Monday, April 13, 2009

Your phone could become a problem for someone else.


Last Friday I was getting this weird problem, with the random rogue DNS entries on random client workstations in my domain. The DNS entries were 69.42.88.21 and 69.42.88.22. I couldn't find any public records or run a whois or anything. Yet, I googled the above IP addresses and found two email strings, both posted 4/7/09, noting the same IP addresses. Other networks were having similar issues: bogus web browsing, problems with internal name resolution, etc. My gut told me this was a worm, and that it was related to Confiker because of web browsing problems! Fortunately, my gut was wrong.

I am running Symanted Endpoint Protection on my network; the definitions were current, and full client scans (on obviously infected machines) picked up nothing. Turns out, I had a rogue DHCP server intrusion, which means that I probably had very few "infected" machines. A rogue DHCP server is basically a device that gets infected with malware, then enters another network and falsely answers requests for IPs. We observed several symptoms of this but the most notable symptom was that numerous other clients received bad DNS info: sometimes they had browser problems, some had fake "ipconfig /all" DNS server entries, and some even had fake DNS entries entered directly into their network TCP/IP properties. This sort of malware apparently can enter a network on a laptop or mobile device (like a visitor's laptop or Blackberry or--god forbid!--an iPhone), which was probably our culprit. We have proactive antivirus scanning on all our machines, but we weren't actively scanning network traffic for packets that may contain bad DNS info.

Our solution, thus far, is to install a portion of Symantec's Endpoint software called Intrusion Detection. It runs on all client machines, notifying the client and/or admin when network settings are suspiciously changed.

Another couple thoughts are contained here:
http://ossie-group.org/blog/?m=200903

As far as finding the viral culprit, that proved more difficult. Despite a slew of messed-up machines, I only found one instance of malware, and deleted it manually. The rest of the machines healed themselves eventually after many dns flushes.
http://www.symantec.com/security_response/writeup.jsp?docid=2008-120318-5914-99&tabid=3

For the moment, I'm glad to have resolved this issue, which--surprisingly--hasn't hit more networks yet. However, I'm still a little dissatisfied with my network security (and I probably always will be!) because i'm not sure *exactly* what Symantec's Intrusion Prevention software is doing. I'm also not totally sure what people mean when they encourage "monitoring DNS traffic" (see the first link I posted). I'd much prefer a way to effectively lock down the DNS info all my clients, somehow ensuring that it can't be changed unless it comes from my DHCP server, but that is a little above my head.

Friday, April 10, 2009

The Wiener In Review: Zach's Shack

The Wiener In Review: Hot Dog Establishments of Portland
---------------------------------Zach's Shack-------------------------------------


Entry 2: I've spent plenty of time at Zach's Shack over the years, predominantly because there is a Pacman machine, it's open really late, there's an assortment of beer and hotdogs, and--up until 12/31/08--you could smoke there. I've written a fair amount of lyrics for a singing/dancing robot there. The walls feature framed Jimi Hendrix and Phish posters, and the jukebox matches the vibe, although it gets kinda loud sometimes. In the summer, you can ping pong out back, which is pretty cool if you don't mind getting challenged by annoying guys in cutoff jeans that look like Tobias Funke and like to play ping pong while drinking PBR. If this sort of thing intimidates you, or if you don't like potentially drunk, late-night walk-in remnants of Mt Tabor Legacy, Southeast's never-will-die Hesher ROCK club, Zach's shack is way too Portland for you.


One time I took my friends Colin and Shiho to Zach's shack, since it was the only hot dog place open after Colin's show. I watched a kid with a trillion-dollar camera round his neck pass out, face first into his hotdog. The camera hit the table and broke, but he didn't wake up, so his friends did the honorable thing and took pictures of him with their phones.

I remember when Zach had his little shack down the street in a much smaller hut. It's better now.

OK, on to the rating sheet!

1. The Sausage. Basically your local grocery store wiener. If you get one sausage choice at a hotdog establishment, it had better be top notch. 0.2 points

2.The Bun and Accessories. Probably the best part about Zach's Shack is that the hotdog accessories remind me of raiding the fridge in college: you might find anything in there, and you're liable to put whatever you find on your plate. This is a good thing, because hotdogs need to evolve, like everything else. They need new life, new color, and new styles, just like fashion (please see my fashion blog entries). At Zach's Shack you will find jalapenos, olives, sour cream, cheddar cheese, pickles, tomatoes, and other savory diddley doos to compliment your wiener. Unfortunately, they get named silly things like Sgt. Pepper, and Los Lobos (which is my go-to dog). Sometimes the bun can be boring, but the toppings make up for it. 1 full point of relish

3. The Cost. $2.50 - 4.50 per dog. Not as bad as Nick's FCIF, but still... c’mon! Real wiener-eaters MUST know how much it costs to make a good tasting wiener at home: next to nothing. And, considering what I'm paying for the remaining two criteria, I unfortunately have to award Zach only 0.4 points. OK, OK, hold on. To be fair, Zach's Shack offers a punch-card, and I am a sucker for punch-cards. Bonus point tenth! 0.5 points.

4. The Presentation. At first, I'm prone to be harsh to a place in what I consider to be one of the cooler areas of town (just barely), but--on the other hand--the divey vibe is relatively consistent. Red plastic baskets, cracking vinyl booths, a door that never stays shut in the winter... I'm fine with that. What I HAVE noticed is that my hotdog differs dramatically, depending on who's working. Some nights all my pepperocini will be lined up perfectly along the wiener, and other nights they'll be all piled up at the end in a soggy pool of brown mustard and salt, like the cook took a lesson in presentation from the creators of Taco Bell's notoriously non-layered Seven Layer Burrito. Awarding 0.4 points is pretty generous.

5. The 'tude. Keepin' it real. Zach is the man. Every time he's served me, it's been with the proper amount of "I'm glad you're here," combined with "Don't do anything lame, this is my store and I will kick your ass if you're rude." I can't say the same for the employees. I've waited for upwards of 20 minutes for one hotdog without an apology, and sometimes I have seriously wanted to punch too-cool-for-school employees in the face. I'm sure their clientele drives them crazy, but they get no sympathy from the harsh reality of Weiner-In-Review. Zach, himself, is the only thing keeping this score from dipping below the 50% mark. 0.6 points.

In summary, Weiner-In-Review awards Zach's Shack 2.7 out of 5 points. However, I will continue to make this one of my prime hang-out joints for many reasons other than the quality of the hotdog. Did I mention the table-top Pacman machine?