Diary of a Network Geek

This is a quick and clever idea!

Okay, so you remember a week ago the Internet was supposed to melt because of all the problems with this Conficker worm? Did you even notice anything amiss at all? Yeah, me neither.
But, still, if you’re like me, you stay awake at night worrying about all the potential worms and virii that might be sitting on your computer, waiting silently, hiding from the security software that you most certainly keep updated, waiting until your guard is down to pounce! Well, okay, maybe it’s just the full-time, professional geeks like me that worry about that. And, yeah, maybe I worry about it happening on my work network more than I do at home, but, still, you get my point. So, how can you know? Well, thanks to Lifehacker, I bring you the Conficker “Eye Chart”.

The principal is simple, really. Conficker blocks access to several security sites so you can’t download updates or removal tools that would clean it from your system. The Eye Chart simply links to graphics from those sites, and several others as a control set. So, if you can’t see images from the security sites, you know that you most likely have Conficker and have to get the removal tool from somewhere else to clean your system. Pretty neat idea, I think. So, go ahead and click the link to the Conficker “Eye Chart” and check for yourself.

Now, if you do have it, I suggest going to either the Microsoft page about Conficker and its removal, or download the Symantec removal tool from another PC and then take that to your infected PC via a USB drive and run it. Though, to be honest, I think the whole thing was blown out of proportion by a few alarmists in the media. (Though not Houston’s Dwight Silverman, I might note! Which is one of the reasons I follow his blog!)

If the only tool you have is a hammer, you tend to see every problem as a nail.
–Abraham Maslow

So, I’ve been doing a lot of strange things at work the past couple of weeks. And, by strange I mean working around problems like trying to get things done without spending money. That always seems to lead me through some interesting back doors and into areas that I’ve not been before.

First, I was asked to do some browser forensics. Basically, it was supposed that a particular employee, no myself, was spending a little too much tiem on the web. I was tasked with finding how much time and where they were going. Simple enough, right? Well, I had to do it on the “down low” and without sitting at their computer. Enter, Webhistorian, by Mandiant. This utility let me grab history files and arrange them into a nice, easy-to-read report that told me where, when and how long my intended target was spending time on the web. That combined with a drive mapped to the administrative share on his computer showed… That he was actually relatively innocent. Yeah, he went to some sports websites, but only first thing in the morning and at lunchtime. Nothing worth firing him over, at any rate.

Next, there was a more, um, general security question. And, okay, it wasn’t actually at work, but it’s good to know for work. A friend thought her computer might have been inadvertantly used in the comission of a crime by a “guest” and asked me to check it out. I can’t go into details because of pending legal action, but I decided to let her take it to the proper authorities first, in case I were to mess up any evidence. Once they’re satisfied, however, I’ll take a look at it. And, thanks to another blog I read, I’ll be using something called Helix.
I have read the aforementioned blog, A Day In The Life Of An Information Security Officer, for, well, years, actually. Mostly, it’s just an interesting diversion, but sometimes, I get good ideas from the posts and case files. This time, the new tool came from the comment section. Helix was suggested by another faithful reader. It’s a bootable, “live cd” Linux distribution. It’s also free, which is one of my main criteria for the tools I use.

I also had to clone a giant Windows XP disk this week. I tried a number of utilities, including Symantec’s Ghost, but it was another Linux distro that saved me. This time, I used Knoppix. Also a bootable, “live cd” distro which is available free from the Internet. I found the command by accident while searching for something else, but I also discovered there are other ways to clone a cd via Knoppix. My Google search turned up several HowTo documents. There was one on Knoppix.net’s forums, another on Linux.com and a third on Just Linux. I used the third method first, which turned out to not work so well at all. Something to do with XP and how finicky it is about hardware and booting, I suspect. So, I finally moved on to the appropriately named NTFSClone. I still had problems making it bootable, but I attribute that to the old disk running Windows XP. I hate XP. Truly. Still, I managed to have some good fun with all the different attempts. I enjoy a good intellectual challenge!

These days no one can afford to be just a “Windows Admin” or just a “Novell Admin” or, even just a “Unix admin”. We have to use the right tools to get the job done, whatever that looks like.
I’m the man behind the curtain who makes the great and powerful Oz go. If I want to outwit the flying monkeys that the Wicked Witch of the West sends after me, I’d better have a whole lot of tools in my toolbox besides my magic ruby hammer.
Even though I’m Linux certified, I don’t work with it enough for my taste, so I’ve finally gotten off my lazy butt and installed Open SuSE on two old laptops I have at the house. Again, it’s free and so were the laptops. One is an old Dell that came from an old job. The other is a Compaq that a friend gave me because he knew I’d get more use out of it than anyone who he might donate it to for the tax write-off. Either that, or I’ve become a charity. Hey, it could happen!
In any case, I’m working on expanding my toolbox, one piece at a time. And, now, you can take advantage of my tinkering to expand your own digital toolbox. Have fun with the new toys!

Oh, how I could have used this at other jobs…
Okay, now, I haven’t been writing about it, but I’ve been wrestling with worms. No, not earth worms, or heart worms or even tape worms. Windows Worms. Well, I guess they’re actually “e-mail worms”, but I’ve never heard of one that occurs on any other operating system other than Windows. Unless, of course, you count the infamous Internet, or Morris, Worm. In any case, since most of my workstations are Windows-based, I have worms. Not as many as I did, but it’s still something that keeps me awake at night.
So, imagine my joy when I finally found the Symantec Security Response Worm Removal Tool page.
Go forth and infect no more.

Well, I survived the daytrip to New Orleans.
Barely. Not that the flight was bad, because my boss is actually an excellent pilot and the weather was good. In fact, it was better than most commercial flights I’ve taken, except for the fact that I felt like I couldn’t take a nap. I learned a long time ago to work hard while I was on-site and sleep on the plane.
No, the problem was the “little” problem I thought I was going to fix. See, what I thought was a little problem with some spam e-mail turned into virus hell. Of course, I prepared for that and I brought a copy of our Symantec Corporate Anti-Virus to install. No problem, right? Wrong. When I installed it an old version of Norton Anti-Virus was still installed and the resulting conflict led to the dreaded Blue Screen of Death on the server. Not good. So, I finally get that worked out and discover that the machines are all in a workgroup. None of them sign into the Domain on the server. That meant going from machine to machine and installing the anti-virus program by hand on each one, which, of course, I did. All day long, until about 6:00pm when a break in the weather sent us scooting home.
We got in about 8:30pm, which got me to my door at about 9:15pm, or so to find a puppy with her little legs crossed! I sent a friend who has a key, in case of emergencies, over to let her out, but she was afraid of him and wouldn’t do anything. Silly dog. Just like always, she’s daddy’s girl and wouldn’t do anything for anyone but him. Gotta’ admire that loyalty, even if it’s a little co-dependant.

Advice from your Uncle Jim:
"We cannot be sure that we have something worth living for unless we are ready to die for it."
   --Eric Hoffer