Wondering if anyone would have an insight to why the BULK of my network traffic would be from the Kerberos protocol.
Do you mean Kerberos-related protocols like Kerberos-encrypted rlogin? Maybe lots of people are using Kerberos-secured protocols, or one or two people are using them for massive exchanges of data?
Or do you mean the traffic to port 88 makes up the majority of your traffic? Perhaps someone has a badly configured client (or broken software) which is continually requesting tickets? Perhaps someone is submitting a vast number of ticket requests in a brute-force attempt to guess someone's password?
It would help if you could get a packet dump from your network and decode what some of the packets actually are. (I haven't used the fancy packet-decoding facilities of packet tracing programs with Kerberos, so I can't tell you for sure which ones will handle it, but I've heard ethereal is a pretty good choice.)
Ken
________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
