April 2004 Entries

Minor Correction in MRTG Article

In my recent article on getting MRTG up and running on a Windows host, I failed to recognize what appears to be a bug in Routers2's installation package when you go to upgrade to the latest version. If after upgrading to the latest version of Routers2.cgi, it still claims to be v2.11 at the bottom of the web page, you must copy routers2.cgi to index.cgi in your \mrtg\wwwroot directory.  This doesn't appear to happen automatically by the installation script (at least not on 2 separate systems I have been testing with). I have corrected the “Upgrading Routers2.cgi” portion of the article to ensure...

New Image Gallery: Seattle

Jessica and I took a slight detour on Sunday on our way to take in some Middle Eastern culture with our friends Ron and Heather at The Triple Door.  I have been trying to get some good shots of the Seattle skyline on the nice days we've had here lately.  There is a park on Queen Anne that has the best view of the Seattle skyline, with Rainier in the background.  Just gorgeous.  And the weather on Sunday did not disappoint. Check out the pics in the “Seattle“ image gallery in the nav menu on the left. Oh, and if someone had told me I was going to...

Article Announcement: Installing MRTG on a Windows Server

The long-awaited article about getting MRTG going on a Windows server is now available.  There will be follow-ups about tweaking MRTG's features and doing WMI and PerfMon graphing, but this should get you started. Installing MRTG on a Windows Server Please leave comments or send me email regarding any errors found, or other feedback. Enjoy!

Network Monitoring with MRTG

I've been very busy working up some how-to documents on using MRTG in a Windows environment to monitor server and network health.  This has been a very challenging and time-consuming project, since it involves so many disparate technologies (MRTG, SNMP, WMI, VBScripting, RRDTool, etc).  And like many things Open Source, the documentation is all over the place. My goal is to come up with a solid how-to, similar to the one I recently did for OpenSSH.  I should have that done in another week or so.  In the meantime, check out some of these near-real-time performance metrics on the site here. ...

Slowing down a bit

Yeah, I know my readers are used to multiple posts per day, but that was back in my AT&T Wireless days when I had hours of time to kill while I was at work. Now, I'm busy.  Like, really busy. Also, I've decided to keep the blog as focused on technology and security issues as possible.  Personal blog entries I can spit out in mere minutes, but technical entries take time to research thoroughly.  Else I make an ass out of myself.  And nobody wants that.  OK, some people want that.  I haven't really had the time to give any technical issues the research love...

Patch Day Cometh

This month's Reckoning Day came and left in its wake a mass of busy admins.  I dreaded going into work today, especially with Microsoft re-arranging the security execs the day before Patch Day.  That's what companies do to CFOs the day before they announce crappy earnings, so I knew that didn't bode well for today's patch announcements. Anyway, when word came down from on-high, the tablets spoke of 20 vulnerabilities, some old and some new, combined cleverly within a quad of patches. If you haven't visited Windows Update today, drop everything and go do it. . . . What, you think I can't see that you're not going...

Alumni Update

Some updates for the BSQUARE Alumni Page: Added: Brian Kramer Macgill Lynde Tim Willmoth Updated: Chao Chen

Reading List

I have a few things I need to remind myself to read over the next few days, and it might as well be here: 11 Port Enumerators Compared Virtual PC 2004 FAQ Blog of a couple Japanese Security MVPs Advanced Security Reporting with Nessus (.doc) MACS: Microsoft's long-awaited log management facility (just for security logs though?) www.infosecwriters.com IDS Policy Manager for Snort

Dinner with Anil John and John Perry

So Anil was in Seattle recently for the MVP Summit that Microsoft hosted in Seattle.  Anil's blog is on my short list of sites that I go to daily, because he's got such a great talent for writing technical issues, and we both seem to share similar interests.  We have been talking quite a bit lately, since he is the one that suggested the SSH tunneling thing to me and ultimately helped get it working on my network at home.  I owed him a beer or two as a result, and was delighted he was heading my way due to the...

Empty Log Files on Windows 2000

So over the past few months I have been running into this bizarre problem with the Windows 2000 event logs appearing to be empty when they were very much not.  You would open up Event Viewer, selected a log, and nothing would appear in the right-hand pane.  You could click on individual lines in the pane, but trying to open or manipulate these invisible event log entries was fruitless. Additionally, exporting the logs to other formats had no effect, and neither did viewing the logs remotely, or viewing them with 3rd party tools.  The only thing that seemed to right the...

Inexcusable

I can't believe that Cisco, of all companies, would allow a developer to put a hard-coded backdoor into two of its products.  The embedded username and password, which cannot be changed or disabled, allows attackers to gain full admin-level access of the devices. There is no single networking company that the Internet (and Big Business) is more reliant upon than Cisco.  And for them to allow this kind of thing to happen in any product they ship is horrifying. Heads better be rolling.

Interesting Dinner

Jessica and I had dinner with a pair of very interesting individuals tonight at the Cheesecake Factory in Seattle.  But I'm too tired right now to give the story a proper treatment, so I will save it for tomorrow. I know, I'm such a tease.

Evidence grows about the benefits of moderate drinking

A story in today's Boston Globe details the medical field's mounting pile of evidence that drinking in moderation is actually beneficial to your health.  Some are actually starting to suggest that people drink 1-2 glasses of wine or beer every night with dinner. Money quote:  “...scientists around the world have been looking at alcohol's upside, and their findings have been consistent: Drinking in moderation appears healthier than not drinking at all.”

Dear Ohio: I'm Sorry

(This will be much funnier for all of us if you picture Doctor Evil doing the quote thing with his fingers every time I italicize, ok?  Work with me here, people, this medium sucks for humor!) So in a recent post, I may have inferred that Ohio has no place in the Mexican food industry.  Some regrettable words were spoken on both sides of the issue, and I think we've all come to an understanding that Ohio Mexican food isn't by default inferior to the real thing. But in my own defense, I will say that the Ohio crowd completely misunderstood...

BSQUARE Alumni Update

Made some updates to the BSQUARE Alumni Page: Added: Doug HughesJason NottinghamKaren Denkewalter Updated: Jocelyn EwertJohn Crawford (Edit: Updated John Crawford)

Remotely Resetting Terminal Server Sessions

I came across this gem for resetting stuck terminal server sessions.  Systems that run in Remote Administration mode are restricted to 2 sessions at once.  In a data center like mine, where a team manages the servers, these sessions sometimes fill up or get stuck. With the tools outlined in the referenced post, you can remotely determine the state of existing sessions on the machine, and reset them if desired. Great stuff, thanks Scott! (Edit: Also check into tsdiscon, a Microsoft tool that allows you to remotely disconnect a session)

Article Announcement: Configuring OpenSSH (Win32) for Public Key Authentication

Anil came to my rescue recently by sending me his config file and walking me (via MSN Messenger) through some troubleshooting steps to get my OpenSSH working on my Windows XP “server”.  I'm hoping we can hook up while he's out here for the MVP conference next week.  I owe him a beer or 8. Anyway, seeing how I went through every single Google hit on “OpenSSH windows putty 'server refused our key'” and came up with lots of “maybe try this“ stuff but no concrete solutions, I thought it was time to add an article to the pile, one that hopefully...

Frustrated beyond belief

I've now spent 2 solid nights trying to get a simple key exchange to work between an OpenSSH client (WinXP) and server (WinXP, Win2003). I thought it was a problem with PuTTY originally, but after I banged my head on that wall until 1:00 this morning, I decided to try just SSH-SSH.  It works fine for password authentication, but if I force certificate authentication it fails in various ways. It should be a simple thing, but apparently it's beyond my skills.  I've tried everything short of sacrificing small farm animals. I'm pretty pissed right now.  I've never had my ass handed to me...