I spent the majority of Sunday helping one of my closest friends build a storage shed in his side yard. Yeah, Beau the Network Geek was out swinging a hammer nearly all day long.  And I only crushed my thumb once.  Hey, nobody was more surprised than I was, I promise. There is something very fulfilling about that kind of work, and I rarely do it.  Even my own house languishes in my laziness/incompetence, and most of the things that have been built since I bought it were built by hired professionals, or by this very same friend.  I keep a leaky toilet unrepaired...

I swear I'd give my left eye to find an honest-to-god hub that I can throw into my laptop bag in case I need to do some impromptu sniffing. You can't buy a hub nowadays though.  Switches are all the rage.  Even devices that claim to be hubs are actually switches, but 99.999% of consumers don't care, and are actually better served by a switch anyway.  I have to go back 5 years to find a bona fide hub, and it's usually metal encased, weighs about 5 pounds, and won't fit into my laptop bag. So what is a traveling network analyst...

According to this article at Information Week, phishing attacks have increased 500% since January, and a whopping 5000% in the last year. Email is evil.

I'm off to Dallas today to help American Airlines with a network problem.  I'm not sure I will have much time for blogging this week.

Take a careful look at the following image: See the *almost* perfect white box with the “https...“ part in it?  It's a little off there along the bottom, but it's really plenty good enough to fool most users.  That, dear readers, is a chromeless window.  And unfortunately, this one isn't a demo.  This was found in the wild recently. This particular chromeless window is covering up the fact that the user is actually visiting “http://validation-required.info“ (terminated), which is scam website in Korea pretending to be US Bank.  Users were duped into going there by a fairly run-of-the-mill phishing email from (supposedly) US Bank...

The Register recently did a story on a growing industry based around renting out botnets to ne'er-do-wells who don't have the skills or time to collect their own.  You can rent botnets by the hour, apparently, to use them for spamming, DOS attacks, or whatever nefarious deeds strike your fancy. Remember, botnets are collections of hacked PCs, usually on cable modem, DSL, or other “always on” connection.  Some botnets have been discovered that contained over 250,000 hacked machines (zombies), waiting patiently for commands from the master.  The majority of recent worms and other large-scale viruses have been specifically designed to turn the infected systems into...

Every once in a while I take a gander at the referrer logs of bmonday(dot)com to see how folks are learning about the site and what topics are hot.  With .Text it's trivial to look at all the referrers, as there is a dedicated page in the administrative interface that lists them all.  It also can list the referral hits each individual article and post has received. Anyway, some interesting things popped out at me: The article I wrote back in January about Chromeless Windows in IE has really had a lot of traffic lately.  Apparently it was mentioned in a number...

AngryPacket.com has published Richard Stevens' book “TCP/IP Illustrated, Vol 1: The Protocols” as a pdf on their site.  As you may have noted from my bookshelf page, this is probably the first book any network analyst buys (or maybe Comer's book, for some).  I actually have 2 copies myself, one for the office and one for the home office.  (I have a copy of Comer's book too, but I prefer the Stevens text) You should have a copy too, even though you can read it for free thanks to AngryPacket.

The folks over at NetworkNewz recently asked if they could reprint my recent MRTG how-to in their periodic newsletter and on their website.  I feel strongly that publishing articles and whitepapers is one of the most important ways we “give back“ to the community, so I immediately agreed. You can see NetworkNewz.com's reprint of the article here.

C|Net's News.com is doing a week-long series on the subject of Offshoring.  Very informative, and highly recommended.

(This one is more for my own personal archival purposes.  This blog makes a handy centralized notepad sometimes.) I recently had occasion to configure my ISA firewall at home to allow outbound IPSEC traffic to a remote Checkpoint Firewall-1 NG termination point.  The folks over at www.isaserver.org have written a quick vbscript to do the needful on the ISA firewall.  Run the script, restart the firewall service, voilà!  This is one of the handy things about ISA, the fact that it's entirely scriptable. Enjoy.