Re: [ubuntu-users] Security and Intrusions
- From: "Mark Haney" <mhaney@xxxxxxxxxxxxxxxx>
- Date: Wed, 14 Jan 2009 13:53:37 -0500
Ted Hilts - Thunderbird Acct. wrote:
This email not about Thunderbird but I use Thunderbird as an example. I
noticed that when using Thunderbird mailer some of the "cc" alternatives
in the prompt field were not mine nor anyone I contacted.
What? You need to explain that a little more. It's possible that
T'bird is adding all emails you've received and their contact info to
the address book. That would potentially explain that.
I currently
operate with no firewall active for the machines in my LAN because I am
trying to address some issues that the firewall complicates. So I am
***not*** asking about how to set up a firewall. I am asking the
following: "How do I establish if I have an intruder using my LAN
resources"???. Recently I have seen the operation of one of my LAN
machines get slower and slower while there is little or no change in the
performance of other LAN machines.
This gets messy. However, the best options are to look for processes
that take up a lot of CPU time and determine if they are legitimate
processes (that may be acting up) or processes that are not legitimate.
That might be hard to do, but baselining a systems running processes
should be a pretty standard thing to do.
In this case on linux systems 'top' is your friend. (Or insert your DE
system monitor here). That will show you the processes that are taking
up the mst CPU time.
Also, a related issue: How do I establish if a slow down of processing
on my LAN computers is due to:
1. A problem within the LAN itself.
The best way to test to see if it's the LAN is to shut down the internet
connection and try to copy files between the systems on the LAN. You
can also look at the network monitor (I use a sysmon on Plasma in KDE4)
that will tell you network usage.) for high bandwidth usage.
You can also determine, if the LAN is the problem, which system it is by
shutting down systems one at a time and seeing if the problem goes away.
(That's the quick and easy way)
2. or a problem on the Internet:
due to congestion of the route available
Speed testing is a good thing for your internet connection, but beware
of the ones you normally see. I recommend trying an FTP connection if
you can, or use a tool like iperf or something similar to test the link.
3. or the slowness of a certain server passing data to my LAN(down for
maintenance or simply overloaded and dropping clients)
You can test that by doing flood pings to the server, but that doesn't
always mean the system is slow, it might also be a slow link between you
and the internet. This is the hardest to troubleshoot since there are
dozens of possible ways connection speed could be affected between you
and a server on the intarwebs.
4. or one of the ISPs throttling (restricting) bandwidth (I know that
Bell Canada sells bandwidth to my ISP (I am in Canada) and Bell has been
identified in the news as doing this and has been before the CRTC to
justify it's behavior. Also, a British ISP has engaged in this behavior
according to the news. My ISP says that Bell's behavior does not affect
them and therefore does not affect me. However, in a recent news
article one of Bell's associated ISPs (who buys bandwidth from Bell) was
restricted by Bell in the use of that bandwidth during certain times.
What other ISPs do doesn't always mean your ISP is doing it. You can
look at their fine print on their service contracts to see if they are
doing it. Or calling and asking, but I rather doubt you'll get a
straight answer on that.
I ask these above questions because I encounter numerous slowdowns and
drop offs affecting my LAN (some requiring reboot) as well as certain
LAN machines going almost dead at one time and then booming along at
some other time or one machine in particular doing very little while
another machine is doing a lot. Based on the list's discussion on SSH I
know there are people on the list that can answer these questions. My
LAN has both Windows and Linux machines. I really need to get some kind
of handle on all of this. Is there an application somewhere that can
track all of this so that it is obvious to ***me*** (retired -- old and
getting older -- forgetful and getting more forgetful -- dumb and
getting dumber -- with one foot already in the grave).
These are good questions, but not ones easily answered. What OS are
these systems running? Personally if you aren't behind a firewall, I'd
be very very worried. Especially if there are any windows systems on
that LAN. The things I"ve offered are only the tip of the iceberg to at
least get you started on troublehsooting the issues. I suggest starting
with one system and going from there rather than trying to debug
connection issues on the internet.
Internet connection speeds won't typically slow a system down,
processing wise. I typically transfer 6-7Mbps from my system to to the
network without causing KDE or GNOME to be sluggish. I would look at a
system being unresponsive as a SYSTEM only issue and start from there.
Thanks -- Ted
--
Frustra laborant quotquot se calculationibus fatigant pro inventione
quadraturae circuli
Mark Haney
Sr. Systems Administrator
ERC Broadband
(828) 350-2415
Call (866) ERC-7110 for after hours support
--
ubuntu-users mailing list
ubuntu-users@xxxxxxxxxxxxxxxx
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
- References:
- [ubuntu-users] Security and Intrusions
- From: Ted Hilts - Thunderbird Acct.
- [ubuntu-users] Security and Intrusions
- Prev by Date: Re: SSH hacked?
- Next by Date: Re: Security and Intrusions
- Previous by thread: Re: Security and Intrusions
- Next by thread: Re: Restricted modules in Ubuntu
- Index(es):
Relevant Pages
|
