On Fri, Oct 31, 2003 at 09:38:35AM -0500, Bill Tangren wrote: > Our network had been VERY slow in the last two weeks. We have a T3 line, > but sftp transfer rates are down around 10kB/sec now. I suspect some > type of attack on our firewalls, though I've never heard of an attack > being sustained for so long. > > Could someone tell me what to look for? My logs ( I run several servers > behind the firewall, but I don't administer the firewall itself) don't > show anything unusual that I can find. I have been examining web server > logs, and mail logs, and I scrutinize the output from LogWatch. > > Where else should I look? Has anything changed? Have any servers or switches been rebooted? Are you sure that you're negotiating speeds properly (i.e. 100 mbps full) or do you have them all forced? Is performance between your servers on the inside of the firewall ok? If so, it's not a firewall issue or your firewall is letting the bad stuff through. If it's fine, start pinging your firewall and work your out to see performance along the way and see which segment has the issue. I would tend to install mrtg and have it monitor each interface on your firewall and switches. Once you've narrowed it down to which interface on which switch, you can then start troubleshooting it down from there. -- Ed Wilts, Mounds View, MN, USA mailto:ewilts@xxxxxxxxxx Member #1, Red Hat Community Ambassador Program -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list