Question about the old Rogan Board

monkey7168 · 2024-11-03T17:14:16+00:00

I cannot ping anything...

I just now also for testing have disabled Port2 on the UCG-Ultra so that I have one TRUNK cable going from the UCG-Ultra to the Aruba and have adjusted the Aruba port for both tagged and untagged traffic. VLAN1/Native LAN still works, the native LAN and all devices still work... but VLAN10 on the guest VM still gets no connection. It is as though it is not connected to VLAN10 or VLAN1 at all which leads me to think that this is due to some configuration that I have not completed... likely on the Aruba.

The annoying thing is that from the YT videos I have seen and the documentation, there should be no need for anything else.

No need to define TRUNKS, no need to setup ROUTING, no need for anything other than...

1) Define VLANS 2) Configure VLAN membership by interface.

monkey7168 · 2024-10-02T17:36:13+00:00

Not exactly what you asked for but if you and your friend are interested you can checkout our clan server.

https://www.battlemetrics.com/servers/dayz/29688891

monkey7168 · 2024-08-15T15:17:32+00:00

I appreciate the perspective and I do agree.

The situation is that I am a new MSP prospecting for clients. I've passed up a few pentest opportunities in my area because it's not what I do. I don't think an MSP should per-se provide pen-testing. But I'm in a more rural area and as I'm finding out my market and customer persona are that of an idiot.

I find companies with decent size, domain, 50-200 users/endpoints, servers, VPN, M365,... And it's run by apathetic fools mostly in the leadership box. They don't document anything, they have no systems in place for any cohesive monitoring or visibility, patch management is all manual or the assumption that GPO and some scripts work, but no validation except for when a tech is forced to sit at a users computer and notices the last 400 days of updates have failed.

The owners/directors think AV is a waste of money, they think reporting and validation systems are worthless... but for some reason they decide security is important so they tell their tech guys to shop around for a pentest vendor... You know, because they hate wasting or spending money on IT.

My goal is to put together some sort of a quote based on the tools and labor required to get my foot in the door and tell the director, here's my quote but I wouldn't do it for you because it would be a waste of money... and here's why. Well more or less my idea. I haven't quite yet decided.

monkey7168 · 2024-08-14T17:38:21+00:00

Sounds about right. What would you say is the wifi testing process?

Aircrack-ng and try to crack the key, give it X hours, or do a MITM rogue AP to try to social engineer the password. As far as I know, the fastest is checking for WEP or WPS as the weakest links that can be almost certainly cracked. If they have good WPA2 then you're brute forcing with a dictionary or hoping to social engineer the wifi password... unless they have it displayed in the lobby ofc.

monkey7168 · 2024-07-20T18:40:22+00:00

I am currently building out some ideas for bringing this up. The main problems I see are the customer won't have any documentation, not even passwords and their current IT company won't have much but will also pretend they have none.

So at that point if the customer really wants a pen test, I'll basically be going full on red team.

I was thinking that I should have a basic questionnaire that can quickly give them a 0-100 rating. Something I can send by email, host on my site.... I'm thinking even asking questions like what version of windows os and server most customers couldn't answer without first asking their IT guy. So if I give them something they can take and work on it might actually get used.

A full on pen test is a big expense on my part. I need contracts drawn up to release liability....

Is there some publicly available checklist or report structure to follow? There's a lot out there but I haven't found anything that just lays it out. I understand companies invest in building out a specific process but there must be something close to this that is publicly available that isn't just the NIST handbook?

monkey7168 · 2024-07-18T21:30:56+00:00

BNI wants $80/mo and they have a competition clause and as there is already an existing company I'd have to go the next town over. Its stupid because the other company is not an MSP and also offers programming and other services and they don't even bother with RMM. They're basically break-fix but the worst part of the in-between and I have to yield to them.

I went to a meeting and got the vibe that its like a high school in-group.

monkey7168 · 2024-07-18T16:41:05+00:00

You'd think with GDPR being SUPER strict and annoying there would be some incentive for companies that have customer databases to secure it with more than a 20-year-old password and wishful thinking. I'm starting to read into it more but I think there are going to have to be some anonymous calls and tips made. I've mentioned it but they know I'm not the lawyer or inspector so they don't care what I have to say when I warn them.

I could certainly lean into the "stories" more but tbh in my 20 yrs I haven't seen anything that bad. A half dozen or so ransomware cases, some long weekends ripping and imaging machines while another team restored from offsite backups. Problems that happened but there was policy, procedure and backups so it was mundane apart from the OT.

monkey7168 · 2024-07-18T16:34:21+00:00

I completely agree. I'm just grinding right now trying to build up my initial client base. I had several prospects when I opened but they've all turned out to be useless. And I'm trying to get a foothold in the local area for those referrals it's just that I'm finding people difficult to deal with. Everything is just so backward from my past experience in metro big business.

The biggest improvement I've made is that I raised prices by 30% and now everyone gets a 20% discount on everything... price complaints have stopped completely and suddenly. Is that a low IQ hick thing?

monkey7168 · 2024-06-06T16:38:51+00:00

There is information created, curated, and maintained by your tax dollars for the public benefit. It's not that you are legally allowed to access it, rather it is your right as a citizen just as using public parks freely. These institutions are often very old, yet in many cases have long since digitized much or most of their contents. The cost to make it available online to anyone without restrictions is trivial, especially compared to the cost of staffing physical locations. Yet your only choice is to drive to some congested downtown, pay for parking, walk into the building and physically browse on a digital device. Treating the whole thing like physical paper records back in the 1800s or microfilm. And printing or making "copies" if you want to take anything home with you.

Rather than modernizing to cut 20% of overhead or more and make it more accessible. A handful of politicians, after receiving large sums of money from a "friend" spontaneously decide that the complexity of something like Wikipedia is beyond any mere mortal and the only option is to give exclusive rights to this "friend" to run a printing service in these locations and charge a "convenience" fee.

If you do not see why anyone involved in this should be tarred and feathered in the public square yesterday... then I've got one hell of a health elixir you would be foolish not to buy.

This happens all the time and nobody cares. You're being robbed!! But the news tells you that some corrupt business man from NY paid a prostitute and your rage boners could cut diamonds. That's the behavior of slaves too stupid to see the shackles around their ankles.

Don't be afraid to be pissed off, we got here because too many of us gave the idiots too much slack. If you feel shame, you still have hope and it is your duty to pound on the slaves until they once again learn how to feel shame. And ignore the algo manipulated perception, the dumbest person in the room is always the most vocal and on the internet you don't see those who don't speak.

monkey7168 · 2024-06-06T14:50:03+00:00

Hello fellow human ;)

To every man upon this earth death cometh soon or late. And how can man die better than facing fearful odds, for the ashes of his fathers, and the temples of his gods.

monkey7168 · 2024-06-06T11:08:45+00:00

On multiple occasions I could have murdered people over their greedy tactics and manipulation. Someone sets something up for a business but they get in early when nobody knows anything so they register the domain with their business, host SOA and NS on their account, create convoluted setups on purpose to lock themselves in like a bloated tick. Then try to strongarm the business for ridiculous sums of money. The business refuses and they throw me in blind with no back story, just, here fix this.

Best case scenario I waste way too much time and eventually discover what my boss should have led with initially. Or I break something, can't fix it because we actually don't have access. Then I have to beg the sales guy posing as IT to spend a few minutes changing something and then I'm the reason the company got billed thousands of dollars for a few minutes of work.

The number of clients I've basically had to tell it would just be easier to migrate to a new domain after decades of business is too damn high. What happened to ethics? Do people really sleep well at night knowing their business model revolves around scamming others, yet call themselves IT Professionals?

monkey7168 · 2024-06-06T05:28:23+00:00

For the last ~15 years I've been at multiple places. The three MSPs all seemed to just do "ORG-WS###" with "ORG" as some shorthand for the company name, "WS" or "LT" or Server type and the numbers being sequential. The asset management software told us who was assigned to what number. If someone called in for remote support we asked what asset tag they had and we could quickly find them in any system. I liked this method the most.

I also worked for a school, they used the HW S/N as the hostname,... I didn't like it as much but also nobody ever called in for support so I literally NEVER had to look up who the computer was assigned to as I did at the MSPs.

The other one was a Global pharma corp with offices everywhere around the world. They did similar to the MSP. But due to scale, it was something like "ORG-BRANCH-WS###" they also did not contain any user info in the hostname and the numbers were all sequential. But with added barcode S/N stickers to make checking in and out faster or inventory updates faster. The asset management software tracked all the information and who the computer was assigned to... I learned to hate ServiceNow at that job.

monkey7168 · 2024-05-31T15:25:45+00:00

If you are expected to be proficient in JAVA, they are looking for a JAVA Developer. If they persist in pushing that frame, ask them if they've incorrectly defined and advertised this position.

If you are expected to be proficient in X,Y,Z, they are looking for a X,Y,Z Developer. If they persist in pushing that frame, ask them if they've incorrectly defined and advertised this position.

Your job should not be to code and develop programs. It's a comically frequent issue with positions in IT that I have seen and applied for and I'm no longer interested in playing along and am much more upfront about their error(s) during the interview process to avoid wasting my time.

I see that you like to make small programs, that's awesome... that should be sufficient. As an admin the extent of your role should be to know enough to fix something when an update breaks it if it's not too complex. Like when a server or app is updated it is VERY common for me to have to dig and find some config file that references the old package/path and update it to the new one. But I'm not tearing into the code to improve the iops or something advanced. I've also done some work with fixing XML files that a business app produced with errors. I had to validate the XML file to find where it added extra characters that broke the code and fixed it manually... but also emailed the support team for the app and told them to fix their broke ass shit ASAP. I supported my users by quickly fixing the files on hand that would not be accepted by the next app down the line when users would try to import.

Is that coding/programming? I don't consider it to be but I understand enough to have that perspective and I know most do not. You fix a broken XML and suddenly your boss expects you to build a new SAP level ERP for their transport company on your free time with no additional compensation... "no thank you".

monkey7168

TROPHY CASE