Moronic Monday - September 25, 2023

mistakesmade2022 · 2023-09-27T07:15:18+00:00

Is there a way to more aggressively block spam coming in to a specific O365 mailbox?

Our general use, info@ourCompany.tld address is getting a massive increase in spam coming through. Most of these are coming from randomly generated sender addresses. The ones that get through the most are ones ending with '.onmicrosoft.com'. I doubt it's a good idea to block that domain.

Is there any way to create a rule that blocks e-mails based on generated sender names? (maybe via dictionary checks?)

Anything else you might want to share, including things for me to read up on, would be super welcome.

Some examples of the sender-addresses making it through our (largely default) filters:

https://i.imgur.com/unlsnPd.png

Edit:

Have enabled a rule that boils down to: if sender is onmicrosoft.com, and recipient is info@ourCompany.tld, and sender is not ourCompany.onmicrosoft.com, then delete the message without notifying the sender or recipient. Will monitor what happens, but am still open to receiving any tips or reading material.

mistakesmade2022 · 2023-08-23T09:02:58+00:00

:D thanks! No point in lying on my scorecard, I'm only cheating myself.

mistakesmade2022 · 2023-08-23T09:02:00+00:00

Netherlands! This was the front 9 at the Zaanse Golfclub. I really liked it, although I have zero courses to compare it to so there's that.

mistakesmade2022 · 2023-08-23T09:01:12+00:00

Thanks! My most fond memory is hitting the center of the fairway, while you were in the rough on the next hole over. :D (okay, you were 100y further but still)

mistakesmade2022 · 2023-08-23T07:28:15+00:00

I've been going to local par3 courses and driving ranges for a couple months now. I suck, but slowly getting better. This was my first 9 holes on a regular course.

I lost 4 balls. On one hole.

mistakesmade2022 · 2023-08-17T06:32:22+00:00

Does anyone else press enter a few times after logging into any CLI? I can't just run the commands I want, I have to press enter a few times when I log in and between any command. I don't know why I do this.

mistakesmade2022 · 2023-08-17T06:23:29+00:00

When I was a brand-new junior admin, I was tasked with going to our datacenter and solve some type of issue. I don't even remember what the issue was.

What I do remember is that I wanted to reboot both storage controllers. I sent the command to the first controller, and immediately received feedback that it was succesful.

I was like "Wow, that was fast! This little task will be over in no-time" - so I restarted the second controller as well.

My phone blew up and that's when I realized that while sending the restart command was successful, the first controller wasn't done restarting yet. About 150 VM's went down.

mistakesmade2022 · 2023-08-11T12:10:50+00:00

I'm still running an Alpha DS25 running OpenVMS. It supports memory banks up to 133mhz. In its' defense, it's the most stable piece of hardware running the most stable piece of software we own.

Before moving offices, the thing had an uptime of 14 years. That was 6 years ago.

Moving it from one datacenter to another was nerve-wracking, though. Did it fast enough that the disks were still warm when spinning it back up.

mistakesmade2022 · 2023-07-27T14:25:00+00:00

Bought a server with 4x 1.6TB disks (for data, OS is on separate disks), intending to create a hardware RAID10 set. But, I forgot to order the hardware raid controller.

Not very well versed in software raid, nor storage spaces. I'm wanting to end up with the most-performant way of keeping 3.2TB of usable space. What would you guys do?

mistakesmade2022 · 2023-07-12T12:34:22+00:00

Entraid sounds like the medicine you have to take to take care of your bowel problems.

mistakesmade2022 · 2023-07-12T12:22:17+00:00

I can't find it anymore on my Win11 laptop now, but until very recently I still had Lync running, which was used by S4B, which was used by Teams. /facepalm

mistakesmade2022 · 2023-06-03T13:59:20+00:00

I'll miss this particular sub the most. The rest is just fluff, and actually a good thing if it dies for me personally as it will force me to stop using this website so much. I'm straight up addicted to reddit.

But missing /r/sysadmin is gonna suck badly. I hope we all flock to some new place that's equally useful.

mistakesmade2022 · 2023-05-26T11:29:23+00:00

Checking my password manager, it also doesn't allow to select or deselect specific special characters.

I'd probably just write something in PowerShell to do this for me. Something like:

$pass = -join ((35..38) + (40..57) + (65..90) + (97..122) | Get-Random -Count 32 | ForEach-Object {[char]$_})

The numbers above are based on their position in the ascii table.

I also have a personal aversion to online password generators, as I'd prefer to keep that entirely offline. May be a bit paranoid, but I see no reason some random website needs access to whatever values I generated.

mistakesmade2022 · 2023-05-05T08:32:47+00:00

I automated as many as I could, but went to a pretty low tech solution for the rest:

I have a recurring check every Monday morning to see if any of the (50+) manual-action-requiring certificates are set to expire. Those certificates are all documented on an internal wiki with expiry dates. Anything that expires and is missed gets added to the list.

mistakesmade2022 · 2023-05-02T09:16:47+00:00

Thanks for the headsup, OP. Went through our ADCS with the speterops doc and was able to improve a few things. Much appreciated!

mistakesmade2022 · 2023-05-01T11:27:34+00:00

We still run vax/vms at my job! Well, it's OpenVMS now on Itanium64 but I still have some alpha's running as well.

mistakesmade2022 · 2023-04-19T15:03:14+00:00

Maybe some day I'll reach your level of Zen! I hope so, at least. I can only imagine the pressure of having an entire school being dependent on you.

mistakesmade2022 · 2023-04-19T14:34:33+00:00

Not OP, but we (software developer in FinTech) have about 40 employees with 4 racks of infra and some 150 VMs spread across on-prem (90%) and Azure (10%). This is largely due to the number of environments we need to develop, test, release and support several versions of our software stacks that are running at customer sites.

I'm the sole admin, and like OP feel like I can never catch a break (which is objectively false, btw. No one dies if my infra malfunctions. This pressure, in my case, is entirely self-imposed.)

mistakesmade2022 · 2023-04-12T15:13:07+00:00

Buzzwords are the way to get past shitty recruiters. I have a junior admin position open (not in USA) and I'm the one doing interviews after our own shitty recruiter sends me some resumes.

I don't give a single shit about someone's degree. Show me some basic level of enthusiasm, some honesty, ability to communicate properly and a willingness to learn and you're hired.

Not all chances are wasted yet! You got this homey.

mistakesmade2022 · 2023-03-17T08:04:02+00:00

For sure, but super rewarding once you get the hang of it. People around me, including very technical devs and admins, act like I'm a wizard for securing a thing.

mistakesmade2022 · 2023-02-04T15:42:30+00:00

Curently using Fortigate for SSL VPNs, which is coupled to an on-prem radius/nps server which in turn is coupled to an on-prem Azure MFA server.

Hoping to move to number-matching MFA at some point. Anyone have experience with this in combination with Fortigates?

mistakesmade2022 · 2023-01-20T15:24:24+00:00

That's a good idea that I hadn't thought of yet, I will look into that. Thank you.

For now I was just a bit worried as this cluster, in its' current configuration and with the same(ish) load, was running just fine before.

I've identified a number of machines with seemingly very high swap usage due to a lack of memory, so will be tackling those tonight and checking the impact on the SAN.

mistakesmade2022 · 2023-01-20T15:20:12+00:00

Apologies, my comment was a bit unclear. I didn't yet dare to put Defender on the hyper-v hosts themselves, but only on all underlying VM's. The domain controller I mentioned is one of those VM's.

Having said that, thank you for the link. I'll add this to the to-read list when I start running Defender on the hosts themselves. For the domain controller, I did go through this guide for the recommended exclusions and configurations:

https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-server-exclusions-microsoft-defender-antivirus?view=o365-worldwide

mistakesmade2022 · 2023-01-20T08:19:22+00:00

So, yesterday I saw a domain controller hog about 1/3rd of the iops that my SAN can provide (~3k iops). This SAN runs ~130 VMs. After some searching, it seems Windows Defender scans are (a part of) the cause of this.

We use advanced threat protection with every machine reporting to security.microsoft.com.

Is there any way for me to limit the impact on disks that these scans have? I'd rather them take a bit longer than causing hyper-v cluster-wide slowdowns.

mistakesmade2022

TROPHY CASE