New ransomware bandwidth warning

In the good old days, file backups were the protection from ransomware. Now, bad guys have started copying data from the network before encrypting it. Good backups do not protect data that has been exfiltrated.

A nice new feature would be a warning (and possible blocking) after a LAN side device has sent too much data outbound.

The definition of “too much” should be configurable and perhaps, like transmission speed limits, there could be different limits for different devices. The collection of this data is already being done to create the assorted bandwidth reports.

2 Likes

Like the idea of a set of LAN device notifications in IC2 for this. So notify when number of devices exceeds n and notify when a lan single device uses more than n MB.

I run a fingbox on my network and its reassuring when I get a notification as devices connect and disconnect from the network.

2 Likes

In the firewall/router I apply on many vessels, the Kerio, it has an “abuser” policy that picks out devices that are abusive of the network. Which is handy when you need to weed out devices that should not do large or constant internet connectivity, vice other where you want to make sure they are not limited (paying guests!).
So indeed any such feature (in my application) would be of great benefit.

Fingbox is a great tool, I use the Domotz for monitoring, which agent can also be activated from on the Fingbox. I tend to use the Fing client side, and Domotz for after service.

1 Like