Security Basics mailing list archives

Re: weird

From: H Carvey <keydet89 () yahoo com>
Date: 21 Feb 2004 12:35:18 -0000

In-Reply-To: <Sea1-DAV336AATiyhGv000005d6 () hotmail com>

Kenzo,

What could it be?  Did someone flood the network on purpose? If so, how do I
track it?
Or could it be that a bad Nic or device on the network just went crazy for a
while. (That's what my boss seems to think.) Even then, how do I track it?


For all the troubleshooting you mentioned, one thing that I noticed that wasn't one of the options was checking the 
logs of the switches.  I'd suggest (if you don't already have it) enabling auditing on the devices and sending the 
syslog to a central host.  I'm aware that the log entries won't make it through when you've got issues going on as 
those you've described, but perhaps you'll see something that leads to the issue.  Another option is to connect the 
logging server to a separate interface...


---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.securityfocus.com/sponsor/Astaro_security-basics_040219
----------------------------------------------------------------------------

Current thread:

weird kenzo (Feb 20)
- RE: weird Chris McClincy (Feb 24)
- Re: weird Byron Sonne (Feb 24)
- Re: weird Aaron Keck (Feb 24)
  - Re: weird sunflower (Feb 25)
- Re: weird Secdigital (Feb 24)
- Re: weird Michael Gale (Feb 25)
- <Possible follow-ups>
- Re: weird H Carvey (Feb 24)
- RE: weird Hagen, Eric (Feb 24)
- RE: weird jeff . frost (Feb 24)
- Re: weird Cesar Osorio (Feb 24)
  - Re: weird kenzo (Feb 24)
- RE: weird Day, David (Feb 25)
- RE: weird MARTIN M. Bénoni (Feb 25)