I would assume that you might need to do some NAT to get the FQDN to
work correctly
1) Resolve to your external DNS FQDn
2) Setup Firewall Rule to allow 443/80 inbound from IP of external
FQDN
3) Setup NAT to translate External IP to Internal IP and allow to
80/443
4)
Whomever did this made sure that AV and other antimalware detection engines
wasn't going to find it. ( Basically custom packers, encryption, running the
malware through sites like scan4u.biz which malware writers use a lot to bypass
most major AV detection engines, etc etc.
Z
Edward Ziots
Yes
From: James Hill [mailto:falc...@gmail.com]
Sent: Wednesday, May 30, 2012 5:26 PM
To: NT System Admin Issues
Subject: RE: http://fqdn/owa works interally but not externally
Is this the SBS box you were talking about?
James.
From: David Lum
Possibly - but why would https work to the root directory but not any of the
virtual ones?
From: Steven M. Caesare [mailto:scaes...@caesare.com]
Sent: Wednesday, May 30, 2012 3:13 PM
To: NT System Admin Issues
Subject: RE: http://fqdn/owa works interally but not externally
HTTPS ports?
-sc
I don't disable DEP, but set it to essential services only. DEP conflicts with
a few non-Microsoft applications I run on my XenApp servers (v 6.5 here).
James Rankin kz2...@googlemail.com 5/31/2012 5:46 AM
I've read far too much contradictory info on this subject so was wondering if
anyone
I just check with a XenApp product architect and this person indicated that is
a setting that is never changed in any of the product testing. IOW, the
default is what Citrix expects and uses in their testing and validation
processes.
Carl Webster
Consultant and Citrix Technology Professional
There is a proxy of some kinds, because http://fqdnhttp://%3cfqdn from the
Internet is a different IP than what the real box is.
It acts very much like /owa simply drops the connection if it's an external
connection attempt. It's just bizarre to me that via the Internet I can get
to
There's a lot being made of (portions of) it being written in Lua
Which seems to be a tad unusual .
-sc
From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Wednesday, May 30, 2012 11:01 PM
To: NT System Admin Issues
Subject: Re: Flame bait...
Given that is has been successfully
Tried telnetting to that FQDN:port and see if you get any response?
-sc
From: David Lum [mailto:david@nwea.org]
Sent: Thursday, May 31, 2012 9:54 AM
To: NT System Admin Issues
Subject: RE: http://fqdn/owa works interally but not externally
There is a proxy of some kinds, because
Indeed.
Goes to show that any language can be made to do things which were not
intended by the language authors. I wonder if it will help shed light on
who was involved in the development?
Can you imagine the code review process for this level of malware?
* *
*ASB*
...and armed with this info, I already have a climbdown from this
consultancy, who are claiming it isn't a performance enhancement any more
and a recommendation based around previous experience with it causing
false positives. Still doesn't explain why they would turn it off
altogether then, I'd
It was written by a Hawaiian that wanted to put the hurt on someone.
From: Steven M. Caesare [mailto:scaes...@caesare.com]
Sent: Thursday, May 31, 2012 8:57 AM
To: NT System Admin Issues
Subject: RE: Flame bait...
There's a lot being made of (portions of) it being written in Lua Which
seems
Thanks
No lanbatch32 by Qflex Corp
Do use Winbatch however - love it
Thanks for the leads
-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com]
Sent: Wednesday, May 30, 2012 2:34 PM
To: NT System Admin Issues
Subject: Re: Job (batch) control software
On Wed, May 30, 2012 at
Thanks to all !!!
Some reading for me to do :)
From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Wednesday, May 30, 2012 2:57 PM
To: NT System Admin Issues
Subject: Re: Job (batch) control software
That's very easy to do with the native job scheduler, and it can even be done
via the CLI
We have a winner! :80 works, :443 does not. Not requiring SSL gets me to the
website, so I need to make sure 443 is being allowed.
Makes me wonder how it was configured before, but thanks!
Dave
From: Steven M. Caesare [mailto:scaes...@caesare.com]
Sent: Thursday, May 31, 2012 7:02 AM
To: NT
I believe Steve Gibson said that all of the traffic it passed WAS encrypted.
It may also be (I wasn't listening as closely as I could have been) that it's
encrypted at rest on the victim system too.
Ben M. Schorr
Roland Schorr Tower
www.rolandschorr.com | www.officeforlawyers.com | Twitter:
And assumedly some pretty stringent testing... 0-day exploits,
propagation, detection-evading, command and control behavior, etc... One
would assume they'd want to test in private so as to avoid early
detection by the AV community
-sc
From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent:
That explains the hula module then.
-sc
From: Kim Longenbaugh [mailto:k...@colonialsavings.com]
Sent: Thursday, May 31, 2012 10:05 AM
To: NT System Admin Issues
Subject: RE: Flame bait...
It was written by a Hawaiian that wanted to put the hurt on someone.
From: Steven M. Caesare
No, you're not
I've checked my own too :-)
---Blackberried
-Original Message-
From: Webster webs...@carlwebster.com
Date: Thu, 31 May 2012 14:12:58
To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com
Reply-To: NT System Admin Issues
Well said... :)
* *
*ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of
Technology for the SMB market…
*
On Thu, May 31, 2012 at 10:10 AM, Michael B. Smith mich...@smithcons.comwrote:
You get what you pay for.
** **
And if you don’t pay for it to start with, you’ll
Good deal. The external FW/proxy is something you can control directly?
-sc
From: David Lum [mailto:david@nwea.org]
Sent: Thursday, May 31, 2012 10:23 AM
To: NT System Admin Issues
Subject: RE: http://fqdn/owa works interally but not externally
We have a winner! :80 works, :443 does
http://blog.knowbe4.com/new-cyberweapon-flame-cia-and-mossad-coproduction/
Stu
From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Thursday, May 31, 2012 10:03 AM
To: NT System Admin Issues
Subject: Re: Flame bait...
Indeed.
Goes to show that any language can be made to do things which were
Again basically its controlling code execution, but it does proper a scary
example at what targeted malware can do.
If you get a chance read Dissecting the Hack the Forbidden Network by
Syngress. It’s a hell of a read about what can go on with these types of
things.
Z
Edward Ziots
CISSP,
Here is a link to a nice writeup on Skywiper/Flame.
http://www.crysys.hu/skywiper/skywiper.pdf
Z
Edward Ziots
CISSP, Security +, Network +
Security Engineer
Lifespan Organization
ezi...@lifespan.org
-Original Message-
From: Ben M. Schorr [mailto:b...@rolandschorr.com]
Sent:
Dave,
Get fiddler HTTP debugger on your endpoint laptop and look at the
web-traffic to port 443 and what is the http error code. Or hit me
offline with the IP and I can check stuff for ya.
Now back to the Skywiper/Flame research,, just got pinged myself on it.
Z
Edward Ziots
Nope, handled by the county (my client is a city who is in the
county-controlled network. But at least I know what the issue is, thanks for
the pointer, I simply wasn't understanding it.
From: Steven M. Caesare [mailto:scaes...@caesare.com]
Sent: Thursday, May 31, 2012 7:58 AM
To: NT System
I was thinking more in terms of lua-ow
From: Steven M. Caesare [mailto:scaes...@caesare.com]
Sent: Thursday, May 31, 2012 9:34 AM
To: NT System Admin Issues
Subject: RE: Flame bait...
That explains the hula module then.
-sc
From: Kim Longenbaugh [mailto:k...@colonialsavings.com]
Sent:
I got that... hence my joke of one of the modules being something found
at said lua-ow. :-)
-sc
From: Kim Longenbaugh [mailto:k...@colonialsavings.com]
Sent: Thursday, May 31, 2012 12:10 PM
To: NT System Admin Issues
Subject: RE: Flame bait...
I was thinking more in terms of lua-ow
From:
GROAN! :( That was worse than one of mine and that is getting pretty darn bad!
Carl Webster
Consultant and Citrix Technology Professional
http://www.CarlWebster.comhttp://www.carlwebster.com/
From: Kim Longenbaugh [mailto:k...@colonialsavings.com]
Subject: RE: Flame bait...
I was thinking
You want bad?
The police departments in a large metro area bought some Nissans recently.
They're going to be their Vice Versas
In response, Nissan decided to use a special ceramic material for the car
bodies. They call it their versa tile.
From: Webster [mailto:webs...@carlwebster.com]
The made a change, I can now get to https://fqdn/owahttps://%3cfqdn%3e/owa
UNELSS I set /owa to *require* SSL. Huh?
Dave
From: David Lum [mailto:david@nwea.org]
Sent: Thursday, May 31, 2012 8:34 AM
To: NT System Admin Issues
Subject: RE: http://fqdn/owa works interally but not externally
Potential customer, Hi, I saw a Rolls Corniche the other day - I really
like all of the features. However, there is one problem, I don't want to
pay that much money. What are my other options?
Car Salesman, Well, we have LOTS of different vehicles available to meet
every need and budget. What
What role(s) are on this under-sized box?
DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE
From: Daniel Chenault [mailto:dchena...@lgnetworksinc.com]
Sent: Thursday, May 31, 2012 4:41 PM
To: NT System Admin Issues
Subject: moving Exchange
Ex2010
You need to leave the old box up long enough for all users to have executed
Outlook for at least 15 minutes in order for the Outlook profiles to be updated.
From: Daniel Chenault [mailto:dchena...@lgnetworksinc.com]
Sent: Thursday, May 31, 2012 4:41 PM
To: NT System Admin Issues
Subject: moving
It's the only Ex box in the org. Perfmon is showing me that the IS is what is
dragging the box down (and it is used for some other things as well that will
be much harder to move) thus I want to get Exchange off it.
Daniel Chenault
dchena...@lgnetworksinc.com
[Description: Description:
More than just mailboxes; there's connectors, OABs, PFs, routing, DNS,
autodiscover, etc. While the general idea is OK, the devil is in the
details...
***
Charlie Kaiser
charl...@golden-eagle.org
Kingman, AZ
***
-Original Message-
From: Daniel
In this case I was asking which of the Exchange roles were present, but since
it's the only one that answers the question.
What might be your smoothest thing is to install the hub transport and mailbox
roles on the new server and then move the mailboxes. This can be done online
and
The only app on an Exchange box should be Exchange IMHO. Anything else is just
asking for problems.
John W. Cook
Network Operations Manager
Partnership for Strong Families
From: Daniel Chenault [mailto:dchena...@lgnetworksinc.com]
Sent: Thursday, May 31, 2012 05:06 PM
To: NT System Admin Issues
Memory? Or IO?
How much memory? How many users? How large is the store? What is the disk
subsystem?
From: Daniel Chenault [mailto:dchena...@lgnetworksinc.com]
Sent: Thursday, May 31, 2012 5:07 PM
To: NT System Admin Issues
Subject: RE: moving Exchange
It's the only Ex box in the org. Perfmon
Yes, I know that, but didn't' want to bog the list down with the devil's
details. I can handle all that stuff; it's the reuse of the key that concerns
me most.
Daniel Chenault
dchena...@lgnetworksinc.com
-Original Message-
From: Charlie Kaiser [mailto:charl...@golden-eagle.org]
Wasn’t my call, I’m just dealing with the fallout.
Daniel Chenault
dchena...@lgnetworksinc.com
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]
From: John Cook [mailto:john.c...@pfsf.org]
Sent: Thursday, May 31, 2012 4:21 PM
To: NT System Admin Issues
Subject: Re: moving Exchange
Yes
Almost all, about 40 heavy, over 12G, single RAID 5 array.
Like I said in another post, I'm just dealing with the fallout, wasn't my
design or my call.
Daniel Chenault
dchena...@lgnetworksinc.com
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]
From: Michael B. Smith
Message hygiene apps are usually a good thing to have on Exchange boxes hosting
transport roles. ;)
--
Sent using BlackBerry
From: John Cook [mailto:john.c...@pfsf.org]
Sent: Thursday, May 31, 2012 05:21 PM
To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com
You may be better served by splitting off just the MB role to the new
box...unless of course they are only licensed for one box. In which case
after you move the MB's to the new server you'll need to maintain the CAS
role on he old box in order to affect aforementioned 'magic on the clients.
-
I wouldn't worry about the key...you get 30 days grace I believe.
On Thu, May 31, 2012 at 4:31 PM, Daniel Chenault
dchena...@lgnetworksinc.com wrote:
Yes, I know that, but didn't' want to bog the list down with the devil's
details. I can handle all that stuff; it's the reuse of the key that
Yep. :) I noticed that on the core install, sconfig no longer has the option to
install the gui. :(
--
Sent using BlackBerry
From: Steve Ens [mailto:stevey...@gmail.com]
Sent: Thursday, May 31, 2012 05:45 PM
To: NT System Admin Issues
Customer owns one serial for Exchange. I do not think... scratch that... I KNOW
they are not going to pop for another one just to make my life more convenient.
Daniel Chenault
dchena...@lgnetworksinc.com
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]
From: William Robbins
The updated Windows 8 is, too.
http://myitforum.com/myitforumwp/2012/05/31/windows-8-release-preview-is-now
-available/
From: Steve Ens [mailto:stevey...@gmail.com]
Sent: Thursday, May 31, 2012 5:45 PM
To: NT System Admin Issues
Subject: Server 2012 RC available
it's up!
Actually it's 120.
From: Steve Ens [mailto:stevey...@gmail.com]
Sent: Thursday, May 31, 2012 5:52 PM
To: NT System Admin Issues
Subject: Re: moving Exchange
I wouldn't worry about the key...you get 30 days grace I believe.
On Thu, May 31, 2012 at 4:31 PM, Daniel Chenault
Fair enough.
- Will
On Thu, May 31, 2012 at 5:14 PM, Daniel Chenault
dchena...@lgnetworksinc.com wrote:
Customer owns one serial for Exchange. I do not think… scratch that… I
KNOW they are not going to pop for another one just to make my life more
convenient.
** **
Daniel
You didn't answer my memory question.
40 users in a 12 GB DB is tiny. A single RAID-5 array should be able to handle
that even during a rebuild situation without breaking a sweat.
How much memory is in the box and how much can you add?
From: Daniel Chenault [mailto:dchena...@lgnetworksinc.com]
Cool, will give it a shake.
On Thu, May 31, 2012 at 5:20 PM, Rod Trent rodtr...@myitforum.com wrote:
The updated Windows 8 is, too…
** **
http://myitforum.com/myitforumwp/2012/05/31/windows-8-release-preview-is-now-available/
** **
*From:* Steve Ens
Already updated my windows 8 tablet with it. I don't see a lot of changes from
the consumer preview.
Steve Ens stevey...@gmail.com wrote:
Cool, will give it a shake.
On Thu, May 31, 2012 at 5:20 PM, Rod Trent rodtr...@myitforum.com
wrote:
The updated Windows 8 is, too…
** **
As per what Desmond asked you before: look at the IIS log files to see what
requests are actually being received, and what error codes are being returned.
Cheers
Ken
From: David Lum [mailto:david@nwea.org]
Sent: Friday, 1 June 2012 2:41 AM
To: NT System Admin Issues
Subject: RE:
54 matches
Mail list logo