This section describes a number of protocols that are used by people and programs to manage and maintain networks and machines. These include informational protocols like syslog and the Simple Network Management Protocol (SNMP), routing protocols like RIP and OSPF, system configuration protocols like bootp and Dynamic Host Configuration Protocol (DHCP), and ICMP and NTP. Where appropriate we also discuss tools that use these protocols, such as ping and traceroute.
These protocols are used to manage devices on the network, either by simply conveying information about their status or by actually controlling remote devices.
syslog is used to manage log messages in a centralized way. syslog got its start as a way of centrally recording messages for a set of Unix machines, but many network devices (routers, hubs, etc.) now use syslog to report status and usage information. Such devices often don’t even have a way to record this information locally, because they don’t have any writable storage media; if you want to know what they’re reporting, something has to be listening to their syslog messages.
Microsoft operating systems do not provide syslog support; instead, they use a combination of a local log manager and SNMP for remote event reporting. It is possible to get implementations of syslog for such systems.
Attackers will often attempt to flood a site’s syslog server in order to cover their tracks, so that the server ...