RWB
17 Nov 2006, 10:38am
So earlier when I wasn't here David(another tech) took a call from a lady who was having trouble at one of our hotels. He found her problem and promptly banned her from our server... I was told she was a real bitch about it but here is why she was banned:
(11433) 10.0.0.78/512 (00:04:76:4d:f1:c5) <-> x.x.x.x/16257 ---> 72.238.182.60/0 ICMP MAPPED to=0
(11434) 10.0.0.78/512 (00:04:76:4d:f1:c5) <-> x.x.x.x/16258 ---> 72.238.29.94/0 ICMP MAPPED to=0
(11435) 10.0.0.78/512 (00:04:76:4d:f1:c5) <-> x.x.x.x/16259 ---> 72.238.77.23/0 ICMP MAPPED to=0
(11436) 10.0.0.78/512 (00:04:76:4d:f1:c5) <-> x.x.x.x/16260 ---> 72.238.25.93/0 ICMP MAPPED to=0
(11437) 10.0.0.78/512 (00:04:76:4d:f1:c5) <-> x.x.x.x/16261 ---> 72.238.100.108/0 ICMP MAPPED to=0
(11438) 10.0.0.78/512 (00:04:76:4d:f1:c5) <-> x.x.x.x/16262 ---> 72.238.208.7/0 ICMP MAPPED to=0
OK That first number is the session number, the next is the IP of the guest, the next is her MAC, and next that is blocked out is our server IP and the port it's going through, and next is whatever IP/Port she is trying to get to.
She made up 99% of these sessions, 11K+!!! Ohh and I should mention I had cleared the DAT a couple minutes prior and believe me it would be in he millions if I didn't. In a minute she generated more sessions than the whole hotel does in a few hours, maybe days depending on how many were connected, at the time I was helping her it was 23+/- different connections.
She was also passing quite a bit of traffic, needless to say it was hurting the poor lil fractional T1 we have on site.
So finally a couple hours later I am now working and I get this call, I read the ticket David made on her, I checked the server it looks good cause she is still banned. She wants to fix the problem but needs internet access so she can download and update Spysweeper. She was nice to me so I was willing to help, I needed to unblock her... at first it looked OK despite the sessions being made but the pings on the server slowly creeped up from 40ms to 100ms then after that it just sporadically goes anywhere from 600ms to 1000+ and time out constantly. I allowed her on just long enough to get Spysweeper and update it... of course I don't know Spysweeper but it took 45 minutes to finish, didn't really find much and she had to SUBSCRIBE TO GET IT TO REMOVE THE ITEMS!!!
**** YOU SPYSWEEPER!!!!
So I mention Spybot S&D and Ad Aware, she wants to download those(I don't like recommending things, but I am in a grateful mood tonight I tell you what..) She gets Spybot, I disable her connection while she runs the scan... a call came in que so I dropped her and had her call me back when she is done.
Naturally the next call was a guest from that hotel... she was killing the server so much this guest couldn't even log into the server.... but now she can all of a sudden when I answer... MAGIC! LOL.
After I took a cigarette break I see someone in que, it's her again... Spybot found 700+ items... she cleaned them, and so I enabled her connection... STILL OCCURRING!
Mind you Spybot is free and found 700 objects, and Spysweeper found 28 objects and is not free?!?
I told her to download AVG, I opened her connection again, she got it... guess what. Before the damned program even finishes installing it fixed her problem, it went nuts with virus's it was finding.... BEFORE INSTALL!
After a reboot, I could clearly see her connection looks great! Thanks to Spybot and AVG.... so I had her run a full system scan just to be sure and to call back if she has any trouble with her connection again.
It took 2 hours, but it was worth it. She was grateful... I am da man.
FYI... being a problem on her end, I am not supposed to help her. We'll help with minor things, but not with crap like this. But I was glad to help out... just hope nothing goes wrong and she goes blaming us, that would make my day.
(11433) 10.0.0.78/512 (00:04:76:4d:f1:c5) <-> x.x.x.x/16257 ---> 72.238.182.60/0 ICMP MAPPED to=0
(11434) 10.0.0.78/512 (00:04:76:4d:f1:c5) <-> x.x.x.x/16258 ---> 72.238.29.94/0 ICMP MAPPED to=0
(11435) 10.0.0.78/512 (00:04:76:4d:f1:c5) <-> x.x.x.x/16259 ---> 72.238.77.23/0 ICMP MAPPED to=0
(11436) 10.0.0.78/512 (00:04:76:4d:f1:c5) <-> x.x.x.x/16260 ---> 72.238.25.93/0 ICMP MAPPED to=0
(11437) 10.0.0.78/512 (00:04:76:4d:f1:c5) <-> x.x.x.x/16261 ---> 72.238.100.108/0 ICMP MAPPED to=0
(11438) 10.0.0.78/512 (00:04:76:4d:f1:c5) <-> x.x.x.x/16262 ---> 72.238.208.7/0 ICMP MAPPED to=0
OK That first number is the session number, the next is the IP of the guest, the next is her MAC, and next that is blocked out is our server IP and the port it's going through, and next is whatever IP/Port she is trying to get to.
She made up 99% of these sessions, 11K+!!! Ohh and I should mention I had cleared the DAT a couple minutes prior and believe me it would be in he millions if I didn't. In a minute she generated more sessions than the whole hotel does in a few hours, maybe days depending on how many were connected, at the time I was helping her it was 23+/- different connections.
She was also passing quite a bit of traffic, needless to say it was hurting the poor lil fractional T1 we have on site.
So finally a couple hours later I am now working and I get this call, I read the ticket David made on her, I checked the server it looks good cause she is still banned. She wants to fix the problem but needs internet access so she can download and update Spysweeper. She was nice to me so I was willing to help, I needed to unblock her... at first it looked OK despite the sessions being made but the pings on the server slowly creeped up from 40ms to 100ms then after that it just sporadically goes anywhere from 600ms to 1000+ and time out constantly. I allowed her on just long enough to get Spysweeper and update it... of course I don't know Spysweeper but it took 45 minutes to finish, didn't really find much and she had to SUBSCRIBE TO GET IT TO REMOVE THE ITEMS!!!
**** YOU SPYSWEEPER!!!!
So I mention Spybot S&D and Ad Aware, she wants to download those(I don't like recommending things, but I am in a grateful mood tonight I tell you what..) She gets Spybot, I disable her connection while she runs the scan... a call came in que so I dropped her and had her call me back when she is done.
Naturally the next call was a guest from that hotel... she was killing the server so much this guest couldn't even log into the server.... but now she can all of a sudden when I answer... MAGIC! LOL.
After I took a cigarette break I see someone in que, it's her again... Spybot found 700+ items... she cleaned them, and so I enabled her connection... STILL OCCURRING!
Mind you Spybot is free and found 700 objects, and Spysweeper found 28 objects and is not free?!?
I told her to download AVG, I opened her connection again, she got it... guess what. Before the damned program even finishes installing it fixed her problem, it went nuts with virus's it was finding.... BEFORE INSTALL!
After a reboot, I could clearly see her connection looks great! Thanks to Spybot and AVG.... so I had her run a full system scan just to be sure and to call back if she has any trouble with her connection again.
It took 2 hours, but it was worth it. She was grateful... I am da man.
FYI... being a problem on her end, I am not supposed to help her. We'll help with minor things, but not with crap like this. But I was glad to help out... just hope nothing goes wrong and she goes blaming us, that would make my day.