flowtraq in the cloud: getting started
TRANSCRIPT
FlowTraq in the Cloud Getting Started
Opening a FlowTraq window for the first time can be like walking into a big grocery store when yoursquore hungry
Therersquos a lot to see and you know therersquos something good herehellip but where to start This post is intended as a
springboard to help you find interesting traffic on your network The workspaces linked here all show your data as
a FlowTraq Cloud customer which means that anything you see you can immediately act on Itrsquos easy itrsquos fast
and therersquos a LOT to see
Common High-Bandwidth Sites
Facebook is one of the most commonly visited sites on the web both from people using it directly and from ldquolikerdquo
buttons embedded in thousands of other websites Similarly many web browsing sessions start with a visit to a
search engine such as Google Yahoo or Bing NetFlix YouTube and Hulu are all popular video streaming sites
Large networks such as these operate many computers over a wide range any one of which might service a
particular request and which may change over time To find them on the big Internet they use Autonomous
System Numbers (ASNs) to identify themselves FlowTraq makes it easy to filter traffic on ASN
Check out how much traffic you are shoveling for each of these sites viewed by those IP addresses receiving the
most data
Bing (Microsoft) AS8075
Facebook AS32934
Google AS15169 Also and less often AS36040 and AS43515 (View all three together)
Hulu AS23286
NetFlix AS2906
Yahoo AS10310
YouTube AS36561 (but may also appear at AS15169 via Google)
Security Threats
FlowTraq Cloud also helps you evaluate your security Even long after the fact FlowTraqrsquos history-long full-fidelity
database gives you the data you need to identify attempts to compromise your network When the media talks
about hacking attempts from China or the newest malware you donrsquot have to wonder if yoursquove been hit FlowTraq
helps you find out
Earlier this year Mandiant published a brilliant report on phishing attempts that they traced to a series of IP
addresses originating in China We discussed their results and identified in their report sets of IP addresses worth
looking for in your traffic over the last six months
Check if any of your hosts have been involved with these attacks successfully or not
Traffic associated with FTP and Windows Remote Desktop ports attempts to use your network as a hop point
Traffic associated with HTTP HTTPS traffic either in using HTRAN tunneling or outward connections
If you see traffic on either of these workspaces remember that you can inspect the individual sessions (Sessions
for FTPWindows Remote Sessions for HTTP HTTPS) Long-running sessions with many packets exchanged
may be a danger sign
Contact ProQSys 16 Cavendish Court
Lebanon NH 03766
(603) 727-4477
salesflowtraqcom
FlowTraq Trial
Free 14-Day Trial of FlowTraq at wwwflowtraqcomtrial
Traffic associated with FTP and Windows Remote Desktop ports attempts to use your network as a hop point
Traffic associated with HTTP HTTPS traffic either in using HTRAN tunneling or outward connections
If you see traffic on either of these workspaces remember that you can inspect the individual sessions (Sessions
for FTPWindows Remote Sessions for HTTP HTTPS) Long-running sessions with many packets exchanged
may be a danger sign
Contact ProQSys 16 Cavendish Court
Lebanon NH 03766
(603) 727-4477
salesflowtraqcom
FlowTraq Trial
Free 14-Day Trial of FlowTraq at wwwflowtraqcomtrial