Attention: TDR Forum Junkies I managed the network (servers, switches, routers and security) for about 4000 people worldwide. Unfortunately, it appears I sometimes have to manage the management team.
Kinda of techy but here goes... .
The notes group (email support group) upgrade to version 6. 5 on all servers (and then told me about when a server crashed and I got called in to rebuild it), by default 6. 5 opens port 25, 80, 110, 445 and standard 1352. The notes group does not know how to shutdown the other ports. That is fine since all switches and server are in vlan1 and the ACL only allows needed ports to needed servers. However...
We switch all http & ftp to parent company proxy and pulled the default route off my 6509. Clients get the proxy settings from DHCP and VLAN1 members have it manually entered into IE. Well supervisor demanded to be on VLan1 and could never remember his static IP or IE settings. He demanded I add DHCP to vlan1. I explained, found Cisco documents and drew out why DHCP on vlan1 would be bad. I even had parent company (since IT director & SUPERVISOR say they never make mistakes) explain why this would be bad. Did not matter. I was told to do it or pink slip time.
I held a change control meeting with all IT staff and stated cause and effect for this change. Most agreed with me but supervisor pushed since IT director was off-site. I built the DHCP box with a pool of 10 IP's (demanded this too. ) I again told him VLAN1 to VLAN1 is unrestricted and all new Cisco switches default to vlan1. Did not matter.
Four days later some consultants and auditors came in to work with engineering and finance. Supervisor grabbed a Cisco switch off the shelf and dropped it in a conference room (forgot to tell me). Within half a day the notes boxes, file and print servers would not accept any new connections. All accounts were locked and the parent company WAN link (separate vlan) was at 100% outbound traffic. Parent company called looking for answers as to why we were attacking them.
I was already running a packet capture when they called. I found the new DHCP pool on vlan1 was to blame. I traced it to a single switch and added an ACL blocking all ports from accessing the g0/1 uplink. By IT director & supervisor’s rules I sent a broadcast message (separate email system) to all IT staff and department managers on what I found and what I blocked. I then sent another broadcast message to IT and parent company with all the screenshots documenting my course of action.
IT director & supervisor’s came to my office 'looking for more detail" because the ACL should have blocked this. I call to Cisco tech describing the new problems reinforced my statement that this was a bad move since members in the same vlan never touch the ACL of that vlan1. (Supervisor said DELL claims theirs does, Cisco tech and sales rep said if Dell can prove that, we will pay for complete replacement of your infrastructure).
IT director asked who the DHCP people were and how did the get on the network if I did not review their systems first. I told her the earlier part of this story. She told supervisor to point me to the consultants and to go to her office.
The consultant’s virus definitions were 6months + old if they even had antivirus installed. I ran MS antispy, ad-aware and spysweeper which removed over 700+ traces per Laptop. Luckily the servers were OK after pulling the supervisor installed switch. And we no longer have DHCP on vlan1.
Kinda of techy but here goes... .
The notes group (email support group) upgrade to version 6. 5 on all servers (and then told me about when a server crashed and I got called in to rebuild it), by default 6. 5 opens port 25, 80, 110, 445 and standard 1352. The notes group does not know how to shutdown the other ports. That is fine since all switches and server are in vlan1 and the ACL only allows needed ports to needed servers. However...
We switch all http & ftp to parent company proxy and pulled the default route off my 6509. Clients get the proxy settings from DHCP and VLAN1 members have it manually entered into IE. Well supervisor demanded to be on VLan1 and could never remember his static IP or IE settings. He demanded I add DHCP to vlan1. I explained, found Cisco documents and drew out why DHCP on vlan1 would be bad. I even had parent company (since IT director & SUPERVISOR say they never make mistakes) explain why this would be bad. Did not matter. I was told to do it or pink slip time.
I held a change control meeting with all IT staff and stated cause and effect for this change. Most agreed with me but supervisor pushed since IT director was off-site. I built the DHCP box with a pool of 10 IP's (demanded this too. ) I again told him VLAN1 to VLAN1 is unrestricted and all new Cisco switches default to vlan1. Did not matter.
Four days later some consultants and auditors came in to work with engineering and finance. Supervisor grabbed a Cisco switch off the shelf and dropped it in a conference room (forgot to tell me). Within half a day the notes boxes, file and print servers would not accept any new connections. All accounts were locked and the parent company WAN link (separate vlan) was at 100% outbound traffic. Parent company called looking for answers as to why we were attacking them.
I was already running a packet capture when they called. I found the new DHCP pool on vlan1 was to blame. I traced it to a single switch and added an ACL blocking all ports from accessing the g0/1 uplink. By IT director & supervisor’s rules I sent a broadcast message (separate email system) to all IT staff and department managers on what I found and what I blocked. I then sent another broadcast message to IT and parent company with all the screenshots documenting my course of action.
IT director & supervisor’s came to my office 'looking for more detail" because the ACL should have blocked this. I call to Cisco tech describing the new problems reinforced my statement that this was a bad move since members in the same vlan never touch the ACL of that vlan1. (Supervisor said DELL claims theirs does, Cisco tech and sales rep said if Dell can prove that, we will pay for complete replacement of your infrastructure).
IT director asked who the DHCP people were and how did the get on the network if I did not review their systems first. I told her the earlier part of this story. She told supervisor to point me to the consultants and to go to her office.
The consultant’s virus definitions were 6months + old if they even had antivirus installed. I ran MS antispy, ad-aware and spysweeper which removed over 700+ traces per Laptop. Luckily the servers were OK after pulling the supervisor installed switch. And we no longer have DHCP on vlan1.
