Flows showing strange Data

Follow

Sean K

• October 20, 2022 17:10

The other day i noticed that a laptop of mine which doesn't do much had some history on tiktock and some funimation streaming which seems highly unlikely on that computer. That tied with the information below is making me question the accuracy of the flows in general. 

For example i noticed the following results on our apple TV and kids iphone. Both of them are downloading large amounts of data from windowsupdate.com?

At first i thought maybe he's using this phone as some sort of hotspot for another laptop. 

 

But then i noticed the strange behavior from our apple TV which i knew the above wasn't possible. 

 

Maybe there is some DNS confusion going on? Does the firewalla record the URL that was actually used in the flow or is it some sort of reverse DNS lookup? 

Looking up that IP looks to be some sort of limelight network that can be used to host windows updates but maybe IOS updates too? 

If that's the case, how does that affect flows and other rules? 

 

0

• 

  Firewalla

  • October 20, 2022 19:12

  very likely both windows and services on your devices are using CDN, I think limelight is a CDN. Then their service can be mapped to many different domains.

  Let me ask the team to see if in such situations, we can list out other possible domain names 

  0

  Comment actions Permalink
• 

  w m

  • July 10, 2023 19:59

  Hi curious @Firewalla if there was any update or information on this as i'm seeing a similar situation with tons of CDN traffic

  0

  Comment actions Permalink

Please sign in to leave a comment.