Koneksi 'hantu' di Windows 7 Beta

Berhati-hatilah Anda, para pengguna Windows 7 Beta yang menggunakan akses bandwidth terbatas. Si sistem operasi ini (default install) bisa-bisa membangkrutkan Anda dan menyedot habis bandwidth dalam sekejap.

Berikut koneksi hantu si Win 7 Beta yang kayak hantu (gak kelihatan ama user) dan seenaknya ngabisin bandwidth itu:

Mengontak DNS server (saya pake Telkomsel Flash)
06:22:31.062654 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 72) sydrake.local.11493 > dns2.telkomsel.co.id.domain: 54937+ PTR? 79.22.121.114.in-addr.arpa. (44)

Mulai menghubungi si beta.update.microsoft.com
06:22:31.602775 IP (tos 0x0, ttl 62, id 49976, offset 0, flags [none], proto TCP (6), length 40) beta.update.microsoft.com.www > sydrake.local.39094: ., cksum 0x32f2 (correct), ack 186 win 65535
06:22:32.126772 IP (tos 0x0, ttl 62, id 54685, offset 0, flags [none], proto TCP (6), length 329) beta.update.microsoft.com.www > sydrake.local.39094: P 1:290(289) ack 186 win 65535
06:22:32.126837 IP (tos 0x0, ttl 64, id 42698, offset 0, flags [DF], proto TCP (6), length 40) sydrake.local.39094 > beta.update.microsoft.com.www: ., cksum 0x3165 (correct), ack 290 win 108
06:22:32.210905 IP (tos 0x0, ttl 64, id 42699, offset 0, flags [DF], proto TCP (6), length 225) sydrake.local.39094 > beta.update.microsoft.com.www: P 186:371(185) ack 290 win 108
06:22:32.741770 IP (tos 0x0, ttl 62, id 60967, offset 0, flags [none], proto TCP (6), length 40) beta.update.microsoft.com.www > sydrake.local.39094: ., cksum 0x3118 (correct), ack 371 win 65535

Seperti standar Microsoft Windows yang biasa, membuka broadcast Netbios-NS (port 137)!
06:22:34.492878 IP (tos 0x0, ttl 127, id 0, offset 0, flags [DF], proto UDP (17), length 78) sydrake.local.35048 > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
06:22:34.801308 IP (tos 0x0, ttl 255, id 0, offset 0, flags [DF], proto UDP (17), length 72) sydrake.local.mdns > 224.0.0.251.mdns: 0 PTR (QM)? 79.22.121.114.in-addr.arpa. (44)
06:22:35.241642 IP (tos 0x0, ttl 127, id 0, offset 0, flags [DF], proto UDP (17), length 78) sydrake.local.35048 > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST

Eh, rupanya si Netbios-NS ini menghubungi Microsoft di test.update.microsoft.com

06:22:35.998806 IP (tos 0x0, ttl 127, id 0, offset 0, flags [DF], proto UDP (17), length 78) sydrake.local.35048 > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
06:22:36.756572 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 71) sydrake.local.10722 > dns2.telkomsel.co.id.domain: 3368+ A? test.update.microsoft.com. (43)
dst.

Lalu....
Inilah dia si tukang menghabiskan bandwidth. Mendownload seenak udelnya dari Windows 7 yang baru diinstal (tanpa tambahan software apapun), bahkan saat Network Adapternya Anda matikan.

deploy akamaitechnologies.com

06:23:31.200774 IP (tos 0x0, ttl 62, id 63214, offset 0, flags [none], proto TCP (6), length 1400) a72-246-103-67.deploy.akamaitechnologies.com.www > sydrake.local.32918: . 191699:193059(1360) ack 1599 win 1041
06:23:31.464801 IP (tos 0x0, ttl 62, id 63215, offset 0, flags [none], proto TCP (6), length 1400) a72-246-103-67.deploy.akamaitechnologies.com.www > sydrake.local.32918: . 193059:194419(1360) ack 1599 win 1041
06:23:31.464877 IP (tos 0x0, ttl 64, id 48718, offset 0, flags [DF], proto TCP (6), length 40) sydrake.local.32918 > a72-246-103-67.deploy.akamaitechnologies.com.www: ., cksum 0x92d9 (correct), ack 194419 win 1891

Network lain-lain yang menyerbu si Windows 7 (saya curigai ini adalah komunikasi terselubung sesama tester Windows 7 Beta di seluruh dunia, yang setting-nya masih standar, default) adalah:

dslextreme.com
tampfl.dsl-w.verizon.net
vc.shawcable.net
cipherkey.com
broadband.corbina.ru
eonet.ne.jp
speedy.com.ar
static.broadllyne.com
cobaltnetworks.co.uk

06:30:33.015841 IP (tos 0x0, ttl 116, id 878, offset 0, flags [DF], proto TCP (6), length 48) netblock-208-127-189-61.dslextreme.com.3954 > sydrake.local.microsoft-ds: S, cksum 0xcd7c (correct), 3031884443:3031884443(0) win 65535
06:31:03.735840 IP (tos 0x0, ttl 24, id 51757, offset 0, flags [DF], proto TCP (6), length 52) pool-71-100-81-65.tampfl.dsl-w.verizon.net.2760 > sydrake.local.microsoft-ds: S, cksum 0xdd2d (correct), 459821560:459821560(0) win 65535
06:32:41.495845 IP (tos 0x0, ttl 114, id 57476, offset 0, flags [DF], proto TCP (6), length 48) S01060048543e4161.vc.shawcable.net.1177 > sydrake.local.microsoft-ds: S, cksum 0xed1d (correct), 818232583:818232583(0) win 65535
06:34:09.052866 IP (tos 0x0, ttl 111, id 23182, offset 0, flags [DF], proto TCP (6), length 48) xx6651128121.cipherkey.com.4135 > sydrake.local.microsoft-ds: S, cksum 0x8f02 (correct), 2306741930:2306741930(0) win 65535
06:35:13.071927 IP (tos 0x0, ttl 101, id 58635, offset 0, flags [DF], proto TCP (6), length 48) 78-106-23-97.broadband.corbina.ru.3266 > sydrake.local.microsoft-ds: S, cksum 0xc492 (correct), 1500082649:1500082649(0) win 65535
06:35:53.426887 IP (tos 0x0, ttl 108, id 6679, offset 0, flags [DF], proto TCP (6), length 48) 121-84-26-18.eonet.ne.jp.1484 > sydrake.local.microsoft-ds: S, cksum 0x5adf (correct), 488960220:488960220(0) win 65535
06:37:50.466896 IP (tos 0x0, ttl 113, id 35157, offset 0, flags [DF], proto TCP (6), length 48) 190-48-150-189.speedy.com.ar.3750 > sydrake.local.microsoft-ds: S, cksum 0x1115 (correct), 819338387:819338387(0) win 16384
06:38:52.024901 IP (tos 0x0, ttl 120, id 15579, offset 0, flags [DF], proto TCP (6), length 48) 203-76-168-44.static.broadllyne.com.1541 > sydrake.local.microsoft-ds: S, cksum 0xd7eb (correct), 390764874:390764874(0) win 65535
06:39:37.845907 IP (tos 0x0, ttl 104, id 5811, offset 0, flags [DF], proto TCP (6), length 48) server3059.cobaltnetworks.co.uk.4684 > sydrake.local.microsoft-ds: S, cksum 0xdb2b (correct), 3880642719:3880642719(0) win 65535

Makin lama dinyalakan, Microsoft-DS ini makin banyak memperoleh 'teman' di dunia maya

Comments

Post a Comment

Popular posts from this blog

NTC Thermistor Incubator Part 3: Integrating double digits 7-segment

Image
This is a close to final version of my triplet NTC thermistors incubator with multi-buttons on a single analog input and double digits 7 segment output.  You may read part1 and part2 , for the whole story. On a separated article, I replaced NTC thermistor and 7segment with LM35 probe and LCD 16x2,  here . Hardware setup I use  Arduino standalone on breadboard , common anode double digits 7 segment  16 pins, two 74HC595 s, three NTC thermistor s, an FTDI 5v uploader ,  an optocoupler protected relay module , resistors (10kΩ, 1kΩ, 4k7Ω, 470Ω, 220Ω and 47Ω), and push buttons. Since the 7 segment that I purchased has no datasheet, it is important to look at other version of common anode (tandyonline.co.uk): The final setup on breadboard: The codes You may grab the codes here What next? Obviously, the next step is to print a PCB ( there is a great tutorial  on the Tube, or if you understand Bahasa Indonesia, here is a great tutorial from Duwi ) for this project and to
Read more

Writing and reading float using Arduino EEPROM

This post is just for a personal reminder after reading discussions from elsewhere about storing and reading float values to/from EEPROM with Arduino. Scenario Writing negative float to EEPROM can be tricky, since EEPROM only recognises up to 8-bit values (see Tronixstuff  explanation ), therefore it requires an additional algorithm to make it able to store negative and float.  the scheme is to use four bits of the ATmega328's EEPROM to store numerical parts of a float value. The function involved is union . //union  value typedef union{   float flt;   byte array[4]; } FloatConverter; The code You may grab the code here
Read more

Xeon LGA 771 di mobo LGA 775

Image
Bermula dari jebolnya komputer pribadi yang digunakan untuk layanan e-learning dan repositori abstrak skripsi bagi institusi tempat kami mengabdi, petualangan menyambung nyawa komputer tua dimulai. Spike  listrik adalah biang utama rusaknya perangkat ini. Ya, sebaiknya perangkat elektronik perlu pelindung dari lonjakan listrik sekedipan mata yang mematikan. Komponen yang menjadi almarhum akibat spike  kali ini adalah VGA card dan tombol reset (kok bisa, ya?).  VGA card Radeon X1300 128 MB Komputer ini sudah cukup tua usianya, sekitar 9 tahun. Motherboard-nya Intel DG31PR dengan prosesor Intel Core 2 Duo E7500 , memori DDR 2 3 GB dan harddisk SATA 500 GB 7200 RPM.  Sistem operasi yang digunakan adalah Slackware Linux  versi 13.37. Kinerja komputer ini sebagai server e-learning untuk kategori dosen jelata macam kami sudah cukup memuaskan. Sekitar 80 orang pengguna dapat dilayani secara simultan, walau bottleneck -nya tentu saja di hard-disk dan wifi seputar ruang lab. 
Read more