Post #438,428
2/19/21 10:27:00 AM
2/19/21 10:27:00 AM
|
I’ll pass this on to him
He’s been looking at the Mac OS “Console,” and yes, that will look like all sorts of things are going on. It’s difficult getting a clear idea of what’s going on from his, er, somewhat discursive telephone accounts, so I think I’m going to have to make a house call later this month. My personal belief, on the basis of admittedly incomplete and less than coherently organized information, is that A. is misinterpreting various kinds of system weirdness and, having concluded that bad actors are at work, is shoehorning all perceived irregularities into this scenario.
I don’t have anything approaching the technical chops of most of the regulars here (and I’m particularly weak on networking issues), but I have almost thirty-seven years of Mac experience under my belt, and I think I can probably fix at least some of his issues. Here’s hoping.
cordially,
|
Post #438,429
2/19/21 10:36:24 AM
2/19/21 10:36:24 AM
|
This reminds me of
Many years I set up a internet monitoring console. Our main network guys could take a glance at a web screen and it would show with pretty pie graphs where all the internet traffic was coming from. Except for one day it started coming from a decidedly centralized place.
I forget where it was coming from. But it wasn't bad. It was a traffic aggregator / centralizer that front-ended various websites and it was just launching over the last couple of weeks. So our internet traffic came from a whole bunch of places and then kind of centralized to a mostly single place.
At that moment my network administrator flipped out and decided that the vast majority of machines on our network were hacked and they were redirecting traffic to this centralized location and it was all bad and he had to shut it off. I tried to explain to him that this was not the case. It didn't matter. He shut that s*** down.
It took about three or four hours before enough people screamed at him that he realized this was a bad idea and he really needed to turn everything back on.
At that point I realized you shouldn't hand tools to monkeys. They will misuse the tools.
|
Post #438,434
2/19/21 2:05:42 PM
2/19/21 2:05:42 PM
|
Yes and no
If I'm paying someone to secure my network, and one day the traffic patterns change substantially and he wasn't expecting it, I'd want him to block that source until he understood the change. And I'd want that person to be more paranoid and dogmatic than I am.
In that couple hours before he opened things back up, was he researching the new aggregator to confirm what you told him? Or did he just give in to the screaming?
|
Post #438,436
2/19/21 4:49:31 PM
2/19/21 4:49:31 PM
|
No idea. 20 plus years ago
|
Post #438,439
2/20/21 10:12:42 AM
2/20/21 10:12:42 AM
|
Similarly, ...
I was trying to figure out some networking issue at work and decided to look at the Windows traffic. I was flabbergasted by what I saw.
Very roughly:
Joe's PC - "I'm here. Anyone out there?" Jacks's PC - "I'm here. Anyone out there?" Jane's PC - "I'm here. Anyone out there?" Bob's PC - "I'm here. Anyone out there?" Joe's PC - "I'm here. Anyone out there?" Jacks's PC - "I'm here. Anyone out there?" Jane's PC - "I'm here. Anyone out there?" Bob's PC - "I'm here. Anyone out there?" Joe's PC - "I'm here. Anyone out there?" Jacks's PC - "I'm here. Anyone out there?" Jane's PC - "I'm here. Anyone out there?" Bob's PC - "I'm here. Anyone out there?"
It was amazing that there was any bandwidth left with all the chatter. :-/
Yeah, it's great that the pointy-clicky tools are out there, but if one doesn't know what normal looks like it can be overwhelming.
Cheers, Scott.
|
Post #438,445
2/20/21 4:53:12 PM
2/20/21 4:53:12 PM
|
very normal
"Science is the belief in the ignorance of the experts" – Richard Feynman
|
Post #438,446
2/20/21 5:05:22 PM
2/20/21 5:05:22 PM
|
Yeah.
I neglected to mention that this was way back when I was running OS/2.
:-)
Still, normal. But I was surprised.
Cheers, Scott.
|
Post #438,447
2/20/21 5:10:13 PM
2/20/21 5:10:13 PM
|
Yeah we both reacted like that
Those were standard arp announcements. When you see them on a tiny little network for the first time it's easy to absorb them and understand why it was reasonable in those days. But then when you see them on a monster network and you realize the amount of background chatter going on at all times you realize you are really happy that wire shark has colored tracking to separate the conversations.
|
Post #438,448
2/21/21 5:23:18 AM
2/21/21 5:23:18 AM
|
It's almost as if...
...the amount of network traffic on a corporate network is much larger than human brainmeats are able to comfortably conceptualise in real-time.
They're NETBIOS browser announcements. A few bytes, per machine, every few seconds. Basically non-existent, in the context of a 100 megabit or better network. Then there's ARP, and DHCP, and this and that and and the other.
|
Post #438,450
2/21/21 11:36:31 AM
2/21/21 11:36:31 AM
|
That goes under the heading of : holy s***
All those protocols that developed over all those years that aggregated into the pipes that we have to f****** figure out right now.
yeah, you know it simply doesn't work for human brains to be able to absorb all the crap at once. I'm almost happy I don't work in that environment.
|
Post #438,478
2/23/21 6:46:18 PM
2/23/21 6:46:18 PM
|
Yah. NetBIOS has a reputation for being very chatty.
|
Post #438,431
2/19/21 12:03:27 PM
2/19/21 12:03:27 PM
|
End users should never look at system log files
|