course, I’ll be going in to the office for a bit tomorrow to check on things to make sure it’s still running okay, but I’m fairly confident that all will be well.
The “problem” I have with the new CallPilot voice-mail system is, well, mainly that it’s new. And it has new, different options and menus. Yeah, pretty much, that’s the only “problem”. It works differently than the old system and the boss doesn’t like that. *sigh* So, now I have to try and salvage that end of things. I’m hoping that I can get some kind of work around that I can program into the phone switch to make it more like the old system, but, as of right now, the biggest problem with the new phone system is that it’s new.

The data end of things, however, is a different story. Since about two of my readers actually care about this, I’ll sum it up for you. The salesman told me that I’d be able to do something with e-mail that we do on our current provider and, today, I found out that we simply cannot do that unless we have our own server. Eventually, we will have our own server, but, until then, I can’t have a feature that my boss, the president of the company, sees as essential to his business taken away from him. It simply won’t fly.
And, if that’s not enough reason to be suddenly craving a good smoke, there’s more in my personal life.

So, there’s that girl…
You know, over the years, I’ve noticed a pattern of sorts with the “problems” in my personal life. The problem always starts “Well, there’s this girl…” The fact that I’m days away from being 38 years old hasn’t changed that much, though the “girls” have gotten older, too.
In any case, it’s been a long, long time since a woman got to my like this one. I can’t explain it. It’s not a sex thing, honest. Oh, don’t get me wrong, I’d be happy to find her eating crackers in my bed, but there’s something about her that’s special. She’s just the right mix of crazy and conservative. Very professional at work, but, after showing her my tattoos, she confessed that she had two as well. I haven’t seen them yet, but, maybe someday. I can’t get enough of the way her dark eyes light up when I make her laugh. When I see her, I want to wrap my arms around her and hold her close just to feel her warm reality pressed against me. I want to confess secrets into her perfect, little ears and feel her cool fingers warm in my hand. I want to make her blush and fluster her with subtlety of my flattery. And she reads. Oh, God help me, she reads books for fun at lunch! Every frustrated writer’s dream! A reader to love and a lover who reads all in the same person.
So, what’s the problem? Well, aside from a divorce that will be final Monday, and an 11-year-old daughter that I think I already charmed, and an 8-year-old son I haven’t met, and the dog I’m about to adopt from her, just one. Her misogynistic, ex-Marine boyfriend who’s also a single dad and in college. (UPDATE: Okay, upon reflection, that may have been an extremely biased judgement that was partly based on desire and single-malt Scotch, but, still…)  I don’t know, though, things sound rocky. Besides, I’m the one she trusts to take the dog. And, she made some hint about being “forever friends” if I took him, since she’d want to see him again.
You know what? I think I could live with that, but, it sure makes me crave a cigarette. I always used to smoke while I waited for things to happen.

I’m not going to, though. Smoke that is. No, instead, I’ll mumble a prayer and have another Glenmorangie and water on the rocks. As I told one of my favorite bloggers last year at my birthday, I don’t drink much anymore, but I always drink the good stuff.

Advice from your Uncle Jim:
"Hope is the feeling you have that the feeling you have isn't permanent."
   --Jean Kerr

The secret word for today is “firewall”.
Not only is it an essential part of any connection to the Internet, it’s also what I installed today at work. Yes, that’s right, what I thought I was looking at in the config of the weird, little Covad router was NOT a firewall or even an active filter set. Unfortunately, I found that out the hard way when I rebooted the router last week and the filters activated, killing everyone’s Internet access. I’m not sure who was more surprised, the support tech or me, when they discovered the active filters. I know I was more shocked than the tech when he told me that they don’t support firewalls built into their routers. In short, we were flapping in the proverbial breeze. And, apparently, we had been since, well, since they’ve had an Internet connection. Doh!
Anyway, after a bit of scrambling and some gulping at spending real money for a real firewall, I got a D-Link DFL-1100. It’s a nice, little firewall appliance that has a built-in DMZ, for later use with a mail server, and IDS detection with e-mail notifications. It was pretty easy to configure, once I got the details on the funky Covad router. I really don’t like them. Hooked directly to the console port on the router, I still had refresh issues and timing strangeness that got really frustrating when I had everyone in a hurry to get their e-mail. Damn irritating. the DFL-1100, however, was pretty simple to install and configure. It even had predefined filters and exceptions that seemed to be working just fine. I’ll probably fine tune that over the next couple of weeks, but, for now, it works okay.

It’s really frightening to me, though, that they could have gone for so long without any protection at all. How could an Internet company sell service to someone and not check with them about having a firewall in place? How could anyone who knows anything about the Internet leave a connection open for literally years? I wonder how many spam problems will go away here, now that I’ve gotten a firewall in place?
Of course, I’m pretty dissapointed in myself for not understanding what I was seeing in that Covad router, too. I should have caught that sooner. Sure, I don’t mess with routers on a regular basis, but I’ve done it enough that I should have seen this. Well, at least it’s taken care of now. Lord, help me, what will I find next?