|
FuriousB posted:Try turning on compatibility mode, it probably doesn't like IE 10. IE10 loving breaks everything
|
#
¿
May 30, 2013 23:09
|
|
|
|
| # ¿ Apr 26, 2024 09:11 |
|
|
Haven't posted much in here since I jumped over to MSP work during YOTJ, mainly sticking to IRC, but holy loving poo poo at the clusterfuck I discovered today. I figured you guys would appreciate. We picked up a client who had let their IT guy go over some ethical concerns( mainly reading the owners' email and being a general douche), and brought us in. We got a few passowrds ( which were promptly changed, and no documentation. The first red flag I noticed was static IP's everywhere. Being that this is a small retail outfit with three locations, static IP's on point of sale PC's isn't too uncommon, but everything in the home office was statically assigned too. Including laptops.  I hadn't really had time to fully document them when this call came in. " Can't get to the internet " Ok.. their IP is up, and I just got into one of their servers I had a port open on WTF? Turns out there's a third part DNS forwarder running we didn't know about. The IP wasn't anything I could RDP into, but SSH was open. OFC we didn't have a password for that. Anyhoo, after some quality time with nmap, I find a goddamned ESX server I didn't know they had and it's hosting a couple of open DNS virtual appliances. The strange part of that is, they have half a dozen physical servers and every one of them are running 08R2.. double WTF I pulled the ARP tables up trying to find this thing and the MAC associated with the newly found ESX host's IP is also virtual  On the guy's desktop PC, I find a disconnected terminal session under his username. Pop in as him, and OMFG ARE YOU GODDAMNED KIDDING ME?! I present to you.. VM Inception Hmmm VMWare Workstation running not too uncommon for an IT guy. Wait a sec....maybe he's just learning ESXi  I used the V-sphere client built into VMW to connect to this ESX instance....ok..there's VM's running under that he's just practicing right?  Oh God no.. are you loving SERIOUS?!!!  For those playing the home game, that's the production DNS server. The secondary one was already crapped out, and the primary was not responding at the time I took the call. It even gets better. THAT COPY OF ESX IS FULLY loving LICENSED!!!!!!! 
|
|
#
¿
May 30, 2013 23:50
|
|
|
^^ nope, Their beancounter showed me the invoice. 
|
|
#
¿
May 31, 2013 00:28
|
|
|
^^ Thats EXACTLY what this idiot did.
|
|
#
¿
May 31, 2013 12:53
|
|
|
Another fun piece of MSP work. "Keep everything the same(read all my retarded RDP ports) and build me a firewall with dual WAN capability." They wouldn't let me re-do it right   I just stuffed all that poo poo into a Fortigate 40c for an office that has maybe a dozen people. Their in house IT guy is just a CJ and doesn't know fuckall about networking. RDP gateway/RWW is a hell of a lot safer than having all those goddamned ports open
|
|
#
¿
May 31, 2013 22:27
|
|