When we last left our hero MRTG, he was doing simple SNMP Gets and spitting out some fairly basic graphs.  While this is terribly useful already, MRTG (and sidekick Routers2.cgi) is capable of much more.  In this installment of the MRTG article series, I will be demonstrating how to tap into the power of WMI to further enhance your MRTG experience. For the purposes of this article, I will be assuming that you have a working MRTG system already running.  If you need help with that, please see the previous article in this series: Installing MRTG on a Windows Platform. Using WMI...

From the Reinventing the Wheel Department: I have a need to audit my data center's IP space periodically to see what machines are using which IP addresses.  None of the free tools did it the way I wanted, or were more work to get configured than I was willing to invest, and I wasn't willing to shell out money for commercial scanners. So I whipped one up in vbscript, and called it IPEnum. IPEnum can not only scan /24 networks, it can also compare the results of the scan with a previous one and highlight the differences.  You will know at a glance...

(Updated Oct 13, 2005 to update my email address and link to SSH binaries.  Thanks MJE!) First, let me thank Anil John for sending me his configuration and walking me through the appropriate steps.  You rock, Anil, seriously. Secondly, if you notice any errors in this article, or have suggestions for improvement, please leave a comment, or email me at beau dot monday at gmail dot com. Installing and Configuring OpenSSH Server: OK, first, download OpenSSH from http://sshwindows.sourceforge.net Unzip it, and run the resulting installer Install the program to the directory of your choice (I will use c:\OpenSSH).  You will be best served by putting OpenSSH...

I have a problem.  My Data Center Team has 5 minutes to bring a misbehaving server back to production service levels, or they get their butts kicked by Mr. SLA. That means that (if I am around) I have just about 1 minute of quality time with the system to determine if a security incident has occurred.  If I'm at lunch, home sleeping, or in the can, the machine has probably been rebooted and put back into production before I even knew it was down. What to do?  I either have to train my entire Data Center staff to be Incident Handlers, or get...

Due to the flood of Login/Logout events in my Security event logs as a result of my MRTG activities, I went on a search for some tools to help me remove some of the noise from the logs and allow me to do some meaningful analysis of anomalies. The most promising tool so far, has been a Perl script called Logger.pl, written by Ken Hoover at Yale University. Logger.pl takes an event log from one or more systems and parses it for “interesting” events.  The events can be spit out in a variety of formats, including csv files (for further analysis using graphing...

MRTG is the most popular open source performance measuring tool being used around the world today.  While MRTG is open source, it has been widely adopted by major companies everywhere who use it to measure network performance and adherence to SLAs, among other things.  For an interesting snapshot of who is using MRTG, and for what purpose, go to MRTG's “Where, What, How” page and have a look at some of the interesting things MRTG is being used to track.  Although MRTG started out as an application to measure network performance on routers (MRTG stands for “Multi Router Traffic Grapher“), it is...

An interesting thread developed over the weekend on BugTraq about a flaw in IE (all the way up through version 6 SP1) revolving around the exploitability of "chromeless" windows. Chromeless windows are screen objects that do not have the normal borders and other controls attached to them. As such, they can easily be placed anywhere on the screen, and (here is the problem) be made to obscure or even change important messages from the system. I present, for your consideration, the following web site (it is not malicious, but you must wait for the ActiveX control to finish loading): Exploit...

(You may want to Refresh often to see the most up-to-date information.  This data should be no more than 5 mins old.) CPU Consumption for the past 24 hours: Memory Usage: Disk Usage: Network Activity: Cisco Switch CPU Utilization:

Quick: What is projected to be Nigeria's 2nd largest industry in 2003? If you answered "Nigerian Email Scam" (or "419 scam", or "Advance Fee Fraud"), you're correct! It is estimated that in 2003, the perpetrators of the scam will bilk about $2 Billion dollars from gullible victims around the world. It's gotten so bad that British intelligence agencies report seeing as many as 5 Americans waiting in hotel lobbies to meet people connect with the scam. Here's how it works:The scammer sends spam (either email of fax, or sometimes even snailmail) to prospective victims, promising them a 30% cut of...

Let's talk a moment about the art of “phishing”, shall we?  This ain't your daddy's fishing, no sir.  Phishing is the term being used to describe theft of credit card information, username/passwords, and or identity information using a combination of email and bogus web sites. Consider, if you will, the following email from what appears to be Citibank: Oh crap!  They are going to cancel your checking account unless you clicky the linky!  So you do, and it takes you to something like this...  Looks like a Citibank page, doesn't it?  But is it really?  Where did I *really* send you?  Take a...