Kerberos Traffic on Enterprise Network
Ken Raeburn
raeburn at MIT.EDU
Tue Dec 30 18:16:46 EST 2003
On Tuesday, Dec 30, 2003, at 10:48 US/Eastern, Palumbo, Matthew wrote:
> Wondering if anyone would have an insight to why the BULK of my
> network traffic would be from the Kerberos protocol.
>
Do you mean Kerberos-related protocols like Kerberos-encrypted rlogin?
Maybe lots of people are using Kerberos-secured protocols, or one or
two people are using them for massive exchanges of data?
Or do you mean the traffic to port 88 makes up the majority of your
traffic? Perhaps someone has a badly configured client (or broken
software) which is continually requesting tickets? Perhaps someone is
submitting a vast number of ticket requests in a brute-force attempt to
guess someone's password?
It would help if you could get a packet dump from your network and
decode what some of the packets actually are. (I haven't used the
fancy packet-decoding facilities of packet tracing programs with
Kerberos, so I can't tell you for sure which ones will handle it, but
I've heard ethereal is a pretty good choice.)
Ken
More information about the Kerberos
mailing list