Security Basics mailing list archives
Re: weird
From: H Carvey <keydet89 () yahoo com>
Date: 21 Feb 2004 12:35:18 -0000
In-Reply-To: <Sea1-DAV336AATiyhGv000005d6 () hotmail com> Kenzo,
What could it be? Did someone flood the network on purpose? If so, how do I track it? Or could it be that a bad Nic or device on the network just went crazy for a while. (That's what my boss seems to think.) Even then, how do I track it?
For all the troubleshooting you mentioned, one thing that I noticed that wasn't one of the options was checking the logs of the switches. I'd suggest (if you don't already have it) enabling auditing on the devices and sending the syslog to a central host. I'm aware that the log entries won't make it through when you've got issues going on as those you've described, but perhaps you'll see something that leads to the issue. Another option is to connect the logging server to a separate interface... --------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.securityfocus.com/sponsor/Astaro_security-basics_040219 ----------------------------------------------------------------------------