On Fri, Oct 31, 2003 at 09:38:35AM -0500, Bill Tangren wrote:
Our network had been VERY slow in the last two weeks. We have a T3 line, but sftp transfer rates are down around 10kB/sec now. I suspect some type of attack on our firewalls, though I've never heard of an attack being sustained for so long.
Could someone tell me what to look for? My logs ( I run several servers behind the firewall, but I don't administer the firewall itself) don't show anything unusual that I can find. I have been examining web server logs, and mail logs, and I scrutinize the output from LogWatch.
Where else should I look?
Has anything changed?
Not that I know of, but I can't vouch for the firewall itself, or the switches. Don't know about
> Have any servers or switches been rebooted?
Don't think so, but I'll have to ask.
Are you sure that you're negotiating speeds properly (i.e. 100 mbps full) or do you have them all forced?
They are all being forced, or they were anyway.
Is performance between your servers on the inside of the firewall ok?
Yes, performance behind the firewall is just fine. It is passage *through* the firewall, both ways, that is crawling.
If so, it's not a firewall issue or your firewall is letting the bad stuff through. If it's fine, start pinging your firewall and work your out to see performance along the way and see which segment has the issue.
OK, thanks.
I would tend to install mrtg and have it monitor each interface on your firewall and switches. Once you've narrowed it down to which interface on which switch, you can then start troubleshooting it down from there.
I will talk to the firewall sysadmin about this. Thanks.
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list