Whats the most hilarious misconfiguration you've come across on the job?

--chris--

jahaziel wrote: »

I believe I only seen it in really small companies. I'm more used to 10.X.X.X being sub-netted to meet your needs.

Confirms many things I thought. Thanks.

Architect192

--chris-- wrote: »

This question has me wondering. Since I only have had one real IT job, is it common for enterprise level networks to use the 192.168.x.x mask?

Well, if the network is using the same subnet, you will more than likely get IP conflicts. If they use a different subnet, then you will get users/devices that will end up getting IPs in the wrong subnet (whatever the wifi router provides) and causing disruption for those users only.

W Stewart

Don't even get me started. That kind of stuff is regular in the data center I work in. Half of us here just clean up the mess made by the other half of the people. How about a 5 disk raid 0 that was meant to be a raid 5? There were no backups for that server either. They're shipping their stuff off to drive savers right now. Or a network cable with both ends plugged into the same unmanaged switch(no spanning tree). We've also got some switches in our data center hanging up by zip ties.

fredrikjj

I once plugged in a new mouse that I had ordered and unconfigured a production switch by accident by randomly clicking on the screen to make sure the mouse was working. I must have copied some bad commands earlier and then just right click pasted them into a running console window. Super embarrassing and kind of hilarious, but not in a good way; there is no worse feeling than messing up a live device.

Architect192

In the days of Windows NT4 Server, when installing, the default was to setup a domain controller. At a large financial institution, when we did the migration and domain consolidations to active directory (windows 2000), we discovered that one of the departments had setup their 30-40 servers as domain controllers... Of different domains. They had created user accounts for each user on each domain. What a mess...

eansdad

RouteMyPacket wrote: »

So why didn't you secure the network from rogue DHCP servers?

If I had the power I would. Our current "admin" doesn't even believe in using and IDS.


I've got a new one...When I was assigned to one of the middle schools back in 2012 I noticed a few PC boxes sitting off to the side. I asked what they were for and was told they were spares for replacement by the previous tech. Well I start unboxing and find a Dell T310 server fully loaded and look at the PO for it. We had this sitting for almost a year and the kicker was....It wasn't ours...Apparently it was to be delivered to a local company and all our tech did was count boxes for the delivery. We were short a sound bar. A few calls later and it was on a truck back to Dell.

I watched an "admin" not be able to find a very t'd off device that was tossing out a lot of bad traffic. Took down 3 buildings that were linked since the other 2 were hanging off this 1 building. Not only could he not find it but the Network Engineer hired couldn't find it after 3 days (Yup, still got paid). SO after watching all this I asked the building tech if anything had been changed or added in the days before. A 3Com 4 port mini switch was replaced by the same admin that couldn't find the issue. Told him to unplug it and reboot the MDF. Sure enough...Government dollars at work...At least the admin was demoted back to Sr. Tech and put back in the buildings, unfortunately they still haven't taken the $12k raise he got when he was promoted the year prior.


For those asking we have over 20 buildings in our district and have a 10.X.X.X address system. For those that don't know, a device looking for an IP will call out and the nearest DHCP will handle the address. So if you have buildings hanging off of other buildings instead of runs back to the NOC you can take down multiple sites.

rsutton

After taking on a new client and looking over their Exchange server I saw an accepted SMTP domain of "contoso.com"

RouteMyPacket

eansdad wrote: »

If I had the power I would. Our current "admin" doesn't even believe in using and IDS.

Why would you need an IDS to "prevent" a rogue DHCP server? We have means at our disposal to protect clients from this very action.

MarDavid

call with T2 IT Consultant who claimed Microsoft Updates were called R#, when we were on the topic of quickbooks. took him to quickbooks update page and still insisted i was wrong.

Iristheangel

eansdad wrote: »

If I had the power I would. Our current "admin" doesn't even believe in using and IDS.

If you're using Cisco switches, just turn on DHCP snooping. I like setting rate limits down to the interface level.

eansdad

RouteMyPacket wrote: »

Why would you need an IDS to "prevent" a rogue DHCP server? We have means at our disposal to protect clients from this very action.

It doesn't, just a separate thought.

Iristheangel wrote: »

If you're using Cisco switches, just turn on DHCP snooping. I like setting rate limits down to the interface level.

We aren't Cisco yet, they are outsourcing to bring that in regardless of the fact that we can do it, right now we have a mix of old 3Com and Dell switches. Since we got this new Assistant Superintendent we have been told to basically stop doing the administration side of our buildings. Funny part is the admin that we have left is now doing more tech coordinator work (meetings with administration and vendors) then actual work so nothing is getting done. We are just sitting back and slowly watching this place burn. My hands are tied until April to leave but I can't wait to get out.

it_consultant

beaucaldwell wrote: »

last company I worked for, a leading biotech company that does things like revolutionizing DNA sequencing (among other things) refuses to setup backup servers to backup user data of any kind even for their executives... can't begin to tell you the 10's of thousands of dollars I've seen them waste sending HDD's to Kroll for recovery only to get nothing back... to make things better, legal does not allow end-users to use external HDD's to backup their own things...

Backups are one of those things that is a deal-breaker (along with support contracts) with me for employment or contract. There are too many inexpensive solutions to not have a backup.

Reading through some of these I can definitely relate; when I showed up at this current job:

- Dirty switch (switch between our BGP router and our main firewall) was a 5 port linksys hub (replaced with stacked FCX 624s)
- Virtuozzo used on production network as the main virtualization software (moved to hyper-V)
- "Core" switch was one large HP chassis with everything plugged into it (replaced with an ethernet fabric and a true collapsed core design)
- Fiber optics converted by 10 year old omnitron devices (replaced with switches that support SFPs)
- Used netvault backup with no exchange or virtuozzo license even though we used both of those technologies (replaced with Commvault)
- 40 TB SAN with a license for a 17TB VTL (replaced with an EMC 5200)
- Fiber Channel with single paths (multi-pathed them)
- Dual FC links to failover site were configured half duplex (replaced with true LR optics)

The jerry rigging this place went through to keep everything up was epic.

phoeneous

On an asa, I've seen telnet 0.0.0.0 0.0.0.0 outside a few times.

NightShade1

One time i saw in a WLAN 12 SSIDs broadcasted by managed APS...
This was really hilarous because they were asking why the Wireless was going soo slow

I have seen 8 SSIDs 7 SSIDs, which still hilarous, but never 12 SSIDS!

Cheers
Carlos

RouteMyPacket

Iristheangel wrote: »

If you're using Cisco switches, just turn on DHCP snooping. I like setting rate limits down to the interface level.

You are so smart.

Iristheangel

Smartass