Black Friday, Technology Glitches and Revenue Lost

This morning my wife was trying to purchase something from She ran into an issue at the point of transaction. The error that was being returned looked like the credit card number was invalid. Since the first attempt was on a mobile device, she attempted the transaction again from a computer. This was met with the same challenge. Ultimately, three different credit cards were attempted and none seemed to work. After reviewing the card account activity, I could see a total of about 5 authorizations against the 3 cards.

My wife contacted BELK by phone and they asked us to call our cc company (which I begrudgingly did). Finally they were able to process the cart transaction manually and admitted that we weren’t the only people experiencing the problem. They went on to say that their systems were very slow and that they were having issues with transactions internally too.
Continue reading

Posted in Rant, Technology | Tagged | 2 Comments

Spearphishing Attacks Against Hostmonster Customers

I tend to see a lot of phishing emails. The message I received this morning caught my eye. It was fairly well crafted and obviously targeted. After searching the Internet, I found that some GoDaddy customers have received something similar. This seems to be making its way around the internet to website administrators. The most curious thing to me is how someone associated the email address with a Hostmonster account.

Phishing Email Message

Screen Shot 2015-11-18 at 6.58.02 AM

As can be seen above, the message read–

Your account contains more than 4035 directories and may pose a potential performance risk to the server. Please reduce the number of directories for your account to prevent possible account deactivation.

In order to prevent your account from being locked out we recommend that you create special temp directory.

The link goes to kct67<dot>ru.

Message headers also suggest a Russian origin–

Received: by with SMTP id 11csp1084546qgx;
        Tue, 17 Nov 2015 20:25:39 -0800 (PST)
X-Received: by with SMTP id k202mr1408853lfe.161.1447820739327;
        Tue, 17 Nov 2015 20:25:39 -0800 (PST)
Return-Path: <[email protected]>
Received: from ( [])
        by with ESMTPS id xd10si580044lbb.198.2015.
        for <[email protected]>
        (version=TLSv1 cipher=RC4-SHA bits=128/128);
        Tue, 17 Nov 2015 20:25:39 -0800 (PST)
Received-SPF: pass ( domain of [email protected] designates as permitted sender) client-ip=;
       spf=pass ( domain of [email protected] designates as permitted sender) smtp.mailfrom=[email protected]
Received: from pike.intph ([]
	by with esmtp (Exim 4.77 (FreeBSD))
	(envelope-from <[email protected]>)
	id 1ZyuJH-000K6k-JN
	for [email protected]; Wed, 18 Nov 2015 07:25:31 +0300
Received: (from qce@localhost)
	by (8.14.5/8.13.8/Submit) id tAI4P7lP079360;
	Wed, 18 Nov 2015 07:25:07 +0300 (MSK)
	(envelope-from qce)

My word of advice would be that site administrators exercise caution when opening messages from their hosting providers. In addition, it certainly makes sense to change applicable passwords on a regular basis.

Posted in Uncategorized | Leave a comment

Merchant Processes and CID/CVV2

I recently received a letter from the company that monitors my home alarm. It basically stated that to avoid a $3US surcharge that I must opt out of receiving bill in the mail (which is fine) and that I must set up automatic transactions.  I also found this form attached.

Merchant Form Continue reading

Posted in Rant | 2 Comments

OSX, Outlook 2011 and Evernote

If you are using Outlook and Evernote on the Mac, check out the article below. It outlines an AppleScript that allows the user to press Command+E to add an email, or selected portion of an email to Evernote.

As I implemented this, I did run into a couple of caveats. My suggestion is to make sure to read the comments in the script and to relaunch Outlook between changes. Thanks to Justin Lancy for a great tip.

Continue reading

Posted in Uncategorized | Leave a comment

VLAN Bridging with FirePOWER

Although not immediately obvious, the FirePOWER Series 3 devices can do a form of IPS on a stick. This means that the capability described here should be available to the current appliance versions of the FirePOWER managed devices. The premise involves connecting broadcast domains (VLANs) to bring the managed device inline between the initiator and responder of a flow. Configuration is fairly straightforward but does have some caveats.


  • Even though only a single port is required, a virtual switch must be configured (this cannot just be an inline pair)
  • BPDUs being bridged between VLANs are detected and will render the switchport(s) in an inconsistent state
  • The FirePOWER physical interface will not activate until it is also bound to a Virtual Switch

FirePOWER Bridge VLANsThe diagram shows two devices in the same VLAN (we will assume /24 for the configuration). The device on the top is in VLAN 100. The FirePOWER managed device bridges VLAN 100 to VLAN 101 and allows the two devices to communicate directly with one another. The connection to the FirePOWER device is a single 802.1q trunk.

Frames arriving on VLAN 100 will be processed and egress with a VLAN tag of 101. This configuration is similar to a Router on a Stick but this example processes frames at layer 2. This methodology has been used to shoehorn an IPS between endpoints for quite a while.

R1 Configuration Continue reading

Posted in Security, Technology | 10 Comments

Are You an ACKer?

There are lots of differences in the way that individuals communicate and interact. One difference I often notice is whether a given individual does or does not respond. Using myself as an example, I will typically respond to a text message or email even if no question is posed. Often I will either Thank the sender or provide some unnecessary comment.

My wife on the other hand almost never responds to an information only message. If nothing is being requested, don’t expect a response. I find that lots of people exhibit this behavior and there’s nothing wrong with it. The lack of a response doesn’t necessarily mean the information isn’t appreciated. It is important to realize that just because you do something a certain way, don’t expect others to do the same.

Continue reading

Posted in Rant, Technology | 3 Comments

Citizens of Tech 001 – Knuckle Cracking Felt Animals

I have a new podcast recommendation to share. The title is Citizens of Tech and is a product of our good friend Ethan Banks and Eric Suthphen. Although it is part of the PacketPushers ecosystem, it is a very different type of podcast. As opposed to typical network-centric topics, this show seems to include all things tech (and things that tech people are interested in).

Check out the first episode here–

Continue reading

Posted in Blogroll, Technology | Leave a comment

CLN 2015 Designated VIPs

I wanted to take a moment and give a well-deserved congratulations to the 2015 Cisco Learning Network Designated VIPs. These fine folks spend a ton of time giving back to the community by helping others in their learning process.

New VIPs for 2015

  • Aref Alsouqi
  • Darren Starr
  • Joshua Johnson
  • Milan Rai

Returning from Previous Year(s)

Continue reading

Posted in Blogroll, Career, Certification, General, Technology | Tagged , , | 4 Comments

Discard Routing for RFC1918 Addresses

While working with firewalls for the last few years, I’ve seen many logs polluted with scanning traffic. Obviously this is the type of thing that I want to see when someone is legitimately scanning, or attempting to scan, through the firewall. However, there are a few cases that seeing this traffic is simply an indication of some other issue in the network.

An example I have seen on several occasions is someone configuring a network management station to discover, or If not properly handled in the routed network architecture, the associated traffic could make its way to the firewall or even to the ISP. An ASA might block the traffic due to policy, reroute it back toward the internal network, drop it due to the intra-interface hairpin configuration, or forward it onward. In most cases, this traffic will cause a lot of “noise” in the syslogs produced by the firewall.

To fully understand the problem, the diagram below can be used for discussion–


In this example, R1 has a static default route that points to the IP address of FW1. R1 advertises this via EIGRP to its internal neighbors. If a networked host attempts to reach a nonexistent subnet of, the traffic would follow the default route to FW1. This issue might also occur if something was communicating with a legitimate internal host and the destination network segment went down. One obvious example would be when a network management station is monitoring a portion of the network that goes offline. To get a baseline understanding, the output below shows the relevant configuration from R1. Continue reading

Posted in CCIE Security, CCNA Security, Certification, General, Network, Technology | Tagged , | 1 Comment

The Longest Match Rule

One of the the concepts that comes up occasionally is that of precedence. For example, one might consider the following routing table entries.

ip route              //default route
ip route      //supernet/cidr route
ip route    //network route
ip route  //subnet route
ip route //host route

Questions often arise around which path a packet would take when it matches more than one entry. For example, a packet may have a destination address of In this case it matches every single route entry. Continue reading

Posted in CCNA, Certification, General, Network, Technology | Tagged | 3 Comments

IRS Banner Fail

So I go to the IRS Page that allows taxpayers to check status of a refund. This is under the number “3” at the following URL–

The following banner pops up prior to setting a browser cookie.


I’m not a lawyer, so I have some questions regarding how to interpret this–

  1. Should this be read as–
    1. Use of this system constitutes consent to monitoring, interception, recording, reading, copying or capturing by authorized personnel of all activities. (or)
    2. Use of this system constitutes consent to monitoring, interception, recording, reading, copying or capturing by authorized personnel of all activities.
  2. And what does authorized personnel of all activities mean. If I use the system, I have to be authorized, or I’m breaking the law (as identified two sentences later–Unauthorized use is prohibited).
  3. So based on #2 above (authorized user). When I use that definition of authorized user in #1, the IRS isn’t accepting responsibility if I somehow happened to perform the following on another user’s information –  monitoring, interception, recording, reading, copying or capturing. (doesn’t exclude my accountability, but it certainly alleviates the IRS accountability)
  4. There is no right to privacy in this system“?
    1. So I’d hope the IRS can access my information, that is sort of the point of the system.
    2. But I also hope that data is private (meaning that the information isn’t publicly available), which is not what the banner states.

Continue reading

Posted in Rant, Technology | Tagged | 2 Comments

Native TFTP and FTP Server in OSX

As a System Engineer, I do occasionally have to do real field work. When that happens, having access to a TFTP and FTP server is sometimes required. Although the [lack of] UI makes the use counterintuitive, these tools are available in OSX. This post includes the commands required to enable, confirm, and disable both TFTP and FTP in the native Mac environment.

TFTP Server

//load the TFTP daemon (typically starts automatically)
sudo launchctl load -F /System/Library/LaunchDaemons/tftp.plist

//confirm that TFTP is listening (netstat)
netstat -atp UDP | grep tftp
udp6       0      0  *.tftp                 *.*   //IPv6 Listening                         
udp4       0      0  *.tftp                 *.*   //IPv4 Listening     

//unload the TFTP daemon
sudo launchctl unload -F /System/Library/LaunchDaemons/tftp.plist

//confirm that TFTP is no longer listening (netstat)
netstat -atp UDP | grep tftp
--no output--

TFTP Caveats

  • Default Directory is /private/tftpboot
  • Copying a file from a device to the TFTP server requires it be “pre” created (Hint: sudo touch /private/tftpboot/<filename>)
  • File permissions typically need to be modified (Hint: sudo chmod 766 /private/tftpboot/*)
  • I just use my TFTP directory for transient file transfers

FTP Server

Continue reading

Posted in Certification, General, Network, Technology | Tagged | 2 Comments