
How to blow up a server in one mouse click - davewiner
http://scripting.com/stories/2010/10/06/howToBlowUpAServerInOneMou.html
======
frognibble
The server is running on EC2. As far as I can tell, EC2 does not have a
virtual console interface or any other way to rescue a server that blocks all
network connections with a firewall.

------
pseudonym
Virtual machines run on physical machines. Physical machines can have stuff
plugged into them and can probably run a VM app.

It's a hassle, sure, but if you're hosting this elsewhere chances are this
isn't the first time this has happened, and if you're hosting it yourself then
problem solved.

------
brk
Why would you have to completely re-provision a machine just because you
turned the firewall on?

I'm guessing maybe this is a VM?

Either way, I tend to prefer hardware firewalls over software firewalls for
this reason ESPECIALLY on Windows. With a "real" firewall, you can generally
maintain a connection to the firewall (if you've set it up right), and that
way if you firewall off the wrong port and need to reverse something you can
still do so.

~~~
mkelly
Isn't that what he says?

"And this is a completely virtual machine, there's no keyboard, no big red
switch, no physical reality with which to fix this."

~~~
brk
Oops, yeah. I missed the "virtual" part. That's what I get for
reading/commenting while on a conference call and working on a remote desktop
session...

------
mkelly
I think changing firewall rules remotely is _one of those things_ where it
pays to be extra-careful, and then make sure you have access to the console
(or physical access) for when you inevitably mess it up and lock yourself out.

------
makmanalp
What? How does he not have access to a serial console or something?

------
bradleyland
If you can get a command prompt, you can just run:

netsh firewall set opmode disable

Tragedy averted.

------
martinp
Why couldn't he reach port 5337 if the firewall was turned off? Doesn't make
sense.

~~~
jhrobert
True. Maybe he assumed that when the firewall was off, everything was blocked
(forgetting about the remote desktop).

~~~
davewiner
It's a good question why 5337 wasn't accessible, but it wasn't.

That's why I was clicking around looking for reasons when the OS asked this
question (which I answered too quickly without thinking).

No matter, I've already provisioned a new server to take its place, and
terminated the old one.

