#StackBounty: #internet Some domain / address downloads a lot of data

Bounty: 50

I have a laptop using Kubuntu 18.04.3 and most of the time I use my phone as a Wi-Fi hotspot. Therefore, I have a limited quantity of internet connection. Until recently, everything was fine, I had to check some time the amount of mobile data left, but it was enough for my use.

But for about three weeks, my laptop uses much more internet connection than usual. While in general I was using ~1-2GB per day, I saw this number increase to 10-11GB a day. Since the amount of mobile data is important to me, I tried to check where this "leak" is coming from.

I use iftop regularly to see where this comes from. It seems that when I use a browser (whether Firefox or Brave), after a random amount of time, one domain / address (I’m not sure about the term) downloads about 4MB (megabytes, not megabits) per second. The domains/addresses responsible are 2606:4700::6812:15e2 and 104.16.218.84. Using whois, it appears that both are owned by Cloudflare (but I don’t know if this information is relevant here).

The second one is an IP address, so I tried to block it with iptables but I don’t know what to do with the first one. Does somebody know a way to fix this?


Edit: my first question was about how to block this kind of address but I’m looking for a solution that is more easy to implement. Currently, what I’m doing is that I very regularly check iftop to try to identify the addresses responsible for the "leaks" of internet data. But this is not ideal since it requires my attention quite regularly and because I have the impression that each time I block an address, another takes its place.

For now, I only see two solutions:

  • set in place a sort of alert to automatically block an address that downloads more than a certain amount of data (but I have no idea how to do it)
  • or try to find the first cause of the problem and fix it directly. As I said, this problem only appeared 3 weeks ago (whereas I use my phone as Wi-Fi hotspot for about two years). I checked dpkg.log and dpkg.log.1 in /var/log to see if the appearance of this problem coincided with the installation of a program. The only program I installed in this period was clamav, which I have removed without solving my problem.

Any idea where this can come from? A program update?


Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.