21 Musings From Incident Response
These are my personal anecdotal conclusions and I totally appreciate it may not line up with anyone else’s. This is US centric, as that is my experience, a...
Posts by Category
Blog
Specialty Packet Capture
Situations where it’s useful to analyze traffic: Don’t have access to the logs Want to look at traffic somewhere upstream like an LB Something is mak...
Post Mortem Archive Permalink
A resource maintained by the fabulous Dan Luu
Seeking Help On The Internet
Getting help and soliciting feedback on the Internet essential reading:
Python monitoring end-to-end with Diamond, Statsd and Graphite
If you stayed late at the DevOpsKC meetup last night you have may have caught me giving this talk about getting a monitoring system going using python from e...
SUP Intro DevOpsKC
I walked through these slides demonstrating the simple tool sup.py I wrote at the devops kc meetup. Sup can be used in place of ping/tcping/httping on some o...
Simple Site Loadtesting
Throwing some load at your setup and seeing how it reacts.
Using Snort on a PCAP file
Grabbing tcpdump output during a crisis can be hard to remember. Ideally, snort is running as as service inline or at least continually. Sometimes things hap...
Bash Troubleshooting Boilerplate
I have a bash script that is being called multiple times instead of once. I need to track down where it is being called from.
Syn Flood Testing
Launching a SYN flood. Everyone know DDOS attacks happen and of these SYN floods may be the simplest to organize for attackers. As a defender you don’t want...
Time Machine?
SRE: “When does it need to be done?” PM: “Next week at the latest.” SRE: “OK, we spend from now to next week working on a time machine. If we ha...
deviantART Registrar Name.com Compromised
So name.com was hacked and deviantart.com was one of the credentials dumped from their DB. How do I know? Name.com Tells Customers To Change Password Due To...
Beginning IOS BGP Configuration
This configuration is Cisco based but JunOS isn’t too far of a stretch in my experience. First off: you need your ASN. You need your address block. Your add...
Beginning BGP
I remember hearing a lot of conflicting information about BGP when I first started doing network admin stuff. A lot of time BGP is part of an HA strategy and...
Halting a KVM guest with virsh
KVM is great but I’m making a note so I remember because this command gives me pause every time. When a new VM has no OS or doesn’t make it past the bootloa...
IOS Granular Permissions
If you have tiered levels of administrators, or you want to create an account for automation purposes best practice is to define a custom security level in I...
Basic Python Regex Extraction
When dealing with totally unstructured data sometimes it is necessary to go full regex.
Basic Python JSON REST API Client Example
JSON REST API’s are increasingly common and useful. A basic client example for using something like nagios api import sys import os import urllib import js...
Settings a modular MOTD in Debian
Granular control over Debian MOTDMOTD should be used for more than welcome messages
Convert Cisco Octets to Mbps
Depending on the type of counter you want to track you can use one of the two SNMP following OIDs ‘64’ bit counter => oid => ‘.1.3.6.1.2.1.31.1.1.1’ ...
Read JSON in Bash with Python
Getting JSON from a flat file in a shell script
Newby Voicemail
My second day at a job in 2007 I showed up early. I came in the unlocked front doors and I set off an insane alarm.
blog
MySQL non-default DB cleanup
Show me my non-default databases
Examining Pxe Boot
I have a host with MAC 00:30:48:60:f3:ca. This host is configured to look for a PXE server, but was not matching the correct profile.
Puppet Core Dump Control
If you have crashes you can enable core dumps via Puppet
Bash to run for date of lastest Puppet update
When was this host last updated via puppet?
Debian Package from Python Project using stdeb
One of the things I do often is download projects from github. Pypi (py-pee-eye) is nice and so is pip, but I like to have one reference for packages on a ho...
Proxychains
Some commands do not natively support a proxy (RE: telnet). Other times it is just easier to do a one-off instance rather than mess with environment setting...