Sunday, December 19, 2010

The Good, the Bad, and the Ugly

... or "trolling for pics on Flickr"

I was poking around on Flickr looking for shots of other people's data centers and wiring closets. For instance, you can look for all pictures tagged with "wiringcloset"

And you can find things like a picture looking upwards at a rack of 1U boxes, which I found in the l0calh0st group

Some other groups with pictures of other people's network/computer/cabling gear:

That last group is where I found these shots of a data rack that got rewired: before and after
Searching for "cabling" gets you everything from knitting to data centers. Using tag clusters to narrow the search down to more wire-geeky (as opposed to fiber-geeky) gets you something more like this.

and I can't help but agree with the caption on this picture: "No matter what runs on top of the communications infrastructure, at the bottom will always be something like this—a bunch of wires connected together somewhere out of sight."

yeah.

(nb: I'm taking a couple of weeks off from posting for the holidays. I may go through and tag/retag a bunch of posts. Apologies if this freaks out rss feeds or osmething)

Wednesday, December 15, 2010

I never knew you could get tcpdump files from an ASA

I never knew you could get tcpdump-format files from a cisco ASA. Very cool!

The capture process is the same, but then stop the capture with the command "no capture $CAPNAME interface $INTERFACE" instead of "no capture $CAPNAME". Then you can go to the ASA's web site and find the file in "http://$FIREWALL/capture/$CAPNAME/pcap"

Download it and then you're good to open it with tcpdump or wireshark or whatever your packet capture viewer of choice is.

It doesn't look like there's a way to tftp it rather than turning on the ASA's http server for the duration of the download.

Sunday, December 12, 2010

Passwords and security

Public Service Announcement and discussion!
Gawker media's database of email addresses and passwords for several hundred thousand users was copied and distributed and password crackers are eagerly attempting to crack everything there and see what else uses those same ID's and passwords.

Password reuse is a common exploit vector -- It seems convenient to use the same low-security password for multiple web forums and other things. But it really does open up holes that lead to bigger exploits. (See also this xkcd.) In particular, don't re-use a password for an email account or anything connected to your credit cards or banking. Using a base password and then some added characters for each web site can be a convenient way to have different passwords that are still reasonably easy to remember. And then there's always PasswordSafe (my favorite), which runs on several common platforms, to securely store passwords.

Wednesday, December 8, 2010

A bit of whimsey in the middle of my switch

Just a quick amusing thing, today.

If you open up a cisco 3548 switch and take a look at the circuit board, there's a Buddha:

Click on the thumbnail to follow the link to bigger versions of the picture.

Wednesday, December 1, 2010

802.1x peeve

So, I'm trying to set up 802.1x, using MSFT's IAS server to do authentication against windows domain accounts. Seems straightforward enough.

I've set the switch up, which was pretty simple. The IAS server is being difficult, however. I've got it set to not send any extra VSA (vendor-specific attributes), but it's sending several along with the authentication approval that seem to make the switch choke. I've got a ticket open with MSFT about it.

It's not clear to me what's going on, here. I'll post again when I figure out more.

Followers

About Me

My Photo
Regis has worked as a network engineer since 1994 for small companies and for large companies.