10:38 Beware unauthorized traffic! | |
It's no secret that when you connect any network device to the Internet generates traffic that we "did not order." Main sources:
In the article there is no step by step instructions to ensure network security. Hopefully, users of material have thoughts, and experienced network administrators add information specifics. The article contains no references, and GMOs. Spurious TrafficUncontrolled network activity. Even if your connection is 100% closed - if there is a real fixed IP-address instead of "gray" and / or dynamic IP-address provided by ISP to internal network - from Internet broadcasts are transmitted, ICMP-, keepalive-packages and diverse service traffic. In this case, anyone can apply to your IP-address, using a simple command ping xxxx, means searching for vulnerabilities, or to attempt to disrupt the connection, generate a syn flood command hping3 (for Linux-based systems). This will generate and take into account the incoming traffic. Moreover, even if your network equipment is turned off, the traffic can be generated and will allow for the ISP - so far from the ARP-cache provider (which holds that the IP and MAC-address) does not delete the record of your connection. Update time depends on the settings from your provider, usually a few minutes (in routers Cisco - default 4 hours). If the cosmic rays attacker does not set himself to attack your IP-address - this traffic is somewhat KB per day, but avoid it is not possible. Of course, ISPs usually take the necessary measures to protect. Traffic from softwareModern software installed on your computer, often without asking your permission explicitly refers to external services for the transmission of proprietary information, to request updates and download them. Ie this traffic is not a necessary part of the program. For example, the Internet to check for updates and registration information, please Adobe, Microsoft, etc. A Microsoft OS yet and by default, downloads and updates the size of which can exceed hundreds of MB. Out of this situation can be a disabling updates, and recourse to external resources in the software settings (not always possible) and install the software firewall (firewall), which for all requests to have recourse to external resources will ask for your decision. "Training Mode" is present in most modern firewalls. Virus Activityarises from infecting your computer with viruses. This is the worst version of the above, because Besides the creation of spurious traffic, an attacker can gain access to your computer - with all ensuing consequences. The solution - install antivirus software and regularly update your operating system and software. And this applies not only to Windows-based systems. Vulnerabilities found with enviable regularity in all operating systems, and checking for rootkits has not been canceled. There is specialized software that monitors the identification of vulnerabilities and informs about the latest updates for popular software. For example, for Windows-based systems there Secunia Personal Software Inspector. For Linux-based systems if the software is installed from the official repositories, perform the same tasks as package manager. Unauthorized use of the connectionThe low level of safety, it is typical for enterprise LANs. And with the proliferation of WiFi-devices - for ordinary users. Very often, users do not care about the security of wireless connections and open (or not protected) access point can detect a significant amount - only from my balcony "seen" two. Should be cautioned that when connecting to an open access point - the owner can scan traffic for unencrypted logins and passwords. If the local networks of enterprises all clear - it is necessary to hire qualified administrators, the owners of home access points are urged to read the documentation for maximum security. On this subject there are many informative articles. And Google?Frank surprise for me were the following logs (log of excluded addresses Google less than 5MB): time the IP address of bytes received Bytes sent ... 00:10 74.125.160.81 6,059,987 140,082 00:40 74.125.163.83 5,947,266 137,562 01:20 74.125.173.17 5,945,612 136,087 02:10 74.125.173.23 5,948,572 141,739 02:50 74.125.173.21 5,954,547 136,007 03: 20 74.125.173.29 5,956,884 135,779 03:50 74.125.173.30 5,958,999 135,807 04:20 74.125.173.23 5,984,194 140,108 04:50 74.125.173.19 5,980,806 140,027 ... Ie every half hour for several days, with the addresses used by Google when your computer is locked, it takes about 6MB. Enough to run Google Chrome. Unfortunately, the purpose of the traffic I have not been able to figure out. Of course, there is a radical solution - unlimited calling. But be careful,% username%, monitors traffic and check the logs. You never know what ... Of course, for all unauthorized traffic on your IP-address - will have to pay. I can see that at the request of the majority of providers without any problems provided detailing traffic. There are cases where ISPs are going to meet clients and adjust the traffic. Especially, it concerns the legal entities. Thanks in advance for comments and questions. UPD This is the case, even if open a blank tab. Google Chrome 6.0.472.63 (the browser happily reports that it is - the latest version). | |
|
Total comments: 0 | |