SWARM Report Dell SonicWALL Application Risk Management Report
Prepared for: Fidelitech Hospitality
Report on Firewall: C0EAE12342E0
Firewall Type: NSA 3600
SonicOS Version: 6.2.5.1-26n
Report Date: Mon, 26 Sep 2016 10:33:44 PDT Table of Contents
Executive Briefing ...... 1-2
SWARM Summary ...... 1-3
App Intelligence, Control and Visualization ...... 2-1
Top Apps by Category ...... 2-2
Top Apps by Risk Level ...... 2-3
Top Apps by Bandwidth ...... 2-4
Threat Prevention
Botnet ...... 3-1
Top Exploitation Attempts ...... 3-2
Network Traffic
Top URL Categories ...... 4-1
Top Application Categories by Bandwidth ...... 4-2
Top Country by Traffic ...... 4-3
Top Session Usage by IP ...... 4-4
Top Traffic Usage by IP ...... 4-5
Top User Sessions ...... 4-6
Top User Traffic ...... 4-7
Report
Report Configuration ...... 5-1
Enable Reports ...... 5-2
Appendices
Appendix 1: Risk Definitions ...... 6-1
Appendix 2: Vulnerability Descriptions ...... 6-2
Appendix 3: Application Descriptions ...... 6-3
Appendix 4: Applications ...... 6-4
Generated Mon Sep 26 10:32:29 PDT 1-1 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Executive Briefing
Dell SonicWALL network security appliances detect and block sophisticated attacks that legacy stateful inspection firewalls simply cannot. Our next-generation firewalls integrate a patented Reassembly-Free Deep Packet Inspection (RFDPI) firewall engine with a comprehensive array of automated and dynamic security features. These features include advanced anti-evasion intrusion prevention, cloud-updated gateway anti- malware, SSL decryption and inspection (DPI-SSL), application control, content filtering and much more. All of this is delivered on a single high-performance platform that is easy to license, deploy, manage and maintain.
In addition, SonicWALL bundles together a set of powerful security and management tools on a single physical device with an easy-to-understand licensing structure.
For your auditing needs, local logs are kept by your SonicWALL device. In providing a high-level overview of your network, this report will:
Identify vulnerabilities detected and Highlight top high-bandwidth blocked applications found
Vulnerability descriptions Risk definitions
In-use application description Application List
Present traffic distribution statistics by List high-risk applications and geographic location, URL category, and protocols traffic type
Generated Mon Sep 26 10:32:29 PDT 1-2 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 SWARM Summary
The SonicWALL Application Risk Management (SWARM) Report is a snapshot in time of the different threats that have been identified and blocked by your Dell SonicWALL next-generation firewall appliance. This report also provides application and user based data that includes top application traffic, top users, top URL categories and session counts to give insight into the traffic mix on your network.
Threat Index Low Elevated High Severe
Threat Highest Traffic Endpoint Protection by Country
0 Botnet Events 33 Events from top 100 IPs 1. United States 4 Virus Events 2. Ireland 0 Spyware Events 3. Australia 62108 IPS Events
Company Name SonicWALL Device SonicOS Version Fidelitech NSA 3600 6.2.5.1-26n Hospitality
Subscription Services Report Date App Control, GAV, IPS, SPY, CFS, GeoIP, Botnet Mon, 26 Sep 2016 10:33:44 PDT
Generated Mon Sep 26 10:32:29 PDT 1-3 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 App Intelligence, Control & Visualization
Dell SonicWALL firewalls put network control back into the hands of your IT administrators. While some applications are business critical and may use more bandwidth, other applications are non-productive and may require policies to block or bandwidth limit usage on your network. Next-Generation Dell SonicWALL firewalls make the job easier with a robust application identification scheme, granular policy control options and detailed visualization tools.
Application Intelligence Scanning all network traffic, Dell Deep packet inspection of all traffic including SonicWALL firewalls identify applications SSL-encrypted traffic regardless of port and protocol. Integrated data leakage prevention
Applications and URL filtering
Application Control Policies that can block or bandwidth Dynamically updated database containing manage are placed at the administrator's thousands of application signatures fingertips. Pre-defined application categories are available along with Dynamically updated cloud database that includes application and user management. millions of URLs and IP addresses, categorized in 56 different categories
Predefined actions, including block, bandwidth manage or Bypass DPI
Application Visualization Flow Monitor provides visuals for Real-time data on everything from potential application traffic, ingress and egress network threats to URLs visited bandwidth, web traffic, and general user activity, supplying administrators with the Customizable filter views for repeat access crucial information necessary for maintaining a productive network under Widget creation, such as pie chart view rapidly changing conditions.
Generated Mon Sep 26 10:32:29 PDT 2-1 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Top Applications by Category
The Top Applications section provides information on top applications, categories, risk level, traffic volume and session count. This intelligence provides a visual representation of the application bandwidth usage while providing a risk score for those applications used on your network.
Application Category Risk Traffic Sessions
Microsoft Outlook.com WEBMAIL Low 101.23 MB 1,648 (Hotmail)
Google Mail (Gmail) WEBMAIL Low 9.09 MB 40
Yahoo! Mail WEBMAIL Low 402.26 KB 30
AOL Webmail WEBMAIL Low 300.22 KB 3
Mail.com WEBMAIL Low 3.20 KB 5
HTTP User-Agent WEB-BROWSER Elevated 5.18 GB 54,872
Google Chrome WEB-BROWSER Elevated 2.60 GB 41,324
Microsoft Internet Explorer WEB-BROWSER Elevated 365.19 MB 19,357
Safari Browser WEB-BROWSER Low 5.81 KB 2
RTP VoIP-APPS Low 8.59 KB 6
SIP VoIP-APPS Low 32.91 KB 59
Twitter SOCIAL-NETWORKING Elevated 174.33 MB 3,985
Facebook SOCIAL-NETWORKING Low 3.93 GB 18,807
LinkedIn SOCIAL-NETWORKING Low 13.45 MB 378
Google Plus SOCIAL-NETWORKING Low 127.23 KB 619
Flipboard SOCIAL-NETWORKING Low 44.60 KB 8
MySpace SOCIAL-NETWORKING Low 19.26 KB 2
SnapChat SOCIAL-NETWORKING Low 159.19 KB 7
XING SOCIAL-NETWORKING Low 48.34 KB 1
ISL Light REMOTE-ACCESS High 36.80 MB 559
Generated Mon Sep 26 10:32:29 PDT 2-2 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Top Applications by Category (continued)
The Top Applications section provides information on top applications, categories, risk level, traffic volume and session count. This intelligence provides a visual representation of the application bandwidth usage while providing a risk score for those applications used on your network.
Application Category Risk Traffic Sessions
Splashtop Remote Desktop REMOTE-ACCESS High 498.81 KB 284
LogMeIn REMOTE-ACCESS Low 911.47 KB 108
TeamViewer REMOTE-ACCESS Low 84.81 KB 54
Private Internet Access VPN PROXY-ACCESS Severe 23.18 KB 1
Encrypted Key Exchange PROXY-ACCESS High 2.31 GB 30,049
Freegate PROXY-ACCESS High 1.12 GB 333
HTTP Proxy PROXY-ACCESS High 22.64 KB 22
Psiphon PROXY-ACCESS High 1.49 KB 4
Golden Key VPN PROXY-ACCESS Elevated 316.00 Bytes 2
SMTP PROTOCOLS Elevated 594.98 MB 1,163
HTTP Protocol PROTOCOLS Low 4.27 GB 92,964
IMAP PROTOCOLS Low 1.07 GB 4,358
Apple Bonjour PROTOCOLS Low 25.50 MB 11,730
WebSocket PROTOCOLS Low 4.64 MB 99
DHCP Protocol PROTOCOLS Low 1.88 MB 2,878
FTP PROTOCOLS Low 2.11 KB 1
SSL PROTOCOLS Low 52.57 GB 542,442
POP PROTOCOLS Low 2.29 GB 12,844
DNS Protocol PROTOCOLS Low 582.62 MB 1,996,890
ICMP PROTOCOLS Low 100.39 MB 56,199
Generated Mon Sep 26 10:32:29 PDT 2-2 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Top Applications by Category (continued)
The Top Applications section provides information on top applications, categories, risk level, traffic volume and session count. This intelligence provides a visual representation of the application bandwidth usage while providing a risk score for those applications used on your network.
Application Category Risk Traffic Sessions
Teredo PROTOCOLS Low 19.28 KB 234
eMule P2P Severe 1.89 MB 222
Ares P2P High 130.00 Bytes 2
BitTorrent Protocol P2P Low 37.73 KB 102
Flash Video (FLV) MULTIMEDIA Elevated 140.36 MB 27
MPEG MULTIMEDIA Low 14.36 GB 1,511
YouTube MULTIMEDIA Low 1.53 GB 1,304
Shockwave Flash (SWF) MULTIMEDIA Low 310.59 MB 1,847
Pandora Radio MULTIMEDIA Low 139.39 MB 3,120
Apple iTunes MULTIMEDIA Low 59.07 MB 473
Apple Core Media MULTIMEDIA Low 10.77 MB 29
Google Play MULTIMEDIA Low 4.94 MB 533
Hulu MULTIMEDIA Low 1.17 MB 7
iHeartRadio MULTIMEDIA Low 40.93 KB 1
Google News MULTIMEDIA Low 40.31 KB 18
Apple iTunes Radio MULTIMEDIA Low 19.78 KB 2
Spotify MULTIMEDIA Low 930.99 MB 264
MP3 MULTIMEDIA Low 26.76 MB 51
RealMedia MULTIMEDIA Low 1.07 MB 4
Netflix MULTIMEDIA Low 571.41 KB 673
Generated Mon Sep 26 10:32:29 PDT 2-2 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Top Applications by Category (continued)
The Top Applications section provides information on top applications, categories, risk level, traffic volume and session count. This intelligence provides a visual representation of the application bandwidth usage while providing a risk score for those applications used on your network.
Application Category Risk Traffic Sessions
Icecast MULTIMEDIA Low 91.38 KB 10
Windows Media Player MULTIMEDIA Low 51.68 KB 2
WhatsApp Messenger MOBILE-APPS Low 232.60 KB 74
Apple Push Notifications MOBILE-APPS Low 4.59 MB 278
Android Dalvik MOBILE-APPS Low 898.37 KB 396
Apple iCloud MISC-APPS Elevated 34.10 MB 2,105
Baidu MISC-APPS Elevated 7.45 MB 208
Amazon.com MISC-APPS Low 3.14 GB 1,904
Google MISC-APPS Low 3.13 GB 22,257
eBay MISC-APPS Low 64.12 MB 1,397
Quora MISC-APPS Low 5.65 MB 63
Apple Spotlight Suggestions MISC-APPS Low 4.04 MB 172
Pinterest MISC-APPS Low 3.50 MB 171
LastPass MISC-APPS Low 1013.18 KB 65
Wells Fargo Bank MISC-APPS Low 939.56 KB 22
Indeed.com MISC-APPS Low 881.94 KB 28
Tumblr.com MISC-APPS Low 402.22 KB 99
Google Docs MISC-APPS Low 203.25 KB 32
New York Times Online MISC-APPS Low 69.04 KB 12
Dictionary.com MISC-APPS Low 36.16 KB 5
Generated Mon Sep 26 10:32:29 PDT 2-2 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Top Applications by Category (continued)
The Top Applications section provides information on top applications, categories, risk level, traffic volume and session count. This intelligence provides a visual representation of the application bandwidth usage while providing a risk score for those applications used on your network.
Application Category Risk Traffic Sessions
Google API MISC-APPS Low 13.38 KB 51
Craigslist MISC-APPS Low 1.16 KB 6
IMDb MISC-APPS Low 1.09 KB 4
Microsoft CryptoAPI MISC-APPS Low 62.41 MB 14,364
Morningstar MISC-APPS Low 25.26 MB 108
McAfee MISC-APPS Low 19.14 MB 3
Yahoo! Finance MISC-APPS Low 4.86 MB 43
Bing Maps MISC-APPS Low 3.78 MB 22
Bing MISC-APPS Low 2.21 MB 241
RSS MISC-APPS Low 715.94 KB 11
Pure-FTPd FTP Server MISC-APPS Low 177.17 KB 100
StumbleUpon MISC-APPS Low 46.47 KB 13
The Weather Channel MISC-APPS Low 19.60 KB 65
Google Earth MISC-APPS Low 11.68 KB 3
Google Toolbar MISC-APPS Low 9.59 KB 1
McAfee SiteAdvisor MISC-APPS Low 7.48 KB 6
MapQuest MISC-APPS Low 6.46 KB 2
WidgiToolbar MISC-APPS Low 5.10 KB 3
Google QUIC INFRASTRUCTURE Elevated 19.03 KB 1
Akamai CDN INFRASTRUCTURE Low 85.64 MB 545
Generated Mon Sep 26 10:32:29 PDT 2-2 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Top Applications by Category (continued)
The Top Applications section provides information on top applications, categories, risk level, traffic volume and session count. This intelligence provides a visual representation of the application bandwidth usage while providing a risk score for those applications used on your network.
Application Category Risk Traffic Sessions
Amazon CloudFront INFRASTRUCTURE Low 161.58 MB 641
UPnP INFRASTRUCTURE Low 73.22 MB 50,108
OCSP INFRASTRUCTURE Low 50.90 MB 8,497
RPC Portmapper INFRASTRUCTURE Low 10.20 KB 20
ZeroVPN INFRASTRUCTURE Low 8.20 KB 23
Skype IM Elevated 5.50 MB 363
NateOn IM Elevated 3.38 MB 1
Google Talk IM Elevated 183.13 KB 18
Microsoft MSN Messenger IM Low 3.55 MB 108
GO SMS IM Low 84.96 KB 7
Yahoo! Messenger IM Low 2.81 KB 1
General HTTPS General Elevated 1.83 GB 374,521
General HTTP General Elevated 394.15 MB 139,470
General UDP General Elevated 374.09 MB 454,535
General DNS General Elevated 160.49 MB 928,977
General HTTPS MGMT General Elevated 68.34 MB 4,445
Service RPC Services General Elevated 52.50 MB 19,003
General NETBIOS General Elevated 39.70 MB 77,126
General LLMNR General Elevated 25.40 MB 147,566
General TCP General Elevated 22.79 MB 50,990
Generated Mon Sep 26 10:32:29 PDT 2-2 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Top Applications by Category (continued)
The Top Applications section provides information on top applications, categories, risk level, traffic volume and session count. This intelligence provides a visual representation of the application bandwidth usage while providing a risk score for those applications used on your network.
Application Category Risk Traffic Sessions
Service Apple Bonjour General Elevated 7.74 MB 28,438
Service RPC Services (IANA) General Elevated 7.21 MB 1,996
General POP3 General Elevated 3.83 MB 11,907
Service Version 2 Multicast General Elevated 1.83 MB 21,024 Listener Re
Service NTP General Elevated 1.31 MB 1,678
Service DCE EndPoint General Elevated 799.59 KB 8,670
Service V3 Membership Report General Elevated 745.56 KB 3,464
General HTTP MGMT General Elevated 442.46 KB 48
Service SMB General Elevated 436.71 KB 749
Service Echo General Elevated 435.82 KB 9,542
General FTP control General Elevated 362.60 KB 163
General SNMP General Elevated 312.39 KB 4,406
Service Tivo TCP Data General Elevated 300.11 KB 258
Service SSH General Elevated 260.23 KB 5,193
Service NT Domain Login Port General Elevated 165.81 KB 4 1025
General SSH General Elevated 162.55 KB 2,152
Service IKE (Traversal) General Elevated 69.45 KB 25
Service RTSP TCP General Elevated 43.62 KB 491
Service Tivo TCP Desktop (8200)General Elevated 33.99 KB 217
Service V2 Membership Report General Elevated 27.31 KB 304
Generated Mon Sep 26 10:32:29 PDT 2-2 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Top Applications by Category (continued)
The Top Applications section provides information on top applications, categories, risk level, traffic volume and session count. This intelligence provides a visual representation of the application bandwidth usage while providing a risk score for those applications used on your network.
Application Category Risk Traffic Sessions
General IKE General Elevated 8.37 KB 6
General H323 control General Elevated 5.91 KB 26
General SMTP General Elevated 4.84 KB 38
General RIP General Elevated 4.57 KB 60
Service Terminal Services TCP General Elevated 4.37 KB 58
General RADIUS General Elevated 3.38 KB 17
General DHCP General Elevated 3.32 KB 7
General NNTP General Elevated 2.84 KB 19
General Telnet General Elevated 2.84 KB 19
General LDAP General Elevated 2.84 KB 19
General Oracle data General Elevated 2.67 KB 12
Service NetBios SSN TCP General Elevated 2.52 KB 16
General PPTP control General Elevated 1.27 KB 7
Service iMesh General Elevated 736.00 Bytes 5
Service Multicast Listener Report General Elevated 216.00 Bytes 1 (IPv6
NFL (National Football League) GAMING Low 577.50 KB 13
MindJolt GAMING Low 154.65 KB 14
Zynga With Friends GAMING Low 17.28 MB 121
Xbox GAMING Low 7.76 MB 336
Archive FILETYPE-DETECTION High 3.21 GB 797
Generated Mon Sep 26 10:32:29 PDT 2-2 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Top Applications by Category (continued)
The Top Applications section provides information on top applications, categories, risk level, traffic volume and session count. This intelligence provides a visual representation of the application bandwidth usage while providing a risk score for those applications used on your network.
Application Category Risk Traffic Sessions
XML FILETYPE-DETECTION High 6.23 MB 9
Audio Video Stream FILETYPE-DETECTION Elevated 730.02 MB 2,152
Document FILETYPE-DETECTION Elevated 561.73 MB 126
Image FILETYPE-DETECTION Low 3.10 GB 62,217
Microsoft Exchange EMAIL-APPS Low 3.45 MB 13
SquirrelMail EMAIL-APPS Low 1.56 MB 13
Wget DOWNLOAD-APPS Elevated 37.59 KB 28
Microsoft BITS DOWNLOAD-APPS Low 14.36 GB 1,895
IDM DOWNLOAD-APPS Low 4.43 GB 744
Microsoft App Store DOWNLOAD-APPS Low 863.57 KB 35
Akamai NetSession Interface DOWNLOAD-APPS Low 195.44 KB 734
Google Drive DOWNLOAD-APPS Low 134.44 KB 11
Microsoft Office 365 BUSINESS-APPS Elevated 11.80 MB 906
WordPress BUSINESS-APPS Elevated 129.13 KB 1
TurboTax BUSINESS-APPS Low 3.70 MB 33
Adobe Acrobat BUSINESS-APPS Low 1.08 MB 69
Microsoft SharePoint BUSINESS-APPS Low 31.81 KB 4
AppNexus BROWSING-PRIVACY Low 162.98 MB 5,229
AOL Advertising BROWSING-PRIVACY Low 106.87 MB 1,774
Adsrvr BROWSING-PRIVACY Low 85.59 MB 322
Generated Mon Sep 26 10:32:29 PDT 2-2 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Top Applications by Category (continued)
The Top Applications section provides information on top applications, categories, risk level, traffic volume and session count. This intelligence provides a visual representation of the application bandwidth usage while providing a risk score for those applications used on your network.
Application Category Risk Traffic Sessions
Serving-Sys BROWSING-PRIVACY Low 22.91 MB 180
Double Verify BROWSING-PRIVACY Low 17.35 MB 1,120
AddThis.com BROWSING-PRIVACY Low 13.22 MB 354
Ministerial5 BROWSING-PRIVACY Low 12.55 MB 1
AdTech BROWSING-PRIVACY Low 12.28 MB 443
Adsafe Media BROWSING-PRIVACY Low 11.93 MB 319
ScoreCard Research BROWSING-PRIVACY Low 11.63 MB 667
Atwola BROWSING-PRIVACY Low 10.04 MB 354
Casale Media BROWSING-PRIVACY Low 8.79 MB 342
DoubleClick BROWSING-PRIVACY Low 7.23 MB 721
Criteo BROWSING-PRIVACY Low 6.51 MB 280
BlueKai Research BROWSING-PRIVACY Low 5.15 MB 198
MediaMath BROWSING-PRIVACY Low 4.73 MB 414
Aggregrate Knowledge BROWSING-PRIVACY Low 4.59 MB 243
Omniture BROWSING-PRIVACY Low 4.58 MB 94
Betr Ad BROWSING-PRIVACY Low 4.48 MB 726
Turn Advertising BROWSING-PRIVACY Low 3.97 MB 375
Optimizely BROWSING-PRIVACY Low 3.01 MB 64
eXelate Media BROWSING-PRIVACY Low 2.37 MB 740
Quantcast BROWSING-PRIVACY Low 1.98 MB 902
Generated Mon Sep 26 10:32:29 PDT 2-2 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Top Applications by Category (continued)
The Top Applications section provides information on top applications, categories, risk level, traffic volume and session count. This intelligence provides a visual representation of the application bandwidth usage while providing a risk score for those applications used on your network.
Application Category Risk Traffic Sessions
Media Innovation Group BROWSING-PRIVACY Low 1.51 MB 304
IMR Worldwide BROWSING-PRIVACY Low 1.27 MB 211
Chart Beat BROWSING-PRIVACY Low 930.82 KB 132
Site Scout BROWSING-PRIVACY Low 493.11 KB 191
Chango Marketing BROWSING-PRIVACY Low 462.90 KB 132
Adnetik BROWSING-PRIVACY Low 455.33 KB 54
Acuity Platform BROWSING-PRIVACY Low 142.44 KB 63
ADGRX BROWSING-PRIVACY Low 92.90 KB 48
eyeReturn Marketing BROWSING-PRIVACY Low 88.44 KB 21
Flurry BROWSING-PRIVACY Low 79.99 KB 19
Eq Ads BROWSING-PRIVACY Low 67.55 KB 31
Optimax Media Delivery BROWSING-PRIVACY Low 29.30 KB 9
Adsonar BROWSING-PRIVACY Low 2.58 KB 3
EdgeSuite BROWSING-PRIVACY Low 1017.18 MB 427
ABMR BROWSING-PRIVACY Low 46.13 KB 12
Dropbox BACKUP-APPS Elevated 89.13 MB 2,082
Microsoft OneDrive BACKUP-APPS Elevated 70.96 MB 12,788
Apple Updates APP-UPDATE Elevated 219.07 MB 52
Trend Micro APP-UPDATE Low 27.43 MB 9,980
Malwarebytes APP-UPDATE Low 21.70 MB 267
Generated Mon Sep 26 10:32:29 PDT 2-2 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Top Applications by Category (continued)
The Top Applications section provides information on top applications, categories, risk level, traffic volume and session count. This intelligence provides a visual representation of the application bandwidth usage while providing a risk score for those applications used on your network.
Application Category Risk Traffic Sessions
VK APP-UPDATE Low 17.44 KB 2
Microsoft Windows Updates APP-UPDATE Low 21.28 GB 12,614
Firefox APP-UPDATE Low 59.81 MB 31
Symantec Live Update APP-UPDATE Low 32.61 MB 23
Apple Security APP-UPDATE Low 189.63 KB 49
Apple Location Service APP-UPDATE Low 59.70 KB 10
Microsoft Dr.Watson APP-UPDATE Low 1.61 KB 1
Generated Mon Sep 26 10:32:29 PDT 2-2 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Top Applications by Risk Level
Vulnerabilities that affect applications are often exploited by hackers to infiltrate private networks. Dell SonicWALL firewalls identify, log and rank traffic flowing through your network to protect against such attacks.
The applications listed below represent the most vulnerable applications seen on your network.
Application Risk Traffic Sessions
eMule Severe 1.89 MB 222
Private Internet Access VPN Severe 23.18 KB 1
Archive High 3.21 GB 797
Encrypted Key Exchange High 2.31 GB 30,049
Freegate High 1.12 GB 333
Executable High 233.01 MB 35
ISL Light High 36.80 MB 559
XML High 6.23 MB 9
Citrix High 2.45 MB 65
Splashtop Remote Desktop High 498.81 KB 284
HTTP Proxy High 22.64 KB 22
Psiphon High 1.49 KB 4
Ares High 130.00 Bytes 2
HTTP User-Agent Elevated 5.18 GB 54,872
Google Chrome Elevated 2.60 GB 41,324
General HTTPS Elevated 1.83 GB 374,521
Audio Video Stream Elevated 730.02 MB 2,152
SMTP Elevated 594.98 MB 1,163
Document Elevated 561.73 MB 126
General HTTP Elevated 394.15 MB 139,470
Generated Mon Sep 26 10:32:29 PDT 2-3 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Top Applications by Bandwidth
Excessive demand, often the result of large downloads or streaming video, can place an unacceptable strain on your network infrastructure.
These applications represent the biggest consumers of bandwidth on your network.
Application Risk Traffic Sessions
SSL Low 52.57 GB 542,442
Microsoft Windows Updates Low 21.28 GB 12,614
Microsoft BITS Low 14.36 GB 1,895
MPEG Low 14.36 GB 1,511
HTTP User-Agent Elevated 5.18 GB 54,872
IDM Low 4.43 GB 744
HTTP Protocol Low 4.27 GB 92,964
Facebook Low 3.93 GB 18,807
Archive High 3.21 GB 797
Amazon.com Low 3.14 GB 1,904
Google Low 3.13 GB 22,257
Image Low 3.10 GB 62,217
Google Chrome Elevated 2.60 GB 41,324
Encrypted Key Exchange High 2.31 GB 30,049
POP Low 2.29 GB 12,844
Next Steps If you find applications that are non-productive and use most of the bandwidth on your network, it's possible to create policies using Application Control in your Dell SonicWALL firewall to either bandwidth limit or block access to those applications.
Generated Mon Sep 26 10:32:29 PDT 2-4 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Top Applications by Bandwidth (continued)
Excessive demand, often the result of large downloads or streaming video, can place an unacceptable strain on your network infrastructure.
These applications represent the biggest consumers of bandwidth on your network.
Application Risk Traffic Sessions
YouTube Low 1.53 GB 1,304
Freegate High 1.12 GB 333
IMAP Low 1.07 GB 4,358
EdgeSuite Low 1017.18 MB 427
Next Steps If you find applications that are non-productive and use most of the bandwidth on your network, it's possible to create policies using Application Control in your Dell SonicWALL firewall to either bandwidth limit or block access to those applications.
Generated Mon Sep 26 10:32:29 PDT 2-4 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Top Exploitation Attempts
The Top Exploitation Attempts section provides details on the top exploits blocked by your Dell SonicWALL next-generation firewall. The report includes information on the event type, name, and total number of attempts blocked per signature. To learn more about other potential exploits being blocked by your firewall visit the Dell Security SonicAlerts page.
Event Type Name Blocked
GAV DLoader.A_2 2
GAV ARMADILLO packed executable_2 file 1
GAV Downloader.DC_3 1
IDP Echo Reply 44378
IDP Destination Unreachable (Port Unreachable) 9836
IDP NetBIOS Name Request Probe 2436
IDP PING 2007
IDP Obfuscated JavaScript Code 16 1481
IDP Time-To-Live Exceeded in Transit 576
IDP SSLv2.0 Client Hello 2 503
IDP Irregular XML File 1 415
IDP HTTP Request URI with SQL Statement (AND) 2 156
IDP HTTP Request URI with SQL Statement (FROM) 2 117
Next Steps Using the information from the Top Exploitation Attempts you can determine whether any system on your network may be open to these types of malware attacks or vulnerabilities. This typically results from a specific exploit in unpatched software or from a vulnerable version of software used on an endpoint.
Generated Mon Sep 26 10:32:29 PDT 3-2 Copyright © 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Top Exploitation Attempts (continued)
The Top Exploitation Attempts section provides details on the top exploits blocked by your Dell SonicWALL next-generation firewall. The report includes information on the event type, name, and total number of attempts blocked per signature. To learn more about other potential exploits being blocked by your firewall visit the Dell Security SonicAlerts page.
Event Type Name Blocked
IDP Obfuscated JavaScript Code 13 38
IDP HTTP Request URI with SQL Statement (FROM) 1 22
IDP OpenSSL Heartbeat 1 20
IDP Suspicious Video 12 19
IDP Obfuscated JavaScript Code 22 10
IDP Obfuscated JavaScript Code 12 8
IDP Obfuscated JavaScript Code 11 7
IDP HTTP Request URI with SQL Statement (AND) 1 5
IDP Web Application Remote Code Execution 22 4
IDP Downgraded TLS Traffic 4
IDP HTTP Request URI with SQL Statement (OR) 2 4
IDP Cross-Site Scripting (XSS) Attack 8 3
IDP Non-Standard Unicode Request URI 1a 2
IDP Suspicious IMAP SELECT Command 1 1
Next Steps Using the information from the Top Exploitation Attempts you can determine whether any system on your network may be open to these types of malware attacks or vulnerabilities. This typically results from a specific exploit in unpatched software or from a vulnerable version of software used on an endpoint.
Generated Mon Sep 26 10:32:29 PDT 3-2 Copyright © 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Top Exploitation Attempts (continued)
The Top Exploitation Attempts section provides details on the top exploits blocked by your Dell SonicWALL next-generation firewall. The report includes information on the event type, name, and total number of attempts blocked per signature. To learn more about other potential exploits being blocked by your firewall visit the Dell Security SonicAlerts page.
Event Type Name Blocked
IDP HTTP Request URI with SQL Statement (IF) 2 1
IDP OpenVPN Heartbleed Information Disclosure 1
IDP Obfuscated JavaScript Code 18 1
IDP Obfuscated JavaScript Code 06 1
Next Steps Using the information from the Top Exploitation Attempts you can determine whether any system on your network may be open to these types of malware attacks or vulnerabilities. This typically results from a specific exploit in unpatched software or from a vulnerable version of software used on an endpoint.
Generated Mon Sep 26 10:32:29 PDT 3-2 Copyright © 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Top URL Categories
The Top URL Categories section provides a percentage breakdown of the HTTP/HTTPS URL traffic bandwidth based on Dell SonicWALL Content Filtering Service categories.
URL Category Traffic (%) Session/Count
Business and Economy 35 30889
Information Technology/Computer 24 21084
Search Engines and Portals 8 7399
Advertisement 8 6572
Not Rated 5 4487
Web Communications 3 2440
News and Media 2 2168
Multimedia 2 1777
Social Networking 2 1474
Arts/Entertainment 2 1451
Shopping 1 999
Freeware/Software Downloads 1 886
Reference <1 786
E-Mail <1 782
Games <1 536
Online Banking <1 535
Web Hosting <1 358
Internet Auctions <1 325
Sports/Recreation <1 300
Education <1 285
Online Brokerage and Trading <1 270
Generated Mon Sep 26 10:32:29 PDT 4-1 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Top URL Categories (continued)
The Top URL Categories section provides a percentage breakdown of the HTTP/HTTPS URL traffic bandwidth based on Dell SonicWALL Content Filtering Service categories.
URL Category Traffic (%) Session/Count
Vehicles <1 256
Chat/Instant Messaging (IM) <1 244
Health <1 167
Travel <1 164
Government <1 134
Job Search <1 110
Real Estate <1 81
Religion <1 79
Society and Lifestyle <1 68
Restaurants and Dining <1 67
Pornography <1 44
Pay to Surf Sites <1 41
Humor/Jokes <1 27
Political/Advocacy Groups <1 22
Personals and Dating <1 19
Weapons <1 8
Kid Friendly <1 7
Other <1 7
Malware <1 7
Cultural Institutions <1 5
Hacking/Proxy Avoidance Systems <1 5
Generated Mon Sep 26 10:32:29 PDT 4-1 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Top URL Categories (continued)
The Top URL Categories section provides a percentage breakdown of the HTTP/HTTPS URL traffic bandwidth based on Dell SonicWALL Content Filtering Service categories.
URL Category Traffic (%) Session/Count
Adult/Mature Content <1 3
Alcohol/Tobacco <1 3
Usenet News Groups <1 1
Generated Mon Sep 26 10:32:29 PDT 4-1 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Top Application Categories by Bandwidth
The Top Application Categories by Bandwidth section provides a percentage breakdown of the top application traffic bandwidth based on the Dell SonicWALL Application Control categories.
Application Category Traffic (%) Session/Count
Network Infrastructure 41 2436892
Browser 25 149615
Application 24 161616
None 10 2711392
Generated Mon Sep 26 10:32:29 PDT 4-2 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Top Countries by Traffic
The Top Countries by Traffic section provides an overview of the traffic that is either destined to a device behind your firewall or to a specific country. This data can be used to determine if traffic is going to a particular location and whether additional GeoIP or Botnet policies should be put in place to block those attempts.
The top 10 countries by source detected during the audit period are presented below:
Country Traffic Sessions Blocked
United States 151.71 GB 3692610 0 Ireland 131.99 MB 8901 0 Australia 2.90 MB 6020 0 United Kingdom 42.24 MB 3638 0 Japan 29.45 MB 3213 0
Generated Mon Sep 26 10:32:29 PDT 4-3 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Top Session Usage by IP
The Top Session Usage by IP section provides a list of the top IP addresses and total session counts from devices behind your firewall. This information provides insight into the largest consumers of traffic going out through your firewall.
IP Traffic Session
255.255.255.255 309.18 GB 10,588,704 Next Steps 10.0.0.83 426.63 MB 1,510,470 Your Dell SonicWALL firewall supports Single 75.75.75.75 380.98 MB 1,462,858 Sign-on (SSO) integration with LDAP/Active Directory 10.0.0.254 5.47 GB 1,362,405 (AD) which allows you to leverage AD groups to 75.75.76.76 308.36 MB 1,173,396 create policies for application control and URL 10.0.0.2 1.71 GB 583,932 filtering based on users. Reporting tools available on 10.0.0.36 581.60 MB 185,064 your firewall and through GMS/Analyzer can link the 10.0.0.37 581.33 MB 184,940 user to application and URL based reports. 10.0.0.128 24.79 GB 182,396
10.0.0.74 8.26 GB 179,962
10.0.0.46 581.36 MB 179,816
10.0.0.255 59.50 MB 175,190
239.255.255.250 243.45 MB 165,480
10.0.0.42 180.50 MB 122,616
10.0.0.145 5.43 GB 122,523
224.0.0.252 14.50 MB 102,461
255.255.255.255 28.55 MB 87,797
10.0.0.56 4.89 GB 82,043
10.0.0.130 9.61 GB 77,777
10.0.0.82 1.64 GB 75,655
Generated Mon Sep 26 10:32:29 PDT 4-4 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Top Session Usage by IP (continued)
The Top Session Usage by IP section provides a list of the top IP addresses and total session counts from devices behind your firewall. This information provides insight into the largest consumers of traffic going out through your firewall.
IP Traffic Session
10.0.0.62 1.97 GB 71,303 Next Steps 10.0.0.69 2.56 GB 69,462 Your Dell SonicWALL firewall supports Single 10.0.0.54 583.95 MB 61,100 Sign-on (SSO) integration with LDAP/Active Directory 10.0.0.98 33.09 MB 54,729 (AD) which allows you to leverage AD groups to create policies for application control and URL filtering based on users. Reporting tools available on your firewall and through GMS/Analyzer can link the user to application and URL based reports.
Generated Mon Sep 26 10:32:29 PDT 4-4 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Top Traffic Usage by IP
The Top Traffic Usage by IP section provides a list of the top IP addresses and the total traffic counts from devices behind your firewall. This information provides insight into the largest consumers of traffic by volume going through your firewall.
IP Traffic Session
255.255.255.255 309.18 GB 10,588,704 Next Steps 10.0.0.128 24.79 GB 182,396 Your Dell SonicWALL firewall supports Single 10.0.0.12 10.33 GB 6,324 Sign-on (SSO) integration with LDAP/Active Directory 10.0.0.130 9.61 GB 77,777 (AD) which allows you to leverage AD groups to 10.0.0.74 8.26 GB 179,962 create policies for application control and URL 10.0.0.65 6.78 GB 24,732 filtering based on users. Reporting tools available on 10.0.0.80 6.39 GB 45,418 your firewall and through GMS/Analyzer can link the 10.0.0.254 5.47 GB 1,362,405 user to application and URL based reports. 10.0.0.145 5.43 GB 122,523
10.0.0.56 4.89 GB 82,043
10.0.0.73 4.69 GB 51,942
10.0.0.122 4.65 GB 45,905
10.0.0.79 4.41 GB 42,612
204.130.255.5 3.89 GB 29,678
10.0.0.99 3.73 GB 11,451
10.0.0.94 3.23 GB 32,930
10.0.0.69 2.56 GB 69,462
10.0.0.64 2.36 GB 20,380
10.0.0.53 2.00 GB 27,570
10.0.0.62 1.97 GB 71,303
Generated Mon Sep 26 10:32:29 PDT 4-5 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Top Traffic Usage by IP (continued)
The Top Traffic Usage by IP section provides a list of the top IP addresses and the total traffic counts from devices behind your firewall. This information provides insight into the largest consumers of traffic by volume going through your firewall.
IP Traffic Session
216.58.217.46 1.91 GB 15,043 Next Steps 10.0.0.86 1.87 GB 43,523 Your Dell SonicWALL firewall supports Single 54.186.152.178 1.80 GB 12,339 Sign-on (SSO) integration with LDAP/Active Directory 10.0.0.87 1.78 GB 35,795 (AD) which allows you to leverage AD groups to create policies for application control and URL filtering based on users. Reporting tools available on your firewall and through GMS/Analyzer can link the user to application and URL based reports.
Generated Mon Sep 26 10:32:29 PDT 4-5 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Top User Sessions
The Top User Sessions section provides a list of the top users by total session and name, which can provide insight into the largest consumers of traffic behind your Dell SonicWALL firewall.
User Traffic Session
All 154.69 GB 5,459,522 Next Steps UNKNOWN 153.98 GB 5,427,198 Your Dell SonicWALL firewall supports Single admin 729.80 MB 32,324 Sign-on (SSO) integration with LDAP/Active Directory (AD) which allows you to leverage AD groups to create policies for application control and URL filtering based on users. Reporting tools available on your firewall and through GMS/Analyzer can link the user to application and URL based reports.
Generated Mon Sep 26 10:32:30 PDT 4-6 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Top User Traffic
The Top User Traffic session provides a list of the top users by total traffic and name, which can provide insight into the largest consumers of traffic behind you Dell SonicWALL firewall.
User Traffic Session
All 154.69 GB 5,459,522 Next Steps UNKNOWN 153.98 GB 5,427,198 Your Dell SonicWALL firewall supports Single admin 729.80 MB 32,324 Sign-on (SSO) integration with LDAP/Active Directory (AD) which allows you to leverage AD groups to create policies for application control and URL filtering based on users. Reporting tools available on your firewall and through GMS/Analyzer can link the user to application and URL based reports.
Generated Mon Sep 26 10:32:30 PDT 4-7 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Report Configuration
In order to provide the full set of reports, you should enable the following options in the management GUI of your Dell SonicWALL next-generation firewall. If these options are not configured, then the final SWARM report will only contain only a subset of all potential data.
Page Status
Enabled. Reporting for aggregate data Aggregate Reporting logs enabled.
Enabled. Reporting for aggregate App Reporting application data logs enabled.
Enabled. Reporting for aggregate URL URL Reporting data logs enabled.
Enabled. Reporting for URL category URL Category Reporting data logs enabled.
Enabled. Either GAV is licensed or GAV GAV Reporting status is enabled.
Enabled. Either Spyware is licensed or Spyware Reporting Spyware status is enabled.
Enabled. Either IPS is licensed or IPS IPS Reporting status is enabled.
Enabled. Reporting for aggregate geo Geo IP Reporting IP data logs enabled.
Enabled. Reporting for aggregate app App IP Reporting IP data logs enabled.
Enabled. Reporting for aggregate user User IP Reporting IP data logs enabled.
Generated Mon Sep 26 10:32:30 PDT 5-1 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Appendix 1: Risk Definitions
Low This condition applies when there is no discernible network incident activity and no malicious code activity with a moderate or severe risk rating. Under these conditions, only a routine security posture, designed to defeat normal rating threats, is warranted.
Elevated This application may not have a legitimate purpose on the network. The application can also be a source of unwanted traffic to the internal network. Some messenger services, such as Meebo, fall into this category.
High This application may be either resource hungry or may provide a service that circumvents normal network rules. Allowing this application to run may result in users unknowingly downloading malicious files. Some proxy services, such as Ultrasurf, fall into this category. It also includes some peer-to-peer applications, such as BitComet.
Severe This application is resource hungry and consumes a large amount of network bandwidth. The application is also a well-known facilitator of malicious activity, and is often used to infect endpoints. Some peer-to-peer services, such as eMule, fall into this category.
Generated Mon Sep 26 10:32:30 PDT 6-1 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Appendix 2: Vulnerability Descriptions
ARMADILLO packed executable_2 file ExePacker
Cross-Site Scripting (XSS) Attack 8 Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include HTML code and client-side scripts. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Vulnerabilities of this kind have been exploited to craft powerful phishing attacks and browser exploits.
DLoader.A_2 Trojan
Destination Unreachable (Port Unreachable) Internet Control Message Protocol (ICMP) is part of the Internet Protocol Suite. ICMP messages are typically generated in response to errors in IP datagrams or for diagnostic or routing purposes.
ICMP traffic may be used to map a network, or help fingerprint an OS. The information used from these methods may be used for illegitimate purposes.
Downgraded TLS Traffic This signature indicates the web client sends TLS (1.0~1.2) handshake to the web server, and the web server replies with SSL 3.0 handshake. Therefore the whole session will use SSL 3.0.
Downloader.DC_3 Downloader.DC_3 is a Trojan. A Trojan is a program that pretends to have a valid use, but in fact modifies the user's computer in malicious ways. Trojans do not replicate or spread to other computers.
Process Related Changes It creates the following mutex(es): Mso97SharedDg19211108172Mutex" MSCTF.Shared.MUTEX.MOH" CTF.TMD.MutexDefaultS-1-5-21-1078081533- 842925246-854245398-1003" CTF.TimListCache.FMPDefaultS-1-5-21-1078081533-842925246-854245398- 1003MUTEX.DefaultS-1-5-21-1078081533-842925246-854245398-1003" CTF.Compart.MutexDefaultS-1-5-21- 1078081533-842925246-854245398-1003" MSCTF.Shared.MUTEX.MAG" CTF.Layouts.MutexDefaultS-1-5-21- 1078081533-842925246-854245398-1003" Mso97SharedDg20321108172Mutex" CTF.Asm.MutexDefaultS-1-5-21- 1078081533-842925246-854245398-1003" Mutex_MSOSharedMem" CTF.LBES.MutexDefaultS-1-5-21-1078081533- 842925246-854245398-1003" Mso97SharedDg19521108172Mutex"
Generated Mon Sep 26 10:32:30 PDT 6-2 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Appendix 2: Vulnerability Descriptions
Echo Reply Internet Control Message Protocol (ICMP) is part of the Internet Protocol Suite. ICMP messages are typically generated in response to errors in IP datagrams or for diagnostic or routing purposes.
ICMP traffic may be used to map a network, or help fingerprint an OS. The information used from these methods may be used for illegitimate purposes.
Email with TNEF Attachment Outlook and the Microsoft Exchange Client sometimes use a special method to package information for sending messages across the Internet. This method is technically referred to as Transport Neutral Encapsulation Format (TNEF).
HTTP Request URI with SQL Statement (AND) 1 This signature detects SQL commands sent in HTTP requests. These are generally considered suspicious.
HTTP Request URI with SQL Statement (AND) 2 This signature detects SQL commands sent in HTTP requests. These are generally considered suspicious.
HTTP Request URI with SQL Statement (FROM) 1 This signature detects SQL commands sent in HTTP requests. These are generally considered suspicious.
HTTP Request URI with SQL Statement (FROM) 2 This signature detects SQL commands sent in HTTP requests. These are generally considered suspicious.
HTTP Request URI with SQL Statement (IF) 2 This signature detects SQL commands sent in HTTP requests. These are generally considered suspicious.
HTTP Request URI with SQL Statement (OR) 2 This signature detects SQL commands sent in HTTP requests. These are generally considered suspicious.
Irregular XML File 1 This signature detects a XML file which indicates allow access from all domains.
NetBIOS Name Request Probe This signature indicates NetBIOS name request traffic.
Non-Standard Unicode Request URI 1a This signature indicates non-standard encoding for Unicode characters, %uxxxx, in HTTP request URI. This encoding is not specified by any RFC and has been rejected by the W3C.
Generated Mon Sep 26 10:32:30 PDT 6-2 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Appendix 2: Vulnerability Descriptions
Obfuscated JavaScript Code 06 This signature indicates obfuscated JavaScript being sent to an HTTP client.
Obfuscated JavaScript Code 11 This signature indicates obfuscated JavaScript being sent to an HTTP client.
Obfuscated JavaScript Code 12 This signature indicates obfuscated JavaScript being sent to an HTTP client.
Obfuscated JavaScript Code 13 This signature indicates obfuscated JavaScript being sent to an HTTP client.
Obfuscated JavaScript Code 16 This signature indicates obfuscated JavaScript being sent to an HTTP client.
Obfuscated JavaScript Code 18 This signature indicates obfuscated JavaScript being sent to an HTTP client.
Obfuscated JavaScript Code 22 This signature indicates obfuscated JavaScript being sent to an HTTP client.
OpenSSL Heartbeat 1 This is an informational signature.
OpenVPN Heartbleed Information Disclosure OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to gain sensitive information.
PING Internet Control Message Protocol (ICMP) is part of the Internet Protocol Suite. ICMP messages are typically generated in response to errors in IP datagrams or for diagnostic or routing purposes.
ICMP traffic may be used to map a network, or help fingerprint an OS. The information used from these methods may be used for illegitimate purposes.
SSLv2.0 Client Hello 2 SSL 2.0 was deprecated in 2011 by RFC 6176.
Generated Mon Sep 26 10:32:30 PDT 6-2 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Appendix 2: Vulnerability Descriptions
Suspicious IMAP SELECT Command 1 This signature indicates malformed SELECT command being sent to IMAP server.
Suspicious Obfuscated JavaScript Code 46 This signature indicates suspicious obfuscated JavaScript being sent to an HTTP client.
Suspicious Video 12 This signature detects and blocks malicious video files, which contain a pattern indicative of an exploit attempt.
Time-To-Live Exceeded in Transit Internet Control Message Protocol (ICMP) is part of the Internet Protocol Suite. ICMP messages are typically generated in response to errors in IP datagrams or for diagnostic or routing purposes.
ICMP traffic may be used to map a network, or help fingerprint an OS. The information used from these methods may be used for illegitimate purposes.
Web Application Remote Code Execution 22 This signature indicates suspicious byte pattern being sent to a web application.
Generated Mon Sep 26 10:32:30 PDT 6-2 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Appendix 3: Application Descriptions
ABMR This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.
ADGRX This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.
AOL Advertising This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.
AOL Webmail AOL LLC (formerly America Online) is an American global Internet services and media company operated by Time Warner.
Acuity Platform This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.
AdTech This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.
AddThis.com AddThis.com is a web user tracking company. They partner with websites to include invisible code in the partner website which reports user browsing data to addthis.com backend for the purpose of commercializing user data.
Generated Mon Sep 26 10:32:30 PDT 6-3 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Appendix 3: Application Descriptions
Adnetik This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.
Adobe Acrobat Acrobat.com offers users a collection of free web applications from Adobe Systems.
Adsafe Media This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.
Adsonar This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.
Adsrvr This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.
Aggregrate Knowledge This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.
Akamai CDN Akamai is a content delivery network.
Generated Mon Sep 26 10:32:30 PDT 6-3 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Appendix 3: Application Descriptions
Akamai NetSession Interface The Akamai NetSession Interface is distributed networking software which greatly enhances the quality and speed of downloads and video streams you get from websites that support Akamai technology. The Akamai NetSession Interface handles the caching, reflecting and sending of files delivered to you through the Akamai network. The software is safe and secure, and does not contain any adware or spyware and never will.
Amazon CloudFront Amazon CloudFront is a content delivery web service. It integrates with other Amazon Web Services products to give developers and businesses an easy way to distribute content to end users with low latency, high data transfer speeds, and no minimum usage commitments.
Amazon.com Amazon.com, Inc. (NASDAQ: AMZN) is an American-based multinational electronic commerce company. Headquartered in Seattle, Washington, it is America's largest online retailer, with nearly three times the Internet sales revenue of the runner up, Staples, Inc., as of January 2010.Jeff Bezos founded Amazon.com, Inc. in 1994 and launched it online in 1995 as Cadabra.com. It started as an online bookstore, but soon diversified, selling DVDs, CDs, MP3 downloads, computer software, video games, electronics, apparel, furniture, food, and toys. Amazon has established separate websites in Canada, the United Kingdom, Germany, France, Japan, and China. It also provides international shipping to certain countries for some of its products. A 2009 survey found that Amazon was the UK's favorite music and video retailer, and third overall retailer.
Android Dalvik Android Dalvik is the process Virtual Machine that runs all executable Apps on Android mobile devices and tablets.
AppNexus This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.
Apple Bonjour Apple Bonjour is a LAN protocol similar to Microsoft suite of protocols for querying Local Area Network resources: Bonjour (mDNSResponder), AirPlay, Home Sharing, Printer Discovery, etc. On Macintosh this service is provided by the mDNSResponder over IP and IPv6.
Apple Core Media Apple Core Media library (CoreMedia Framework) is the process that renders audio and visual content on Apple products including the iPad, iPhone, and other platforms.
Generated Mon Sep 26 10:32:30 PDT 6-3 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Appendix 3: Application Descriptions
Apple Location Service Apple Location Service is a process called locationd running on your Apple products. It is responsible for maintaining a current geographical location of the device for use in Apps like Google Maps, and any other location-aware application.
Apple Push Notifications Apple Push Notification (APN) is the sanctioned communications channel between Apple backend infrastructure and the applications that you run on your Apple iPhone, iPad, iPod Touch, Macbooks, etc. A push notification is an asynchronous notification that comes from the external network to your device to alert your apps to events to which you have subscribed. For example you receive push notifications when someone posts a status update to Facebook, when somebody has sent you a text message, etc.
Apple Security Apple Security includes the XProtectUpdater, a security feature that downloads security signatures.
Apple Spotlight Suggestions Apple Spotlight is a global search box built into the Apple OS. Apple Spotlight Suggestions is a feature for keylogging your search box activity to provide you with aggregated search suggestions from Apples backend servers. The Apple Spotlight Suggestions are included in Apple Safari browser and Apple Spotlight Search by default. (Opting out is available.)
Apple Updates Apple (or Apple Inc.) designs and manufactures consumer electronics and software products. Enabling blocking for this application will also block most Apple Inc. network traffic. (Use with caution.)
Apple iCloud Apple iCloud is a cloud service that stores your music, photos, apps, calendars, documents, and more in the cloud. And wirelessly pushes them to all your devices.
Apple iMessage Apple iMessaging is part of Apple iOS notification system for test messaging. It is used by many of Apple Applications including Apple FaceTime and others.
Apple iTunes iTunes is a free multimedia client provided by Apple. Because it consumes streaming media, using the client can devour network bandwidth.
Apple iTunes Radio Apple iTunes Radio is Internet radio that lets you create stations and stream music on all your devices.
Generated Mon Sep 26 10:32:30 PDT 6-3 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Appendix 3: Application Descriptions
Archive RPM files are software files packaged by the RPM Package Manager system.
Ares Ares is a free peer-to-peer file-sharing application that allows users to share any digital content files, such as images, audio, video, and more. Peer-to-peer application use may be against policies on your network.
Atwola This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.
Audio Video Stream This SonicWALL signature identifies Audio, Video, Graphic, and other Multimedia file streams.
Baidu Baidu is a popular Chinese search engine for websites, images, and other media content. Baidu's also populat instant messaging service is called "Baidu Hi".
Betr Ad This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.
Bing Bing is the newest incarnation of a web search engine portal from Microsoft Corporation.
Bing Maps Bing Maps for Enterprise is a mapping platform produced by Microsoft Corporation. The Bing Maps for Enterprise framework is what powers the Bing Maps web-mapping service.
Generated Mon Sep 26 10:32:30 PDT 6-3 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Appendix 3: Application Descriptions
BitTorrent Protocol BitTorrent Protocol is a peer-to-peer file sharing (P2P) communications protocol, famous (or infamous) for its ability to distribute large data files--movies, software, photos, documents, etc. Usage of the protocol accounts for significant traffic on the Internet. Peer-to-peer networks are characterized by a decentralized topology of temporary peer nodes that join and leave the network, unlike traditional client-server networks. BitTorrent is maintained by BitTorrent, Inc. There are numerous compatible BitTorrent clients, such as uTorrent, BitComet, Deluge, TurboBT, and Transmission, and Xunlei (a Chinese-language file sharing client). Many of these BT Clients, in addition to using the BitTorrent Protocol proper, also use other file-sharing protocols and downloading methods, such as eMule/eDonkey protocol, and so-called HTTP Download Acceleration. (HTTP Download Acceleration is clever use of the HTTP 'Range' header in HTTP requests. Multiple HTTP requests are made in parallel for different byte ranges of the file.) BitTorrent clients also use encryption techniques to evade firewall application control over both TCP and UDP. To block all file-sharing applications we recommend enabling the entire P2P category, both SonicWALL Encrypted Key Exchange application signatures (sids: 5 & 7), and the PROTOCOLS >> HTTP Range header signature (sid: 6872).
BlueKai Research This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.
Casale Media This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.
Chango Marketing This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.
Chart Beat Chart Beat is a web-analytics company that collects notifications from its partner's software: website, web applications, desktop apps, etc. about user activity: how long did the user stay at partners site, etc.
Citrix Citrix products offer users secure access to applications and content from a variety of clients, through virtualization technologies via the Internet.
Generated Mon Sep 26 10:32:30 PDT 6-3 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Appendix 3: Application Descriptions
Craigslist Craigslist is a centralized network of online communities, featuring free online classified advertisements - with sections devoted to jobs, housing, personals, for sale, services, community, gigs, and discussion forums.
Criteo This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.
DHCP Protocol The Dynamic Host Configuration Protocol (DHCP) is an automatic configuration protocol used on IP networks. Computers that are connected to IP networks must be configured before they can communicate with other computers on the network. DHCP allows a computer to be configured automatically, eliminating the need for intervention by a network administrator. It also provides a central database for keeping track of computers that have been connected to the network. This prevents two computers from accidentally being configured with the same IP address.DHCP is not normally forwarded at the Network (OSI Layer 3) level. However, DHCP can be routed when using a DHCP Relay.
DNS Protocol The Domain Name System (DNS) is a naming system for computers and services connected to the Internet, where DNS translates the hostnames into IP addresses.
Dictionary.com Dictionary.com is the online reference for the spelling, meaning, usage, and source of words. This site is available via browser or mobile app.
Document The PDF file format, or Portable Document Format, was created by Adobe Systems to help users in facilitating the exchange of document files.
Double Verify This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.
Generated Mon Sep 26 10:32:30 PDT 6-3 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Appendix 3: Application Descriptions
DoubleClick \ DoubleClick is a subsidiary of Google that develops and provides Internet ad serving services. Its clients include agencies, marketers (Universal McCann Interactive, AKQA etc.) and publishers who serve customers like Microsoft, General Motors, Coca-Cola, Motorola, L'Oral, Palm, Inc., Visa USA, Nike, Carlsberg among others. DoubleClick's headquarters are in New York City, United States. DoubleClick embeds code in its partners websites that cause the web visitors browser to send a notification back indicating a visit to the site.\ \ \ This SonicWALL signature identifies DoubleClick HTTP traffic.\
Dropbox Dropbox is storage service that allows users to store and synchronize file content between computers, over the Internet. Dropbox has is compatible with Windows, Mac OS X and Linux platform clients. No-cost user accounts offer 2 GB of storage space, while paid accounts offer significantly higher storage space.
EdgeSuite This network traffic is is web user tracking traffic.
Encrypted Key Exchange Encrypted Key Exchange (also known as EKE) is a family of password-authenticated key agreement methods described by Steven M. Bellovin and Michael Merritt. Although several of the forms of EKE in this paper were later found to be flawed, the surviving, refined, and enhanced forms of EKE effectively make this the first method to amplify a shared password into a shared key, where the shared key may subsequently be used to provide a zero-knowledge password proof or other functions. This application identifies randomness in a TCP and UDP sessions between an application and a peer or server. Many applications that want to evade firewall detectionincluding Ultrasurf, Ammy Admin, Skype, Psiphon, eMule, and otheruse encrypted TCP and UDP sessions. By nature an encrypted session is just a bunch of seemingly random bytes within the transport layer payload--how the bytes are interpreted is a mystery that only the applications protocol designers know. For this reason, all encrypted sessions look alike at the firewall, and there is no way to identify from which application the encrypted TCP session is coming. Therefore, enabling prevention for these signatures--SID 5 for TCP, and SID 7 for UDPwill necessarily block all and any encrypted sessions emanating from these evasive applications. There is no way to distinguish between them.
Eq Ads This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.
Generated Mon Sep 26 10:32:30 PDT 6-3 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Appendix 3: Application Descriptions
Executable Executable and Linking Format files (.exe) are a common standard file format for executable files and libraries.
FTP File Transfer Protocol (FTP) is a standard network protocol defined in RFC 959. It is used to copy a file from one host to another over a TCP/IP-based network, such as the Internet. FTP is built on a client-server architecture and utilizes separate control and data connections between the client and server applications, which solves the problem of different end host configurations (i.e., Operating System, file names).[1] FTP is used with user-based password authentication or with anonymous user access.
Facebook facebook is an enormously popular social networking site that lets users build a profile page and then seek out and connect with other friends on the service. Users can also join networks for various interests or geographic locations, upload digital media content, and even play games online through the site. facebook is subject to blocking and censure in some countries, and the site appears to continually be re-vamping their privacy policy in an effort to balance user security and business needs.
Fastly CDN Fastly CDN is a Content Delivery Network, an array of distributed servers that cache web content for performance optimization.
Firefox Firefox is a web browser developed, maintained, and managed by Mozilla Corporation. The browser is truly cross- platform functional, running on Windows, Mac OS X, and Linux systems.
Flash Video (FLV) Flash Video (.flv extension) is the file format used to deliver video over the Internet using Adobe Flash Player (formerly Macromedia Flash Player). Flash Video is used by sites such as Google Video, YouTube, and Reuters.com.
Flipboard Flipboard (Flipboard.com) aggregates social media into an flipable app format. It was created in 2010.
Flurry Flurry (http://www.flurry.com) is an web user analytics company.
Freegate Freegate is an web proxy that uses a proprietary, obfuscated/encrypted application layer protocol to thwart content filtering and application control by firewalls. Blocking this application requires that Encrypted Key Exchange (EKE) application signatures are also required to block this application.
Generated Mon Sep 26 10:32:30 PDT 6-3 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Appendix 3: Application Descriptions
GO SMS GO SMS is SMS, MMS, and file sharing app on mobile devices.
Golden Key VPN Golden Key VPN is a free VPN app for Android. It is a Chinese language based app.
Google Google Inc. is most universally known for its leading Internet search capabilities. Google also provides a myriad of additional free services to users, including email, messaging, mapping services, and office productivity tools and applications.
Google API Google API (Google Application Programming Interface) is a set of programming libraries made available by Google for (mobile and other) application developers can access Google Services (Google Docs, Google Calendar, Google Push Notifications, etc), or simply extend the functionality of their programs using code written by other developers. The developer embeds call to the Google API into their code, and makes calls to https://googleapis.com.
Google Analytics Google Analytics is a no-cost service from Google that generates statistics on a website's visitors, in the hope of helping site owners have greater success in Google AdWords campaigns through optimized language and site content.
Google Chrome Google Chrome is the highly popular web browser from Google.
Google Docs Google Docs is a free suite of applications from Google that includes a web-based word processor, a spreadsheet application, and a presentation application. It allows users to create and edit documents online while collaborating in real-time with other users. Files are saved to Google's server and the application does supports MS Office file types such as .doc, .xls, or .ppt.
Google Drive Google Drive is an online storage service. This lets the users store various files into the cloud.
Google Earth Google Earth is a virtual geographic information program that maps a version of the earth by the superimposition of images obtained from satellite imagery, aerial photography and the GIS 3D globe.
Google Mail (Gmail) Google Mail (Gmail) is the no-cost email service available from Google, Inc. Gmail also provides access to address book, calendar, and office productivity services.
Generated Mon Sep 26 10:32:30 PDT 6-3 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Appendix 3: Application Descriptions
Google Maps Apple iPhone/iPad/iPod Touch Maps is an application for Apples mobile computing platform. The application connects to the Internet via a cellular network (e.g. edge network, 3G network) or via wifi (e.g. local Internet hotspot at home, office, etc). The Maps app provides a global map and various overlays.
Google News Google News is a computer-generated news site that aggregates headlines from news sources worldwide, groups similar stories together and displays them according to each reader's personalized interests.
Google Play Google Play gives you one place to find, enjoy, & share Apps, Music, Movies & Books - instantly anywhere across the web & android devices.
Google Plus Google Plus (Google ) is a social networking platform from Google, Inc. It allows friends to share News Feed Posts, Suggestions/Likes, Video and Photo uploads. This application occurs over SSL (TCP/443) to https://plus.google.com. The SSL Certificate used by the server is *.google.com. There are only two ways to block Google SSL: enable this application and DPI-SSL Client Inspection, or enable SID/6454 ("Google" application) which will block all SSL to any *.google.com including GMAIL and all other Google services.
Google QUIC QUIC is an experimental protocol aimed at reducing web latency over that of TCP. On the surface, QUIC is very similar to TCP TLS SPDY implemented on UDP. Because TCP is implement in operating system kernels, and middlebox firmware, making significant changes to TCP is next to impossible. However, since QUIC is built on top of UDP, it suffers from no such limitations.
Google Talk Google Talk lets users connect to one another in conjunction with third-party messaging systems. Based on the open- source built Jabber, Google Talk also works with services such as iChat, Trillian Pro, and Adium.
Google Toolbar Google Toolbar is a browser toolbar available for installation in Microsoft Internet Explorer and Mozilla Firefox.
HTTP Protocol Hypertext Transfer Protocol (HTTP) is the standard transmission protocol of requests and information between Internet servers and browsers.
HTTP Proxy While this event may not represent an attack, such activity may represent application usage against company policies.
Generated Mon Sep 26 10:32:30 PDT 6-3 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Appendix 3: Application Descriptions
HTTP User-Agent HTTP User-Agent is a collection of signatures that identify network traffic based on HTTP User-Agent header, or elements within the header.
Hulu Hulu (hulu.com) is a website and over-the-top (OTT) subscription service offering ad-supported on demand streaming video of TV shows, movies, webisodes and other new media, trailers, clips, and behind-the-scenes footage from NBC, Fox, ABC, and many other networks and studios. Hulu videos are currently offered only to users in the United States and its overseas territories. In order to ensure that no international users outside the US have access to the videos, Hulu blocks many anonymous proxies, Amazon EC2 IP addresses and virtual private networks. Hulu provides video in Flash Video format, including many films and shows that are available in 288p, 360p, 480p, and in some cases, 720 HD. Hulu also provides web syndication services for other websites including AOL, MSN, MySpace, Facebook, Yahoo!, and Comcast's fancast.com.
ICMP The Internet Control Message Protocol (ICMP) is used by networked computers' operating systems to send error messages.
IDM Internet Download Manager (IDM) is a tool to increase download speeds by up to 5 times, resume and schedule downloads. Comprehensive error recovery and resume capability will restart broken or interrupted downloads due to lost connections, network problems, computer shutdowns, or unexpected power outages.This signature detects the download traffic for application Internet Download Manager. There is nothing special about IDM traffic. It uses standard HTTP protocol. However, it does use the 'Range' HTTP header. It spawns multiple simultaneous TCP connections; each thread downloads a chunk of the file by specifying a byte range in the HTTP request. By using multiple threads running in parallel IDM is able to accelerate the download. You can block IDM from spawning multiple, parallel threads by blocking the Range header. However, you cannot block IDM from running a single thread as it is indistinguishable from regular HTTP requests.
IMAP The Internet Message Access Protocol (IMAP) is the two most used Internet standard protocol for e-mail retrieval.
IMDb The Internet Movie Database (IMDb) is an online database of information related to movies, television shows, actors, production crew personnel, video games, and most recently, fictional characters featured in visual entertainment media. IMDb launched on October 17, 1990, and in 1998 was acquired by Amazon.com.
IMR Worldwide IMR Worldwide is a server that collects user web surfing data from cookies set by sites that you visit. It is part of the Neilsen Ratings System company (http://www.nielsen-online.com).
Generated Mon Sep 26 10:32:30 PDT 6-3 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Appendix 3: Application Descriptions
ISL Light ISL Light is a utility tool to assist administrators in remotely controlling PCs throughout a network.
Icecast Icecast is a streaming media server project for broadcasting music that requires a streaming application, or source encoder.
Image BMP (.bmp), also known as BitMap, is a file format for storing digital image data.
Indeed.com Indeed.com is a metasearch engine for job listings, launched in November 2004.[1] As a single-topic search engine, it is also an example of vertical search. The site aggregates job listings from thousands of websites including job boards, newspapers, associations, and company career pages. Job seekers do not apply for jobs through Indeed, just receive the listing as to where the job is posted. Applicants can then decide which jobs are of interest and then go to the corresponding sites to apply. Indeed is currently available in 54 countries.
Instagram Instagram is a photo sharing application widely used on mobile phones to upload and share photos with friends and followers.
LastPass LastPass is a password management system (password vault) that stores your passwords and makes them available from all of your devices. The only password you need to remember is the Master Password to unlock the vault. The technology uses browser extensions for all of the leading web browsers to intercept website login forms and auto-fill your site-specific password.
LinkedIn LinkedIn is a business-oriented social networking for professional contact networking purposes.
LogMeIn LogMeIn offers users services for remote access to client systems via the Internet. The various product versions use a proprietary remote desktop protocol transmitted via SSL, and connects remote desktops and the local computer using SSL over TCP, utilizing NAT for a peer-to-peer connection.
MP3 MP3 is an extremely common digital audio encoding format that uses a form of lossy data compression.
Generated Mon Sep 26 10:32:30 PDT 6-3 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Appendix 3: Application Descriptions
MPEG The Moving Picture Experts Group (MPEG) is a working group of authorities that was formed by ISO and IEC to set standards for audio and video compression and transmission. It was established in 1988 for the development of new video coding recommendations and to set international standards for Advanced Video Coding. MPEG is a collection of methods defining compression of audio and visual (AV) digital data. It was designated a standard for a group of audio and video coding formats and related technology agreed upon by the ISO/IEC Moving Picture Experts Group (MPEG) under the formal standard ISO/IEC 14496. MPEG-4 is the version of the standard that addresses compression of AV data for web (streaming media) and CD distribution, voice (telephone, videophone) and broadcast television applications.
Mail.com Mail.com provides web e-mail services that users can contact from a remote system connected to the Internet.
Malwarebytes Malwarebytes Anti-Malware is an Anti-Virus company. The application will download updates to its database file (.dat) file regularly to provide up-to-date coverage of malware.
MapQuest MapQuest is a website and map publisher service that helps users build customized maps and directions.
McAfee McAfee is a Computer Security vendor and maker of Antivirus and other software.
McAfee SiteAdvisor McAfee SiteAdvisor is a service that crawling the Internet, tests sites for malware, and reports back on its findings.
Media Innovation Group This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.
Media6Degrees This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.
Generated Mon Sep 26 10:32:30 PDT 6-3 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Appendix 3: Application Descriptions
MediaMath This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.
Microsoft App Store Microsoft App Store (apps.microsoft.com) is an app available on microsoft mobile devices, phones and tablets to shop and download other apps, similar to Apple App Store.
Microsoft BITS Use Background Intelligent Transfer Service (BITS) to transfer files asynchronously between a client and a server. There are three types of transfer jobs. A download job downloads files to the client, an upload job uploads a file to the server, and an upload-reply job uploads a file to the server and receives a reply file from the server application. BITS continues to transfer files after an application exits if the user who initiated the transfer remains logged on and a network connection is maintained. BITS will not force a connection. BITS suspends the transfer if a connection is lost or if the user logs off. BITS persists transfer information while the user is logged off, across network disconnects, and during computer restarts. When the user logs on again, BITS resumes the user's transfer job. For more information, see Users and Network Connections.
Microsoft CryptoAPI The Microsoft Cryptographic Application Programming Interface (or CAPI) is an application programming interface that is part of Microsoft Windows operating systems.
Microsoft Dr.Watson Microsoft Dr. Watson is a program error debugger tool for Windows XP.
Microsoft Exchange Microsoft Exchange Server is a messaging and software product developed by Microsoft Corporation that provides management of a user or organization's email, calendar services, contacts, and tasks. It also supports remote access to this resources through mobile devices.
Microsoft Internet Explorer Microsoft Internet Explorer is the popular web browser from Microsoft.
Generated Mon Sep 26 10:32:30 PDT 6-3 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Appendix 3: Application Descriptions
Microsoft MSN Messenger Microsoft MSN Messenger is an instant messaging protocol created by Microsoft Corporation in 1999. It was rebranded as Windows Live Messenger in 2005, but that name has been dropped. It was reported to be used by hundreds of millions of users, within the various currently supported Windows operating systems, such as Windows 7, Windows Mobile, Windows Vista, and Windows XP. While it supports additional features, Windows Live Messenger is primarily an instant messaging client. Microsoft has now bought Skype and may be eventually discontinuing support for this protocol. It is a plaintext protocol that uses TCP/1863.
Microsoft Office 365 Microsoft Office 365 is cloud-based email, calendar, file storage, file sharing, project collaboration, conferencing, document creation with familiar MS Word, Excel, PowerPoint, etc. This service is marketed towards business use.
Microsoft OneDrive Microsoft OneDrive (formerly Windows Live SkyDrive, formerly Windows Live Folders) is a cloud file storage and sharing service that allows users to upload files to the computing cloud, then access them from a web browser or directly from Windows Explorer file browser when the stand-alone synchronizing application is installed.
Microsoft Outlook.com (Hotmail) Microsoft Outlook.com is the newest branding of Microsoft Corporations free online mail service, previously called Hotmail.
Microsoft SharePoint Microsoft SharePoint is a business collaboration platform system that integrates with products from the MS Office Suite to help provide multi-device and browser read and write file access to shared content.
Microsoft Windows Updates Microsoft Windows is the collective name for operating systems designed and produced by Microsoft Corporation. The company that develops, manufactures, licenses, and supports a wide range of software products for computing devices. This application includes updates and patches from Microsoft to any of these platforms.
MindJolt MindJolt is one of the fastest growing companies in the social gaming space, with more than 20 million active members playing 750 million games each month. MindJolt offers more than 1,300 games on popular social networks and sites including Facebook, MindJolt.com and MySpace.
Ministerial5 This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.
Generated Mon Sep 26 10:32:30 PDT 6-3 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Appendix 3: Application Descriptions
Morningstar Morningstar is an independent investment research company. Morningstar offers Internet, software, and print-based products and services for individuals, financial advisers, and institutional clients.
MySpace MySpace is a social networking site that lets users set up a profile page with links to other pages and uploaded media content, along with letting them connect to a network of other friends on the service. MySpace also features an internal search engine and an internal email system.
NFL (National Football League) NFL (National Football League) is the American pastime. This application is the online presence--both on the web and via mobile browser for NFL.com.
NateOn NateOn is an instant messaging client offered by Nate, a prominent Korean web portal service.
Netflix Netflix offers movie and television programming rentals, through standard mail and web delivery formats. Users can watch content from discs mailed to their homes, or watch programming that is delivered directly into the home via the Internet.
New York Times Online The New York Times is an American daily newspaper founded and continuously published in New York City since 1851. Although it remains both the largest local metropolitan newspaper in the United States as well as being third largest overall, behind The Wall Street Journal and USA Today, the weekday circulation of the paper has fallen precipitously in recent years to fewer than one million copies daily for the first time since the 1980s. Nicknamed "The Gray Lady" and long regarded within the industry as a national "newspaper of record", the Times is owned by The New York Times Company, which also publishes 18 other regional newspapers including the International Herald Tribune and The Boston Globe. The company's chairman is Arthur Ochs Sulzberger Jr., whose family has controlled the paper since 1896.
OCSP The Online Certificate Status Protocol (OCSP) enables applications to determine the (revocation) state of an identified certificate. OCSP may be used to satisfy some of the operational requirements of providing more timely revocation information than is possible with CRLs and may also be used to obtain additional status information. An OCSP client issues a status request to an OCSP responder and suspends acceptance of the certificate in question until the responder provides a response.
Omniture Omniture is a division of Adobe, Inc. and it provides web analytics and user tracking.
Generated Mon Sep 26 10:32:30 PDT 6-3 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Appendix 3: Application Descriptions
Optimax Media Delivery This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.
Optimizely This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.
POP The Post Office Protocol (POP) is the second most used Internet standard protocol for e-mail retrieval.
Pandora Radio Pandora Radio is an Internet radio service that allows users to listen to music for free on ad-supported channels. Users can also upgrade to a paid version that does not contain advertisements.
Pinterest A content sharing service that allows members to "pin" images, videos and other objects to their pinboard. Also includes standard social networking features.
Private Internet Access VPN Private Internet Access is the leading VPN Service provider specializing in secure, encrypted VPN tunnels which create several layers of privacy and security providing you safety on the internet. Our VPN Service is backed by multiple gateways worldwide with VPN Tunnel access in the US, UK and Switzerland. Private Internet Access VPN (www.privateinternetaccess.com) uses VPN techniques--TLS/SSL, IPSec (UDP/TCP), OpenVPN--to achieve anonymous Internet access by opening VPN tunnels to PIA and gaining access to the Internet from their gateways.
Psiphon Psiphon is a free, anonymizing web proxy client that enables users to bypass firewall controls. The most recent version has several modes of operation including SSH-PLUS, VPN, and SSH. To block Psiphon: (1) Enable DPI-SSL Client Inspection; (2) Enable all Psiphon application signatures; (3) Enable Encrypted Key Exchange TCP Random Traffic (SID 5); (4) Enable blocking of SSH app signature (SID 10097) "SSH -- Client Request Outbound", (or make access rule to block outbound TCP/22 SSH Service from this LAN->WAN); (5) Make access rule to block outbound TCP/53 (DNS Zone Transfer) from this LAN->WAN; (6) And to block VPN mode you must block IPSec connections by disabling outbound udp/500 in firewall access rules, or enable ISAKMP application signatures.
Generated Mon Sep 26 10:32:30 PDT 6-3 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Appendix 3: Application Descriptions
Pure-FTPd FTP Server Pure-FTPd is a secure production-quality FTP Server for Linux, Unix and Mac OS X systems.
Quantcast Quantcast is a media measurement, web analytics service that allows users to view audience statistics for millions of websites. Quantcast Corporation's prime focus is to analyze the Internet's web sites in order to obtain accurate usage statistics by surfers from the USA. Like Alexa, Quantcast rates Web pages by ranks. Quantcast statistics always refer to the usage from the United States, therefore Alexa data and Quantcast data do not always show the same results. Quantcast does not require a toolbar to be installed upon one's web browser to obtain statistics. Instead participating websites voluntarily insert Quantcast HTML code inside Web pages they wish to have included in statistics. This code allows Quantcast to keep track of the traffic directed towards those Web sites.
Quora Quora is a question and answer website founded by former Facebook employees.
RPC Portmapper PortMapper is a service that runs on nodes to assist in mapping an ONC RPC program number to a listening server's network address.
RSS RSS is a family of web feed formats used to publish frequently updated digital content, such as blogs, news feeds or podcasts.
RTP Real-time Transport Protocol (RTP) opens two ports for communication. One for the media stream (an even port number) and one for control (QoS feedback and media control) - RTCP. The port numbers are not hard defined, it depends very much upon the application.
RealMedia This event indicates that a RealMedia compatible client application is attempting to download content. RealPlayer, for example, is a multimedia client application supporting a broad range of media standards.
SIP The Session Initiation Protocol (SIP) is an application-layer signaling protocol widely used for establishing and tearing down multimedia communication sessions for voice and video transmission over the Internet.
SMTP Simple Mail Transfer Protocol (SMTP) is the standard protocol for e-mail transmissions across the Internet.
Generated Mon Sep 26 10:32:30 PDT 6-3 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Appendix 3: Application Descriptions
SNMP Simple Network Management Protocol (SNMP) is an IETF standard for interoperability between Network Management Device communication of data exchange.
SSL Transport Layer Security (TLS) and Secure Sockets Layer (SSL) are cryptographic protocols that provide secure communications on the Internet.
Safari Browser The Safari web browser is the default browser on all Apple Inc. products including Macintosh Computers, iPads, iPhones, iPod Touch, etc. The browser is developed by Apple.
ScoreCard Research ScorecardResearch, a service of Full Circle Studies, Inc., is part of the comScore, Inc. market research community, a leading global market research effort that studies and reports on Internet trends and behavior. ScorecardResearch conducts research by collecting Internet web browsing data and then uses that data to help show how people use the Internet, what they like about it, and what they do not.
Serving-Sys This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.
Shockwave Flash (SWF) The SWF file format (also known as Shockwave Flash) delivers text, audio, graphics and video over the Internet and is supported by Adobe Flash Player and Adobe AIR software.
Site Scout This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.
Skype Skype is an application that allows users to make voice calls over the Internet, using a proprietary VoIP network called the Skype protocol. After a user installs client software, calls to fellow Skype users are free-of-charge, while calls to landlines and mobile phones can be made for a fee. Additional features include instant messaging, file transfer and video conferencing. Skype is owned by Microsoft Corporation. Skype uses firewall evasion techniques and requires Encrypted Key Exchange signatures, in order to prevent or detect it.
Generated Mon Sep 26 10:32:30 PDT 6-3 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Appendix 3: Application Descriptions
SnapChat SnapChat is a photo sharing app for Apple iOS and Android devices. The app permits the time-sensitive sharing of photos--photos self-destruct after a user-configurable amount of time--usually the photo disappears after 1-10 seconds. SnapChat is hosted at Google-owned, AppSpot.com and connects to the Appspot.com servers overSSL/HTTPS. Blocking Snapchat can be accomplished in two ways. Customers with DPI-SSL CI enabled can simply enable this application and all of its signatures. Without DPI-SSL CI, customers must enable the AppSpot.com application signatures. In this second case, there will be false positives, namely, you will be blocking all applications hosted at AppSpot.com.
Splashtop Remote Desktop Splashtop Remote Desktop (http://splashtop.com/) allows a guest to gain access to the keyboard, video, and mouse (KVM) of a PC running the host software.
Spotify Spotify is a peer-to-peer audio streaming application, based out of Sweden. The freeware allows users to browse and search audio files, but does not let them save music outside the application.
SquirrelMail SquirrelMail is an application for web email services that is compatible with most popular browsers. Available in numerous languages, SquirrelMail can function in environments with access to an IMAP and SMTP server.
StumbleUpon StumbleUpon is a browser plugin utility lets users find and rate web page content, including photos, videos, and news stories.
Symantec Live Update Symantec Live Update is used by many Symantec/Norton products to provide updates to client and server systems.
TeamViewer Compatible with Windows, Mac OS X, and Linux operating systems, TeamViewer is a package of software tools that provide users with remote control of PCs over the Internet. The software allows for screen sharing, file transfer and chat functionality.
Teredo Teredo is a tunneling protocol designed to grant IPv6 connectivity to nodes that are located behind IPv6-unaware NAT devices. It defines a way of encapsulating IPv6 packets within IPv4 UDP datagrams that can be routed through NAT devices and on the IPv4 internet.
The Weather Channel The Weather Channel (www.weather.com) is a website for weather. This application includes a Weather Desktop App is a widget that runs on the user's desktop PC. It provides up-to-the-minute updates of current weather conditions.
Generated Mon Sep 26 10:32:30 PDT 6-3 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Appendix 3: Application Descriptions
Trend Micro Trend Micro is a company that develops software and services for protecting against malware, spam, viruses, and other associated web threats. Traffic from Trend Micro is often used to update the protocol for the distribution of signature/pattern updates.
Tumblr.com Tumblr is a blogging platform that allows users to post text, images, videos, links, quotes and audio to their tumblelog, a short-form blog. Users can follow other users, or choose to make their tumblelog private. The service emphasizes ease of use.
TurboTax Intuit TurboTax is one of the most popular income tax preparation software packages in the United States, with only one main competitor TaxCut.
Turn Advertising This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.
Twitter Twitter is a no-cost-to-user, micro-blogging messaging service, known for allowing user posts of up to 140 characters. Users can send and receive "tweets" through the Twitter website, Short Message Service (SMS), or third-party applications.
UPnP UPnP, or Universal Plug and Play, refers to networking protocols built to provide simple connectivity between devices in network environments.
VK VK.com is the most popular social media website in Russia, and is ranked #2 in Russian web traffic.
WebSocket The WebSocket Protocol enables two-way communication between a client running untrusted code in a controlled environment to a remote host that has opted-in to communications from that code. The security model used for this is the origin-based security model commonly used by web browsers. The protocol consists of an opening handshake followed by basic message framing, layered over TCP. The goal of this technology is to provide a mechanism for browser-based applications that need two-way communication with servers that does not rely on opening multiple HTTP connections (e.g., using XMLHttpRequest or
Generated Mon Sep 26 10:32:30 PDT 6-3 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Appendix 3: Application Descriptions
Wells Fargo Bank Wells Fargo & Co. is a diversified financial services company with operations around the world. Wells Fargo is the fourth largest bank in the US by assets and the third largest bank by market capitalization. Wells Fargo is the second largest bank in deposits, home mortgage servicing, and debit card. In 2007 it was the only bank in the United States to be rated AAA by S&P, though its rating has since been lowered to AA-in light of the financial crisis of 2007-2010.
Wget GNU Wget is an application that retrieves content from web servers and completes downloads using the HTTP, HTTPS, and FTP protocols.
WhatsApp Messenger WhatsApp Messenger is a cross-platform mobile messaging app which allows you to exchange messages without having to pay for SMS. WhatsApp Messenger is available for iPhone, BlackBerry, Android, Windows Phone and Nokia and yes, those phones can all message each other! Because WhatsApp Messenger uses the same internet data plan that you use for email and web browsing, there is no cost to message and stay in touch with your friends.
WidgiToolbar WidgiToolbar is installed as a browser utility. However, users often regret the installation due to advertising that is then delivered through the utility.
Windows Media Player Windows Media Player (WMP) is a digital media player and media library application developed by Microsoft that is used for playing audio, video and viewing images on Microsoft operating systems.
WordPress WordPress (wordpress.org) is the most widely deployed Content Management System (CMS) in the world with 60 Million deployments reported. It is based on PHP and MySQL. It is free and open-source. The first version was released in 2003. There are many security vulnerabilities reported over its history. WP is allows amateur technologists to deploy their own self-publishing platform. Unfortunately amateurs will often be unaware that the software needs to be kept up- to-date with the latest security patches, or fail to implement best practices for public-facing Web Services, like validating user input, adding insecure plugins, not updating plugins after vulnerabilities have been disclosed, and other security precautions. WP sites can be vulnerable to CSRF, LFI, RFI, XSS, SQL Injection, User Enumeration and other attacks.
XING XING in multi-language, cross-platform contact management system targeted toward business professionals. XING also allows users to prospect for new connections by viewing how other members are connected to one another. XING can also be considered a competitor of LinkedIn.
Generated Mon Sep 26 10:32:30 PDT 6-3 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Appendix 3: Application Descriptions
XML Extensible Markup Language (XML) is a markup language defined by the W3C. It is an open standard for encoding documents that are simultaneously human-readable and machine-readable. XML emphasizes simplicity, generality, and usability. It is a textual data format with support for Unicode.
Xbox Xbox is a video gaming brand owned by microsoft. The brand also presents applications(games), streaming services and online services by the name of Xbox live.
Yahoo! Finance Yahoo! Finance is a service from the Yahoo web portal that provides financial research, news, and information to users.
Yahoo! Mail Yahoo Mail is the online mail service available from Yahoo, Inc. Yahoo Mail also offers users access to address book, messaging, and calendar tools.
Yahoo! Messenger Yahoo Messenger is the instant messaging service available from Yahoo, a global provider of an enormous array of internet services.
YouTube YouTube is a popular video sharing website which lets users upload, view, and share video clips. The company uses Adobe Flash Video technology to display a wide variety of user-generated video content, including movie clips.
ZeroVPN ZERO VPN is an android app of encrypting all network traffic, hiding real ip for keeping anonymous.
Zynga With Friends Zynga With Friends is a series of mobile app games from Zynga, the makers of Farmville and other popular Facebook games. Games in this series include Words With Friends, Hanging With Friends, Matching With Friends.
eBay eBay.com is market-leading online auction and shopping website where users can buy and sell goods and services worldwide.
Generated Mon Sep 26 10:32:30 PDT 6-3 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Appendix 3: Application Descriptions
eMule The eDonkey network is a decentralized, mostly server-based, peer-to-peer file sharing network best suited to share big files among users. There are many programs that act as the client part of the network. Most notably, eDonkey2000, the original client by MetaMachine; and eMule, a free program for Windows licensed under the GNU GPL. The eMule Project also developed a Kademlia network of their own (called Kad) to overcome the reliance on central servers. eMule connects to multiple p2p networks, including eDonkey and Kad. eMule allows for direct exchange of sources between client nodes, quick recovery of corrupted downloads, and the use of a credits to reward uploaders. eMule transmits data in zlib-compressed form to save bandwidth. SonicWALL Application Control signatures for Encrypted Key Exchange application, SIDs 5 and 7, are required in order to block eMule, and other eDonkey clients when they are run in obfuscated mode.
eXelate Media This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.
eyeReturn Marketing This domain used by an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like this can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like this as well as being sold to other advertisers and marketers.
iHeartRadio iHeartRadio (iheart.com) is a streaming audio portal for internet radio stations. They have a mobile app as well. The streaming media is coming from individual internet radio stations, so enabling this application will only prevent access to streaming sites that came from referred requests from iHeartRadio. To all prevent streaming audio you must enable prevention for Flash Video (FLV) and Icecast (ICY) applications.
Generated Mon Sep 26 10:32:30 PDT 6-3 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Appendix 4: Applications
The following applications were detected on your network. Applications shown in red have a risk level of severe.
Application (data transmitted)
1. SSL (52.57 GB) 2. Microsoft Windows Updates (21.28 GB) 3. Microsoft BITS (14.36 GB)
4. MPEG (14.36 GB) 5. HTTP User-Agent (5.18 GB) 6. IDM (4.43 GB)
7. HTTP Protocol (4.27 GB) 8. Facebook (3.93 GB) 9. Archive (3.21 GB)
10. Amazon.com (3.14 GB) 11. Google (3.13 GB) 12. Image (3.10 GB)
13. Google Chrome (2.60 GB) 14. Encrypted Key Exchange (2.31 GB) 15. POP (2.29 GB)
16. General HTTPS (1.83 GB) 17. YouTube (1.53 GB) 18. Freegate (1.12 GB)
19. IMAP (1.07 GB) 20. EdgeSuite (1017.18 MB) 21. Spotify (930.99 MB)
22. Audio Video Stream (730.02 MB) 23. SMTP (594.98 MB) 24. DNS Protocol (582.62 MB)
25. Document (561.73 MB) 26. General HTTP (394.15 MB) 27. General UDP (374.09 MB)
28. Microsoft Internet Explorer (365.19 MB) 29. Shockwave Flash (SWF) (310.59 MB) 30. Executable (233.01 MB)
31. Apple Updates (219.07 MB) 32. Twitter (174.33 MB) 33. AppNexus (162.98 MB)
34. Amazon CloudFront (161.58 MB) 35. General DNS (160.49 MB) 36. Flash Video (FLV) (140.36 MB)
37. Pandora Radio 38. AOL Advertising 39. Microsoft Outlook.com (Hotmail) (139.39 MB) (106.87 MB) (101.23 MB)
40. ICMP (100.39 MB) 41. Dropbox (89.13 MB) 42. Akamai CDN (85.64 MB)
43. Adsrvr (85.59 MB) 44. UPnP (73.22 MB) 45. Microsoft OneDrive (70.96 MB)
46. General HTTPS MGMT (68.34 MB) 47. eBay (64.12 MB) 48. Microsoft CryptoAPI (62.41 MB)
49. Firefox (59.81 MB) 50. Apple iTunes (59.07 MB) 51. Google Analytics (57.27 MB)
52. Service RPC Services (52.50 MB) 53. OCSP (50.90 MB) 54. General NETBIOS (39.70 MB)
55. ISL Light (36.80 MB) 56. Apple iCloud (34.10 MB) 57. Fastly CDN (33.84 MB)
58. Symantec Live Update (32.61 MB) 59. Trend Micro (27.43 MB) 60. MP3 (26.76 MB)
61. Apple Bonjour (25.50 MB) 62. General LLMNR (25.40 MB) 63. Morningstar (25.26 MB)
64. Serving-Sys (22.91 MB) 65. General TCP (22.79 MB) 66. Malwarebytes (21.70 MB)
Generated Mon Sep 26 10:32:30 PDT 6-4 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Appendix 4: Applications
The following applications were detected on your network. Applications shown in red have a risk level of severe.
Application (data transmitted)
67. McAfee (19.14 MB) 68. Double Verify (17.35 MB) 69. Zynga With Friends (17.28 MB)
70. SNMP (15.15 MB) 71. LinkedIn (13.45 MB) 72. AddThis.com (13.22 MB)
73. Ministerial5 (12.55 MB) 74. Service IMAP4 (12.28 MB) 75. AdTech (12.28 MB)
76. Adsafe Media (11.93 MB) 77. Microsoft Office 365 (11.80 MB) 78. ScoreCard Research (11.63 MB)
79. Apple Core Media (10.77 MB) 80. Atwola (10.04 MB) 81. Google Mail (Gmail) (9.09 MB)
82. Casale Media (8.79 MB) 83. Xbox (7.76 MB) 84. Service Apple Bonjour (7.74 MB)
85. Baidu (7.45 MB) 86. DoubleClick (7.23 MB) 87. Service RPC Services (IANA) (7.21 MB)
88. Criteo (6.51 MB) 89. XML (6.23 MB) 90. Quora (5.65 MB)
91. Skype (5.50 MB) 92. BlueKai Research (5.15 MB) 93. Google Play (4.94 MB)
94. Yahoo! Finance (4.86 MB) 95. MediaMath (4.73 MB) 96. WebSocket (4.64 MB)
97. Aggregrate Knowledge (4.59 MB) 98. Apple Push Notifications (4.59 MB) 99. Omniture (4.58 MB)
100. Betr Ad (4.48 MB) 101. Apple Spotlight Suggestions (4.04 MB) 102. Turn Advertising (3.97 MB)
103. General POP3 (3.83 MB) 104. Bing Maps (3.78 MB) 105. TurboTax (3.70 MB)
106. Microsoft MSN Messenger (3.55 MB) 107. Pinterest (3.50 MB) 108. Microsoft Exchange (3.45 MB)
109. NateOn (3.38 MB) 110. Optimizely (3.01 MB) 111. Citrix (2.45 MB)
112. eXelate Media (2.37 MB) 113. Bing (2.21 MB) 114. Quantcast (1.98 MB) 117. Service Version 2 Multicast Listener 115. eMule (1.89 MB) 116. DHCP Protocol (1.88 MB) Re (1.83 MB)
118. Media6Degrees (1.71 MB) 119. SquirrelMail (1.56 MB) 120. Media Innovation Group (1.51 MB)
121. Service NTP (1.31 MB) 122. IMR Worldwide (1.27 MB) 123. Hulu (1.17 MB)
124. Adobe Acrobat (1.08 MB) 125. RealMedia (1.07 MB) 126. LastPass (1013.18 KB)
127. Wells Fargo Bank (939.56 KB) 128. Chart Beat (930.82 KB) 129. LogMeIn (911.47 KB)
130. Android Dalvik (898.37 KB) 131. Indeed.com (881.94 KB) 132. Microsoft App Store (863.57 KB)
Generated Mon Sep 26 10:32:30 PDT 6-4 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Appendix 4: Applications
The following applications were detected on your network. Applications shown in red have a risk level of severe.
Application (data transmitted)
133. Service DCE EndPoint 134. Service V3 Membership Report (745.56 135. RSS (799.59 KB) KB) (715.94 KB)
136. NFL (National Football League) (577.50 137. Apple iMessage 138. Netflix KB) (572.24 KB) (571.41 KB)
139. Splashtop Remote Desktop (498.81 KB) 140. Site Scout (493.11 KB) 141. Chango Marketing (462.90 KB)
142. Adnetik (455.33 KB) 143. General HTTP MGMT (442.46 KB) 144. Service SMB (436.71 KB)
145. Service Echo (435.82 KB) 146. Yahoo! Mail (402.26 KB) 147. Tumblr.com (402.22 KB)
148. General FTP control (362.60 KB) 149. General SNMP (312.39 KB) 150. AOL Webmail (300.22 KB)
151. Service Tivo TCP Data (300.11 KB) 152. Service SSH (260.23 KB) 153. WhatsApp Messenger (232.60 KB)
154. Google Docs (203.25 KB) 155. Akamai NetSession Interface (195.44 KB) 156. Apple Security (189.63 KB)
157. Google Talk 158. Pure-FTPd FTP Server 159. Service NT Domain Login Port 1025 (183.13 KB) (177.17 KB) (165.81 KB)
160. General SSH (162.55 KB) 161. SnapChat (159.19 KB) 162. MindJolt (154.65 KB)
163. Acuity Platform (142.44 KB) 164. Google Drive (134.44 KB) 165. WordPress (129.13 KB)
166. Google Plus (127.23 KB) 167. Instagram (120.37 KB) 168. ADGRX (92.90 KB)
169. Icecast (91.38 KB) 170. eyeReturn Marketing (88.44 KB) 171. GO SMS (84.96 KB)
172. TeamViewer (84.81 KB) 173. Flurry (79.99 KB) 174. Service IKE (Traversal) (69.45 KB)
175. New York Times Online (69.04 KB) 176. Eq Ads (67.55 KB) 177. Apple Location Service (59.70 KB)
178. Windows Media Player (51.68 KB) 179. XING (48.34 KB) 180. StumbleUpon (46.47 KB)
181. ABMR (46.13 KB) 182. Flipboard (44.60 KB) 183. Service RTSP TCP (43.62 KB)
184. iHeartRadio (40.93 KB) 185. Google News (40.31 KB) 186. BitTorrent Protocol (37.73 KB)
187. Wget 188. Dictionary.com 189. Service Tivo TCP Desktop (8200) (37.59 KB) (36.16 KB) (33.99 KB)
190. SIP (32.91 KB) 191. Microsoft SharePoint (31.81 KB) 192. Optimax Media Delivery (29.30 KB)
193. Google Maps 194. Service V2 Membership Report (27.31 195. Service Leave Group (27.55 KB) KB) (26.86 KB)
196. Private Internet Access VPN (23.18 KB) 197. HTTP Proxy (22.64 KB) 198. Apple iTunes Radio (19.78 KB)
Generated Mon Sep 26 10:32:30 PDT 6-4 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0 Appendix 4: Applications
The following applications were detected on your network. Applications shown in red have a risk level of severe.
Application (data transmitted)
199. The Weather Channel (19.60 KB) 200. Teredo (19.28 KB) 201. MySpace (19.26 KB)
202. Google QUIC (19.03 KB) 203. VK (17.44 KB) 204. Google API (13.38 KB)
205. Google Earth (11.68 KB) 206. RPC Portmapper (10.20 KB) 207. Google Toolbar (9.59 KB)
208. RTP (8.59 KB) 209. General IKE (8.37 KB) 210. ZeroVPN (8.20 KB)
211. McAfee SiteAdvisor (7.48 KB) 212. MapQuest (6.46 KB) 213. General H323 control (5.91 KB)
214. Safari Browser (5.81 KB) 215. WidgiToolbar (5.10 KB) 216. General SMTP (4.84 KB)
217. General RIP (4.57 KB) 218. Service Terminal Services TCP (4.37 KB) 219. General RADIUS (3.38 KB)
220. General DHCP (3.32 KB) 221. Mail.com (3.20 KB) 222. General NNTP (2.84 KB)
223. General Telnet (2.84 KB) 224. General LDAP (2.84 KB) 225. Yahoo! Messenger (2.81 KB)
226. General Oracle data (2.67 KB) 227. Adsonar (2.58 KB) 228. Service NetBios SSN TCP (2.52 KB)
229. FTP (2.11 KB) 230. Microsoft Dr.Watson (1.61 KB) 231. Psiphon (1.49 KB)
232. General PPTP control (1.27 KB) 233. Craigslist (1.16 KB) 234. IMDb (1.09 KB) 237. Service Multicast Listener Report 235. Service iMesh (736.00 Bytes) 236. Golden Key VPN (316.00 Bytes) (IPv6 (216.00 Bytes)
Generated Mon Sep 26 10:32:30 PDT 6-4 Copyright 2016 Dell SonicWALL, Inc. All rights reserved. F:1.01 R:1.00 P:1.0