Page 2 of 2 FirstFirst 12
Results 11 to 14 of 14
  1. #11
    Untangle Ninja
    Join Date
    Feb 2016
    Posts
    1,134

    Default

    Quote Originally Posted by Jim.Alles View Post
    Let me turn that into a hypothetical from my perspective...

    the terms 'legitimate' and 'suspicious' have to be determined by each user.
    That's all sensible, it seems to me. My "rant" was an appeal for better insight tools, if possible, so that a user can make an informed determination. As things stand, people with little or no specialized security knowledge do a lot of guessing, I think.

    Here's some concrete stuff about the biggest wedge of my pie chart: The app or apps generating that traffic are provided by one of the largest online companies in the world. Its services are provided across multiple apps (in my case, across two different platforms provided by a single company). On my guinea pig device were two apps, which were deleted from that device as a test, and that traffic from that device immediately stopped. That's the basis of my identifications of the source apps. I do a lot of guessing.

    No service provided by that company was interrupted by blocking egress traffic to China, insofar as I could tell. Everything worked for me. The outbound traffic would come in bursts.

    And now, an interesting thing to me. Other devices on my network still have the presumed source apps and were associated with that traffic. A few days ago, that traffic completely disappeared. It has not yet returned.

    If you're so inclined, I'd like to hear what you make of that scenario.

  2. #12
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,304

    Default

    Over half of my sessions in the last 24 hours by country say "none".

    I think that says enough about GeoIP... It's just never been reliable. And I don't meant to imply that Untangle's implementation is a problem, I'm saying I've never seen GeoIP do anything other than create more hard to troubleshoot issues I get to go sort out. The firewall platform doing the blocking has been irrelevant.

    That being said, I DO like that Untangle has this feature, because it is nice to have in the reports.
    Last edited by sky-knight; 11-20-2020 at 10:14 AM.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #13
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,606

    Default

    Quote Originally Posted by Sam Graf View Post
    If you're so inclined, I'd like to hear what you make of that scenario.
    It could very well be an exercise in the game of 'whack-a-mole', for the very reasons stated by others.

    I don't have much of an opinion because I don't have enough facts. A close manual inspection of packets is the level of detail that might be needed.

  4. #14
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,606

    Default

    A set of after-thought questions are
    • what versions of the app are used across devices?
    • what versions of operating system?
    • Is Wi-Fi and wireless data enabled simultaneously?


    My take: I would avoid that app if I could; and I have previously listed my geo-blocks.

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2