flowtraq in the cloud: getting started

2
FlowTraq in the Cloud: Getting Started Opening a FlowTraq window for the first time can be like walking into a big grocery store when you’re hungry: There’s a lot to see, and you know there’s something good here… but where to start? This post is intended as a springboard to help you find interesting traffic on your network. The workspaces linked here all show your data as a FlowTraq Cloud customer, which means that anything you see, you can immediately act on. It’s easy, it’s fast, and there’s a LOT to see. Common High-Bandwidth Sites Facebook is one of the most commonly visited sites on the web, both from people using it directly and from “like” buttons embedded in thousands of other websites. Similarly, many web browsing sessions start with a visit to a search engine such as Google, Yahoo! or Bing. NetFlix, YouTube, and Hulu are all popular video streaming sites. Large networks such as these operate many computers over a wide range, any one of which might service a particular request, and which may change over time. To find them on the big Internet they use Autonomous System Numbers (ASNs) to identify themselves; FlowTraq makes it easy to filter traffic on ASN. Check out how much traffic you are shoveling for each of these sites, viewed by those IP addresses receiving the most data: Bing (Microsoft): AS8075 Facebook: AS32934 Google: AS15169 Also, and less often, AS36040 and AS43515 . (View all three together ) Hulu: AS23286 NetFlix: AS2906 Yahoo!: AS10310 YouTube: AS36561 (but may also appear at AS15169 , via Google) Security Threats FlowTraq Cloud also helps you evaluate your security. Even long after the fact, FlowTraq’s history -long full-fidelity database gives you the data you need to identify attempts to compromise your network. When the media talks about hacking attempts from China or the newest malware, you don’t have to wonder if you’ve been hit: FlowTraq helps you find out. Earlier this year, Mandiant published a brilliant report on phishing attempts that they traced to a series of IP addresses originating in China. We discussed their results and identified in their report sets of IP addresses worth looking for in your traffic over the last six months. Check if any of your hosts have been involved with these attacks, successfully or not:

Upload: proqsys

Post on 29-Jun-2015

52 views

Category:

Technology


2 download

TRANSCRIPT

Page 1: FlowTraq in the Cloud: Getting Started

FlowTraq in the Cloud Getting Started

Opening a FlowTraq window for the first time can be like walking into a big grocery store when yoursquore hungry

Therersquos a lot to see and you know therersquos something good herehellip but where to start This post is intended as a

springboard to help you find interesting traffic on your network The workspaces linked here all show your data as

a FlowTraq Cloud customer which means that anything you see you can immediately act on Itrsquos easy itrsquos fast

and therersquos a LOT to see

Common High-Bandwidth Sites

Facebook is one of the most commonly visited sites on the web both from people using it directly and from ldquolikerdquo

buttons embedded in thousands of other websites Similarly many web browsing sessions start with a visit to a

search engine such as Google Yahoo or Bing NetFlix YouTube and Hulu are all popular video streaming sites

Large networks such as these operate many computers over a wide range any one of which might service a

particular request and which may change over time To find them on the big Internet they use Autonomous

System Numbers (ASNs) to identify themselves FlowTraq makes it easy to filter traffic on ASN

Check out how much traffic you are shoveling for each of these sites viewed by those IP addresses receiving the

most data

Bing (Microsoft) AS8075

Facebook AS32934

Google AS15169 Also and less often AS36040 and AS43515 (View all three together)

Hulu AS23286

NetFlix AS2906

Yahoo AS10310

YouTube AS36561 (but may also appear at AS15169 via Google)

Security Threats

FlowTraq Cloud also helps you evaluate your security Even long after the fact FlowTraqrsquos history-long full-fidelity

database gives you the data you need to identify attempts to compromise your network When the media talks

about hacking attempts from China or the newest malware you donrsquot have to wonder if yoursquove been hit FlowTraq

helps you find out

Earlier this year Mandiant published a brilliant report on phishing attempts that they traced to a series of IP

addresses originating in China We discussed their results and identified in their report sets of IP addresses worth

looking for in your traffic over the last six months

Check if any of your hosts have been involved with these attacks successfully or not

Traffic associated with FTP and Windows Remote Desktop ports attempts to use your network as a hop point

Traffic associated with HTTP HTTPS traffic either in using HTRAN tunneling or outward connections

If you see traffic on either of these workspaces remember that you can inspect the individual sessions (Sessions

for FTPWindows Remote Sessions for HTTP HTTPS) Long-running sessions with many packets exchanged

may be a danger sign

Contact ProQSys 16 Cavendish Court

Lebanon NH 03766

(603) 727-4477

salesflowtraqcom

FlowTraq Trial

Free 14-Day Trial of FlowTraq at wwwflowtraqcomtrial

Page 2: FlowTraq in the Cloud: Getting Started

Traffic associated with FTP and Windows Remote Desktop ports attempts to use your network as a hop point

Traffic associated with HTTP HTTPS traffic either in using HTRAN tunneling or outward connections

If you see traffic on either of these workspaces remember that you can inspect the individual sessions (Sessions

for FTPWindows Remote Sessions for HTTP HTTPS) Long-running sessions with many packets exchanged

may be a danger sign

Contact ProQSys 16 Cavendish Court

Lebanon NH 03766

(603) 727-4477

salesflowtraqcom

FlowTraq Trial

Free 14-Day Trial of FlowTraq at wwwflowtraqcomtrial