Diary of a Network Geek

The trials and tribulations of a Certified Novell Engineer who's been stranded in Houston, Texas.

5/6/2014

Altap Salamander

Filed under: Geek Work,Never trust a Network Admin with a screwdriver — Posted by the Network Geek during the Hour of the Hare which is terribly early in the morning or 6:30 am for you boring, normal people.
The moon is a First Quarter Moon

AltapSalamander3.01 A file-manager that was originally forced on me, but which I’ve come to rely upon for my daily work.

About ten years ago, I was hired by Oceaneering for a world-wide roll-out of an imaging and support project.  I won’t mention the name of the manager who hired me, because, well, we ended up having a problem.  As it turns out, he didn’t want to take on the project.  What’s more, he wasn’t big on hiring guys “like me”, who had certifications and so on, but he was forced to do just that by the same CIO who thrust the desktop imaging project on that manager.  The CIO, from what I understand from third-party sources, has since “retired”.  I don’t know if the ill-fated project ever was completed because both of the people originally assigned to it, including me, were encouraged to “find other opportunities to excel”.  Internal politics aside, I mostly blame my divorce for costing me that job.  It turned out okay, though, since I landed at Seatrax shortly thereafter and have been quite successful there.

The other good thing to come out of that mess was that manager forcing us all to use a program called, at the time, “Servant Salamander”.  As you can see from the thumbnail included on this post, it’s a file manager.  But, it’s more than just that.
There’s a lot of history with this utility.  Some of my readers may be familiar with the old Norton Commander, which inspired Petr Šolín to make the earliest version of Servant Salamander as freeware.  Or, they may be more familiar with the text-menu-based utility for Linux called “Midnight Commander” which is sometimes just referred to as “MC”, since the name of the actual command is “mc”.  This tool looks almost identical to Altap Salamander and if you’re used to Linux systems, running Salamander may make the transition a little easier.

Of course, the basics are there.  The side-by-side default view of two directories lets you easily copy or move files from one directory to the other via a quick series of clicks to select files and either hitting the F5 or F6 key respectively.  You can also use the context-sensitive menu to rename and delete files or directories, create directories, edit files or use the built-in viewer to preview files, all with the touch of a function key.  You can also connect a network drive, if you happen to have a local fileserver of some kind with available shared directories.
In fact, while there are menus, virtually every command can be accomplished via a series of keystrokes or a combination of keys.  For instance, while I usually use the mouse to navigate directories, a simple shift+F7 will bring up a dialog where I can type my desired destination directory.  Or, I can do  a search with a quick Alt+F7.  (And, the search function built into Salamander is quite good, if you need to find something.  At least as good as the built-in Windows search!)

But, what really makes this utility shine are all the extras.
For instance, sometimes, I have to deal with a lot of files in big directories that need to be synchronized between servers.  Salamander has a built-in function to compare directories.  It will even compare subdirectories, if it comes to that.  As someone who manages multiple websites, the FTP plugin for Salamander, which allows me to quickly connect to a remote server and then navigate it like any other directory, has been such a time saver and is so convenient for me, it may be the main reason I have continued to use Salamander!  I can even maintain a list of regular FTP sites so I can simply select them almost like I would change to any other drive on my system.  And, yes, once connected, I can transfer files back and forth with the same commands as I do on local drives.  (Though, I have to admit, every time I install Salamander on a new computer, I forget to set the default options for the FTP plugin to “Use passive transfer mode”, which seems to be the standard for all the FTP servers I connect to on a regular basis.)
Another plugin lets me view ISO CD or DVD disk images, which can be very helpful when you’re a system administrator and trying to retrieve a single file from an ISO downloaded from a vendor.  And still others do everything from opening compressed archives to comparing files to copying entire disks.  Further, if you managed both Windows and Linux servers, as I have, the WinSCP plugin makes it much easier to transfer files to a Linux host securely, though, at the moment, there’s not a 64-bit plugin, just a 32-bit version.  Again, all very handy things to be able to do, especially for an IT professional!

While there is a free, trial version of Altap Salamander, after having used the licensed version, I really prefer that and recommend that you spend the money on it.  As of this writing, if you get the latest version, along with all the plugins, only some of which cost extra, it will run €44.80, or about $63, for a single license.  And, that will give you access to a year’s worth of updates.  That may seem like a lot, but, trust me, the extras are all worth it and Petr updates it quite frequently.
Personally, I don’t know how I would make it through my day without using Altap Salamander!

5/29/2011

DNS Redirect Attack

Filed under: Geek Work,News and Current Events,Rotten Apples,The Dark Side — Posted by the Network Geek during the Hour of the Horse which is around lunchtime or 12:34 pm for you boring, normal people.
The moon is Waning Crescent

I’m seeing traffic about this, so I thought I’d write up what I found.

I tweeted about a strange DNS-based network/malware attack that I saw on Friday, but, at the time, I didn’t see any interest, so I didn’t go into any real details.  Besides, I may be a hardcore geek, but I do have a life and was going out.  But, now, I’m seeing search engine traffic hitting my blog apparently looking for details, so I thought I’d describe the attack, as I saw it.

First of all, let me mention that I’ve seen a higher-than-usual occurrence of malware infections the past couple of weeks.  I mean, it’s a hazard of my business that, sooner or later, people are going to get infected, either through bad behavior or by accident, but the past three weeks or so I’ve seen way more problems like that than is even remotely normal.  So, bearing that in mind, I’ve been on a kind of high-alert status looking for any malware problems, but this was something new.

It started with someone from another location, who’s on a totally, physically separate network which uses a different internet service provider to connect to the Internet, calling me with a problem.  It was, apparently, a recurrence of a virus he had previously that we cleaned.  He described being taken to a webpage that featured a maroon graphic background with a white icon of a policeman holding up his hand to indicate “stop”.  The text on the page gave a message that said the user’s browser was not the correct version to access the page and that an upgrade was required.  Helpfully, it provided a button to press to receive the “upgrade”.  Obviously, the “upgrade” was an infection.  (You can see an example of the graphic here.)  Thankfully, I trained my users well enough to be suspicious of these kinds of things and no one who reported this actually clicked on it.

About the same time this happened, I noticed that my iPhone wasn’t connecting to the wifi hotspot I have setup in my office.  I checked the configuration and noticed that the DNS servers listed were wrong.  In fact, they’d all been replaced with a single DNS server; 188.229.88.7  Obviously, that seemed suspicious to me, so I opened a command prompt on my PC and did a tracert to see if I could figure out where this server was and, from that, why it had become the default DNS server on part of my network, despite my having very carefully configured totally different DNS servers that I knew were safe.  It looked like the tracert results showed me a network path that led out of the country somewhere, which was, to me, very suspicious.

Before I could really pursue that, though, I got another call from a user at my location reporting the exact same error message and graphic, but going to a totally different website! I went to his computer and checked the IP configuration and found that his DNS servers had been replaced by the rogue server as well.  I refreshed his network config, several times actually, and the DNS servers reset, but, when I thought to check some other people in the same area of the building, his configuration set itself back to the rogue DNS server!  So, I reset the local network equipment to clear the DNS cache, and whatever other caches may have gotten poisoned by this attack, and the problem seemed to go away.  Unfortunately, whatever had caused the compromise was still active and seemed to poison the DNS cache and the DNS configuration again.  It did seem sporadic, though, as if the ISP was trying to correct the issue at their end.

As far as I can tell, the attack actually seemed to be network-based in some way.
At least, I couldn’t find any computer on my network that was infected with anything that AVG, Norton Anti-virus, or Malware Bytes could find.  It is, I suppose, possible, that this attack was so new that no of those programs had an updated detection pattern for it, but, based on the lack of detection, and the fact that it happened on two physically separate networks almost simultaneously, leads me to believe that this was a network-based attack.  I suspect that an ARP cache or DNS cache or something similar was attacked and compromised on a major network router somewhere.  Possibly one of the edge routers at a trans-continental connection somewhere.  From the tracert results I had, it looked like it was the East Coast somewhere, leading to Europe via London to France, though I could be wrong.  It’s possible that was a blind alley meant to throw researchers off the trail in some way.
Also, as of this writing the rogue DNS server seems to be out of commission, though that might change, too.

The Internet is a wild and wooly place, ladies and gents, and you can’t always count on your friendly, neighborhood Network Geek to watch over you and keep you safe!  So, be careful out there!
(And, if you’re a fellow professional who’s seen this, too, leave me comments and tell me what you found!)
UPDATE: Looks like the server is still active, but my ISP has blocked DNS traffic to it, to fix the problem.
Also?  I hate the bastards that do these things.  I hate every last one of the little rat bastards!

UPDATE/FOLLOW-UP: So, it seems like a lot of people have been effected by this problem!
Check the comments for what other folks did and tools they might suggest to help with the problem.  Frankly, I wish I’d had known about those tools when I started my day!  Yes, I was *totally* wrong when I said it looked like it was coming in from outside the routers.  It was, in fact, *several* PCs that were infected with whatever it was.  I found it, much like at least one commenter, by checking the results of “ipconfig /all” in a command prompt.  I noticed that the DHCP server listed in the config was NOT my actual DHCP server!  So, as I went from machine to machine, I saw several PCs that kept coming up as DHCP servers.  I used Malware Bytes to scan the infected PCs and it seemed to clean them off.  At least, for now.  I’m not sure what I’ll find in the morning.
Apparently, Friday, when it looked like the problem was getting cleaned up, it was really just people shutting their workstations down early for the long weekend.
In any case, as at least one commenter has mentioned, it looks like updates for the various scanners should be coming out this week, so keep updating your antivirus and antispyware programs and scan your networks!  Well, scan them more completely and carefully than you already have.
And, as always, if you have any new information or suggestions for tools to clear up the issue, please, leave them in the comments!

3/21/2010

The Ultimate Home Network

Filed under: Deep Thoughts,Fun Work,Geek Work,Linux,MicroSoft,Novell,The Network Geek at Home — Posted by the Network Geek during the Hour of the Snake which is mid-morning or 10:12 am for you boring, normal people.
The moon is Waxing Crescent

A pretty bold statement, isn’t it?

Well, I’m not going to tell you how to build the “ultimate home network”, but, rather, suggest some things that you may want to consider to build your own, personal, “ultimate” home network.  Everyone needs something different from a home or small office network.  Some of us have side jobs that require a fair amount of data transfer or storage, like, for instance photographers.  For some of us in the IT business, having a home “test” network is almost assumed, though, perhaps not as much as it used to be in the boom days of the Internet.
I’ve been thinking about it this past week because my old BorderManager firewall finally has died.  I’m using a backup firewall at the moment, which is “good enough”, but I’ll be taking this crash as an opportunity to start rebuilding my home network from the ground up, using mainly free, open source software, starting with a Linux firewall.  In fact, I have three that I’ll be looking at and, yes, writing reviews of, in the coming weeks.  This will be an on going series of posts, too, as I evaluate software and, piece by piece, integrate it into my working, live network.  My needs will probably be different than yours, but all home networks will have some similar items and considerations.
So, what should go into your own personal, “ultimate” home network?  It depends on what you do, but here are some ideas.

The Actual Network.
Obviously, the first thing is setting up the actual, physical network.  And, in this case, by physical, I’m including wifi routers and the like.  Back in the old days, having a home network meant running cable.  That’s not as true as it used to be, but don’t just go wireless without considering at least some wired connections.  If you’re concerned about security, for instance, especially, regarding financial transactions, nothing is as secure as a wired connection.  Keep in mind, though, that at some point you still connect to an outside source to get to your bank.  Also, since most laptops have built-in wifi and have gotten so inexpensive, if you don’t already have one, consider getting a laptop.  For most people, laptops can inexpensively do everything we need to do and have the advantage of portability, so if you need to leave, say in case of a hurricane, you can take at least part of your home network with you.
There are a wide range of network switches and routers out there to choose from, but I suggest sticking with a name brand that is relatively well known and established. It’s no guarantee that you won’t have problems, but it’s a good start. I personally like Linksys and DLink brands, but there are many others that will work well, too.

Security.
Don’t forget that you need to have at least some security on that home network.  At a bare minimum, you need a firewall and some kind of antivirus.  If you’re connecting to broadband internet, either cable or DSL, most often the router they give you from the service you use has a firewall on it.  If you’re using wifi, the wifi router almost certainly has a firewall on it.  Use them!  Most importantly, actually set them up and change the default password to something else that you’ll remember but that strangers won’t guess.  If you’re not sure if you have a firewall on your network equipment, then at least use the built-in Windows firewall, but use something!
If you don’t want to spend big money on either McAfee or Norton for antivirus, good news!  You don’t have to spend anything!  Yes, that’s right, you can download AVGFree and run it for nothing at all.  So, now, what excuse do you have to not be running some kind of antivirus again?
And, please, for your own sake, use passwords.  Use hard to guess passwords, not your kids names or your birthday or even your license plate number.  In fact, try not to use dictionary words at all, or, if you do, substitute other characters for letters, like $ for S or @ for A, to make it more difficult to guess.  Also, use numbers with the letters, for the same reason.

Networked Storage.
Just having storage isn’t enough, really.  On a home network now, you may have a laptop, or two, a desktop, a DVR or any number of different networked devices that share data.  They all need to store it somewhere.  And, even if they store the data locally, they need to be backed up somewhere.  The answer is network based storage.  There are a lot of options out there, and Rick Vanover at TechRepublic has a good article on several.  I know one solution that’s popular with photographers is the Data Robotics Drobo series of devices.  I don’t have any direct experience with these, so I have no opinion on them specifically, but these days, decent network attached storage is so cheap, it would be foolish to ignore that as an option.

Virtual Server Environment.
Now, obviously, this isn’t for everyone.  Back in the day, I used to run a small, two server Novell network in my house just to keep everything fresh in my mind.  Novell isn’t always the most popular networking environment, even for hard-core network geeks like me, so I always wanted to make sure I knew how to do some of the more “interesting” and challenging things in that environment and ran a test network at home for that reason.
Now, you can do all that through virtualization.  In fact, that may be the newest buzzword that’s already worn thin on me!  But, buzzword or not, setting up a virtual test network is something that’s been talked to death in the industry, but I’ve only seen one article recently on setting up a home virtual test network.  You can read more about it in an article by Brad Bird over at TechRepublic, but, again, for those of us who work in a lot of different environments, it’s not a bad idea to make a series of virtual machines to experiment on.  There are still some hardware costs involved, of course, but there is the advantage of being able to roll back to an earlier state if something gets too screwed up.  Try that on your old-fashioned home network!

Even Fancier Stuff!
Of course, there’s almost no limit to what you can do on a home network these days.  Many inexpensive printers come with network interfaces built in, some even have wifi networking built in.  Of course, I’ve mentioned things like Windows Home Server and Linux servers here before, too.  It is, after all, what I do.  Though, with the low prices on network attached storage, I’m not sure I’d recommend that option for the average user.
And, this post hasn’t even touched on integrating any audio visual equipment into your network, or a home security system, or some of the fancier bells and whistles that are out there.  The sky, literally, is the limit.

So, the thing is, everyone will have a different idea of what the “ultimate” home network is, but these are some things to consider, and a few you don’t want to forget.


Powered by WordPress
Any links to sites selling any reviewed item, including but not limited to Amazon, may be affiliate links which will pay me some tiny bit of money if used to purchase the item, but this site does no paid reviews and all opinions are my own.