Wow. That's sad the supervisor only knew that much....but funny at the same time too.
| LOST JEEPS http://www.lostjeeps.com/forum/phpBB3/ |
|
| an IT funny - if you're not IT you may or may not get this http://www.lostjeeps.com/forum/phpBB3/viewtopic.php?f=15&t=44819 |
Page 1 of 1 |
| Author: | JeepinJarhead03 [ Tue Jul 07, 2009 7:01 pm ] |
| Post subject: | an IT funny - if you're not IT you may or may not get this |
I work in a SOC that provides real-time alerting and monitoring for quite a few rather important networks without going into too much details that many of you would get lost in, I noticed a doo doo ton of odd traffic in the secondary IDS console, we'll just say that event alerts in that section typically range from 1 or 2 events of the same time / origin / target etc, to maybe 1-2,000 well there were like 5 sets of portscan / ICMP event alerts that were pooling in the millions and billions so I brought it up to one of the analysts in the room with me and started the process of contacting the client, which it became more of contacting the servicer of the client *eyeroll..* that's always fun! Anyway, so if you've understood it this far you're doing good.. to recap we were calling the servicer about ICMP traffic that had event totals in the several billions (that's a bunch... you're talking 64-100 Gigs of abnormal traffic) there's connectivity tools that can cause this if left running for long periods of time, useful to see if/when a webserver you're doing maintenance on comes back up.. or something .. i personally don't use them well anyway, it appeared that one had been left on.. or several had been left on.. so anyway, to the call the first call to the servicer was met with "Oh.. we don't do "Banks" we do "Hotels" so the second call finally gets to the right department / area and upon the analyst telling the guy that it was abnormal icmp traffic in the volume of "a Heck of a Lot" the guy said Uhhhh.. Here's my supervisor So the super gets on, and the information was repeated, and the super asks.. What protocol is ICMP Answer? - Um.. ICMP is the ICMP protocol... Well.. atleast tell me what port its directed at... Answer? - Uh.. Well ya see. ICMP typically isn't directed towards any particular port.. it's basically what occurs when you go to a command line and type Ping X.X.X.X ........ Oh... well uh.. Oh.. Answer? - It's internal to internal, and here's the origin IP address.. which is what you need to know... I went home not long after that, because it doesn't get much better than a middleman company who one of your clients depends on for alert notification and local security policy having an IT supervisor ask those two insanely stupid questions (atleast from an IT Networking perspective..) |
|
| Author: | Edvalencia [ Tue Jul 07, 2009 7:40 pm ] |
| Post subject: | |
Kind of scary if you ask me. I know most people only deal with UDP & TCP, but an IT supervisor should know more than just the basics. I hope he doesn't have anything to do with network security. |
|
| Author: | JeepinJarhead03 [ Tue Jul 07, 2009 8:14 pm ] |
| Post subject: | |
he was the supervisor.. of a certain ISP's Network Operations Center ....... *snicker snicker...* |
|
| Author: | wheeee32 [ Wed Jul 08, 2009 4:42 am ] |
| Post subject: | |
Wow. That's sad the supervisor only knew that much....but funny at the same time too.
|
|
| Author: | dirtykj [ Wed Jul 08, 2009 12:05 pm ] |
| Post subject: | |
Really sad ... Maybe it was his first day on the job. |
|
| Author: | jnaut [ Wed Jul 08, 2009 6:33 pm ] |
| Post subject: | |
"What protocol is ICMP " fired after that statement. |
|
| Author: | CRDMiller [ Fri Jul 10, 2009 11:27 pm ] |
| Post subject: | |
I'm glad that your noc has supers like that, keeps the rest of us working. I used to work for true position (a company that installs e-911 hardware on gsm networks aka cingular) One of my Co workers Who was supposed to be testing a t1 for a down after commission tower, instead unplugged a t1 span that killed the billing system for la county, san diego county, and orange county, while testing the wrong network, he was interrupted by his watches alarm, notifying him it was lunch time. He left the span unplugged lying on the ground. For 6 hours. I just HAPPENED to walk down that row and see it laying there. all i can say is, wow. No redundancy. Amazing. "i don't design this crap i just work on it" |
|
| Author: | JeepinJarhead03 [ Fri Jul 10, 2009 11:37 pm ] |
| Post subject: | |
most of our clients IDS systems even have redundancy one outside the firewall and one inside, then HIDS and what not we also operate some Catbirds but i don't have any real experience with those since they're IDS inside a VPN or encrypted tunnel but.. our work moto is, if you ain't breakin nothin, you ain't workin' 
|
|
| Author: | Sir Sam [ Sat Jul 11, 2009 5:28 pm ] |
| Post subject: | |
|
|
| Author: | JeepinJarhead03 [ Sat Jul 11, 2009 7:18 pm ] |
| Post subject: | |
hahaha i just sent that to the guys at work
that's good 
|
|
| Page 1 of 1 | All times are UTC - 5 hours [ DST ] |
| Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/ |
|