Ghosts in the network

When strange things appear (if not evil), then network problems have arisen. Technology experts began searching for hidden criminals.

This is the true story of a ghost service, a "ghost" service that almost broke our network. Mysterious? Probably not. It's just common sense plus a bit of interesting device delivery technology that you can't see.

Our current network has huge mainframes for smart Windows, Unix, smart terminals, NT and thousands of clents and powerful dedicated services. We monitor every aspect of their activities. But there is a 'ghost' that almost pulls us down.

From the beginning there were signs of ominous signs. A network printer had a buffer overflow, printing jobs were stalled. We found that it was due to hardware failure. Switch to using an old machine, get a new internal configuration, reboot the device and get it back to normal.

Then the same thing happened to another printer. A device that communicates master in a flash is broken. In just a minute, we determined that there was nothing to save it. Users record false data titles. Strange surprises happen more often than not in any form.

Computer virus on the server? Network worm on shared device? Not like that. We have used a multi-tier protection program to prevent aggregate threats.

NetOps catches some signals. They are random, but clearly organized from within the network. We have a "ghost" server.

Cause? Consider some of the tips below.

Retain the changed hardware information

Some of our very old servers have been in operation for years, they heavily carry out their maintenance work. New hardware has been removed and removed. Many older devices may not be found unless there is important memory.

Scan the entire IP range periodically

Most modern operating systems monitor a wide range of activities. But be cautious! They cannot determine what they don't see. Older hard drives may be below the radar range. Our unnamed 'ghost' service cannot be detected by conventional means.

Human-machine communication programs can represent their clients, but not all machines run on every service. We suddenly realized that we didn't have a single, simple, comprehensive method to detect everything on our network.

The mediocre ' ping ' command becomes a lifeline. It detects connections and allows you to pack IP addresses when surfing through your network.

Using standard naming conventions provides a lot of news

'Good-looking' service names can be surprising, but it's hard to work when trying to allocate an element while you're in a hurry. Encrypt the area and feature on the device name saving both time and the potential for future discomfort. You should create a label name for each server with a tag that attaches both the name and IP address in the visible area when logging in to the service. This technique may seem insignificant, but it saves valuable time when you have to try to find a box in the middle of a series of 'colleagues'.

Read your log records

A log file can provide quite a bit of information. If the data content is too large, it can be rendered into a spreadsheet or database and view it in a sorted order. Old machines that provided this service for some time did not have standard names.

A ping command, a log file and an order detected our 'ghost' server. The network segment provides its adjacent area in the building. System users do not remember the area correctly, but the lab people remember some devices have been moved. And with their help, we finally found it.

The 'occult' object is isolated in a sealed box, obstructed by the splits and runs a language form of SCO Unix with several operating system versions behind. Nobody knows where that device is. It was shipped when the previous manager upgraded the UPS. And he retired before taking it out of service. The staff at that time had left the company for a long time.

The device is a simple test service that monitors communication with data devices. It works silently with a routing task and periodically provides a LAM ( Look-At-ME! ) Warning when there is danger. LAM alerts are put on the network without anyone noticing until they conflict with other service volumes. These conflicts only appear when there is an abnormality of the system.

What lessons did you know? Please know about your network. Cite resources, scan the range you have.

Sometimes a little common sense of low technology solves the 'ghost' in your network.

T.Thu