SWARM Report Dell Sonicwall Application Risk Management Report

Home , IMesh

SWARM Report Dell SonicWALL Application Risk Management Report

Prepared for: Fidelitech Hospitality

Report on Firewall: C0EAE12342E0

Firewall Type: NSA 3600

SonicOS Version: 6.2.5.1-26n

Report Date: Mon, 26 Sep 2016 10:33:44 PDT Table of Contents

Executive Briefing ...... 1-2

SWARM Summary ...... 1-3

App Intelligence, Control and Visualization ...... 2-1

Top Apps by Category ...... 2-2

Top Apps by Risk Level ...... 2-3

Top Apps by Bandwidth ...... 2-4

Threat Prevention

Botnet ...... 3-1

Top Exploitation Attempts ...... 3-2

Network Traffic

Top URL Categories ...... 4-1

Top Application Categories by Bandwidth ...... 4-2

Top Country by Traffic ...... 4-3

Top Session Usage by IP ...... 4-4

Top Traffic Usage by IP ...... 4-5

Top User Sessions ...... 4-6

Top User Traffic ...... 4-7

Report

Report Configuration ...... 5-1

Enable Reports ...... 5-2

Appendices

Appendix 1: Risk Definitions ...... 6-1

Appendix 2: Vulnerability Descriptions ...... 6-2

Appendix 3: Application Descriptions ...... 6-3

Appendix 4: Applications ...... 6-4

Dell SonicWALL network security appliances detect and block sophisticated attacks that legacy stateful inspection firewalls simply cannot. Our next-generation firewalls integrate a patented Reassembly-Free Deep Packet Inspection (RFDPI) firewall engine with a comprehensive array of automated and dynamic security features. These features include advanced anti-evasion intrusion prevention, cloud-updated gateway anti- malware, SSL decryption and inspection (DPI-SSL), application control, content filtering and much more. All of this is delivered on a single high-performance platform that is easy to license, deploy, manage and maintain.

In addition, SonicWALL bundles together a set of powerful security and management tools on a single physical device with an easy-to-understand licensing structure.

For your auditing needs, local logs are kept by your SonicWALL device. In providing a high-level overview of your network, this report will:

Identify vulnerabilities detected and Highlight top high-bandwidth blocked applications found

Vulnerability descriptions Risk definitions

In-use application description Application List

Present traffic distribution statistics by List high-risk applications and geographic location, URL category, and protocols traffic type

The SonicWALL Application Risk Management (SWARM) Report is a snapshot in time of the different threats that have been identified and blocked by your Dell SonicWALL next-generation firewall appliance. This report also provides application and user based data that includes top application traffic, top users, top URL categories and session counts to give insight into the traffic mix on your network.

Threat Index Low Elevated High Severe

Threat Highest Traffic Endpoint Protection by Country

0 Botnet Events 33 Events from top 100 IPs 1. United States 4 Virus Events 2. Ireland 0 Spyware Events 3. Australia 62108 IPS Events

Company Name SonicWALL Device SonicOS Version Fidelitech NSA 3600 6.2.5.1-26n Hospitality

Subscription Services Report Date App Control, GAV, IPS, SPY, CFS, GeoIP, Botnet Mon, 26 Sep 2016 10:33:44 PDT

Dell SonicWALL firewalls put network control back into the hands of your IT administrators. While some applications are business critical and may use more bandwidth, other applications are non-productive and may require policies to block or bandwidth limit usage on your network. Next-Generation Dell SonicWALL firewalls make the job easier with a robust application identification scheme, granular policy control options and detailed visualization tools.

Application Intelligence Scanning all network traffic, Dell Deep packet inspection of all traffic including SonicWALL firewalls identify applications SSL-encrypted traffic regardless of port and protocol. Integrated data leakage prevention

Applications and URL filtering

Application Control Policies that can block or bandwidth Dynamically updated database containing manage are placed at the administrator's thousands of application signatures fingertips. Pre-defined application categories are available along with Dynamically updated cloud database that includes application and user management. millions of URLs and IP addresses, categorized in 56 different categories

Predefined actions, including block, bandwidth manage or Bypass DPI

Application Visualization Flow Monitor provides visuals for Real-time data on everything from potential application traffic, ingress and egress network threats to URLs visited bandwidth, web traffic, and general user activity, supplying administrators with the Customizable filter views for repeat access crucial information necessary for maintaining a productive network under Widget creation, such as pie chart view rapidly changing conditions.

The Top Applications section provides information on top applications, categories, risk level, traffic volume and session count. This intelligence provides a visual representation of the application bandwidth usage while providing a risk score for those applications used on your network.

Application Category Risk Traffic Sessions

Microsoft Outlook.com WEBMAIL Low 101.23 MB 1,648 (Hotmail)

Google Mail (Gmail) WEBMAIL Low 9.09 MB 40

Yahoo! Mail WEBMAIL Low 402.26 KB 30

AOL Webmail WEBMAIL Low 300.22 KB 3

Mail.com WEBMAIL Low 3.20 KB 5

HTTP User-Agent WEB-BROWSER Elevated 5.18 GB 54,872

Google Chrome WEB-BROWSER Elevated 2.60 GB 41,324

Microsoft Internet Explorer WEB-BROWSER Elevated 365.19 MB 19,357

Safari Browser WEB-BROWSER Low 5.81 KB 2

RTP VoIP-APPS Low 8.59 KB 6

SIP VoIP-APPS Low 32.91 KB 59

Twitter SOCIAL-NETWORKING Elevated 174.33 MB 3,985

Facebook SOCIAL-NETWORKING Low 3.93 GB 18,807

LinkedIn SOCIAL-NETWORKING Low 13.45 MB 378

Google Plus SOCIAL-NETWORKING Low 127.23 KB 619

Flipboard SOCIAL-NETWORKING Low 44.60 KB 8

MySpace SOCIAL-NETWORKING Low 19.26 KB 2

SnapChat SOCIAL-NETWORKING Low 159.19 KB 7

XING SOCIAL-NETWORKING Low 48.34 KB 1

ISL Light REMOTE-ACCESS High 36.80 MB 559

Application Category Risk Traffic Sessions

Splashtop Remote Desktop REMOTE-ACCESS High 498.81 KB 284

LogMeIn REMOTE-ACCESS Low 911.47 KB 108

TeamViewer REMOTE-ACCESS Low 84.81 KB 54

Private Internet Access VPN PROXY-ACCESS Severe 23.18 KB 1

Encrypted Key Exchange PROXY-ACCESS High 2.31 GB 30,049

Freegate PROXY-ACCESS High 1.12 GB 333

HTTP Proxy PROXY-ACCESS High 22.64 KB 22

Psiphon PROXY-ACCESS High 1.49 KB 4

Golden Key VPN PROXY-ACCESS Elevated 316.00 Bytes 2

SMTP PROTOCOLS Elevated 594.98 MB 1,163

HTTP Protocol PROTOCOLS Low 4.27 GB 92,964

IMAP PROTOCOLS Low 1.07 GB 4,358

Apple Bonjour PROTOCOLS Low 25.50 MB 11,730

WebSocket PROTOCOLS Low 4.64 MB 99

DHCP Protocol PROTOCOLS Low 1.88 MB 2,878

FTP PROTOCOLS Low 2.11 KB 1

SSL PROTOCOLS Low 52.57 GB 542,442

POP PROTOCOLS Low 2.29 GB 12,844

DNS Protocol PROTOCOLS Low 582.62 MB 1,996,890

ICMP PROTOCOLS Low 100.39 MB 56,199

Application Category Risk Traffic Sessions

Teredo PROTOCOLS Low 19.28 KB 234

eMule P2P Severe 1.89 MB 222

Ares P2P High 130.00 Bytes 2

BitTorrent Protocol P2P Low 37.73 KB 102

Flash Video (FLV) MULTIMEDIA Elevated 140.36 MB 27

MPEG MULTIMEDIA Low 14.36 GB 1,511

YouTube MULTIMEDIA Low 1.53 GB 1,304

Shockwave Flash (SWF) MULTIMEDIA Low 310.59 MB 1,847

Pandora Radio MULTIMEDIA Low 139.39 MB 3,120

Apple iTunes MULTIMEDIA Low 59.07 MB 473

Apple Core Media MULTIMEDIA Low 10.77 MB 29

Google Play MULTIMEDIA Low 4.94 MB 533

Hulu MULTIMEDIA Low 1.17 MB 7

iHeartRadio MULTIMEDIA Low 40.93 KB 1

Google News MULTIMEDIA Low 40.31 KB 18

Apple iTunes Radio MULTIMEDIA Low 19.78 KB 2

Spotify MULTIMEDIA Low 930.99 MB 264

MP3 MULTIMEDIA Low 26.76 MB 51

RealMedia MULTIMEDIA Low 1.07 MB 4

Netflix MULTIMEDIA Low 571.41 KB 673

Application Category Risk Traffic Sessions

Icecast MULTIMEDIA Low 91.38 KB 10

Windows Media Player MULTIMEDIA Low 51.68 KB 2

WhatsApp Messenger MOBILE-APPS Low 232.60 KB 74

Apple Push Notifications MOBILE-APPS Low 4.59 MB 278

Android Dalvik MOBILE-APPS Low 898.37 KB 396

Apple iCloud MISC-APPS Elevated 34.10 MB 2,105

Baidu MISC-APPS Elevated 7.45 MB 208

Amazon.com MISC-APPS Low 3.14 GB 1,904

Google MISC-APPS Low 3.13 GB 22,257

eBay MISC-APPS Low 64.12 MB 1,397

Quora MISC-APPS Low 5.65 MB 63

Apple Spotlight Suggestions MISC-APPS Low 4.04 MB 172

Pinterest MISC-APPS Low 3.50 MB 171

LastPass MISC-APPS Low 1013.18 KB 65

Wells Fargo Bank MISC-APPS Low 939.56 KB 22

Indeed.com MISC-APPS Low 881.94 KB 28

Tumblr.com MISC-APPS Low 402.22 KB 99

Google Docs MISC-APPS Low 203.25 KB 32

New York Times Online MISC-APPS Low 69.04 KB 12

Dictionary.com MISC-APPS Low 36.16 KB 5

Application Category Risk Traffic Sessions

Google API MISC-APPS Low 13.38 KB 51

Craigslist MISC-APPS Low 1.16 KB 6

IMDb MISC-APPS Low 1.09 KB 4

Microsoft CryptoAPI MISC-APPS Low 62.41 MB 14,364

Morningstar MISC-APPS Low 25.26 MB 108

McAfee MISC-APPS Low 19.14 MB 3

Yahoo! Finance MISC-APPS Low 4.86 MB 43

Bing Maps MISC-APPS Low 3.78 MB 22

Bing MISC-APPS Low 2.21 MB 241

RSS MISC-APPS Low 715.94 KB 11

Pure-FTPd FTP Server MISC-APPS Low 177.17 KB 100

StumbleUpon MISC-APPS Low 46.47 KB 13

The Weather Channel MISC-APPS Low 19.60 KB 65

Google Earth MISC-APPS Low 11.68 KB 3

Google Toolbar MISC-APPS Low 9.59 KB 1

McAfee SiteAdvisor MISC-APPS Low 7.48 KB 6

MapQuest MISC-APPS Low 6.46 KB 2

WidgiToolbar MISC-APPS Low 5.10 KB 3

Google QUIC INFRASTRUCTURE Elevated 19.03 KB 1

Akamai CDN INFRASTRUCTURE Low 85.64 MB 545

Application Category Risk Traffic Sessions

Amazon CloudFront INFRASTRUCTURE Low 161.58 MB 641

UPnP INFRASTRUCTURE Low 73.22 MB 50,108

OCSP INFRASTRUCTURE Low 50.90 MB 8,497

RPC Portmapper INFRASTRUCTURE Low 10.20 KB 20

ZeroVPN INFRASTRUCTURE Low 8.20 KB 23

Skype IM Elevated 5.50 MB 363

NateOn IM Elevated 3.38 MB 1

Google Talk IM Elevated 183.13 KB 18

Microsoft MSN Messenger IM Low 3.55 MB 108

GO SMS IM Low 84.96 KB 7

Yahoo! Messenger IM Low 2.81 KB 1

General HTTPS General Elevated 1.83 GB 374,521

General HTTP General Elevated 394.15 MB 139,470

General UDP General Elevated 374.09 MB 454,535

General DNS General Elevated 160.49 MB 928,977

General HTTPS MGMT General Elevated 68.34 MB 4,445

Service RPC Services General Elevated 52.50 MB 19,003

General NETBIOS General Elevated 39.70 MB 77,126

General LLMNR General Elevated 25.40 MB 147,566

General TCP General Elevated 22.79 MB 50,990

Application Category Risk Traffic Sessions

Service Apple Bonjour General Elevated 7.74 MB 28,438

Service RPC Services (IANA) General Elevated 7.21 MB 1,996

General POP3 General Elevated 3.83 MB 11,907

Service Version 2 Multicast General Elevated 1.83 MB 21,024 Listener Re

Service NTP General Elevated 1.31 MB 1,678

Service DCE EndPoint General Elevated 799.59 KB 8,670

Service V3 Membership Report General Elevated 745.56 KB 3,464

General HTTP MGMT General Elevated 442.46 KB 48

Service SMB General Elevated 436.71 KB 749

Service Echo General Elevated 435.82 KB 9,542

General FTP control General Elevated 362.60 KB 163

General SNMP General Elevated 312.39 KB 4,406

Service Tivo TCP Data General Elevated 300.11 KB 258

Service SSH General Elevated 260.23 KB 5,193

Service NT Domain Login Port General Elevated 165.81 KB 4 1025

General SSH General Elevated 162.55 KB 2,152

Service IKE (Traversal) General Elevated 69.45 KB 25

Service RTSP TCP General Elevated 43.62 KB 491

Service Tivo TCP Desktop (8200)General Elevated 33.99 KB 217

Service V2 Membership Report General Elevated 27.31 KB 304

Application Category Risk Traffic Sessions

General IKE General Elevated 8.37 KB 6

General H323 control General Elevated 5.91 KB 26

General SMTP General Elevated 4.84 KB 38

General RIP General Elevated 4.57 KB 60

Service Terminal Services TCP General Elevated 4.37 KB 58

General RADIUS General Elevated 3.38 KB 17

General DHCP General Elevated 3.32 KB 7

General NNTP General Elevated 2.84 KB 19

General Telnet General Elevated 2.84 KB 19

General LDAP General Elevated 2.84 KB 19

General Oracle data General Elevated 2.67 KB 12

Service NetBios SSN TCP General Elevated 2.52 KB 16

General PPTP control General Elevated 1.27 KB 7

Service iMesh General Elevated 736.00 Bytes 5

Service Multicast Listener Report General Elevated 216.00 Bytes 1 (IPv6

NFL (National Football League) GAMING Low 577.50 KB 13

MindJolt GAMING Low 154.65 KB 14

Zynga With Friends GAMING Low 17.28 MB 121

Xbox GAMING Low 7.76 MB 336

Archive FILETYPE-DETECTION High 3.21 GB 797

Application Category Risk Traffic Sessions

XML FILETYPE-DETECTION High 6.23 MB 9

Audio Video Stream FILETYPE-DETECTION Elevated 730.02 MB 2,152

Document FILETYPE-DETECTION Elevated 561.73 MB 126

Image FILETYPE-DETECTION Low 3.10 GB 62,217

Microsoft Exchange EMAIL-APPS Low 3.45 MB 13

SquirrelMail EMAIL-APPS Low 1.56 MB 13

Wget DOWNLOAD-APPS Elevated 37.59 KB 28

Microsoft BITS DOWNLOAD-APPS Low 14.36 GB 1,895

IDM DOWNLOAD-APPS Low 4.43 GB 744

Microsoft App Store DOWNLOAD-APPS Low 863.57 KB 35

Akamai NetSession Interface DOWNLOAD-APPS Low 195.44 KB 734

Google Drive DOWNLOAD-APPS Low 134.44 KB 11

Microsoft Office 365 BUSINESS-APPS Elevated 11.80 MB 906

WordPress BUSINESS-APPS Elevated 129.13 KB 1

TurboTax BUSINESS-APPS Low 3.70 MB 33

Adobe Acrobat BUSINESS-APPS Low 1.08 MB 69

Microsoft SharePoint BUSINESS-APPS Low 31.81 KB 4

AppNexus BROWSING-PRIVACY Low 162.98 MB 5,229

AOL Advertising BROWSING-PRIVACY Low 106.87 MB 1,774

Adsrvr BROWSING-PRIVACY Low 85.59 MB 322

Application Category Risk Traffic Sessions

Serving-Sys BROWSING-PRIVACY Low 22.91 MB 180

Double Verify BROWSING-PRIVACY Low 17.35 MB 1,120

AddThis.com BROWSING-PRIVACY Low 13.22 MB 354

Ministerial5 BROWSING-PRIVACY Low 12.55 MB 1

AdTech BROWSING-PRIVACY Low 12.28 MB 443

Adsafe Media BROWSING-PRIVACY Low 11.93 MB 319

ScoreCard Research BROWSING-PRIVACY Low 11.63 MB 667

Atwola BROWSING-PRIVACY Low 10.04 MB 354

Casale Media BROWSING-PRIVACY Low 8.79 MB 342

DoubleClick BROWSING-PRIVACY Low 7.23 MB 721

Criteo BROWSING-PRIVACY Low 6.51 MB 280

BlueKai Research BROWSING-PRIVACY Low 5.15 MB 198

MediaMath BROWSING-PRIVACY Low 4.73 MB 414

Aggregrate Knowledge BROWSING-PRIVACY Low 4.59 MB 243

Omniture BROWSING-PRIVACY Low 4.58 MB 94

Betr Ad BROWSING-PRIVACY Low 4.48 MB 726

Turn Advertising BROWSING-PRIVACY Low 3.97 MB 375

Optimizely BROWSING-PRIVACY Low 3.01 MB 64

eXelate Media BROWSING-PRIVACY Low 2.37 MB 740

Quantcast BROWSING-PRIVACY Low 1.98 MB 902

Application Category Risk Traffic Sessions

Media Innovation Group BROWSING-PRIVACY Low 1.51 MB 304

IMR Worldwide BROWSING-PRIVACY Low 1.27 MB 211

Chart Beat BROWSING-PRIVACY Low 930.82 KB 132

Site Scout BROWSING-PRIVACY Low 493.11 KB 191

Chango Marketing BROWSING-PRIVACY Low 462.90 KB 132

Adnetik BROWSING-PRIVACY Low 455.33 KB 54

Acuity Platform BROWSING-PRIVACY Low 142.44 KB 63

ADGRX BROWSING-PRIVACY Low 92.90 KB 48

eyeReturn Marketing BROWSING-PRIVACY Low 88.44 KB 21

Flurry BROWSING-PRIVACY Low 79.99 KB 19

Eq Ads BROWSING-PRIVACY Low 67.55 KB 31

Optimax Media Delivery BROWSING-PRIVACY Low 29.30 KB 9

Adsonar BROWSING-PRIVACY Low 2.58 KB 3

EdgeSuite BROWSING-PRIVACY Low 1017.18 MB 427

ABMR BROWSING-PRIVACY Low 46.13 KB 12

Dropbox BACKUP-APPS Elevated 89.13 MB 2,082

Microsoft OneDrive BACKUP-APPS Elevated 70.96 MB 12,788

Apple Updates APP-UPDATE Elevated 219.07 MB 52

Trend Micro APP-UPDATE Low 27.43 MB 9,980

Malwarebytes APP-UPDATE Low 21.70 MB 267

Application Category Risk Traffic Sessions

VK APP-UPDATE Low 17.44 KB 2

Microsoft Windows Updates APP-UPDATE Low 21.28 GB 12,614

Firefox APP-UPDATE Low 59.81 MB 31

Symantec Live Update APP-UPDATE Low 32.61 MB 23

Apple Security APP-UPDATE Low 189.63 KB 49

Apple Location Service APP-UPDATE Low 59.70 KB 10

Microsoft Dr.Watson APP-UPDATE Low 1.61 KB 1

Vulnerabilities that affect applications are often exploited by hackers to infiltrate private networks. Dell SonicWALL firewalls identify, log and rank traffic flowing through your network to protect against such attacks.

The applications listed below represent the most vulnerable applications seen on your network.

Application Risk Traffic Sessions

eMule Severe 1.89 MB 222

Private Internet Access VPN Severe 23.18 KB 1

Archive High 3.21 GB 797

Encrypted Key Exchange High 2.31 GB 30,049

Freegate High 1.12 GB 333

Executable High 233.01 MB 35

ISL Light High 36.80 MB 559

XML High 6.23 MB 9

Citrix High 2.45 MB 65

Splashtop Remote Desktop High 498.81 KB 284

HTTP Proxy High 22.64 KB 22

Psiphon High 1.49 KB 4

Ares High 130.00 Bytes 2

HTTP User-Agent Elevated 5.18 GB 54,872

Google Chrome Elevated 2.60 GB 41,324

General HTTPS Elevated 1.83 GB 374,521

Audio Video Stream Elevated 730.02 MB 2,152

SMTP Elevated 594.98 MB 1,163

Document Elevated 561.73 MB 126

General HTTP Elevated 394.15 MB 139,470

Excessive demand, often the result of large downloads or streaming video, can place an unacceptable strain on your network infrastructure.

These applications represent the biggest consumers of bandwidth on your network.

Application Risk Traffic Sessions

SSL Low 52.57 GB 542,442

Microsoft Windows Updates Low 21.28 GB 12,614

Microsoft BITS Low 14.36 GB 1,895

MPEG Low 14.36 GB 1,511

HTTP User-Agent Elevated 5.18 GB 54,872

IDM Low 4.43 GB 744

HTTP Protocol Low 4.27 GB 92,964

Facebook Low 3.93 GB 18,807

Archive High 3.21 GB 797

Amazon.com Low 3.14 GB 1,904

Google Low 3.13 GB 22,257

Image Low 3.10 GB 62,217

Google Chrome Elevated 2.60 GB 41,324

Encrypted Key Exchange High 2.31 GB 30,049

POP Low 2.29 GB 12,844

Next Steps If you find applications that are non-productive and use most of the bandwidth on your network, it's possible to create policies using Application Control in your Dell SonicWALL firewall to either bandwidth limit or block access to those applications.

Excessive demand, often the result of large downloads or streaming video, can place an unacceptable strain on your network infrastructure.

These applications represent the biggest consumers of bandwidth on your network.

Application Risk Traffic Sessions

YouTube Low 1.53 GB 1,304

Freegate High 1.12 GB 333

IMAP Low 1.07 GB 4,358

EdgeSuite Low 1017.18 MB 427

The Top Exploitation Attempts section provides details on the top exploits blocked by your Dell SonicWALL next-generation firewall. The report includes information on the event type, name, and total number of attempts blocked per signature. To learn more about other potential exploits being blocked by your firewall visit the Dell Security SonicAlerts page.

Event Type Name Blocked

GAV DLoader.A_2 2

GAV ARMADILLO packed executable_2 file 1

GAV Downloader.DC_3 1

IDP Echo Reply 44378

IDP Destination Unreachable (Port Unreachable) 9836

IDP NetBIOS Name Request Probe 2436

IDP PING 2007

IDP Obfuscated JavaScript Code 16 1481

IDP Time-To-Live Exceeded in Transit 576

IDP SSLv2.0 Client Hello 2 503

IDP Irregular XML File 1 415

IDP HTTP Request URI with SQL Statement (AND) 2 156

IDP HTTP Request URI with SQL Statement (FROM) 2 117

Next Steps Using the information from the Top Exploitation Attempts you can determine whether any system on your network may be open to these types of malware attacks or vulnerabilities. This typically results from a specific exploit in unpatched software or from a vulnerable version of software used on an endpoint.

Event Type Name Blocked

IDP Obfuscated JavaScript Code 13 38

IDP HTTP Request URI with SQL Statement (FROM) 1 22

IDP OpenSSL Heartbeat 1 20

IDP Suspicious Video 12 19

IDP Obfuscated JavaScript Code 22 10

IDP Obfuscated JavaScript Code 12 8

IDP Obfuscated JavaScript Code 11 7

IDP HTTP Request URI with SQL Statement (AND) 1 5

IDP Web Application Remote Code Execution 22 4

IDP Downgraded TLS Traffic 4

IDP HTTP Request URI with SQL Statement (OR) 2 4

IDP Cross-Site Scripting (XSS) Attack 8 3

IDP Non-Standard Unicode Request URI 1a 2

IDP Suspicious IMAP SELECT Command 1 1

Event Type Name Blocked

IDP HTTP Request URI with SQL Statement (IF) 2 1

IDP OpenVPN Heartbleed Information Disclosure 1

IDP Obfuscated JavaScript Code 18 1

IDP Obfuscated JavaScript Code 06 1

The Top URL Categories section provides a percentage breakdown of the HTTP/HTTPS URL traffic bandwidth based on Dell SonicWALL Content Filtering Service categories.

URL Category Traffic (%) Session/Count

Business and Economy 35 30889

Information Technology/Computer 24 21084

Search Engines and Portals 8 7399

Advertisement 8 6572

Not Rated 5 4487

Web Communications 3 2440

News and Media 2 2168

Multimedia 2 1777

Social Networking 2 1474

Arts/Entertainment 2 1451

Shopping 1 999

Freeware/Software Downloads 1 886

Reference <1 786

E-Mail <1 782

Games <1 536

Online Banking <1 535

Web Hosting <1 358

Internet Auctions <1 325

Sports/Recreation <1 300

Education <1 285

Online Brokerage and Trading <1 270

The Top URL Categories section provides a percentage breakdown of the HTTP/HTTPS URL traffic bandwidth based on Dell SonicWALL Content Filtering Service categories.

URL Category Traffic (%) Session/Count

Vehicles <1 256

Chat/Instant Messaging (IM) <1 244

Health <1 167

Travel <1 164

Government <1 134

Job Search <1 110

Real Estate <1 81

Religion <1 79

Society and Lifestyle <1 68

Restaurants and Dining <1 67

Pornography <1 44

Pay to Surf Sites <1 41

Humor/Jokes <1 27

Political/Advocacy Groups <1 22

Personals and Dating <1 19

Weapons <1 8

Kid Friendly <1 7

Other <1 7

Malware <1 7

Cultural Institutions <1 5

Hacking/Proxy Avoidance Systems <1 5

The Top URL Categories section provides a percentage breakdown of the HTTP/HTTPS URL traffic bandwidth based on Dell SonicWALL Content Filtering Service categories.

URL Category Traffic (%) Session/Count

Adult/Mature Content <1 3

Alcohol/Tobacco <1 3

Usenet News Groups <1 1

The Top Application Categories by Bandwidth section provides a percentage breakdown of the top application traffic bandwidth based on the Dell SonicWALL Application Control categories.

Application Category Traffic (%) Session/Count

Network Infrastructure 41 2436892

Browser 25 149615

Application 24 161616

None 10 2711392

The Top Countries by Traffic section provides an overview of the traffic that is either destined to a device behind your firewall or to a specific country. This data can be used to determine if traffic is going to a particular location and whether additional GeoIP or Botnet policies should be put in place to block those attempts.

The top 10 countries by source detected during the audit period are presented below:

Country Traffic Sessions Blocked

United States 151.71 GB 3692610 0 Ireland 131.99 MB 8901 0 Australia 2.90 MB 6020 0 United Kingdom 42.24 MB 3638 0 Japan 29.45 MB 3213 0

The Top Session Usage by IP section provides a list of the top IP addresses and total session counts from devices behind your firewall. This information provides insight into the largest consumers of traffic going out through your firewall.

IP Traffic Session

255.255.255.255 309.18 GB 10,588,704 Next Steps 10.0.0.83 426.63 MB 1,510,470 Your Dell SonicWALL firewall supports Single 75.75.75.75 380.98 MB 1,462,858 Sign-on (SSO) integration with LDAP/Active Directory 10.0.0.254 5.47 GB 1,362,405 (AD) which allows you to leverage AD groups to 75.75.76.76 308.36 MB 1,173,396 create policies for application control and URL 10.0.0.2 1.71 GB 583,932 filtering based on users. Reporting tools available on 10.0.0.36 581.60 MB 185,064 your firewall and through GMS/Analyzer can link the 10.0.0.37 581.33 MB 184,940 user to application and URL based reports. 10.0.0.128 24.79 GB 182,396

10.0.0.74 8.26 GB 179,962

10.0.0.46 581.36 MB 179,816

10.0.0.255 59.50 MB 175,190

239.255.255.250 243.45 MB 165,480

10.0.0.42 180.50 MB 122,616

10.0.0.145 5.43 GB 122,523

224.0.0.252 14.50 MB 102,461

255.255.255.255 28.55 MB 87,797

10.0.0.56 4.89 GB 82,043

10.0.0.130 9.61 GB 77,777

10.0.0.82 1.64 GB 75,655

IP Traffic Session

10.0.0.62 1.97 GB 71,303 Next Steps 10.0.0.69 2.56 GB 69,462 Your Dell SonicWALL firewall supports Single 10.0.0.54 583.95 MB 61,100 Sign-on (SSO) integration with LDAP/Active Directory 10.0.0.98 33.09 MB 54,729 (AD) which allows you to leverage AD groups to create policies for application control and URL filtering based on users. Reporting tools available on your firewall and through GMS/Analyzer can link the user to application and URL based reports.

The Top Traffic Usage by IP section provides a list of the top IP addresses and the total traffic counts from devices behind your firewall. This information provides insight into the largest consumers of traffic by volume going through your firewall.

IP Traffic Session

255.255.255.255 309.18 GB 10,588,704 Next Steps 10.0.0.128 24.79 GB 182,396 Your Dell SonicWALL firewall supports Single 10.0.0.12 10.33 GB 6,324 Sign-on (SSO) integration with LDAP/Active Directory 10.0.0.130 9.61 GB 77,777 (AD) which allows you to leverage AD groups to 10.0.0.74 8.26 GB 179,962 create policies for application control and URL 10.0.0.65 6.78 GB 24,732 filtering based on users. Reporting tools available on 10.0.0.80 6.39 GB 45,418 your firewall and through GMS/Analyzer can link the 10.0.0.254 5.47 GB 1,362,405 user to application and URL based reports. 10.0.0.145 5.43 GB 122,523

10.0.0.56 4.89 GB 82,043

10.0.0.73 4.69 GB 51,942

10.0.0.122 4.65 GB 45,905

10.0.0.79 4.41 GB 42,612

204.130.255.5 3.89 GB 29,678

10.0.0.99 3.73 GB 11,451

10.0.0.94 3.23 GB 32,930

10.0.0.69 2.56 GB 69,462

10.0.0.64 2.36 GB 20,380

10.0.0.53 2.00 GB 27,570

10.0.0.62 1.97 GB 71,303

IP Traffic Session

216.58.217.46 1.91 GB 15,043 Next Steps 10.0.0.86 1.87 GB 43,523 Your Dell SonicWALL firewall supports Single 54.186.152.178 1.80 GB 12,339 Sign-on (SSO) integration with LDAP/Active Directory 10.0.0.87 1.78 GB 35,795 (AD) which allows you to leverage AD groups to create policies for application control and URL filtering based on users. Reporting tools available on your firewall and through GMS/Analyzer can link the user to application and URL based reports.

The Top User Sessions section provides a list of the top users by total session and name, which can provide insight into the largest consumers of traffic behind your Dell SonicWALL firewall.

User Traffic Session

All 154.69 GB 5,459,522 Next Steps UNKNOWN 153.98 GB 5,427,198 Your Dell SonicWALL firewall supports Single admin 729.80 MB 32,324 Sign-on (SSO) integration with LDAP/Active Directory (AD) which allows you to leverage AD groups to create policies for application control and URL filtering based on users. Reporting tools available on your firewall and through GMS/Analyzer can link the user to application and URL based reports.

The Top User Traffic session provides a list of the top users by total traffic and name, which can provide insight into the largest consumers of traffic behind you Dell SonicWALL firewall.

User Traffic Session

In order to provide the full set of reports, you should enable the following options in the management GUI of your Dell SonicWALL next-generation firewall. If these options are not configured, then the final SWARM report will only contain only a subset of all potential data.

Page Status

Enabled. Reporting for aggregate data Aggregate Reporting logs enabled.

Enabled. Reporting for aggregate App Reporting application data logs enabled.

Enabled. Reporting for aggregate URL URL Reporting data logs enabled.

Enabled. Reporting for URL category URL Category Reporting data logs enabled.

Enabled. Either GAV is licensed or GAV GAV Reporting status is enabled.

Enabled. Either Spyware is licensed or Spyware Reporting Spyware status is enabled.

Enabled. Either IPS is licensed or IPS IPS Reporting status is enabled.

Enabled. Reporting for aggregate geo Geo IP Reporting IP data logs enabled.

Enabled. Reporting for aggregate app App IP Reporting IP data logs enabled.

Enabled. Reporting for aggregate user User IP Reporting IP data logs enabled.

Low This condition applies when there is no discernible network incident activity and no malicious code activity with a moderate or severe risk rating. Under these conditions, only a routine security posture, designed to defeat normal rating threats, is warranted.

Elevated This application may not have a legitimate purpose on the network. The application can also be a source of unwanted traffic to the internal network. Some messenger services, such as Meebo, fall into this category.

High This application may be either resource hungry or may provide a service that circumvents normal network rules. Allowing this application to run may result in users unknowingly downloading malicious files. Some proxy services, such as Ultrasurf, fall into this category. It also includes some peer-to-peer applications, such as BitComet.

Severe This application is resource hungry and consumes a large amount of network bandwidth. The application is also a well-known facilitator of malicious activity, and is often used to infect endpoints. Some peer-to-peer services, such as eMule, fall into this category.

ARMADILLO packed executable_2 file ExePacker

Cross-Site Scripting (XSS) Attack 8 Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include HTML code and client-side scripts. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Vulnerabilities of this kind have been exploited to craft powerful phishing attacks and browser exploits.

DLoader.A_2 Trojan

Destination Unreachable (Port Unreachable) Internet Control Message Protocol (ICMP) is part of the Internet Protocol Suite. ICMP messages are typically generated in response to errors in IP datagrams or for diagnostic or routing purposes.

ICMP traffic may be used to map a network, or help fingerprint an OS. The information used from these methods may be used for illegitimate purposes.

Downgraded TLS Traffic This signature indicates the web client sends TLS (1.0~1.2) handshake to the web server, and the web server replies with SSL 3.0 handshake. Therefore the whole session will use SSL 3.0.

Downloader.DC_3 Downloader.DC_3 is a Trojan. A Trojan is a program that pretends to have a valid use, but in fact modifies the user's computer in malicious ways. Trojans do not replicate or spread to other computers.

Process Related Changes It creates the following mutex(es): Mso97SharedDg19211108172Mutex" MSCTF.Shared.MUTEX.MOH" CTF.TMD.MutexDefaultS-1-5-21-1078081533- 842925246-854245398-1003" CTF.TimListCache.FMPDefaultS-1-5-21-1078081533-842925246-854245398- 1003MUTEX.DefaultS-1-5-21-1078081533-842925246-854245398-1003" CTF.Compart.MutexDefaultS-1-5-21- 1078081533-842925246-854245398-1003" MSCTF.Shared.MUTEX.MAG" CTF.Layouts.MutexDefaultS-1-5-21- 1078081533-842925246-854245398-1003" Mso97SharedDg20321108172Mutex" CTF.Asm.MutexDefaultS-1-5-21- 1078081533-842925246-854245398-1003" Mutex_MSOSharedMem" CTF.LBES.MutexDefaultS-1-5-21-1078081533- 842925246-854245398-1003" Mso97SharedDg19521108172Mutex"

Echo Reply Internet Control Message Protocol (ICMP) is part of the Internet Protocol Suite. ICMP messages are typically generated in response to errors in IP datagrams or for diagnostic or routing purposes.

ICMP traffic may be used to map a network, or help fingerprint an OS. The information used from these methods may be used for illegitimate purposes.

Email with TNEF Attachment Outlook and the Microsoft Exchange Client sometimes use a special method to package information for sending messages across the Internet. This method is technically referred to as Transport Neutral Encapsulation Format (TNEF).

HTTP Request URI with SQL Statement (AND) 1 This signature detects SQL commands sent in HTTP requests. These are generally considered suspicious.

HTTP Request URI with SQL Statement (AND) 2 This signature detects SQL commands sent in HTTP requests. These are generally considered suspicious.

HTTP Request URI with SQL Statement (FROM) 1 This signature detects SQL commands sent in HTTP requests. These are generally considered suspicious.

HTTP Request URI with SQL Statement (FROM) 2 This signature detects SQL commands sent in HTTP requests. These are generally considered suspicious.

HTTP Request URI with SQL Statement (IF) 2 This signature detects SQL commands sent in HTTP requests. These are generally considered suspicious.

HTTP Request URI with SQL Statement (OR) 2 This signature detects SQL commands sent in HTTP requests. These are generally considered suspicious.

Irregular XML File 1 This signature detects a XML file which indicates allow access from all domains.

NetBIOS Name Request Probe This signature indicates NetBIOS name request traffic.

Non-Standard Unicode Request URI 1a This signature indicates non-standard encoding for Unicode characters, %uxxxx, in HTTP request URI. This encoding is not specified by any RFC and has been rejected by the W3C.

Obfuscated JavaScript Code 06 This signature indicates obfuscated JavaScript being sent to an HTTP client.

Obfuscated JavaScript Code 11 This signature indicates obfuscated JavaScript being sent to an HTTP client.

Obfuscated JavaScript Code 12 This signature indicates obfuscated JavaScript being sent to an HTTP client.

Obfuscated JavaScript Code 13 This signature indicates obfuscated JavaScript being sent to an HTTP client.

Obfuscated JavaScript Code 16 This signature indicates obfuscated JavaScript being sent to an HTTP client.

Obfuscated JavaScript Code 18 This signature indicates obfuscated JavaScript being sent to an HTTP client.

Obfuscated JavaScript Code 22 This signature indicates obfuscated JavaScript being sent to an HTTP client.

OpenSSL Heartbeat 1 This is an informational signature.

OpenVPN Heartbleed Information Disclosure OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to gain sensitive information.

PING Internet Control Message Protocol (ICMP) is part of the Internet Protocol Suite. ICMP messages are typically generated in response to errors in IP datagrams or for diagnostic or routing purposes.

ICMP traffic may be used to map a network, or help fingerprint an OS. The information used from these methods may be used for illegitimate purposes.

SSLv2.0 Client Hello 2 SSL 2.0 was deprecated in 2011 by RFC 6176.

Suspicious IMAP SELECT Command 1 This signature indicates malformed SELECT command being sent to IMAP server.

Suspicious Obfuscated JavaScript Code 46 This signature indicates suspicious obfuscated JavaScript being sent to an HTTP client.

Suspicious Video 12 This signature detects and blocks malicious video files, which contain a pattern indicative of an exploit attempt.

Time-To-Live Exceeded in Transit Internet Control Message Protocol (ICMP) is part of the Internet Protocol Suite. ICMP messages are typically generated in response to errors in IP datagrams or for diagnostic or routing purposes.

ICMP traffic may be used to map a network, or help fingerprint an OS. The information used from these methods may be used for illegitimate purposes.

Web Application Remote Code Execution 22 This signature indicates suspicious byte pattern being sent to a web application.

ABMR This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.

ADGRX This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.

AOL Advertising This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.

AOL Webmail AOL LLC (formerly America Online) is an American global Internet services and media company operated by Time Warner.

Acuity Platform This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.

AdTech This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.

AddThis.com AddThis.com is a web user tracking company. They partner with websites to include invisible code in the partner website which reports user browsing data to addthis.com backend for the purpose of commercializing user data.

Adnetik This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.

Adobe Acrobat Acrobat.com offers users a collection of free web applications from Adobe Systems.

Adsafe Media This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.

Adsonar This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.

Adsrvr This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.

Aggregrate Knowledge This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.

Akamai CDN Akamai is a content delivery network.

Akamai NetSession Interface The Akamai NetSession Interface is distributed networking software which greatly enhances the quality and speed of downloads and video streams you get from websites that support Akamai technology. The Akamai NetSession Interface handles the caching, reflecting and sending of files delivered to you through the Akamai network. The software is safe and secure, and does not contain any adware or spyware and never will.

Amazon CloudFront Amazon CloudFront is a content delivery web service. It integrates with other Amazon Web Services products to give developers and businesses an easy way to distribute content to end users with low latency, high data transfer speeds, and no minimum usage commitments.

Amazon.com Amazon.com, Inc. (NASDAQ: AMZN) is an American-based multinational electronic commerce company. Headquartered in Seattle, Washington, it is America's largest online retailer, with nearly three times the Internet sales revenue of the runner up, Staples, Inc., as of January 2010.Jeff Bezos founded Amazon.com, Inc. in 1994 and launched it online in 1995 as Cadabra.com. It started as an online bookstore, but soon diversified, selling DVDs, CDs, MP3 downloads, computer software, video games, electronics, apparel, furniture, food, and toys. Amazon has established separate websites in Canada, the United Kingdom, Germany, France, Japan, and China. It also provides international shipping to certain countries for some of its products. A 2009 survey found that Amazon was the UK's favorite music and video retailer, and third overall retailer.

Android Dalvik Android Dalvik is the process Virtual Machine that runs all executable Apps on Android mobile devices and tablets.

AppNexus This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.

Apple Bonjour Apple Bonjour is a LAN protocol similar to Microsoft suite of protocols for querying Local Area Network resources: Bonjour (mDNSResponder), AirPlay, Home Sharing, Printer Discovery, etc. On Macintosh this service is provided by the mDNSResponder over IP and IPv6.

Apple Core Media Apple Core Media library (CoreMedia Framework) is the process that renders audio and visual content on Apple products including the iPad, iPhone, and other platforms.

Apple Location Service Apple Location Service is a process called locationd running on your Apple products. It is responsible for maintaining a current geographical location of the device for use in Apps like Google Maps, and any other location-aware application.

Apple Push Notifications Apple Push Notification (APN) is the sanctioned communications channel between Apple backend infrastructure and the applications that you run on your Apple iPhone, iPad, iPod Touch, Macbooks, etc. A push notification is an asynchronous notification that comes from the external network to your device to alert your apps to events to which you have subscribed. For example you receive push notifications when someone posts a status update to Facebook, when somebody has sent you a text message, etc.

Apple Security Apple Security includes the XProtectUpdater, a security feature that downloads security signatures.

Apple Spotlight Suggestions Apple Spotlight is a global search box built into the Apple OS. Apple Spotlight Suggestions is a feature for keylogging your search box activity to provide you with aggregated search suggestions from Apples backend servers. The Apple Spotlight Suggestions are included in Apple Safari browser and Apple Spotlight Search by default. (Opting out is available.)

Apple Updates Apple (or Apple Inc.) designs and manufactures consumer electronics and software products. Enabling blocking for this application will also block most Apple Inc. network traffic. (Use with caution.)

Apple iCloud Apple iCloud is a cloud service that stores your music, photos, apps, calendars, documents, and more in the cloud. And wirelessly pushes them to all your devices.

Apple iMessage Apple iMessaging is part of Apple iOS notification system for test messaging. It is used by many of Apple Applications including Apple FaceTime and others.

Apple iTunes iTunes is a free multimedia client provided by Apple. Because it consumes streaming media, using the client can devour network bandwidth.

Apple iTunes Radio Apple iTunes Radio is Internet radio that lets you create stations and stream music on all your devices.

Archive RPM files are software files packaged by the RPM Package Manager system.

Ares Ares is a free peer-to-peer file-sharing application that allows users to share any digital content files, such as images, audio, video, and more. Peer-to-peer application use may be against policies on your network.

Atwola This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.

Audio Video Stream This SonicWALL signature identifies Audio, Video, Graphic, and other Multimedia file streams.

Baidu Baidu is a popular Chinese search engine for websites, images, and other media content. Baidu's also populat instant messaging service is called "Baidu Hi".

Betr Ad This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.

Bing Bing is the newest incarnation of a web search engine portal from Microsoft Corporation.

Bing Maps Bing Maps for Enterprise is a mapping platform produced by Microsoft Corporation. The Bing Maps for Enterprise framework is what powers the Bing Maps web-mapping service.

BitTorrent Protocol BitTorrent Protocol is a peer-to-peer file sharing (P2P) communications protocol, famous (or infamous) for its ability to distribute large data files--movies, software, photos, documents, etc. Usage of the protocol accounts for significant traffic on the Internet. Peer-to-peer networks are characterized by a decentralized topology of temporary peer nodes that join and leave the network, unlike traditional client-server networks. BitTorrent is maintained by BitTorrent, Inc. There are numerous compatible BitTorrent clients, such as uTorrent, BitComet, Deluge, TurboBT, and Transmission, and Xunlei (a Chinese-language file sharing client). Many of these BT Clients, in addition to using the BitTorrent Protocol proper, also use other file-sharing protocols and downloading methods, such as eMule/eDonkey protocol, and so-called HTTP Download Acceleration. (HTTP Download Acceleration is clever use of the HTTP 'Range' header in HTTP requests. Multiple HTTP requests are made in parallel for different byte ranges of the file.) BitTorrent clients also use encryption techniques to evade firewall application control over both TCP and UDP. To block all file-sharing applications we recommend enabling the entire P2P category, both SonicWALL Encrypted Key Exchange application signatures (sids: 5 & 7), and the PROTOCOLS >> HTTP Range header signature (sid: 6872).

BlueKai Research This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.

Casale Media This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.

Chango Marketing This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.

Chart Beat Chart Beat is a web-analytics company that collects notifications from its partner's software: website, web applications, desktop apps, etc. about user activity: how long did the user stay at partners site, etc.

Citrix Citrix products offer users secure access to applications and content from a variety of clients, through virtualization technologies via the Internet.

Craigslist Craigslist is a centralized network of online communities, featuring free online classified advertisements - with sections devoted to jobs, housing, personals, for sale, services, community, gigs, and discussion forums.

Criteo This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.

DHCP Protocol The Dynamic Host Configuration Protocol (DHCP) is an automatic configuration protocol used on IP networks. Computers that are connected to IP networks must be configured before they can communicate with other computers on the network. DHCP allows a computer to be configured automatically, eliminating the need for intervention by a network administrator. It also provides a central database for keeping track of computers that have been connected to the network. This prevents two computers from accidentally being configured with the same IP address.DHCP is not normally forwarded at the Network (OSI Layer 3) level. However, DHCP can be routed when using a DHCP Relay.

DNS Protocol The Domain Name System (DNS) is a naming system for computers and services connected to the Internet, where DNS translates the hostnames into IP addresses.

Dictionary.com Dictionary.com is the online reference for the spelling, meaning, usage, and source of words. This site is available via browser or mobile app.

Document The PDF file format, or Portable Document Format, was created by Adobe Systems to help users in facilitating the exchange of document files.

Double Verify This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.

DoubleClick \ DoubleClick is a subsidiary of Google that develops and provides Internet ad serving services. Its clients include agencies, marketers (Universal McCann Interactive, AKQA etc.) and publishers who serve customers like Microsoft, General Motors, Coca-Cola, Motorola, L'Oral, Palm, Inc., Visa USA, Nike, Carlsberg among others. DoubleClick's headquarters are in New York City, United States. DoubleClick embeds code in its partners websites that cause the web visitors browser to send a notification back indicating a visit to the site.\ \ \ This SonicWALL signature identifies DoubleClick HTTP traffic.\

Dropbox Dropbox is storage service that allows users to store and synchronize file content between computers, over the Internet. Dropbox has is compatible with Windows, Mac OS X and Linux platform clients. No-cost user accounts offer 2 GB of storage space, while paid accounts offer significantly higher storage space.

EdgeSuite This network traffic is is web user tracking traffic.

Encrypted Key Exchange Encrypted Key Exchange (also known as EKE) is a family of password-authenticated key agreement methods described by Steven M. Bellovin and Michael Merritt. Although several of the forms of EKE in this paper were later found to be flawed, the surviving, refined, and enhanced forms of EKE effectively make this the first method to amplify a shared password into a shared key, where the shared key may subsequently be used to provide a zero-knowledge password proof or other functions. This application identifies randomness in a TCP and UDP sessions between an application and a peer or server. Many applications that want to evade firewall detectionincluding Ultrasurf, Ammy Admin, Skype, Psiphon, eMule, and otheruse encrypted TCP and UDP sessions. By nature an encrypted session is just a bunch of seemingly random bytes within the transport layer payload--how the bytes are interpreted is a mystery that only the applications protocol designers know. For this reason, all encrypted sessions look alike at the firewall, and there is no way to identify from which application the encrypted TCP session is coming. Therefore, enabling prevention for these signatures--SID 5 for TCP, and SID 7 for UDPwill necessarily block all and any encrypted sessions emanating from these evasive applications. There is no way to distinguish between them.

Eq Ads This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.

Executable Executable and Linking Format files (.exe) are a common standard file format for executable files and libraries.

FTP File Transfer Protocol (FTP) is a standard network protocol defined in RFC 959. It is used to copy a file from one host to another over a TCP/IP-based network, such as the Internet. FTP is built on a client-server architecture and utilizes separate control and data connections between the client and server applications, which solves the problem of different end host configurations (i.e., Operating System, file names).[1] FTP is used with user-based password authentication or with anonymous user access.

Facebook facebook is an enormously popular social networking site that lets users build a profile page and then seek out and connect with other friends on the service. Users can also join networks for various interests or geographic locations, upload digital media content, and even play games online through the site. facebook is subject to blocking and censure in some countries, and the site appears to continually be re-vamping their privacy policy in an effort to balance user security and business needs.

Fastly CDN Fastly CDN is a Content Delivery Network, an array of distributed servers that cache web content for performance optimization.

Firefox Firefox is a web browser developed, maintained, and managed by Mozilla Corporation. The browser is truly cross- platform functional, running on Windows, Mac OS X, and Linux systems.

Flash Video (FLV) Flash Video (.flv extension) is the file format used to deliver video over the Internet using Adobe Flash Player (formerly Macromedia Flash Player). Flash Video is used by sites such as Google Video, YouTube, and Reuters.com.

Flipboard Flipboard (Flipboard.com) aggregates social media into an flipable app format. It was created in 2010.

Flurry Flurry (http://www.flurry.com) is an web user analytics company.

Freegate Freegate is an web proxy that uses a proprietary, obfuscated/encrypted application layer protocol to thwart content filtering and application control by firewalls. Blocking this application requires that Encrypted Key Exchange (EKE) application signatures are also required to block this application.

GO SMS GO SMS is SMS, MMS, and file sharing app on mobile devices.

Golden Key VPN Golden Key VPN is a free VPN app for Android. It is a Chinese language based app.

Google Google Inc. is most universally known for its leading Internet search capabilities. Google also provides a myriad of additional free services to users, including email, messaging, mapping services, and office productivity tools and applications.

Google API Google API (Google Application Programming Interface) is a set of programming libraries made available by Google for (mobile and other) application developers can access Google Services (Google Docs, Google Calendar, Google Push Notifications, etc), or simply extend the functionality of their programs using code written by other developers. The developer embeds call to the Google API into their code, and makes calls to https://googleapis.com.

Google Analytics Google Analytics is a no-cost service from Google that generates statistics on a website's visitors, in the hope of helping site owners have greater success in Google AdWords campaigns through optimized language and site content.

Google Chrome Google Chrome is the highly popular web browser from Google.

Google Docs Google Docs is a free suite of applications from Google that includes a web-based word processor, a spreadsheet application, and a presentation application. It allows users to create and edit documents online while collaborating in real-time with other users. Files are saved to Google's server and the application does supports MS Office file types such as .doc, .xls, or .ppt.

Google Drive Google Drive is an online storage service. This lets the users store various files into the cloud.

Google Earth Google Earth is a virtual geographic information program that maps a version of the earth by the superimposition of images obtained from satellite imagery, aerial photography and the GIS 3D globe.

Google Mail (Gmail) Google Mail (Gmail) is the no-cost email service available from Google, Inc. Gmail also provides access to address book, calendar, and office productivity services.

Google Maps Apple iPhone/iPad/iPod Touch Maps is an application for Apples mobile computing platform. The application connects to the Internet via a cellular network (e.g. edge network, 3G network) or via wifi (e.g. local Internet hotspot at home, office, etc). The Maps app provides a global map and various overlays.

Google News Google News is a computer-generated news site that aggregates headlines from news sources worldwide, groups similar stories together and displays them according to each reader's personalized interests.

Google Play Google Play gives you one place to find, enjoy, & share Apps, Music, Movies & Books - instantly anywhere across the web & android devices.

Google Plus Google Plus (Google ) is a social networking platform from Google, Inc. It allows friends to share News Feed Posts, Suggestions/Likes, Video and Photo uploads. This application occurs over SSL (TCP/443) to https://plus.google.com. The SSL Certificate used by the server is *.google.com. There are only two ways to block Google SSL: enable this application and DPI-SSL Client Inspection, or enable SID/6454 ("Google" application) which will block all SSL to any *.google.com including GMAIL and all other Google services.

Google QUIC QUIC is an experimental protocol aimed at reducing web latency over that of TCP. On the surface, QUIC is very similar to TCP TLS SPDY implemented on UDP. Because TCP is implement in operating system kernels, and middlebox firmware, making significant changes to TCP is next to impossible. However, since QUIC is built on top of UDP, it suffers from no such limitations.

Google Talk Google Talk lets users connect to one another in conjunction with third-party messaging systems. Based on the open- source built Jabber, Google Talk also works with services such as iChat, Trillian Pro, and Adium.

Google Toolbar Google Toolbar is a browser toolbar available for installation in Microsoft Internet Explorer and Mozilla Firefox.

HTTP Protocol Hypertext Transfer Protocol (HTTP) is the standard transmission protocol of requests and information between Internet servers and browsers.

HTTP Proxy While this event may not represent an attack, such activity may represent application usage against company policies.

HTTP User-Agent HTTP User-Agent is a collection of signatures that identify network traffic based on HTTP User-Agent header, or elements within the header.

Hulu Hulu (hulu.com) is a website and over-the-top (OTT) subscription service offering ad-supported on demand streaming video of TV shows, movies, webisodes and other new media, trailers, clips, and behind-the-scenes footage from NBC, Fox, ABC, and many other networks and studios. Hulu videos are currently offered only to users in the United States and its overseas territories. In order to ensure that no international users outside the US have access to the videos, Hulu blocks many anonymous proxies, Amazon EC2 IP addresses and virtual private networks. Hulu provides video in Flash Video format, including many films and shows that are available in 288p, 360p, 480p, and in some cases, 720 HD. Hulu also provides web syndication services for other websites including AOL, MSN, MySpace, Facebook, Yahoo!, and Comcast's fancast.com.

ICMP The Internet Control Message Protocol (ICMP) is used by networked computers' operating systems to send error messages.

IDM Internet Download Manager (IDM) is a tool to increase download speeds by up to 5 times, resume and schedule downloads. Comprehensive error recovery and resume capability will restart broken or interrupted downloads due to lost connections, network problems, computer shutdowns, or unexpected power outages.This signature detects the download traffic for application Internet Download Manager. There is nothing special about IDM traffic. It uses standard HTTP protocol. However, it does use the 'Range' HTTP header. It spawns multiple simultaneous TCP connections; each thread downloads a chunk of the file by specifying a byte range in the HTTP request. By using multiple threads running in parallel IDM is able to accelerate the download. You can block IDM from spawning multiple, parallel threads by blocking the Range header. However, you cannot block IDM from running a single thread as it is indistinguishable from regular HTTP requests.

IMAP The Internet Message Access Protocol (IMAP) is the two most used Internet standard protocol for e-mail retrieval.

IMDb The Internet Movie Database (IMDb) is an online database of information related to movies, television shows, actors, production crew personnel, video games, and most recently, fictional characters featured in visual entertainment media. IMDb launched on October 17, 1990, and in 1998 was acquired by Amazon.com.

IMR Worldwide IMR Worldwide is a server that collects user web surfing data from cookies set by sites that you visit. It is part of the Neilsen Ratings System company (http://www.nielsen-online.com).

ISL Light ISL Light is a utility tool to assist administrators in remotely controlling PCs throughout a network.

Icecast Icecast is a streaming media server project for broadcasting music that requires a streaming application, or source encoder.

Image BMP (.bmp), also known as BitMap, is a file format for storing digital image data.

Indeed.com Indeed.com is a metasearch engine for job listings, launched in November 2004.[1] As a single-topic search engine, it is also an example of vertical search. The site aggregates job listings from thousands of websites including job boards, newspapers, associations, and company career pages. Job seekers do not apply for jobs through Indeed, just receive the listing as to where the job is posted. Applicants can then decide which jobs are of interest and then go to the corresponding sites to apply. Indeed is currently available in 54 countries.

Instagram Instagram is a photo sharing application widely used on mobile phones to upload and share photos with friends and followers.

LastPass LastPass is a password management system (password vault) that stores your passwords and makes them available from all of your devices. The only password you need to remember is the Master Password to unlock the vault. The technology uses browser extensions for all of the leading web browsers to intercept website login forms and auto-fill your site-specific password.

LinkedIn LinkedIn is a business-oriented social networking for professional contact networking purposes.

LogMeIn LogMeIn offers users services for remote access to client systems via the Internet. The various product versions use a proprietary remote desktop protocol transmitted via SSL, and connects remote desktops and the local computer using SSL over TCP, utilizing NAT for a peer-to-peer connection.

MP3 MP3 is an extremely common digital audio encoding format that uses a form of lossy data compression.

MPEG The Moving Picture Experts Group (MPEG) is a working group of authorities that was formed by ISO and IEC to set standards for audio and video compression and transmission. It was established in 1988 for the development of new video coding recommendations and to set international standards for Advanced Video Coding. MPEG is a collection of methods defining compression of audio and visual (AV) digital data. It was designated a standard for a group of audio and video coding formats and related technology agreed upon by the ISO/IEC Moving Picture Experts Group (MPEG) under the formal standard ISO/IEC 14496. MPEG-4 is the version of the standard that addresses compression of AV data for web (streaming media) and CD distribution, voice (telephone, videophone) and broadcast television applications.

Mail.com Mail.com provides web e-mail services that users can contact from a remote system connected to the Internet.

Malwarebytes Malwarebytes Anti-Malware is an Anti-Virus company. The application will download updates to its database file (.dat) file regularly to provide up-to-date coverage of malware.

MapQuest MapQuest is a website and map publisher service that helps users build customized maps and directions.

McAfee McAfee is a Computer Security vendor and maker of Antivirus and other software.

McAfee SiteAdvisor McAfee SiteAdvisor is a service that crawling the Internet, tests sites for malware, and reports back on its findings.

Media Innovation Group This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.

Media6Degrees This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.

MediaMath This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.

Microsoft App Store Microsoft App Store (apps.microsoft.com) is an app available on microsoft mobile devices, phones and tablets to shop and download other apps, similar to Apple App Store.

Microsoft BITS Use Background Intelligent Transfer Service (BITS) to transfer files asynchronously between a client and a server. There are three types of transfer jobs. A download job downloads files to the client, an upload job uploads a file to the server, and an upload-reply job uploads a file to the server and receives a reply file from the server application. BITS continues to transfer files after an application exits if the user who initiated the transfer remains logged on and a network connection is maintained. BITS will not force a connection. BITS suspends the transfer if a connection is lost or if the user logs off. BITS persists transfer information while the user is logged off, across network disconnects, and during computer restarts. When the user logs on again, BITS resumes the user's transfer job. For more information, see Users and Network Connections.

Microsoft CryptoAPI The Microsoft Cryptographic Application Programming Interface (or CAPI) is an application programming interface that is part of Microsoft Windows operating systems.

Microsoft Dr.Watson Microsoft Dr. Watson is a program error debugger tool for Windows XP.

Microsoft Exchange Microsoft Exchange Server is a messaging and software product developed by Microsoft Corporation that provides management of a user or organization's email, calendar services, contacts, and tasks. It also supports remote access to this resources through mobile devices.

Microsoft Internet Explorer Microsoft Internet Explorer is the popular web browser from Microsoft.

Microsoft MSN Messenger Microsoft MSN Messenger is an instant messaging protocol created by Microsoft Corporation in 1999. It was rebranded as Windows Live Messenger in 2005, but that name has been dropped. It was reported to be used by hundreds of millions of users, within the various currently supported Windows operating systems, such as Windows 7, Windows Mobile, Windows Vista, and Windows XP. While it supports additional features, Windows Live Messenger is primarily an instant messaging client. Microsoft has now bought Skype and may be eventually discontinuing support for this protocol. It is a plaintext protocol that uses TCP/1863.

Microsoft Office 365 Microsoft Office 365 is cloud-based email, calendar, file storage, file sharing, project collaboration, conferencing, document creation with familiar MS Word, Excel, PowerPoint, etc. This service is marketed towards business use.

Microsoft OneDrive Microsoft OneDrive (formerly Windows Live SkyDrive, formerly Windows Live Folders) is a cloud file storage and sharing service that allows users to upload files to the computing cloud, then access them from a web browser or directly from Windows Explorer file browser when the stand-alone synchronizing application is installed.

Microsoft Outlook.com (Hotmail) Microsoft Outlook.com is the newest branding of Microsoft Corporations free online mail service, previously called Hotmail.

Microsoft SharePoint Microsoft SharePoint is a business collaboration platform system that integrates with products from the MS Office Suite to help provide multi-device and browser read and write file access to shared content.

Microsoft Windows Updates Microsoft Windows is the collective name for operating systems designed and produced by Microsoft Corporation. The company that develops, manufactures, licenses, and supports a wide range of software products for computing devices. This application includes updates and patches from Microsoft to any of these platforms.

MindJolt MindJolt is one of the fastest growing companies in the social gaming space, with more than 20 million active members playing 750 million games each month. MindJolt offers more than 1,300 games on popular social networks and sites including Facebook, MindJolt.com and MySpace.

Ministerial5 This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.

Morningstar Morningstar is an independent investment research company. Morningstar offers Internet, software, and print-based products and services for individuals, financial advisers, and institutional clients.

MySpace MySpace is a social networking site that lets users set up a profile page with links to other pages and uploaded media content, along with letting them connect to a network of other friends on the service. MySpace also features an internal search engine and an internal email system.

NFL (National Football League) NFL (National Football League) is the American pastime. This application is the online presence--both on the web and via mobile browser for NFL.com.

NateOn NateOn is an instant messaging client offered by Nate, a prominent Korean web portal service.

Netflix Netflix offers movie and television programming rentals, through standard mail and web delivery formats. Users can watch content from discs mailed to their homes, or watch programming that is delivered directly into the home via the Internet.

New York Times Online The New York Times is an American daily newspaper founded and continuously published in New York City since 1851. Although it remains both the largest local metropolitan newspaper in the United States as well as being third largest overall, behind The Wall Street Journal and USA Today, the weekday circulation of the paper has fallen precipitously in recent years to fewer than one million copies daily for the first time since the 1980s. Nicknamed "The Gray Lady" and long regarded within the industry as a national "newspaper of record", the Times is owned by The New York Times Company, which also publishes 18 other regional newspapers including the International Herald Tribune and The Boston Globe. The company's chairman is Arthur Ochs Sulzberger Jr., whose family has controlled the paper since 1896.

OCSP The Online Certificate Status Protocol (OCSP) enables applications to determine the (revocation) state of an identified certificate. OCSP may be used to satisfy some of the operational requirements of providing more timely revocation information than is possible with CRLs and may also be used to obtain additional status information. An OCSP client issues a status request to an OCSP responder and suspends acceptance of the certificate in question until the responder provides a response.

Omniture Omniture is a division of Adobe, Inc. and it provides web analytics and user tracking.

Optimax Media Delivery This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.

Optimizely This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.

POP The Post Office Protocol (POP) is the second most used Internet standard protocol for e-mail retrieval.

Pandora Radio Pandora Radio is an Internet radio service that allows users to listen to music for free on ad-supported channels. Users can also upgrade to a paid version that does not contain advertisements.

Pinterest A content sharing service that allows members to "pin" images, videos and other objects to their pinboard. Also includes standard social networking features.

Private Internet Access VPN Private Internet Access is the leading VPN Service provider specializing in secure, encrypted VPN tunnels which create several layers of privacy and security providing you safety on the internet. Our VPN Service is backed by multiple gateways worldwide with VPN Tunnel access in the US, UK and Switzerland. Private Internet Access VPN (www.privateinternetaccess.com) uses VPN techniques--TLS/SSL, IPSec (UDP/TCP), OpenVPN--to achieve anonymous Internet access by opening VPN tunnels to PIA and gaining access to the Internet from their gateways.

Psiphon Psiphon is a free, anonymizing web proxy client that enables users to bypass firewall controls. The most recent version has several modes of operation including SSH-PLUS, VPN, and SSH. To block Psiphon: (1) Enable DPI-SSL Client Inspection; (2) Enable all Psiphon application signatures; (3) Enable Encrypted Key Exchange TCP Random Traffic (SID 5); (4) Enable blocking of SSH app signature (SID 10097) "SSH -- Client Request Outbound", (or make access rule to block outbound TCP/22 SSH Service from this LAN->WAN); (5) Make access rule to block outbound TCP/53 (DNS Zone Transfer) from this LAN->WAN; (6) And to block VPN mode you must block IPSec connections by disabling outbound udp/500 in firewall access rules, or enable ISAKMP application signatures.

Pure-FTPd FTP Server Pure-FTPd is a secure production-quality FTP Server for Linux, Unix and Mac OS X systems.

Quantcast Quantcast is a media measurement, web analytics service that allows users to view audience statistics for millions of websites. Quantcast Corporation's prime focus is to analyze the Internet's web sites in order to obtain accurate usage statistics by surfers from the USA. Like Alexa, Quantcast rates Web pages by ranks. Quantcast statistics always refer to the usage from the United States, therefore Alexa data and Quantcast data do not always show the same results. Quantcast does not require a toolbar to be installed upon one's web browser to obtain statistics. Instead participating websites voluntarily insert Quantcast HTML code inside Web pages they wish to have included in statistics. This code allows Quantcast to keep track of the traffic directed towards those Web sites.

Quora Quora is a question and answer website founded by former Facebook employees.

RPC Portmapper PortMapper is a service that runs on nodes to assist in mapping an ONC RPC program number to a listening server's network address.

RSS RSS is a family of web feed formats used to publish frequently updated digital content, such as blogs, news feeds or podcasts.

RTP Real-time Transport Protocol (RTP) opens two ports for communication. One for the media stream (an even port number) and one for control (QoS feedback and media control) - RTCP. The port numbers are not hard defined, it depends very much upon the application.

RealMedia This event indicates that a RealMedia compatible client application is attempting to download content. RealPlayer, for example, is a multimedia client application supporting a broad range of media standards.

SIP The Session Initiation Protocol (SIP) is an application-layer signaling protocol widely used for establishing and tearing down multimedia communication sessions for voice and video transmission over the Internet.

SMTP Simple Mail Transfer Protocol (SMTP) is the standard protocol for e-mail transmissions across the Internet.

SNMP Simple Network Management Protocol (SNMP) is an IETF standard for interoperability between Network Management Device communication of data exchange.

SSL Transport Layer Security (TLS) and Secure Sockets Layer (SSL) are cryptographic protocols that provide secure communications on the Internet.

Safari Browser The Safari web browser is the default browser on all Apple Inc. products including Macintosh Computers, iPads, iPhones, iPod Touch, etc. The browser is developed by Apple.

ScoreCard Research ScorecardResearch, a service of Full Circle Studies, Inc., is part of the comScore, Inc. market research community, a leading global market research effort that studies and reports on Internet trends and behavior. ScorecardResearch conducts research by collecting Internet web browsing data and then uses that data to help show how people use the Internet, what they like about it, and what they do not.

Serving-Sys This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.

Shockwave Flash (SWF) The SWF file format (also known as Shockwave Flash) delivers text, audio, graphics and video over the Internet and is supported by Adobe Flash Player and Adobe AIR software.

Site Scout This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.

Skype Skype is an application that allows users to make voice calls over the Internet, using a proprietary VoIP network called the Skype protocol. After a user installs client software, calls to fellow Skype users are free-of-charge, while calls to landlines and mobile phones can be made for a fee. Additional features include instant messaging, file transfer and video conferencing. Skype is owned by Microsoft Corporation. Skype uses firewall evasion techniques and requires Encrypted Key Exchange signatures, in order to prevent or detect it.

SnapChat SnapChat is a photo sharing app for Apple iOS and Android devices. The app permits the time-sensitive sharing of photos--photos self-destruct after a user-configurable amount of time--usually the photo disappears after 1-10 seconds. SnapChat is hosted at Google-owned, AppSpot.com and connects to the Appspot.com servers overSSL/HTTPS. Blocking Snapchat can be accomplished in two ways. Customers with DPI-SSL CI enabled can simply enable this application and all of its signatures. Without DPI-SSL CI, customers must enable the AppSpot.com application signatures. In this second case, there will be false positives, namely, you will be blocking all applications hosted at AppSpot.com.

Splashtop Remote Desktop Splashtop Remote Desktop (http://splashtop.com/) allows a guest to gain access to the keyboard, video, and mouse (KVM) of a PC running the host software.

Spotify Spotify is a peer-to-peer audio streaming application, based out of Sweden. The freeware allows users to browse and search audio files, but does not let them save music outside the application.

SquirrelMail SquirrelMail is an application for web email services that is compatible with most popular browsers. Available in numerous languages, SquirrelMail can function in environments with access to an IMAP and SMTP server.

StumbleUpon StumbleUpon is a browser plugin utility lets users find and rate web page content, including photos, videos, and news stories.

Symantec Live Update Symantec Live Update is used by many Symantec/Norton products to provide updates to client and server systems.

TeamViewer Compatible with Windows, Mac OS X, and Linux operating systems, TeamViewer is a package of software tools that provide users with remote control of PCs over the Internet. The software allows for screen sharing, file transfer and chat functionality.

Teredo Teredo is a tunneling protocol designed to grant IPv6 connectivity to nodes that are located behind IPv6-unaware NAT devices. It defines a way of encapsulating IPv6 packets within IPv4 UDP datagrams that can be routed through NAT devices and on the IPv4 internet.

The Weather Channel The Weather Channel (www.weather.com) is a website for weather. This application includes a Weather Desktop App is a widget that runs on the user's desktop PC. It provides up-to-the-minute updates of current weather conditions.

Trend Micro Trend Micro is a company that develops software and services for protecting against malware, spam, viruses, and other associated web threats. Traffic from Trend Micro is often used to update the protocol for the distribution of signature/pattern updates.

Tumblr.com Tumblr is a blogging platform that allows users to post text, images, videos, links, quotes and audio to their tumblelog, a short-form blog. Users can follow other users, or choose to make their tumblelog private. The service emphasizes ease of use.

TurboTax Intuit TurboTax is one of the most popular income tax preparation software packages in the United States, with only one main competitor TaxCut.

Turn Advertising This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.

Twitter Twitter is a no-cost-to-user, micro-blogging messaging service, known for allowing user posts of up to 140 characters. Users can send and receive "tweets" through the Twitter website, Short Message Service (SMS), or third-party applications.

UPnP UPnP, or Universal Plug and Play, refers to networking protocols built to provide simple connectivity between devices in network environments.

VK VK.com is the most popular social media website in Russia, and is ranked #2 in Russian web traffic.

WebSocket The WebSocket Protocol enables two-way communication between a client running untrusted code in a controlled environment to a remote host that has opted-in to communications from that code. The security model used for this is the origin-based security model commonly used by web browsers. The protocol consists of an opening handshake followed by basic message framing, layered over TCP. The goal of this technology is to provide a mechanism for browser-based applications that need two-way communication with servers that does not rely on opening multiple HTTP connections (e.g., using XMLHttpRequest or s and long polling).Generated Mon Sep 26 10:32:30 PDT 6-3 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Appendix 3: Application DescriptionsWells Fargo Bank Wells Fargo & Co. is a diversified financial services company with operations around the world. Wells Fargo is the fourth largest bank in the US by assets and the third largest bank by market capitalization. Wells Fargo is the second largest bank in deposits, home mortgage servicing, and debit card. In 2007 it was the only bank in the United States to be rated AAA by S&P, though its rating has since been lowered to AA-in light of the financial crisis of 2007-2010.Wget GNU Wget is an application that retrieves content from web servers and completes downloads using the HTTP, HTTPS, and FTP protocols.WhatsApp Messenger WhatsApp Messenger is a cross-platform mobile messaging app which allows you to exchange messages without having to pay for SMS. WhatsApp Messenger is available for iPhone, BlackBerry, Android, Windows Phone and Nokia and yes, those phones can all message each other! Because WhatsApp Messenger uses the same internet data plan that you use for email and web browsing, there is no cost to message and stay in touch with your friends.WidgiToolbar WidgiToolbar is installed as a browser utility. However, users often regret the installation due to advertising that is then delivered through the utility.Windows Media Player Windows Media Player (WMP) is a digital media player and media library application developed by Microsoft that is used for playing audio, video and viewing images on Microsoft operating systems.WordPress WordPress (wordpress.org) is the most widely deployed Content Management System (CMS) in the world with 60 Million deployments reported. It is based on PHP and MySQL. It is free and open-source. The first version was released in 2003. There are many security vulnerabilities reported over its history. WP is allows amateur technologists to deploy their own self-publishing platform. Unfortunately amateurs will often be unaware that the software needs to be kept up- to-date with the latest security patches, or fail to implement best practices for public-facing Web Services, like validating user input, adding insecure plugins, not updating plugins after vulnerabilities have been disclosed, and other security precautions. WP sites can be vulnerable to CSRF, LFI, RFI, XSS, SQL Injection, User Enumeration and other attacks.XING XING in multi-language, cross-platform contact management system targeted toward business professionals. XING also allows users to prospect for new connections by viewing how other members are connected to one another. XING can also be considered a competitor of LinkedIn.Generated Mon Sep 26 10:32:30 PDT 6-3 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Appendix 3: Application DescriptionsXML Extensible Markup Language (XML) is a markup language defined by the W3C. It is an open standard for encoding documents that are simultaneously human-readable and machine-readable. XML emphasizes simplicity, generality, and usability. It is a textual data format with support for Unicode.Xbox Xbox is a video gaming brand owned by microsoft. The brand also presents applications(games), streaming services and online services by the name of Xbox live.Yahoo! Finance Yahoo! Finance is a service from the Yahoo web portal that provides financial research, news, and information to users.Yahoo! Mail Yahoo Mail is the online mail service available from Yahoo, Inc. Yahoo Mail also offers users access to address book, messaging, and calendar tools.Yahoo! Messenger Yahoo Messenger is the instant messaging service available from Yahoo, a global provider of an enormous array of internet services.YouTube YouTube is a popular video sharing website which lets users upload, view, and share video clips. The company uses Adobe Flash Video technology to display a wide variety of user-generated video content, including movie clips.ZeroVPN ZERO VPN is an android app of encrypting all network traffic, hiding real ip for keeping anonymous.Zynga With Friends Zynga With Friends is a series of mobile app games from Zynga, the makers of Farmville and other popular Facebook games. Games in this series include Words With Friends, Hanging With Friends, Matching With Friends. eBay eBay.com is market-leading online auction and shopping website where users can buy and sell goods and services worldwide.Generated Mon Sep 26 10:32:30 PDT 6-3 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Appendix 3: Application Descriptions eMule The eDonkey network is a decentralized, mostly server-based, peer-to-peer file sharing network best suited to share big files among users. There are many programs that act as the client part of the network. Most notably, eDonkey2000, the original client by MetaMachine; and eMule, a free program for Windows licensed under the GNU GPL. The eMule Project also developed a Kademlia network of their own (called Kad) to overcome the reliance on central servers. eMule connects to multiple p2p networks, including eDonkey and Kad. eMule allows for direct exchange of sources between client nodes, quick recovery of corrupted downloads, and the use of a credits to reward uploaders. eMule transmits data in zlib-compressed form to save bandwidth. SonicWALL Application Control signatures for Encrypted Key Exchange application, SIDs 5 and 7, are required in order to block eMule, and other eDonkey clients when they are run in obfuscated mode. eXelate Media This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers. eyeReturn Marketing This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers. iHeartRadio iHeartRadio (iheart.com) is a streaming audio portal for internet radio stations. They have a mobile app as well. The streaming media is coming from individual internet radio stations, so enabling this application will only prevent access to streaming sites that came from referred requests from iHeartRadio. To all prevent streaming audio you must enable prevention for Flash Video (FLV) and Icecast (ICY) applications.Generated Mon Sep 26 10:32:30 PDT 6-3 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Appendix 4: ApplicationsThe following applications were detected on your network. Applications shown in red have a risk level of severe.Application (data transmitted)1. SSL (52.57 GB) 2. Microsoft Windows Updates (21.28 GB) 3. Microsoft BITS (14.36 GB)4. MPEG (14.36 GB) 5. HTTP User-Agent (5.18 GB) 6. IDM (4.43 GB)7. HTTP Protocol (4.27 GB) 8. Facebook (3.93 GB) 9. Archive (3.21 GB)10. Amazon.com (3.14 GB) 11. Google (3.13 GB) 12. Image (3.10 GB)13. Google Chrome (2.60 GB) 14. Encrypted Key Exchange (2.31 GB) 15. POP (2.29 GB)16. General HTTPS (1.83 GB) 17. YouTube (1.53 GB) 18. Freegate (1.12 GB)19. IMAP (1.07 GB) 20. EdgeSuite (1017.18 MB) 21. Spotify (930.99 MB)22. Audio Video Stream (730.02 MB) 23. SMTP (594.98 MB) 24. DNS Protocol (582.62 MB)25. Document (561.73 MB) 26. General HTTP (394.15 MB) 27. General UDP (374.09 MB)28. Microsoft Internet Explorer (365.19 MB) 29. Shockwave Flash (SWF) (310.59 MB) 30. Executable (233.01 MB)31. Apple Updates (219.07 MB) 32. Twitter (174.33 MB) 33. AppNexus (162.98 MB)34. Amazon CloudFront (161.58 MB) 35. General DNS (160.49 MB) 36. Flash Video (FLV) (140.36 MB)37. Pandora Radio 38. AOL Advertising 39. Microsoft Outlook.com (Hotmail) (139.39 MB) (106.87 MB) (101.23 MB)40. ICMP (100.39 MB) 41. Dropbox (89.13 MB) 42. Akamai CDN (85.64 MB)43. Adsrvr (85.59 MB) 44. UPnP (73.22 MB) 45. Microsoft OneDrive (70.96 MB)46. General HTTPS MGMT (68.34 MB) 47. eBay (64.12 MB) 48. Microsoft CryptoAPI (62.41 MB)49. Firefox (59.81 MB) 50. Apple iTunes (59.07 MB) 51. Google Analytics (57.27 MB)52. Service RPC Services (52.50 MB) 53. OCSP (50.90 MB) 54. General NETBIOS (39.70 MB)55. ISL Light (36.80 MB) 56. Apple iCloud (34.10 MB) 57. Fastly CDN (33.84 MB)58. Symantec Live Update (32.61 MB) 59. Trend Micro (27.43 MB) 60. MP3 (26.76 MB)61. Apple Bonjour (25.50 MB) 62. General LLMNR (25.40 MB) 63. Morningstar (25.26 MB)64. Serving-Sys (22.91 MB) 65. General TCP (22.79 MB) 66. Malwarebytes (21.70 MB)Generated Mon Sep 26 10:32:30 PDT 6-4 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Appendix 4: ApplicationsThe following applications were detected on your network. Applications shown in red have a risk level of severe.Application (data transmitted)67. McAfee (19.14 MB) 68. Double Verify (17.35 MB) 69. Zynga With Friends (17.28 MB)70. SNMP (15.15 MB) 71. LinkedIn (13.45 MB) 72. AddThis.com (13.22 MB)73. Ministerial5 (12.55 MB) 74. Service IMAP4 (12.28 MB) 75. AdTech (12.28 MB)76. Adsafe Media (11.93 MB) 77. Microsoft Office 365 (11.80 MB) 78. ScoreCard Research (11.63 MB)79. Apple Core Media (10.77 MB) 80. Atwola (10.04 MB) 81. Google Mail (Gmail) (9.09 MB)82. Casale Media (8.79 MB) 83. Xbox (7.76 MB) 84. Service Apple Bonjour (7.74 MB)85. Baidu (7.45 MB) 86. DoubleClick (7.23 MB) 87. Service RPC Services (IANA) (7.21 MB)88. Criteo (6.51 MB) 89. XML (6.23 MB) 90. Quora (5.65 MB)91. Skype (5.50 MB) 92. BlueKai Research (5.15 MB) 93. Google Play (4.94 MB)94. Yahoo! Finance (4.86 MB) 95. MediaMath (4.73 MB) 96. WebSocket (4.64 MB)97. Aggregrate Knowledge (4.59 MB) 98. Apple Push Notifications (4.59 MB) 99. Omniture (4.58 MB)100. Betr Ad (4.48 MB) 101. Apple Spotlight Suggestions (4.04 MB) 102. Turn Advertising (3.97 MB)103. General POP3 (3.83 MB) 104. Bing Maps (3.78 MB) 105. TurboTax (3.70 MB)106. Microsoft MSN Messenger (3.55 MB) 107. Pinterest (3.50 MB) 108. Microsoft Exchange (3.45 MB)109. NateOn (3.38 MB) 110. Optimizely (3.01 MB) 111. Citrix (2.45 MB)112. eXelate Media (2.37 MB) 113. Bing (2.21 MB) 114. Quantcast (1.98 MB) 117. Service Version 2 Multicast Listener 115. eMule (1.89 MB) 116. DHCP Protocol (1.88 MB) Re (1.83 MB)118. Media6Degrees (1.71 MB) 119. SquirrelMail (1.56 MB) 120. Media Innovation Group (1.51 MB)121. Service NTP (1.31 MB) 122. IMR Worldwide (1.27 MB) 123. Hulu (1.17 MB)124. Adobe Acrobat (1.08 MB) 125. RealMedia (1.07 MB) 126. LastPass (1013.18 KB)127. Wells Fargo Bank (939.56 KB) 128. Chart Beat (930.82 KB) 129. LogMeIn (911.47 KB)130. Android Dalvik (898.37 KB) 131. Indeed.com (881.94 KB) 132. Microsoft App Store (863.57 KB)Generated Mon Sep 26 10:32:30 PDT 6-4 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Appendix 4: ApplicationsThe following applications were detected on your network. Applications shown in red have a risk level of severe.Application (data transmitted)133. Service DCE EndPoint 134. Service V3 Membership Report (745.56 135. RSS (799.59 KB) KB) (715.94 KB)136. NFL (National Football League) (577.50 137. Apple iMessage 138. Netflix KB) (572.24 KB) (571.41 KB)139. Splashtop Remote Desktop (498.81 KB) 140. Site Scout (493.11 KB) 141. Chango Marketing (462.90 KB)142. Adnetik (455.33 KB) 143. General HTTP MGMT (442.46 KB) 144. Service SMB (436.71 KB)145. Service Echo (435.82 KB) 146. Yahoo! Mail (402.26 KB) 147. Tumblr.com (402.22 KB)148. General FTP control (362.60 KB) 149. General SNMP (312.39 KB) 150. AOL Webmail (300.22 KB)151. Service Tivo TCP Data (300.11 KB) 152. Service SSH (260.23 KB) 153. WhatsApp Messenger (232.60 KB)154. Google Docs (203.25 KB) 155. Akamai NetSession Interface (195.44 KB) 156. Apple Security (189.63 KB)157. Google Talk 158. Pure-FTPd FTP Server 159. Service NT Domain Login Port 1025 (183.13 KB) (177.17 KB) (165.81 KB)160. General SSH (162.55 KB) 161. SnapChat (159.19 KB) 162. MindJolt (154.65 KB)163. Acuity Platform (142.44 KB) 164. Google Drive (134.44 KB) 165. WordPress (129.13 KB)166. Google Plus (127.23 KB) 167. Instagram (120.37 KB) 168. ADGRX (92.90 KB)169. Icecast (91.38 KB) 170. eyeReturn Marketing (88.44 KB) 171. GO SMS (84.96 KB)172. TeamViewer (84.81 KB) 173. Flurry (79.99 KB) 174. Service IKE (Traversal) (69.45 KB)175. New York Times Online (69.04 KB) 176. Eq Ads (67.55 KB) 177. Apple Location Service (59.70 KB)178. Windows Media Player (51.68 KB) 179. XING (48.34 KB) 180. StumbleUpon (46.47 KB)181. ABMR (46.13 KB) 182. Flipboard (44.60 KB) 183. Service RTSP TCP (43.62 KB)184. iHeartRadio (40.93 KB) 185. Google News (40.31 KB) 186. BitTorrent Protocol (37.73 KB)187. Wget 188. Dictionary.com 189. Service Tivo TCP Desktop (8200) (37.59 KB) (36.16 KB) (33.99 KB)190. SIP (32.91 KB) 191. Microsoft SharePoint (31.81 KB) 192. Optimax Media Delivery (29.30 KB)193. Google Maps 194. Service V2 Membership Report (27.31 195. Service Leave Group (27.55 KB) KB) (26.86 KB)196. Private Internet Access VPN (23.18 KB) 197. HTTP Proxy (22.64 KB) 198. Apple iTunes Radio (19.78 KB)Generated Mon Sep 26 10:32:30 PDT 6-4 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Appendix 4: ApplicationsThe following applications were detected on your network. Applications shown in red have a risk level of severe.Application (data transmitted)199. The Weather Channel (19.60 KB) 200. Teredo (19.28 KB) 201. MySpace (19.26 KB)202. Google QUIC (19.03 KB) 203. VK (17.44 KB) 204. Google API (13.38 KB)205. Google Earth (11.68 KB) 206. RPC Portmapper (10.20 KB) 207. Google Toolbar (9.59 KB)208. RTP (8.59 KB) 209. General IKE (8.37 KB) 210. ZeroVPN (8.20 KB)211. McAfee SiteAdvisor (7.48 KB) 212. MapQuest (6.46 KB) 213. General H323 control (5.91 KB)214. Safari Browser (5.81 KB) 215. WidgiToolbar (5.10 KB) 216. General SMTP (4.84 KB)217. General RIP (4.57 KB) 218. Service Terminal Services TCP (4.37 KB) 219. General RADIUS (3.38 KB)220. General DHCP (3.32 KB) 221. Mail.com (3.20 KB) 222. General NNTP (2.84 KB)223. General Telnet (2.84 KB) 224. General LDAP (2.84 KB) 225. Yahoo! Messenger (2.81 KB)226. General Oracle data (2.67 KB) 227. Adsonar (2.58 KB) 228. Service NetBios SSN TCP (2.52 KB)229. FTP (2.11 KB) 230. Microsoft Dr.Watson (1.61 KB) 231. Psiphon (1.49 KB)232. General PPTP control (1.27 KB) 233. Craigslist (1.16 KB) 234. IMDb (1.09 KB) 237. Service Multicast Listener Report 235. Service iMesh (736.00 Bytes) 236. Golden Key VPN (316.00 Bytes) (IPv6 (216.00 Bytes)Generated Mon Sep 26 10:32:30 PDT 6-4 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 </div> </div> </div> </div> </div> </div> </div> <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.1/jquery.min.js" integrity="sha512-aVKKRRi/Q/YV+4mjoKBsE4x3H+BkegoM/em46NNlCqNTmUYADjBbeNefNxYV7giUp0VxICtqdrbqU7iVaeZNXA==" crossorigin="anonymous" referrerpolicy="no-referrer"></script> <script src="/js/details118.16.js"></script> <script> var sc_project = 11552861; var sc_invisible = 1; var sc_security = "b956b151"; </script> <script src="https://www.statcounter.com/counter/counter.js" async></script> <noscript><div class="statcounter"><a title="Web Analytics" href="http://statcounter.com/" target="_blank"><img class="statcounter" src="//c.statcounter.com/11552861/0/b956b151/1/" alt="Web Analytics"></a></div></noscript> </body> </html>