Ooops. Looks like I sent before I wrote. Weird. I'm writing an email that will go out to our COO, Director of Engineering, VP of Product Management and a few other people.
I won't be naming names, but I will be reminding folks of the foolishness of connecting non-IT-approved devices to the production network. I'll be letting them know how long it took me to get this nailed down, who else was involved in the effort, and the number of workstations affected by this. I'll also remind them that this follows on the heels of problems with STP root bridge announcement emanating from the lab, which also caused major problems for us recently (and which we're remedying by putting the lab behind its own router, and into the hands of a lab manager (finally! I've been arguing for that position to be created and filled literally for years)). Kurt On Wed, Oct 9, 2013 at 1:38 AM, James Hill <[email protected]> wrote: > Haha.. good work detective. > > I'm available if deliverance of physical beatings is required, at my standard > hourly rate of course. > > *sits back and waits for many many comments on that one :) > > James. > > -----Original Message----- > From: [email protected] [mailto:[email protected]] > On Behalf Of Kurt Buff > Sent: Wednesday, 9 October 2013 2:18 PM > To: [email protected] > Subject: Re: [NTSysADM] Semi-OT: AU bandwidth > > I found the rogue DHCP server. > > I had a report this morning as soon as I got in from a user who couldn't > connect to anything, and found that he had an address in the > 192.168.1.0/24 subnet, on a VLAN that should be in the 192.168.13.0/24 subnet. > > Brought in a laptop, changed its IP address to match the range of the rogue > unit and connected it to a port on a switch in the same VLAN, and pinged the > IP address of the rogue server, then harvested the MAC address from 'arp -a' > > Then did a 'sho mac' on the switches that carried the VLAN, and nailed it > down to the port on the switch. > > I disabled the port, and let the user come to me, asking why he couldn't get > anywhere. > > The rest is politics... > > Kurt > > > On Tue, Oct 8, 2013 at 8:26 PM, Jon Harris <[email protected]> wrote: >> If you find them just kill their ports and say their rogue equipment >> caused a hardware failure and you need to replace all the hardware in >> or near their device. Pass it onto their managers with a bill for the >> equipment. Pretty sure they will get the blood drained and your hands will >> be semi-clean. >> >> Jon >> >>> Date: Tue, 8 Oct 2013 11:16:42 -0700 >> >>> Subject: Re: [NTSysADM] Semi-OT: AU bandwidth >>> From: [email protected] >>> To: [email protected] >> >>> >>> That's a good list to start. Much appreciated. >>> >>> If I follow up, it'll be in a few days - among other things, I have >>> to track down the miscreants (again!) who are putting up rogue >>> network equipment on the production network that is issuing DHCP >>> responses, and that thinks it's root bridge. >>> >>> I'm out for blood this time. >>> >>> Kurt >>> >>> On Mon, Oct 7, 2013 at 10:37 PM, James Hill >>> <[email protected]> >>> wrote: >>> > You can get unmetered here but it is more expensive. It depends on >>> > where exactly. Brisbane city for example would be no problem to >>> > provide the speed and symmetrical link you want. Out in the suburbs >>> > may be more challenging though. >>> > >>> > Telstra is the biggest (and usually most expensive provider) ISP >>> > here followed by Optus. >>> > >>> > There are plenty of others that resell the above two networks and >>> > also in some cases have a fair amount of their own equipment. Any >>> > of the following will be able to provide what you are after:- >>> > >>> > http://www.telstra.com.au/business-enterprise/ >>> > http://www.optus.com.au/business >>> > http://www.brennanit.com.au/ >>> > http://www.overthewire.com.au/ >>> > >>> > Contact me off list if you need anything more specific. >>> > >>> > James. >>> > >>> > -----Original Message----- >>> > From: [email protected] >>> > [mailto:[email protected]] On Behalf Of Kurt Buff >>> > Sent: Tuesday, 8 October 2013 9:22 AM >>> > To: [email protected]; [email protected] >>> > Subject: [NTSysADM] Semi-OT: AU bandwidth >>> > >>> > Specifically, Brisbane, if any of you have experience there, I'd be >>> > happy to hear about it. >>> > >>> > We've got an office there, and I've been trying to get decent >>> > bandwidth there for ages. >>> > >>> > I'm looking for a plan with greater than 4mbit (preferably 10mbit), >>> > and no metering. No SDSL, either. >>> > >>> > EFM, fiber, something that will get me a /29 and reliable >>> > connectivity that we can pound on for the site-to-site VPN back to >>> > the US office at a reasonable price. >>> > >>> > I did another search today, and *everyone* wants to see you metered >>> > bandwitdh, and AFAIAC, the only metering should be the actual speed >>> > of the link - I pay for it, I get it, all the way, 24x7. >>> > >>> > >>> > Anyone on this list know of a good provider there? >>> > >>> > Kurt >>> > >>> > >>> >>> > >
