Receive/Transmit

This post on pauldotcom is a handy way of running a command line instruction on every machine in the domain. Ideally you’d use group policy for this kind of thing, but its still useful to know.

I had an issue today with a Dell remote access card (DRAC). This is a card which you get in Dell servers, and is used to perform remote managment. In some situation it can be better than other remote access methods, since it gives you access to the console from boot (so you can view any BIOS messages) and can be used to power on the server remotely. At least thats the idea – in this particular case the card was running very slowly and the remote power on functionality wasn’t working. This isn’t great when you’ve just turned off a server which you don’t have physical access to. Luckily we can solve this by SSHing onto the DRAC and running a reset command. There are actually quite a lot of things we can do from the SSH interface:

login as: root
root@192.168.100.12's password:

Dell Remote Access Controller 5 (DRAC 5)
Firmware Version 1.40 (Build 08.08.22)

$ racadm help

 help [subcommand] -- display usage summary for a subcommand
 arp             -- display the networking ARP table
 clearasrscreen  -- clear the last ASR (crash) screen
 clrraclog       -- clear the RAC log
 clrsel          -- clear the System Event Log (SEL)
 config          -- modify RAC configuration properties
 coredump        -- display the last RAC coredump
 coredumpdelete  -- delete the last RAC coredump
 fwupdate        -- update the RAC firmware
 getconfig       -- display RAC configuration properties
 getniccfg       -- display current network settings
 getraclog       -- display the RAC log
 getractime      -- display the current RAC time
 getsel          -- display records from the System Event Log (SEL)
 getssninfo      -- display session information
 getsvctag       -- display service tag information
 getsysinfo      -- display general RAC and system information
 gettracelog     -- display the RAC diagnostic trace log
 ifconfig        -- display network interface information
 netstat         -- display routing table and network statistics
 ping            -- send ICMP echo packets on the network
 racdump         -- display RAC diagnostic information
 racreset        -- perform a RAC reset operation
 racresetcfg     -- restore the RAC configuration to factory defaults
 serveraction    -- perform system power management operations
 setniccfg       -- modify network configuration properties
 sslcertview     -- view SSL certificate information
 sslcsrgen       -- generate a certificate CSR from the RAC
 testemail       -- test RAC e-mail notifications
 testtrap        -- test RAC SNMP trap notifications
 version         -- display the version info of RACADM
 vmdisconnect    -- disconnect virtual media connections
 vmkey           -- perform virtual media key operations
 usercertview    -- view user certificate information

$

To reset the DRAC, we need the racreset command. This will re-initialise the DRAC and after a minute or so everything should be working again

Each month Cisco publish the worldwide CCIE count, which shows how many people have gained certifications over the last month. However it is possible to do a little maths and get a fuller picture – in this case that the numbers are dropping.

The CCIE consists of two parts, the first is a written exam which tests basic knowledge and after that you do a day long lab exam. The lab exam is considered to be the hardest of the two, with most people requiring multiple attempts. Once you have the certification, you just need to pass the written exam every few years to keep it.

Without any input from those who didn’t recertify its hard to work out why they didn’t bother. Change in job role could account for some but it seems unlikely that this would account for the full 61. Is it just that now there are more people with it, the CCIE is less highly regarded?

This is a really interesting article from Cisco which gets into the head of someone who controls large botnets for profit. There’s a slight bit of marketing for the Cisco IPS product in there, but apart from that its a really insightful read.

One of the most interesting parts for me was psyche of the guy that was behind it – they clearly knew that what they were doing was wrong and that they could get into a lot of trouble for it, but this didn’t override their urge to show off. Even when the Cisco researcher confessed that he’d been decieving them the whole time, they happily went along with his next deception and started giving out even more detailed information.

Another bit that really struck me was the amount of paranoia this individual seemed to have to live with, not only due to law enforcement potentially being after him but because of the possibility of his peers stealing his botnet while he slept.