• 0 Posts
  • 21 Comments
Joined 1 year ago
cake
Cake day: June 20th, 2023

help-circle









  • Holy moly Networking Class… I’m getting flashbacks to my time when in the Simulated Cisco Environment we tried the SPT out and yes you are right. It takes a short but nonetheless weird amount of time for it to timeout.

    Thanks for giving me the updates. If I or somebody else ever has similar symptoms maybe they will find this thread :D

    I gotta say I think I would never had targeted SPT as the culprit. Though to be fair I only use dumb switches in my homelab and at the corp, the Networking department gatekeeps the nice stuff a bit :3

    Anyway, I’m happy you found out and were able to fix it. <3


  • I know this is stupid to ask but can you test setting up servers fresh from a .iso? No template, no domain join, no nothing that would create any predefined settings. If the issue doesnt persist, maybe there is a legacy gpo or something that forces it for domain recognition before allowing other network traffic. Or something completely different but we gotta corner the problem in with troubleshooting.

    And also maybe create a script that’s being fired at bootup. The script could write the timecode and the “ipconfig /all” and “route print” into a textfile every few miliseconds.

    This would create large logfiles but might help. Since if you are even uncapable of pinging local adresses with IPv4 adresses, maybe the network stack just simply doesn’t load fast enough.

    Also some additional info might help with cornering it in such as:

    • is it only occuring on Virtualized Machines?
    • what Hypervisor is being used?
    • are there more than one kind of hypervisor brand? (For e.g. Vmware and Hyper-V)
    • is the problem also ocurring on Bare Metal Servers? (Windows Server OS being installed directly on the Server without usage of Virtualisation)
    • is your Domain Forest an old one, that you didnt create initially - or another way of asking: could there be GPO’s or Templates that have settings in them, that you dont know about?
    • did you already try to connect two servers together by directly connecting them to each other and sniffing the NIC output via Wireshark? Maybe you can use this to parallel Check the behaviour of the bootup script with the Routing Tables and IP-Settings. Maybe somthing sticks out weirdly enough to catch your attention?



  • Sadly oVirt has also reached EOL it seems. There hasnt been an update for it for eternities. oVirt is actually pretty nice in some aspects but yeah it has some weird bugs. Running a prod environment though is actually possible if you have enough hypervisor in a cluster then even patching runs quite smoothly. Autobalancing also works nice.

    The only thing I haaateee about it is the awful one-time consoles.

    The fact that Windows Server .iso’s dont have the needed drivers to recognise a virtual drive is also not the best for a productive environment with many windows servers. Its possible, yes. But it brings a little headache at the beginning of setting everything up with it. After all you only need to mount em manually a few times. Only so many times, as you create a fresh VM-template for your environment. After that it isnt any hassle anymore.




  • Well thats because as soon as you search you are actually using a website. If the website doesnt support darkmode or was someday configured to be whitemode, then it will always show up bright. If the website doesnt support darkmodes: use the newest install that comes in a few days the 120 version. Or switch to the nightly-installation where you can already now install plugins/extentions. Then install the darkreader extention. Done. Ezpz


  • This is the way. The dude in the comment above the one I am replying to described a different way where you have to change the config, which would be neccesary to do on every new installation. Via the bookmarks/shortcuts method you will have the BANG Search on every new installation just by importing your bookmarks - or if you use an firefox account with synchronisation you will already have it with your login.

    Be advised that duckduckgo has already some predefined BANG Searches, that you can use without having to change anything. Just type in the search bar:

    • !g for google searches
    • !ddg for duckduckgo searches
    • !yt for youtube searches
    • !mindfactory for searches on a german pc hardware shop “mindfactory.de” Yes they have very broadly implemented websites. Even such nieche sites are already listed.


  • Look into the 3-2-1 strategy. Also: At least one Backup should be taken offline after the backup is done. This might be done via Tapes on a Tapelibary, where you would put your Used tapes into a fireproof safe (certified for Tape fire protection - ask me if you dont know what that means). Those backups that are not connected to a network are most reliable in such a scenario. Most encrypters encrypt right away and thus offline/archived backups are most likely not already affected.

    If your trojan was keeping itself silent for a couple of months (some specialised do that) even your archives are at risk. In such a situation mostly the only solution is to build from fresh.