Koneksi 'hantu' di Windows 7 Beta

Berhati-hatilah Anda, para pengguna Windows 7 Beta yang menggunakan akses bandwidth terbatas. Si sistem operasi ini (default install) bisa-bisa membangkrutkan Anda dan menyedot habis bandwidth dalam sekejap.

Berikut koneksi hantu si Win 7 Beta yang kayak hantu (gak kelihatan ama user) dan seenaknya ngabisin bandwidth itu:

Mengontak DNS server (saya pake Telkomsel Flash)
06:22:31.062654 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 72) sydrake.local.11493 > dns2.telkomsel.co.id.domain: 54937+ PTR? 79.22.121.114.in-addr.arpa. (44)

Mulai menghubungi si beta.update.microsoft.com
06:22:31.602775 IP (tos 0x0, ttl 62, id 49976, offset 0, flags [none], proto TCP (6), length 40) beta.update.microsoft.com.www > sydrake.local.39094: ., cksum 0x32f2 (correct), ack 186 win 65535
06:22:32.126772 IP (tos 0x0, ttl 62, id 54685, offset 0, flags [none], proto TCP (6), length 329) beta.update.microsoft.com.www > sydrake.local.39094: P 1:290(289) ack 186 win 65535
06:22:32.126837 IP (tos 0x0, ttl 64, id 42698, offset 0, flags [DF], proto TCP (6), length 40) sydrake.local.39094 > beta.update.microsoft.com.www: ., cksum 0x3165 (correct), ack 290 win 108
06:22:32.210905 IP (tos 0x0, ttl 64, id 42699, offset 0, flags [DF], proto TCP (6), length 225) sydrake.local.39094 > beta.update.microsoft.com.www: P 186:371(185) ack 290 win 108
06:22:32.741770 IP (tos 0x0, ttl 62, id 60967, offset 0, flags [none], proto TCP (6), length 40) beta.update.microsoft.com.www > sydrake.local.39094: ., cksum 0x3118 (correct), ack 371 win 65535

Seperti standar Microsoft Windows yang biasa, membuka broadcast Netbios-NS (port 137)!
06:22:34.492878 IP (tos 0x0, ttl 127, id 0, offset 0, flags [DF], proto UDP (17), length 78) sydrake.local.35048 > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
06:22:34.801308 IP (tos 0x0, ttl 255, id 0, offset 0, flags [DF], proto UDP (17), length 72) sydrake.local.mdns > 224.0.0.251.mdns: 0 PTR (QM)? 79.22.121.114.in-addr.arpa. (44)
06:22:35.241642 IP (tos 0x0, ttl 127, id 0, offset 0, flags [DF], proto UDP (17), length 78) sydrake.local.35048 > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST

Eh, rupanya si Netbios-NS ini menghubungi Microsoft di test.update.microsoft.com

06:22:35.998806 IP (tos 0x0, ttl 127, id 0, offset 0, flags [DF], proto UDP (17), length 78) sydrake.local.35048 > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
06:22:36.756572 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 71) sydrake.local.10722 > dns2.telkomsel.co.id.domain: 3368+ A? test.update.microsoft.com. (43)
dst.

Lalu....
Inilah dia si tukang menghabiskan bandwidth. Mendownload seenak udelnya dari Windows 7 yang baru diinstal (tanpa tambahan software apapun), bahkan saat Network Adapternya Anda matikan.

deploy akamaitechnologies.com

06:23:31.200774 IP (tos 0x0, ttl 62, id 63214, offset 0, flags [none], proto TCP (6), length 1400) a72-246-103-67.deploy.akamaitechnologies.com.www > sydrake.local.32918: . 191699:193059(1360) ack 1599 win 1041
06:23:31.464801 IP (tos 0x0, ttl 62, id 63215, offset 0, flags [none], proto TCP (6), length 1400) a72-246-103-67.deploy.akamaitechnologies.com.www > sydrake.local.32918: . 193059:194419(1360) ack 1599 win 1041
06:23:31.464877 IP (tos 0x0, ttl 64, id 48718, offset 0, flags [DF], proto TCP (6), length 40) sydrake.local.32918 > a72-246-103-67.deploy.akamaitechnologies.com.www: ., cksum 0x92d9 (correct), ack 194419 win 1891

Network lain-lain yang menyerbu si Windows 7 (saya curigai ini adalah komunikasi terselubung sesama tester Windows 7 Beta di seluruh dunia, yang setting-nya masih standar, default) adalah:

dslextreme.com
tampfl.dsl-w.verizon.net
vc.shawcable.net
cipherkey.com
broadband.corbina.ru
eonet.ne.jp
speedy.com.ar
static.broadllyne.com
cobaltnetworks.co.uk

06:30:33.015841 IP (tos 0x0, ttl 116, id 878, offset 0, flags [DF], proto TCP (6), length 48) netblock-208-127-189-61.dslextreme.com.3954 > sydrake.local.microsoft-ds: S, cksum 0xcd7c (correct), 3031884443:3031884443(0) win 65535
06:31:03.735840 IP (tos 0x0, ttl 24, id 51757, offset 0, flags [DF], proto TCP (6), length 52) pool-71-100-81-65.tampfl.dsl-w.verizon.net.2760 > sydrake.local.microsoft-ds: S, cksum 0xdd2d (correct), 459821560:459821560(0) win 65535
06:32:41.495845 IP (tos 0x0, ttl 114, id 57476, offset 0, flags [DF], proto TCP (6), length 48) S01060048543e4161.vc.shawcable.net.1177 > sydrake.local.microsoft-ds: S, cksum 0xed1d (correct), 818232583:818232583(0) win 65535
06:34:09.052866 IP (tos 0x0, ttl 111, id 23182, offset 0, flags [DF], proto TCP (6), length 48) xx6651128121.cipherkey.com.4135 > sydrake.local.microsoft-ds: S, cksum 0x8f02 (correct), 2306741930:2306741930(0) win 65535
06:35:13.071927 IP (tos 0x0, ttl 101, id 58635, offset 0, flags [DF], proto TCP (6), length 48) 78-106-23-97.broadband.corbina.ru.3266 > sydrake.local.microsoft-ds: S, cksum 0xc492 (correct), 1500082649:1500082649(0) win 65535
06:35:53.426887 IP (tos 0x0, ttl 108, id 6679, offset 0, flags [DF], proto TCP (6), length 48) 121-84-26-18.eonet.ne.jp.1484 > sydrake.local.microsoft-ds: S, cksum 0x5adf (correct), 488960220:488960220(0) win 65535
06:37:50.466896 IP (tos 0x0, ttl 113, id 35157, offset 0, flags [DF], proto TCP (6), length 48) 190-48-150-189.speedy.com.ar.3750 > sydrake.local.microsoft-ds: S, cksum 0x1115 (correct), 819338387:819338387(0) win 16384
06:38:52.024901 IP (tos 0x0, ttl 120, id 15579, offset 0, flags [DF], proto TCP (6), length 48) 203-76-168-44.static.broadllyne.com.1541 > sydrake.local.microsoft-ds: S, cksum 0xd7eb (correct), 390764874:390764874(0) win 65535
06:39:37.845907 IP (tos 0x0, ttl 104, id 5811, offset 0, flags [DF], proto TCP (6), length 48) server3059.cobaltnetworks.co.uk.4684 > sydrake.local.microsoft-ds: S, cksum 0xdb2b (correct), 3880642719:3880642719(0) win 65535

Makin lama dinyalakan, Microsoft-DS ini makin banyak memperoleh 'teman' di dunia maya

Comments

Popular posts from this blog

NTC Thermistor Incubator Part 3: Integrating double digits 7-segment

Writing and reading float using Arduino EEPROM

Xeon LGA 771 di mobo LGA 775