have to share
This is one of those bizarre work posts that I'm surprised and very happy about.
For the last 4 days (if you include today) I've been having regular network connectivity issues in our office and have been trying doggedly to run it down. For the longest time I've suspect AT&T to be at fault because I would show degraded ping and trace routes from my gateway router to different external host servers. Since it sits on the other side of my internal name server I thought I was getting a clean check...
SURVEY SAYS!
X
Red Herring readings that I should have seen through, but I didn't because I wound up chatting with Tier 1 AT&T support who kept insisting that they couldn't even see our circuit from the outside. This of course made me suspect that we were getting DDOS'd..
SURVEY SAYS!
X
So I finally get a site tech out here and he confirms what I suspected. The connection is clean and my network is solid but he was never able to be onsite during one of the outages. This afternoon it starts to happen again around 1:00 and because it seems to be happening on a somewhat regular window of time twice a day I began to suspect that either
a. a bum is pissing in our circuit box in the Alley
or
b. I have a network worm or malfunctioning NIC/Switch flooding my network.
hrmmm... occam's razor anyone?
Because we're a busy production environment I can't just start yanking cables and of course this place wasn't setup with a group of managed network hardware (which I would so dearly sweetly love to have), so I have to go around to every user and have them individually yank their cable or disable individual switches. I go through the entire 2D group expecting one of them to have something on their systems because they visit more porn and other "reference" than other people... but nothing.
So I head to the 3D room.
The first thing I unplug is an old Modded XBOX that serves as a media server.
Ping.. clean as a whistle
traceroute... so fresh and so clean
Now it could just be coincidence at this point, but I'm pretty damn sure that the NIC on the old XBOX was malfunctioning and nailing me with broadcast whenever people would get here and fire up a movie in the afternoon and in the evening when they would do the same later in the day.
So freaking bizarre.
So I'm hoping that everything continues to run clear the rest of the day so I can dissect this xbox to see what's going on with it. Should be a lot of fun to put it in a small network and run a sniffer to see what it's throwing out.
Be REALLY wild if there's a worm on it that has been explicitly developed to run on this hardware! That would make a f'n awesome document to submit to my friends in the InfoSec space!
anyway... RAWR!
For the last 4 days (if you include today) I've been having regular network connectivity issues in our office and have been trying doggedly to run it down. For the longest time I've suspect AT&T to be at fault because I would show degraded ping and trace routes from my gateway router to different external host servers. Since it sits on the other side of my internal name server I thought I was getting a clean check...
SURVEY SAYS!
X
Red Herring readings that I should have seen through, but I didn't because I wound up chatting with Tier 1 AT&T support who kept insisting that they couldn't even see our circuit from the outside. This of course made me suspect that we were getting DDOS'd..
SURVEY SAYS!
X
So I finally get a site tech out here and he confirms what I suspected. The connection is clean and my network is solid but he was never able to be onsite during one of the outages. This afternoon it starts to happen again around 1:00 and because it seems to be happening on a somewhat regular window of time twice a day I began to suspect that either
a. a bum is pissing in our circuit box in the Alley
or
b. I have a network worm or malfunctioning NIC/Switch flooding my network.
hrmmm... occam's razor anyone?
Because we're a busy production environment I can't just start yanking cables and of course this place wasn't setup with a group of managed network hardware (which I would so dearly sweetly love to have), so I have to go around to every user and have them individually yank their cable or disable individual switches. I go through the entire 2D group expecting one of them to have something on their systems because they visit more porn and other "reference" than other people... but nothing.
So I head to the 3D room.
The first thing I unplug is an old Modded XBOX that serves as a media server.
Ping.. clean as a whistle
traceroute... so fresh and so clean
Now it could just be coincidence at this point, but I'm pretty damn sure that the NIC on the old XBOX was malfunctioning and nailing me with broadcast whenever people would get here and fire up a movie in the afternoon and in the evening when they would do the same later in the day.
So freaking bizarre.
So I'm hoping that everything continues to run clear the rest of the day so I can dissect this xbox to see what's going on with it. Should be a lot of fun to put it in a small network and run a sniffer to see what it's throwing out.
Be REALLY wild if there's a worm on it that has been explicitly developed to run on this hardware! That would make a f'n awesome document to submit to my friends in the InfoSec space!
anyway... RAWR!