Infrastructure status, 2008-08-16 UTC 1530

[max]

Steve Repo wrote:

> If only all the sysadmins in the world had the time to check on each system
> and every packet on the network! Try looking for a needle in a haysack?
> 
Sure but I would assume, wrongly it seems, that a good admin has taken 
the time to establish some sort of baseline for the network. If you 
monitor traffic once in a while and know what is going on the task is 
certainly manageable. You don't need to necessarily monitor every box or 
even everything getting onto the network just the outbound traffic if 
that's all you have time for. Certainly not a small task but you should 
be able to reasonably sift through it if you've monitored the network 
over a period of time and understand what is normal for your network and 
what is not. If you haven't then I would suggest starting now. The 
filters on wireshark are damn good and once you learn what is more or 
less normal for your network then spotting oddities is easier. Of course 
you'll ultimately have to rely a lot on your own judgement but there are 
many tools to help monitor network activity.
Nagios is one, hobbit is another if memory serves, there is whois for 
checking who ip may belong to.

> The least fedora could have done is give some suggestions to users on how to
> take precautions if this is really a security issue which seems quite
> obvious now since it's been days and everyone is in the dark
> 
I am not sure how to respond to the above except to say that I don't 
think fedora expects to have to manage your machines for you. Rather 
than have you get insulted, which is probably unavoidable at this point, 
and start a flame war about what fedora should and shouldn't do maybe we 
can discuss some of the things to do to secure a network and how to 
proceed if you *suspect* you have a compromised box or two online. Where 
are all those oldtime admins? how about schooling us youngsters on 
proper procedure instead of watching another thread descend into 
pointless bickering.

-Max