Alright, I have the search expression down and regexr.com was a great interactive tool.
/[<\.:;"]([A-Z]*T4[A-Z,0-9]+)[>\.:;"]+/g

However, how do I get grep to deliver the match (capturing group) and not the complete lines?

I like to search a text file for a pattern and get a list of every occurrence that matches the pattern. Not every line but every pattern that matches. Can I do this with grep?

The pattern is

• always separated by characters like "><.:; or whitespace
• and it starts with zero or one character that is A to Z
• then T4
• and then any number of characters after that of the type A to Z or 0 to 9

If it can't be done with grep, please suggest other solutions

@scottalanmiller said in Large or small Raid 5 with SSD:

@Pete-S said in Large or small Raid 5 with SSD:

@Donahue said in Large or small Raid 5 with SSD:

So would this make a 4 drive raid 5 and an 8 drive raid 6 be similar in reliability?

You'd have to define reliability here. You are twice as likely to experience a drive failure on the 8-drive array. For data loss you are about the same - if you don't replace the failed drive.

In real life I feel it comes down to practical things. Like how big your budget is and how much storage you need. 4TB SSD is pretty standard so if you need 24 TB SSD then you need to use more drives. In almost no case would it be a good idea to use many small drives.

Many small drives will typically overrun the controller, too, making the performance gains that you expect to get, all lost.

Yes and as you mentioned above NVMe is where it's at when it comes to performance. SATA and SAS SSDs are for legacy applications - as Intel says.

@Donahue said in Large or small Raid 5 with SSD:

So would this make a 4 drive raid 5 and an 8 drive raid 6 be similar in reliability?

You'd have to define reliability here. You are twice as likely to experience a drive failure on the 8-drive array. For data loss you are about the same - if you don't replace the failed drive.

In real life I feel it comes down to practical things. Like how big your budget is and how much storage you need. 4TB SSD is pretty standard so if you need 24 TB SSD then you need to use more drives. In almost no case would it be a good idea to use many small drives.

@ccwtech That makes sense. Should be interesting to know what it was!

@scottalanmiller said in Getting DHCP BAD_ADDRESS on Windows DHCP:

@pete-s said in Getting DHCP BAD_ADDRESS on Windows DHCP:

@scottalanmiller said in Getting DHCP BAD_ADDRESS on Windows DHCP:

@pete-s said in Getting DHCP BAD_ADDRESS on Windows DHCP:

@scottalanmiller said in Getting DHCP BAD_ADDRESS on Windows DHCP:

@pete-s said in Getting DHCP BAD_ADDRESS on Windows DHCP:

@scottalanmiller said in Getting DHCP BAD_ADDRESS on Windows DHCP:

@pete-s said in Getting DHCP BAD_ADDRESS on Windows DHCP:

@scottalanmiller said in Getting DHCP BAD_ADDRESS on Windows DHCP:

Base problem now.... whatever device this is keeps trying to connect and fills up the DHCP range quickly causing issues.

That's sounds like a DHCP starvation attack!

It ends up being that way, but we don't think it is intentional.

But what could possibly make the mac address change for each request?

The MAC address is gibberish, so our guess is a broken device (either end point or AP.)

How fast are the requests showing up? Maybe that would determine if it's malicious or not?

Very fast. Maybe every 10 seconds.

Maybe you can find it by working with the switches. First finding from which switch it comes and then from what port.

Weve isolated to one AP.

Ahh, well I don't know what to do then.

@scottalanmiller said in Getting DHCP BAD_ADDRESS on Windows DHCP:

@pete-s said in Getting DHCP BAD_ADDRESS on Windows DHCP:

@scottalanmiller said in Getting DHCP BAD_ADDRESS on Windows DHCP:

@pete-s said in Getting DHCP BAD_ADDRESS on Windows DHCP:

@scottalanmiller said in Getting DHCP BAD_ADDRESS on Windows DHCP:

@pete-s said in Getting DHCP BAD_ADDRESS on Windows DHCP:

@scottalanmiller said in Getting DHCP BAD_ADDRESS on Windows DHCP:

Base problem now.... whatever device this is keeps trying to connect and fills up the DHCP range quickly causing issues.

That's sounds like a DHCP starvation attack!

It ends up being that way, but we don't think it is intentional.

But what could possibly make the mac address change for each request?

The MAC address is gibberish, so our guess is a broken device (either end point or AP.)

How fast are the requests showing up? Maybe that would determine if it's malicious or not?

Very fast. Maybe every 10 seconds.

Maybe you can find it by working with the switches. First finding from which switch it comes and then from what port.

@scottalanmiller said in Getting DHCP BAD_ADDRESS on Windows DHCP:

@pete-s said in Getting DHCP BAD_ADDRESS on Windows DHCP:

@scottalanmiller said in Getting DHCP BAD_ADDRESS on Windows DHCP:

@pete-s said in Getting DHCP BAD_ADDRESS on Windows DHCP:

@scottalanmiller said in Getting DHCP BAD_ADDRESS on Windows DHCP:

Base problem now.... whatever device this is keeps trying to connect and fills up the DHCP range quickly causing issues.

That's sounds like a DHCP starvation attack!

It ends up being that way, but we don't think it is intentional.

But what could possibly make the mac address change for each request?

The MAC address is gibberish, so our guess is a broken device (either end point or AP.)

How fast are the requests showing up? Maybe that would determine if it's malicious or not?

@scottalanmiller said in Getting DHCP BAD_ADDRESS on Windows DHCP:

@pete-s said in Getting DHCP BAD_ADDRESS on Windows DHCP:

@scottalanmiller said in Getting DHCP BAD_ADDRESS on Windows DHCP:

Base problem now.... whatever device this is keeps trying to connect and fills up the DHCP range quickly causing issues.

That's sounds like a DHCP starvation attack!

It ends up being that way, but we don't think it is intentional.

But what could possibly make the mac address change for each request? Or you think some hardware is broken?

@scottalanmiller said in Getting DHCP BAD_ADDRESS on Windows DHCP:

Base problem now.... whatever device this is keeps trying to connect and fills up the DHCP range quickly causing issues.

That's sounds exactly like a DHCP starvation attack! Intruder alert!

@scottalanmiller You have some linguistic gymnastics going on there.

This is what wikipedia says:

Best practice
A best practice is a method or technique that has been generally accepted as superior to any alternatives because it produces results that are superior to those achieved by other means or because it has become a standard way of doing things, e.g., a standard way of complying with legal or ethical requirements.

"Generally accepted as superior" being the central point here. IMHO best practice means just that. It doesn't mean that it is actually the best way in every situation, only that it is accepted as generally the best way.

Put in another way - you better have a good reason to do things differently.

@scottalanmiller said :

What use case are you envisioning?

@donahue said :

maybe personal VPN, like those VPN services?

That's why I said:

Or are you thinking about it for privacy issues?

To be able to hide your IP and circumvent geoblocking you could for instance use a VPN service or a http proxy service or something else like a ssh tunnel or whatnot.
That could be the use case.

Also ios 12.0.1 have only been out a couple of days. What did you expect?

If it works over an android phone using the same SIM card and not over the apple phone then it's pretty obvious it's the phone.

Since the phone works as a router in this scenario it has to have ipsec pass through. Maybe there is a bug in the apple phone. Who knows? Apple don't give a cr*p - if they think ipsec passthrough is not needed for their users they will just disable it.

You can enable logging on your VPN client in Windows. Then you can see how far it goes and that could provide some clue how to work around the problem. Or just use your android phone...

mangolassi

@scottalanmiller said in PVLAN (private VLAN) in the switch - are you using it?:

PVLAN, or Port Isolation as I think most of us know it, is one of the better uses of VLAN tech. The idea is for extreme environments (not really SMB generally) when normal security measures are not enough, that you make an individual VLAN for every single device on the network so that you control via central firewall a second layer of access for every single port that there is.

There are certainly legit cases for this. And I've worked for one of those places. But it's super rare. It is a lot of work, requires gear that supports it, and adds a lot of complication that you have to consider. It also adds a good deal of security.

In the SMB, most places have over the top security already and zero day threats rarely threaten OS level firewalls. So PVLAN, while legit, rarely has appreciable value to an SMB. But when you need that "second firewall per device", then yes, it's definitely the way to go.

Makes sense, but I'm thinking it doesn't have to be that much more work if you can apply automation to switch management as well.

I think you can do port isolation on the virtual switches in VM hosts in the same way as the physical ones. I understand that at least VMware has had it for a long time so assume other have it now as well.

@emad-r Two completely different solutions for different uses. Or are you thinking about it for privacy issues?

@tonyshowoff said in Light vs Dark Theme:

In my personal experience dark themes are good on your eyes when you use dark themes and switch to light, if you only have light it's not an issue. I have light sensitive eyes, on a sunny day I am legally blind, and yet if I look at Winamp or XMMS for too long and then look at a light window, that's when it hurts my eyes. If it's all light, it's all good.

It's because the pupils will adjust their opening to the amount of ambient light and when you look at something bright it will be too bright.

You can measure light levels with a lux meter. People that work professionally with prints, color reproduction, photo editing etc needs a workplace where both ambient light and colors are well under control as well as a color managed workflow where monitors and printers are calibrated to certain light levels, color temperature and accuracy.

Having done this many times i can say that most monitors are way off on brightness. But a lot of people place their monitors completely wrong too.

Black text on white is the easiest to read IF the contrast is not too high and the ambient light levels are high enough in relation to the light levels on the monitor.

That is basically the reason why some think dark skins are better than light and vice versa. It we would set the proper contrast on the monitor with the right amount of ambient light most people would prefer the same thing.

@dashrender said in PVLAN (private VLAN) in the switch - are you using it?:

@pete-s said in PVLAN (private VLAN) in the switch - are you using it?:

@dashrender said in PVLAN (private VLAN) in the switch - are you using it?:

@pete-s said in PVLAN (private VLAN) in the switch - are you using it?:

@jaredbusch said in PVLAN (private VLAN) in the switch - are you using it?:

@pete-s said in PVLAN (private VLAN) in the switch - are you using it?:

Are you guys using pvlan features in your switches?

If I understand correctly it will isolate vlan ports from each other.
So for instance:

• your desktops can talk to the servers, but not each other,
• servers in a dmz can talk to the firewall but not each other

etc.

That would require me to use a VLAN in the first place...

Seriously though, I use VLAN for Guest WiFi and that is about it. Since my WiFi hardware is UniFi, it already does this, so no.

You could put all computers in the same vlan... Are you not worried about the security implication of letting every device have access to everything on the LAN? Zero-day exploits?

So it infects the server, then the server infects the PCs.. what's the diff?

Maybe nothing, maybe something. The server might not be running the same OS, it is likely not running the same services as desktops. Either way the intruder/malicious software has to gain access over the server as well before getting access to the other PCs. One more layer of security to overcome. More difficult for things to spread.

But PVLAN is also one more thing for you to manage. It's 2 AM something broke and you forget about PVLAN, stand up a new box for whatever and can't figure out why you can't talk to it. etc.

Sure it can be good, but the risk has to be worth it.

Yup, agreed. That is why I was wondering if anyone is using it and what their experience is.

I haven't used it myself yet but I'm contemplating it.