Educause Security Discussion mailing list archives
Re: Sniffer notification
From: Doug Sandford <dsandfor () SEEBECK UA EDU>
Date: Tue, 23 Mar 2004 11:05:23 -0600
Cal, So are you saying that the decision to begin the sniffer process was validated due to network load concerns rather than something else? I'm not saying that that is bad form, mind you.Any action is better than none at all. I am however curious about the circumstances that have led organizations to bite the proverbial bullet and begin sniffing. Additionally, do any of you by policy differentiate between sniffing, monitoring and scanning? They are sometimes lumped in together often, I suspect, to justify any or all of these processes. Forwarded by: dsandfor () seebeck ua edu Forwarded to: doug () bama ua edu Date forwarded: Tue, 23 Mar 2004 10:29:00 -0500 Date sent: Tue, 23 Mar 2004 11:28:27 -0500 Send reply to: The EDUCAUSE Security Discussion Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> From: Cal Frye <cjf () CALFRYE COM> Organization: Oberlin College Subject: Re: [SECURITY] Sniffer notification To: SECURITY () LISTSERV EDUCAUSE EDU At the moment, we have several dorms complaining of general network congestion or sluggishness, including the inability to maintain connections with some of our own servers. We've checked wiring, switch configuration, errors on the ports, much statistical and aggregate analysis. We're searching for signs of specific troubles in client-server connections, which pretty much means we need to sniff traces and see what's going on. Could be virus-related activity that is blocked from campus upstream, might be within-dorm P2P activity we're also not seeing. We want to work with some of the squeakiest wheels and see what's interrupting their attempts to contact our servers. --Cal Frye, Network Administrator, Oberlin College www.ouuf.org, www.calfrye.com "What a school thinks about libraries is a measure of what it thinks about education" Doug Sandford wrote:
I would be interested to know what circumstances led you and others to move forward with the Sniffer project. Several factions here have resisted the process because of perceived privacy issues, thus the delay/hesitancy. Was your decision driven by the recent spate of virus and 'compromised host' issues?
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. Doug Sandford Information Security Officer University of Alabama Seebeck Computer Center doug () ua edu This email is intended only for the person to whom it is addressed. Any review or other use of this information by persons or entities other than the intended recipient or any retransmission without the consent of the sender is prohibited. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Sniffer notification Cal Frye (Mar 23)
- <Possible follow-ups>
- Re: Sniffer notification Doug Sandford (Mar 23)
- Re: Sniffer notification Matthew Keller (Mar 23)
- Re: Sniffer notification Richard Gadsden (Mar 23)
- Re: Sniffer notification Tracy Mitrano (Mar 23)
- Re: Sniffer notification Brian Reilly (Mar 23)
- Re: Sniffer notification Neil_Sachnoff (Mar 23)
- Re: Sniffer notification Cal Frye (Mar 23)
- Re: Sniffer notification Dan Schneider (Network Administrator) (Mar 23)
- Re: Sniffer notification Doug Sandford (Mar 23)
- Re: Sniffer notification Cal Frye (Mar 23)
- Re: Sniffer notification David L. Wasley (Mar 23)
- Re: Sniffer notification Cal Frye (Mar 23)
- Re: Sniffer notification Carol Myers (Mar 23)
- Re: Sniffer notification Brian Reilly (Mar 23)
- Re: Sniffer notification Brian Kaye (Mar 24)
- Re: Sniffer notification Brian Eckman (Mar 24)
- Re: Sniffer notification Bruggeman, John (Mar 24)