Foreign Countries traffic

**Sam Graf** · 11-20-2020, 10:06 AM

Originally Posted by Jim.Alles

Let me turn that into a hypothetical from my perspective...

the terms 'legitimate' and 'suspicious' have to be determined by each user.

That's all sensible, it seems to me. My "rant" was an appeal for better insight tools, if possible, so that a user can make an informed determination. As things stand, people with little or no specialized security knowledge do a lot of guessing, I think.

Here's some concrete stuff about the biggest wedge of my pie chart: The app or apps generating that traffic are provided by one of the largest online companies in the world. Its services are provided across multiple apps (in my case, across two different platforms provided by a single company). On my guinea pig device were two apps, which were deleted from that device as a test, and that traffic from that device immediately stopped. That's the basis of my identifications of the source apps. I do a lot of guessing.

No service provided by that company was interrupted by blocking egress traffic to China, insofar as I could tell. Everything worked for me. The outbound traffic would come in bursts.

And now, an interesting thing to me. Other devices on my network still have the presumed source apps and were associated with that traffic. A few days ago, that traffic completely disappeared. It has not yet returned.

If you're so inclined, I'd like to hear what you make of that scenario.

**sky-knight** · 11-20-2020, 10:12 AM

Over half of my sessions in the last 24 hours by country say "none".

I think that says enough about GeoIP... It's just never been reliable. And I don't meant to imply that Untangle's implementation is a problem, I'm saying I've never seen GeoIP do anything other than create more hard to troubleshoot issues I get to go sort out. The firewall platform doing the blocking has been irrelevant.

That being said, I DO like that Untangle has this feature, because it is nice to have in the reports.

**Jim.Alles** · 11-20-2020, 11:14 AM

Originally Posted by Sam Graf

If you're so inclined, I'd like to hear what you make of that scenario.

It could very well be an exercise in the game of 'whack-a-mole', for the very reasons stated by others.

I don't have much of an opinion because I don't have enough facts. A close manual inspection of packets is the level of detail that might be needed.

**Jim.Alles** · 11-20-2020, 11:49 AM

A set of after-thought questions are

what versions of the app are used across devices?
what versions of operating system?
Is Wi-Fi and wireless data enabled simultaneously?

My take: I would avoid that app if I could; and I have previously listed my geo-blocks.

Thread: Foreign Countries traffic

LinkBack

Thread Tools

Posting Permissions