On Fri, 2003-10-31 at 09:38, Bill Tangren wrote: > Hello all, > > Our network had been VERY slow in the last two weeks. We have a T3 line, > but sftp transfer rates are down around 10kB/sec now. I suspect some > type of attack on our firewalls, though I've never heard of an attack > being sustained for so long. They can go on indefinitely, if nobody does anything about it. > Could someone tell me what to look for? My logs ( I run several servers > behind the firewall, but I don't administer the firewall itself) don't > show anything unusual that I can find. I have been examining web server > logs, and mail logs, and I scrutinize the output from LogWatch. > > Where else should I look? At your connection? Why haven't you saked the firewall administrator to review your traffic levels/types? Obviously, if you're under ICMP flood attack (for example), it's not going to show in your web or mail logs. -- Jason Dixon, RHCE DixonGroup Consulting http://www.dixongroup.net -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
