Saturday, December 31, 2016

2016 Year In Review

 on  with No comments 
In , ,  
With this post, I'm looking to start a new tradition with my studies, and by extension, with the blog.  I'm going to recap 2016.  Where I've been, what I've done, and where I hope to go from here.  This post is entirely for me, anyone else will probably not find it very useful unless they're stalking me. But feel free to stalk if you wish, I don't mind.

I started out the year with a post called New Year, New Focus, where I laid out my intentions on where the blog was heading this year.  i did a pretty good job of staying on target for the most part.  Study and certification wise, wanted to say on target with the CCNP Security, which I did by finally passing the 300-206 SENSS exam.  I also intended to give thought to the MCSA 2016 which I plan to tackle soon, and the CISSP, which is the capstone of my Masters Degree program.  

For the blog, I finally bit the bullet and bought my first domain after a bit of back and forth on what I wanted.  I also started paying more attention to the aesthetics of the blog, and moved away from the default themes, and finally commissioned a logo.  This blog started out as simply somewhere to stash my list of free CCNA related resources, but I set a goal to start posting more to help with my studies.  Mission accomplished there, I have more posts this year than the previous 5 years combined.    

I didn't touch the MCSA at all.  The closest I got was adding a couple VMs to the lab which run Server 2016.  I barely even kicked the tires on it.  So I'll get back on this after the CISSP.

Towards the CISSP however, I did accomplish a lot.  In school I took a few classes directly related to the material (a class that was supposed to be related to intrusion detection that instead went through a Security+ level of material, a class on disaster recover/business continuity, and a class on enterprise incident response). Outside of the classroom, I continued reading.

Of course, the lab has continued to evolve and grow.  I went into the year with a couple low power toys (AMD A4 CPUs) running Hyper-V.  As the year went along, I built an ESXi server on a pair of quad-core Opterons, and continue to throw more hardware at it.  It currently has 64GB of RAM, 2.5TB of storage, and 4 Gigabit Ethernet ports.  The two Hyper-V hosts still exist, running a few VMs as well in addition to file server duties.  Finally, there's an i5 half-top running as a domain controller and will probably host a few VMs itself if I ever get around to upping the 4GB of RAM in it.  The network consists of a Cisco 2821 router, 3750 switch, 1130 access point, and a 2511 access server.  Other than that, everything is currently virtualized.

Here's the rundown on all the current VMs, not counting the workstations and systems that were set up for short term testing that I haven't bothered to really keep track of.
  • av1 Alienvault
  • cloud1 Turnkey Owncloud 14.1 
  • facs2 Cisco Secure ACS 5.6 
  • facs3 Server 2003 Std  Cisco Secure ACS 4.2
  • fata1 Server 2012R2 Std Microsoft Threat Analytics 1.6
  • fcda1 Cisco CDA 1.0
  • fdc2 Server 2016 Std  AD Domain Controller
  • fexch1 Server 2012R2 Exchange 2016
  • fipam1 Server 2012R2  Windows IPAM
  • fissue1 Server 2012R2  Issuing CA
  • fntp2 NetBSD 6.5.1  NTP Server
  • fnpas1 Server 2012R2 Std Windows NPAS
  • foos1 Server 2012R2 Std Office Online Server
  • fprtg1 Server 2008R2 Ent PRTG
  • froot1 Server 2008R2 Ent Root CA
  • fsccm1 Server 2008R2 DC SCCM 2012R2
  • fscom1 Server 2012R2 Std SCOM 2012R2
  • fscvmm1 Server 2012R2 Std SCVMM 2012R2
  • fscrut1 Scrutinizer
  • fscvmm1 Server 2012R2 Std SCVMM 2012R2
  • fskype1 Server 2012R2 Std Skype for Business 2015
  • fsp1 Server 2012R2 Std Sharepoint 2016
  • fsplunk1 Server 2008R2 Ent Splunk 6.5.0
  • fsql1 Server 2008R2 Ent SQL Server 2014
  • fsql3 CentOS 7.3 SQL Server 14.0 for Linux
  • fterm1 Server 2016 Std  Remote Desktop Services
  • fvc2 Server 2008R2 VCenter 5.5
  • fwds1 Server 2016 TP5  Windows Deployment Server
  • fwins1 Server 2000  WINS Server
  • fwms1 Server 2008  Windows Media Services
  • fwol2 Server 2003 Std  Wake on LAN Web App
  • fwsus2 Server 2008  WSUS
  • ise1 Cisco ISE 2.0 
  • mc1 Server 2008R2 Ent Minecraft Server
  • sf1 Sourcefire VDC 5.3.1 
  • so1 Security Onion  
  • vnmc1 Cisco VNMC 2.1.1a 
  • wlc1 Cisco Virtual WLC
Now if only this were true.  I came across this nonsense at a site called  


Saturday, December 24, 2016

My Fan Club

 on  with No comments 
In , ,  
As I've mentioned a few times in the past, I act as an admin for one of the largest, if not the largest, Facebook groups dedicated to CCNA study.  You can find that group right here, or through the Facebook button in the top right corner of any page on this blog.  The group has a few other admins spread out through the world (so that our eyes would be on the page at different times of the day, ideally) and we run the group in accordance to our own moral compass, which for the most part aligns pretty well amongst ourselves and past admins.

Of course, the rules that we've set for the group don't sit well with some people.  If you're into something that doesn't jive with the rules, just simply don't discuss it in the group.  It's pretty simple, right?  Well for some it isn't that easy.  And since I encourage feedback from the community of users, I get it.  Here I've collected a few of my favorites.  There have been others, but many of them blocked me not long after and Facebook knocked it off of my messages before I could get a screenshot.  Warning, the language in these screenshots is a bit graphic.

This first satisfied customer of our services was removed for discussing braindumps and gets right to the point.

User number two was removed for the same reason.  Apparently cheating on exams means obtaining knowledge, and I'm just jealous somehow.   Interesting take.

User number three is my personal favorite.  I think he's asking me to create a group full of porn, and then show it to him?  I didn't realize that porn was so difficult to find.  I know that Netflix is taking over as the king of Internet traffic, but recent numbers show porn is still well over 30% of all traffic.

User number four was apparently upset that the free service we're providing him didn't get him an answer quickly enough for his satisfaction.  So he asked a few more times.  I believe this is the fourth time he asked, a couple times as a top level post, and a couple other times attempting to thread-jack another discussion.  Anyway, I did answer one of his other posts but he chose to ignore that and post again.  Needless to say, he won't have to worry about us getting back to him too slowly anymore.

Finally, this last one didn't come from the CCNA group, it came as a private message to the Free CCNA Workbook Facebook page, which I am also an admin for.  No commentary necessary, I think it speaks for itself.  Apparently when I took the screenshot of this one, I was feeling generous and omitted the name of this class act.  I wonder what he would have thought if I tracked down his instructor and showed them this?

And this is far from all of the nonsense I've gotten over the years, it's just the ones that amused me to the point of taking a screenshot.  That is not to say that it's all negative feedback, but that's primarily the thanks you get for a well maintained group.  The group has no spam, no flame wars, nothing violating the rules except for the very brief time it takes an admin to see and kill the post.  That is, except in my private inbox.  That's full of it.

Saturday, December 17, 2016

Unusual Bursts of Traffic

 on  with No comments 
In ,  
Has anyone seen this before? And if you have seen it, do you have any insight into it? I have a few theories, but its one of those "would be nice to know for sure" things. For the most part, I get an insignificant amount of traffic from Israel and Russia. But on 12/9, I received a huge spike in traffic, and pretty much all from these two countries. I'll show two graphics to illustrate this.

First, here's the spike in traffic, with a couple surrounding days for reference.  As you can see, the other days on the chart almost look insignificant in comparison.

Next, here's how it rates compared to other locations.  Again, these two countries normally are an insignificant source of traffic compared to the US, India and Great Britain which are usually the top sources.

I've seen similar spikes from both Russia and Israel in the past, but never at the same time.  My theory is content scrapers.  Sites that steal content to generate traffic to their own sites filled with ads and/or malware.  I'm just wondering if there's something else I haven't considered.

Saturday, December 10, 2016

Saturday, December 3, 2016

It's Not a Tumah!!

 on  with No comments 
In , ,  
Have you ever been working on a problem and were convinced you knew what the problem was but just couldn't figure out how to fix it?  And then later realized that you were barking up the complete wrong tree on the matter?  Here's one example I came across recently.

I had just set up a terminal server for outside access to my network, and port forwarded a random port to 3389 on that local server.  Everything tested out fine, from a couple of different locations outside of my house so I assumed I was good.  A couple days later, a coworker said he wanted to kick the tires of SCCM 2012R2 a bit, so I set him up a domain account and passed him along the details.  The next day he couldn't get in.  Fortunately I was working from home that day, so I had a chance to look into it.

In my infinite wisdom, I determined that someone had to be logged into the console of the server before a user could RDP into the server.  That's how it looked locally at the moment, so I figured that was the problem remotely as well.  After a little while reading Google hits on the problem, I thought I had it taken care of with a couple GPO settings.  Everything looked good until the next day, and the next day I was at the office.  So when wasn't working again, I was unable to check into it.  I changed a few settings that night, declared it fixed again, and moved on to something else.  Of course it still wasn't actually fixed, but I had other fish to fry with another attempt at the SENSS coming up.

Fast forward a few days and the memory card in my wife's phone became corrupt.  I popped it into one of the kids' computer because nothing else at my house has a memory card reader and started running some diagnostics.  When I put the kids to bed that night (which was about an hour after I logged out and let the diagnostic run), I noticed that the computer had gone to sleep.  WTH I thought, I have a GPO in place stopping computers from going to sleep if they're plugged in.

Later that night while checking my GPO, I noticed that I had the settings backwards.  Computers would go to sleep after 20 minutes while plugged in, and never while on battery.  DOH!

So what does this have to do with my RDP problem from earlier?  Simple, the terminal server was going to sleep after 20 minutes of inactivity.  It's running in ESXi, so when I clicked into the console, I was actually waking the server up rather than just grabbing focus.  The login screen came up fast enough that I didn't realize what was really happening.   So after a reboot of the terminal server, I haven't had the problem again.

The Android RDP Client from Microsoft was quite handy here.  There's a bit of a learning curve in handling mouse clicks, but you'll catch on quick enough.