Jul. 16th, 2009

[identity profile] tuba-man.livejournal.com
Oh man, after spending 2 days with wireshark and Dunkin' Donuts coffee, I have tasted the sweet thrill of victory.  There are very few things as satisfying as staring at a 2GB pile of SMTP packets and randomly trying out filters when suddenly things click and the lighthouse turns on, complete with angelic chior (all playing tubas, of course).

A user hears from his contacts that the From address is coming out garbled.  All users of this system use the same web interface, but this guy is the only one having difficulty.  He sends that off to the programmer/dba/site owner, who sends it off to me, his sysadmin.  I've never seen anything quite like it before in an email, so I fire up tcpdump and leave it there for a week.

The only thing I have to go off of is:
Return-path: =?iso-8859-1?B?PGV4YW1wbGVAY29vbHNpdGUuY29tOz4=?= )
[identity profile] cjkline83.livejournal.com
1. Show up at a customer site at 9am where they complain their office computer is infected with viruses.
2. Begin diagnosing the issue on site, instead of taking the problem back to the office for a reload, thinking this will be faster in the long run (skip the commute of 30 minutes each way back and forth from site to office).
3. Without being requested to do so, switch to the server which runs the point-of-sale operations for the entire restaurant.
4. Notice that the server is screaming about blocking malicious activity to some ip address of a webserver trying to download malicious code.
5. Freak out, and assume server is infected, begin running a scan on said server.
6. Find 31 infections on server, remove them, even though you haven't obtained permission from the customer; think you are going above and beyond the call of duty and preventing further issues later for the customer.
7. Discover one of those infections is Vundo. Oh shit.
8. Determine, without testing things, that the server is fixed. Return your attention to the original call--the back office computer.
9. Back computer only has four infections, but runs like dog shit. Disconnect and bring back to the office anyway to perform reload and backup.
10. While on site, be bombarded with calls that your "child", the phone systems at both offices, is throwing a bitch fit and not routing incoming calls anywhere. All incoming calls sit on hold indefinitely. Freak out part two. Resolve most of the issues on site via remote access.
11. Stop at the house because you need to fix the other phone server at the other office.
12. Feeling victorious at resolving everyone's pending major issues, celebrate with a lunch-hour nap.
13. Fail to hear your phone ringing the entire hour you are napping.
14. Fail to check voicemail, miss important defcon 5 message that the site you were just at is down and has major issues.
15. Freak out part three.

Today has been a very crazy day, and I did it to myself. The whole idea to being a slave of a supervisor seems more inviting all the time. Apparently when left to my own devices, I will make catastrophic business decisions.

Profile

techrecovery: (Default)
Elitist Computer Nerd Posse

April 2017

S M T W T F S
      1
2345678
91011121314 15
16171819202122
23242526272829
30      

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Sep. 19th, 2025 08:48 pm
Powered by Dreamwidth Studios