[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Infrastructure status, 2008-08-16 UTC 1530



Steve Repo wrote:

If only all the sysadmins in the world had the time to check on each system
and every packet on the network! Try looking for a needle in a haysack?

Sure but I would assume, wrongly it seems, that a good admin has taken the time to establish some sort of baseline for the network. If you monitor traffic once in a while and know what is going on the task is certainly manageable. You don't need to necessarily monitor every box or even everything getting onto the network just the outbound traffic if that's all you have time for. Certainly not a small task but you should be able to reasonably sift through it if you've monitored the network over a period of time and understand what is normal for your network and what is not. If you haven't then I would suggest starting now. The filters on wireshark are damn good and once you learn what is more or less normal for your network then spotting oddities is easier. Of course you'll ultimately have to rely a lot on your own judgement but there are many tools to help monitor network activity. Nagios is one, hobbit is another if memory serves, there is whois for checking who ip may belong to.

The least fedora could have done is give some suggestions to users on how to
take precautions if this is really a security issue which seems quite
obvious now since it's been days and everyone is in the dark

I am not sure how to respond to the above except to say that I don't think fedora expects to have to manage your machines for you. Rather than have you get insulted, which is probably unavoidable at this point, and start a flame war about what fedora should and shouldn't do maybe we can discuss some of the things to do to secure a network and how to proceed if you *suspect* you have a compromised box or two online. Where are all those oldtime admins? how about schooling us youngsters on proper procedure instead of watching another thread descend into pointless bickering.

-Max


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]