C-Pig's Best IT Advice #1

[Anonymous 11]

Whenever you stumped by a problem, Wireshark will nearly always pull your nuts out of the fire.

[GregB0Participant]

Anonymous wrote:

Whenever you stumped by a problem,

GregBo’s IT advice, Ensure that the computer has power.

Wednesday of last week, Female Engineering Professor (Ph.D – Computer Science from MIT, M.S.- Mechanical Engineering – Stanford, B.S. Civil Engineering – UT – El Paso) had issues with a computer display in one of our facilities. After two nasty emails requesting help, we arrived and began trouble shooting. She confirmed that she had rebooted the computer so we started looking at cable issues.

Cables were good so we attempted to reboot the computer again. Being old school, I used CTR/ALT/Delete …. nothing. Looked at CPU, no power light.

We rebooted the machine and brought the systems on line. Engineering Professor went to department chair after class complaining how difficult is was to use our facilities and how my unit needed to provide staff coverage for her classes, on our dime of course.

Engineering Chair went to my boss, CIO to discuss issue. This week Department Chair was running the courses previously taught by Female Ph.D.

Always check the power.

Of course this example also illustrated how solid the rock is in some folks head, but power is still a very good thing.

​"​My father didn't tell me how to live; he lived, and let me watch him do it.​" - Clarence Buddinton Kelland

[Anonymous 7]

Grue’s IT advice.
Go f~~~ing ask someone else.

Seriously, I hate Apple as a leftard company but the Mac is a Unix based OS. Ditch Windows as soon as you can and get a Mac or Linux box.

[Jan SobieskiParticipant 28791]

Prof got fired?

Love is just alimony waiting to happen. Visit mgtow.com.

[Anonymous 11]

It lead me to the source of a lateral network spreader. The user admitted to opening one of those fake ADP invoice Word Documents and got infected. Seven days after the initial incident only 11/55 virus engines detected it on Virus Total. The user even told it to allow macros to run.

It all started as a mere blip on a botnet detection graph. Usually, they lead no where, but this one just paid my property taxes. I like Microsoft’s s~~~ty bloatware. It makes me money.

Polymorphism slips in for the win.

[GregB0Participant]

Jan Sobieski wrote:

Prof got fired?

Nope, reassigned to other classes that have nothing to do with any other department. 🙂 She is on her own for tech support this semester.

​"​My father didn't tell me how to live; he lived, and let me watch him do it.​" - Clarence Buddinton Kelland

[SolidParticipant 7520]

GregB0 wrote:

Always check the power.

Excellent ! I always do it, because the main source of my problems is always bad power (lot of noise, peaks, etc…)

Anonymous wrote:

ADP invoice Word Documents and got infected. Seven days after the initial incident only 11/55 virus engines detected it on Virus Total. The user even told it to allow macros to run.

I don’t know your mail server, but you can put mails in quarantine if you want, several mail servers support it. So when a user receive and email, you can send it to mcafee server (or other AV that you prefer), or a cuckoo sandbox, and only allow it after it passes. A well configured cuckoo box can spot this kind of threat easily !

As you said about wireshark, cuckoo provides the network dump of the traffic, so if you suspect anything, just download the .pcap file of that analysis and take a look by yourself.

[Author]

Posts