Woo! I won. Won money at the casino, Staples sends me two color laser printers, got a new job for 10K more, and now a nice new cloud server!

Everything's coming up PSX!

That's the main reason why I was thinking of going dedicated cloud. A beefy server with full control by me, I can spin up those vSwitches without a problem and isolate my VMs behind it.

Wish I had enough cash to spend on that, even at $100 a month it's not too bad, just don't want to outlay that much to start it up.

@scottalanmiller said:

@thecreativeone91 said:

@PSX_Defector said:

Damn it, it doesn't work for a dedicated cloud environment.

But I can spin me up a Big Dog.

One thing I've noticed, everything is presented to the world without restriction. Any chance we can get a firewall option, hide our boxes behind that? Would make me feel a lot better if I can present only port 23/80/443 instead of all the ports on my boxes. One dev box as a SSH proxy to get into them, also use it as the RDP gateway to manage Windows as well.

Don't need a license for something like the ASA, just a blank VM to load pfSense on and some VLAN setups on the backend. Don't know if the API supports such a method.

Should be fairly simple, just their web interface needs to support more advanced and cloud like options. at this point it's really just VPS packages.

API was added this morning. Have you looked at it yet?

Looks as though it's basic stuff. No creation of vSwitches, no route metrics. Just power and various status stuff, like current templates and redeployment.

@thecreativeone91 said:

What is being done to prevent another outage like yesterday? And what exactly caused yesterdays outage?

I would hope someone is on the horn with Bell getting a pipe into the DC for a failover. Should be dirt cheap, well, relatively dirt cheap. Some quick changes in the BGP routes, should have redundancy, failover, and load balancing without much work. Because if a fiber cut by Rogers was the problem, having a connection to Bell would at least allow things to stay online, albeit slower. Our DCs have connections to three different locations and providers, it takes some serious destruction to kill our stuff.

Woo, count me in for a freebie.

Maybe I can gets me a Big Dog without having to pay for it.

Damn it, it doesn't work for a dedicated cloud environment.

But I can spin me up a Big Dog.

One thing I've noticed, everything is presented to the world without restriction. Any chance we can get a firewall option, hide our boxes behind that? Would make me feel a lot better if I can present only port 23/80/443 instead of all the ports on my boxes. One dev box as a SSH proxy to get into them, also use it as the RDP gateway to manage Windows as well.

Don't need a license for something like the ASA, just a blank VM to load pfSense on and some VLAN setups on the backend. Don't know if the API supports such a method.

@scottalanmiller said:

@Carnival-Boy said:

I've planned on only one vdisk. I hadn't considered creating more than one.

Both approaches are completely valid. I like keeping the partitions separate, but I only like it a little. So I lean that way, but keeping them all in one is perfectly fine too.

One reason and one reason only to do it as a separate partitions for data/logs/install.

If it fills up the disk, it wouldn't take down the OS in the process. Ive seen it happen, although Windows is usually resilient on that. But the only thing that would happen if you have separate partitions would be that the DBs couldn't write, halting the instance but recoverable by logging in and fixing it.

If you never expect to fill up a disk, make it huge and put it on one. But since it only takes a few minutes, and it's a real bitch to move data once in place to another drive, it's just easier to do this ahead of time to expect it.

@scottalanmiller said:

@PSX_Defector said:

Although I'm seeing the same thing right now on TWC, haven't checked AT&T.

On SBC / AT&T here.

There's actually two different routes with them. There's ATTIS, which is usually the DSL pipes and some hi-cap, then there is the U-Verse platform which takes a different route. As far as I can see, it's a BGP route issue since it affects multiple providers.

I see this from TWC:

C:\Users\v436525>tracert jump.ntg.co

Tracing route to jump.ntg.co [168.235.144.189]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms agrer003-ip002001.noa.vmotion.tmrk.eu [172.16.2.
1]
2 15 ms 26 ms 17 ms cpe-76-186-176-1.tx.res.rr.com [76.186.176.1]
3 10 ms 11 ms 10 ms tge7-2.allntx3901h.texas.rr.com [24.164.210.241]

4 14 ms 15 ms 15 ms tge0-8-0-7.plantxmp01r.texas.rr.com [24.175.37.2
12]
5 13 ms 15 ms 15 ms agg27.crtntxjt01r.texas.rr.com [24.175.36.177]
6 * * * Request timed out.

My route from AT&T don't want to come through on pfSense right now. I can certainly generate it once I get off online and just hard drop the AT&T line. Still technically have a few minutes to go at the big red V. Although I am super drunk right now.

@thecreativeone91 said:

@scottalanmiller said:

I see the SBC Global link has started responding again, sounds like that is the start of repairs getting done.

With this much wide spread outage I'm wondering if it was an attack on the backbones rather than someone cutting fiber

Probably what happened was that the BGP route to C@C was dropped, hence the rest of the network gave up on trying to get it to the destination. This happens when a published route path goes down, e.g. fiber cut into the locale. That's why we were seeing it drop within our own ISP's network, because there was no published route to them. Once the circuit was back up, the BGP routing was fixed and it sent the traffic onto the backbones.

Although I'm seeing the same thing right now on TWC, haven't checked AT&T.

@thecreativeone91 said:

@PSX_Defector said:

I still cant believe how hard we trolled you that day. Jack got you good.

What happened? I missed this.

A backchannel kind of thing.

I use the name Jack Kleeblat for lots of things I need to troll or otherwise social engineer. A few years ago for Scott's birthday, we all went in and tried to troll him hard. I went for the jugular, playing into his innate nature with anything upstate New York and hitting on his wife. I hooked him good.

Never say that PSX_Defector doesn't know how to f***[moderated] with people. With the levels I do now, it's amazing I haven't found some job as a F500 executive or something.

I still cant believe how hard we trolled you that day. Jack got you good.

All I know is Jack Kleeblat is still workin' hard on Spiceworks.

Speaking of which, Scott, he's still saying dump that zero and get with a hero.

As a matter of course, I do have pipes from TimeWarner Cable and AT&T, seeing both hops going bad.

This is what happens when you get cheap bandwidth. This is also why I asked about it a week ago. If you are peered with Cogent, you have to have another pipe in, be it Level3 or InterNAP.

@scottalanmiller said:

Nor here, here is our local TraceRoute from Houston.

First off, get off that double NAT box.

Second, it appears to be a larger issue. Sounds like there is some peer issues between some of the backbones and Cogent.

C:\Users\v436525>tracert jump.ntg.co

Tracing route to jump.ntg.co [168.235.144.189]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms agrer003-ip002001.noa.vmotion.tmrk.eu [172.16.2.
1]
2 29 ms 29 ms 22 ms cpe-76-186-176-1.tx.res.rr.com [76.186.176.1]
3 15 ms 11 ms 12 ms tge7-2.allntx3901h.texas.rr.com [24.164.210.241]

4 13 ms 15 ms 15 ms tge0-8-0-7.plantxmp01r.texas.rr.com [24.175.37.2
12]
5 13 ms 14 ms 15 ms agg27.crtntxjt01r.texas.rr.com [24.175.36.177]
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 ^C

@Ambarishrh said:

@PSX_Defector Just because you had some bad experience with one or two guys, please do not consider everyone that way.

Think over 500. Just right now. Thousands in the past.

There are folks who DO know what they are doing. OP might be in that boat. But facts are facts, he's not got enough experience to even contemplate a security career path at this point. Everyone needs experience to even understand the fundamentals of how to secure networks. 6 months working as a desktop goon does not bring that.

I'm not anything if not blunt and honest. And if folks don't like that, then screw 'em.

@MattSpeller said:

@PSX_Defector said:

Let's just say that I do not appreciate the IT folks of a certain subcontinent at this moment. And if you knew what I've had to deal with their pure unadulterated stupidity, unprofessionalism, and plain jane don't give a shit attitude, you would be in the same boat too.

As they say, dey took our jerbs! Literally in this case.

Quit this while you're behind man. At the very minimum it does not belong in this thread.

[full reply moderated out due to community guideline violation]

[moderator message: Please keep it professional personal opinions on this type of thing are not in line with the OP]

@MattSpeller said:

@PSX_Defector Dude.... Lucky I'm not in the same room as you right now.

Let's just say that I do not appreciate the IT folks of a certain subcontinent at this moment. And if you knew what I've had to deal with their pure unadulterated stupidity, unprofessionalism, and plain jane don't give a [moderated] attitude, you would be in the same boat too.

As they say, dey took our jerbs! Literally in this case.

[moderator message: Please keep it professional]

@Lakshmana said:

Hi All,
I am Lakshmana Shiva from India interested in IT Security but am unsure of What I want to pursue or how to switch from what I am doing currently into a security role.Can anyone suggest me ?

Yeah, don't.

I had a long and involved, probably racist, response, but it boils down to this. If you have to ask, you will never know. The hubris of thinking you have been a desktop grunt for 6 months and think that qualifies you to jump into security says how little you actually have for experience.

Go work, get experience, and maybe in a few years, re-approach this.

@scottalanmiller said:

One nice thing that you can do is use the Big Dog series for Windows testing. If you are not using them for production, but just for testing, certs or similar, you can just rebuild every 90 days. This is how I did all of my Windows NT 4 certs back in the 1990s. Not on a cloud, obviously, but by physically reinstalling every three months from scratch (which was a huge deal back then, let me tell you!!) and reconfiguring the entire system every time. Learned a lot that way!

What, you didn't know about the 1112-1111111 key?

@voipmarkets said:

i solved the internet issue via bonding 2 Adsl routers hoking them to peplink router its working good for the download speed but the upload it wont be bonded i dont know Y?

Peplink's method doesn't really make it bind the two connections into one superpipe.

If you are looking for something like that, use a peer in a datacenter where you can establish a VPN. The DC would then be your "connection" and with Peplink's bonding you would get the full speed over the two links minus overhead.