Koneksi 'hantu' di Windows 7 Beta

Berhati-hatilah Anda, para pengguna Windows 7 Beta yang menggunakan akses bandwidth terbatas. Si sistem operasi ini (default install) bisa-bisa membangkrutkan Anda dan menyedot habis bandwidth dalam sekejap.

Berikut koneksi hantu si Win 7 Beta yang kayak hantu (gak kelihatan ama user) dan seenaknya ngabisin bandwidth itu:

Mengontak DNS server (saya pake Telkomsel Flash)
06:22:31.062654 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 72) sydrake.local.11493 > dns2.telkomsel.co.id.domain: 54937+ PTR? 79.22.121.114.in-addr.arpa. (44)

Mulai menghubungi si beta.update.microsoft.com
06:22:31.602775 IP (tos 0x0, ttl 62, id 49976, offset 0, flags [none], proto TCP (6), length 40) beta.update.microsoft.com.www > sydrake.local.39094: ., cksum 0x32f2 (correct), ack 186 win 65535
06:22:32.126772 IP (tos 0x0, ttl 62, id 54685, offset 0, flags [none], proto TCP (6), length 329) beta.update.microsoft.com.www > sydrake.local.39094: P 1:290(289) ack 186 win 65535
06:22:32.126837 IP (tos 0x0, ttl 64, id 42698, offset 0, flags [DF], proto TCP (6), length 40) sydrake.local.39094 > beta.update.microsoft.com.www: ., cksum 0x3165 (correct), ack 290 win 108
06:22:32.210905 IP (tos 0x0, ttl 64, id 42699, offset 0, flags [DF], proto TCP (6), length 225) sydrake.local.39094 > beta.update.microsoft.com.www: P 186:371(185) ack 290 win 108
06:22:32.741770 IP (tos 0x0, ttl 62, id 60967, offset 0, flags [none], proto TCP (6), length 40) beta.update.microsoft.com.www > sydrake.local.39094: ., cksum 0x3118 (correct), ack 371 win 65535

Seperti standar Microsoft Windows yang biasa, membuka broadcast Netbios-NS (port 137)!
06:22:34.492878 IP (tos 0x0, ttl 127, id 0, offset 0, flags [DF], proto UDP (17), length 78) sydrake.local.35048 > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
06:22:34.801308 IP (tos 0x0, ttl 255, id 0, offset 0, flags [DF], proto UDP (17), length 72) sydrake.local.mdns > 224.0.0.251.mdns: 0 PTR (QM)? 79.22.121.114.in-addr.arpa. (44)
06:22:35.241642 IP (tos 0x0, ttl 127, id 0, offset 0, flags [DF], proto UDP (17), length 78) sydrake.local.35048 > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST

Eh, rupanya si Netbios-NS ini menghubungi Microsoft di test.update.microsoft.com

06:22:35.998806 IP (tos 0x0, ttl 127, id 0, offset 0, flags [DF], proto UDP (17), length 78) sydrake.local.35048 > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
06:22:36.756572 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 71) sydrake.local.10722 > dns2.telkomsel.co.id.domain: 3368+ A? test.update.microsoft.com. (43)
dst.

Lalu....
Inilah dia si tukang menghabiskan bandwidth. Mendownload seenak udelnya dari Windows 7 yang baru diinstal (tanpa tambahan software apapun), bahkan saat Network Adapternya Anda matikan.

deploy akamaitechnologies.com

06:23:31.200774 IP (tos 0x0, ttl 62, id 63214, offset 0, flags [none], proto TCP (6), length 1400) a72-246-103-67.deploy.akamaitechnologies.com.www > sydrake.local.32918: . 191699:193059(1360) ack 1599 win 1041
06:23:31.464801 IP (tos 0x0, ttl 62, id 63215, offset 0, flags [none], proto TCP (6), length 1400) a72-246-103-67.deploy.akamaitechnologies.com.www > sydrake.local.32918: . 193059:194419(1360) ack 1599 win 1041
06:23:31.464877 IP (tos 0x0, ttl 64, id 48718, offset 0, flags [DF], proto TCP (6), length 40) sydrake.local.32918 > a72-246-103-67.deploy.akamaitechnologies.com.www: ., cksum 0x92d9 (correct), ack 194419 win 1891

Network lain-lain yang menyerbu si Windows 7 (saya curigai ini adalah komunikasi terselubung sesama tester Windows 7 Beta di seluruh dunia, yang setting-nya masih standar, default) adalah:

dslextreme.com
tampfl.dsl-w.verizon.net
vc.shawcable.net
cipherkey.com
broadband.corbina.ru
eonet.ne.jp
speedy.com.ar
static.broadllyne.com
cobaltnetworks.co.uk

06:30:33.015841 IP (tos 0x0, ttl 116, id 878, offset 0, flags [DF], proto TCP (6), length 48) netblock-208-127-189-61.dslextreme.com.3954 > sydrake.local.microsoft-ds: S, cksum 0xcd7c (correct), 3031884443:3031884443(0) win 65535
06:31:03.735840 IP (tos 0x0, ttl 24, id 51757, offset 0, flags [DF], proto TCP (6), length 52) pool-71-100-81-65.tampfl.dsl-w.verizon.net.2760 > sydrake.local.microsoft-ds: S, cksum 0xdd2d (correct), 459821560:459821560(0) win 65535
06:32:41.495845 IP (tos 0x0, ttl 114, id 57476, offset 0, flags [DF], proto TCP (6), length 48) S01060048543e4161.vc.shawcable.net.1177 > sydrake.local.microsoft-ds: S, cksum 0xed1d (correct), 818232583:818232583(0) win 65535
06:34:09.052866 IP (tos 0x0, ttl 111, id 23182, offset 0, flags [DF], proto TCP (6), length 48) xx6651128121.cipherkey.com.4135 > sydrake.local.microsoft-ds: S, cksum 0x8f02 (correct), 2306741930:2306741930(0) win 65535
06:35:13.071927 IP (tos 0x0, ttl 101, id 58635, offset 0, flags [DF], proto TCP (6), length 48) 78-106-23-97.broadband.corbina.ru.3266 > sydrake.local.microsoft-ds: S, cksum 0xc492 (correct), 1500082649:1500082649(0) win 65535
06:35:53.426887 IP (tos 0x0, ttl 108, id 6679, offset 0, flags [DF], proto TCP (6), length 48) 121-84-26-18.eonet.ne.jp.1484 > sydrake.local.microsoft-ds: S, cksum 0x5adf (correct), 488960220:488960220(0) win 65535
06:37:50.466896 IP (tos 0x0, ttl 113, id 35157, offset 0, flags [DF], proto TCP (6), length 48) 190-48-150-189.speedy.com.ar.3750 > sydrake.local.microsoft-ds: S, cksum 0x1115 (correct), 819338387:819338387(0) win 16384
06:38:52.024901 IP (tos 0x0, ttl 120, id 15579, offset 0, flags [DF], proto TCP (6), length 48) 203-76-168-44.static.broadllyne.com.1541 > sydrake.local.microsoft-ds: S, cksum 0xd7eb (correct), 390764874:390764874(0) win 65535
06:39:37.845907 IP (tos 0x0, ttl 104, id 5811, offset 0, flags [DF], proto TCP (6), length 48) server3059.cobaltnetworks.co.uk.4684 > sydrake.local.microsoft-ds: S, cksum 0xdb2b (correct), 3880642719:3880642719(0) win 65535

Makin lama dinyalakan, Microsoft-DS ini makin banyak memperoleh 'teman' di dunia maya

Comments

Popular posts from this blog

Writing and reading float using Arduino EEPROM

Xeon LGA 771 di mobo LGA 775

NTC Thermistor Incubator Part 3: Integrating double digits 7-segment