Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
This subforum is now locked. Please post TelstraClear topics in the Vodafone forum. You can find more information here.




19352 posts

Uber Geek
+1 received by user: 1193

Moderator
Trusted
Biddle Corp
Subscriber

Topic # 32524 19-Apr-2009 09:35 Send private message

Is there anybody else out there who has had looked at their TCL usage meter over recent weeks and noticed any excessive traffic usage?

I've had a couple of days recently that have large figures that I can't seem to account for.

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
2223 posts

Uber Geek
+1 received by user: 73

Trusted
Vodafone NZ

  Reply # 207897 19-Apr-2009 10:49 Send private message

I've just looked at mine, 8th April and 16th April look a bit high.. Does this match your spikes?

I average 2.6gb a day.. on those two days an approx additiional gig in traffic.  Hard to tell in my usage meter as I stream 24/7 to the net so traffic can vary day to day.



19352 posts

Uber Geek
+1 received by user: 1193

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 207903 19-Apr-2009 11:28 Send private message

16th April was definately a spike for me.

This is also all downstream traffic and not upstream - if you suddenly get more people listening it will all mainly be upstream so any spikes would presumably look quite obvious.

Looking back I have have large amounts of upstream traffic during the days on the 7,8 and 9th. My server here does run stuff on it and I will have usage - it's just that 200MB spikes during the middle of the day seem strange.


2223 posts

Uber Geek
+1 received by user: 73

Trusted
Vodafone NZ

  Reply # 207908 19-Apr-2009 12:10 Send private message

Yes it looks like a large download spike for me at around 1am/2am on the 8th April.
Possibly a windows update?



19352 posts

Uber Geek
+1 received by user: 1193

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 208247 20-Apr-2009 22:22 Send private message

Interesting to start looking at some of the traffic being blocked by my router within the last few minutes. I'm presumably paying for some lam3ass to try and portscan or h8x0r me..



04-20-2009 22:14:08 User.Warning 192.168.1.1 Apr 20 22:14:27 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=61.160.217.10 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=102 ID=256 PROTO=TCP SPT=6000 DPT=1433 SEQ=363593728 ACK=0 WINDOW=16384 RES=0x00 SYN
04-20-2009 22:12:35 User.Warning 192.168.1.1 Apr 20 22:12:54 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=129.143.116.10 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=80 DPT=52390 SEQ=620210382 ACK=0 WINDOW=0 RES=0x00 RST URG
04-20-2009 22:12:35 User.Warning 192.168.1.1 Apr 20 22:12:54 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=129.143.116.10 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=80 DPT=52389 SEQ=240812101 ACK=0 WINDOW=0 RES=0x00 RST URG
04-20-2009 22:12:35 User.Warning 192.168.1.1 Apr 20 22:12:54 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=193.1.193.67 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=80 DPT=33244 SEQ=3328760997 ACK=0 WINDOW=0 RES=0x00 RST URGP
04-20-2009 22:12:35 User.Warning 192.168.1.1 Apr 20 22:12:54 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=193.1.193.67 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=80 DPT=35875 SEQ=703889888 ACK=0 WINDOW=0 RES=0x00 RST URGP=
04-20-2009 22:12:35 User.Warning 192.168.1.1 Apr 20 22:12:54 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=193.1.193.67 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=80 DPT=35876 SEQ=580334023 ACK=0 WINDOW=0 RES=0x00 RST URGP=
04-20-2009 22:12:35 User.Warning 192.168.1.1 Apr 20 22:12:54 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=193.1.193.67 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=80 DPT=35874 SEQ=2473155556 ACK=0 WINDOW=0 RES=0x00 RST URGP
04-20-2009 22:12:35 User.Warning 192.168.1.1 Apr 20 22:12:54 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=193.1.193.67 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=80 DPT=33242 SEQ=1966912953 ACK=0 WINDOW=0 RES=0x00 RST URGP
04-20-2009 22:12:35 User.Warning 192.168.1.1 Apr 20 22:12:54 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=193.1.193.67 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=80 DPT=33245 SEQ=4130482021 ACK=0 WINDOW=0 RES=0x00 RST URGP
04-20-2009 22:12:35 User.Warning 192.168.1.1 Apr 20 22:12:54 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=193.1.193.67 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=80 DPT=33241 SEQ=3922234484 ACK=0 WINDOW=0 RES=0x00 RST URGP
04-20-2009 22:11:22 User.Warning 192.168.1.1 Apr 20 22:11:41 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=129.143.116.10 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=61 ID=32501 PROTO=TCP SPT=80 DPT=52390 SEQ=620210382 ACK=3880840390 WINDOW=65535 RE
04-20-2009 22:10:47 User.Warning 192.168.1.1 Apr 20 22:11:06 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=129.143.116.10 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=61 ID=51675 PROTO=TCP SPT=80 DPT=52389 SEQ=240812101 ACK=3812705933 WINDOW=65535 RE
04-20-2009 22:10:45 User.Warning 192.168.1.1 Apr 20 22:11:04 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=129.143.116.10 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=61 ID=63193 PROTO=TCP SPT=80 DPT=51079 SEQ=1397377249 ACK=3940406176 WINDOW=65535 R
04-20-2009 22:09:41 User.Warning 192.168.1.1 Apr 20 22:10:00 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=129.143.116.10 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=61 ID=49080 PROTO=TCP SPT=80 DPT=52388 SEQ=1405240991 ACK=3755189698 WINDOW=65535 R
04-20-2009 22:08:48 User.Warning 192.168.1.1 Apr 20 22:09:07 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=129.143.116.10 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=61 ID=34459 PROTO=TCP SPT=80 DPT=52387 SEQ=3963515171 ACK=3721062822 WINDOW=65535 R
04-20-2009 22:08:03 User.Warning 192.168.1.1 Apr 20 22:08:22 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=129.143.116.10 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=61 ID=15999 PROTO=TCP SPT=80 DPT=52386 SEQ=3570326527 ACK=3681195361 WINDOW=65535 R
04-20-2009 22:07:22 User.Warning 192.168.1.1 Apr 20 22:07:41 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=193.1.193.67 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=61 ID=59557 PROTO=TCP SPT=80 DPT=35877 SEQ=4018615392 ACK=3651255836 WINDOW=65535 RES
04-20-2009 22:07:00 User.Warning 192.168.1.1 Apr 20 22:07:19 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=193.1.193.67 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=61 ID=55453 PROTO=TCP SPT=80 DPT=35876 SEQ=580334023 ACK=3644264078 WINDOW=65535 RES=



19352 posts

Uber Geek
+1 received by user: 1193

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 208250 20-Apr-2009 22:28 Send private message

And more.. lots more

04-20-2009 22:28:15 User.Warning 192.168.1.1 Apr 20 22:28:34 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.35 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=16781 PROTO=TCP SPT=80 DPT=18261 SEQ=4174352291 ACK=3485266719 WINDOW=65535
04-20-2009 22:28:08 User.Warning 192.168.1.1 Apr 20 22:28:27 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.35 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=27393 PROTO=TCP SPT=80 DPT=18261 SEQ=4174352291 ACK=3485266719 WINDOW=65535
04-20-2009 22:28:06 User.Warning 192.168.1.1 Apr 20 22:28:25 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.35 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=8300 PROTO=TCP SPT=80 DPT=18261 SEQ=4174352291 ACK=3485266719 WINDOW=65535 R
04-20-2009 22:28:01 User.Warning 192.168.1.1 Apr 20 22:28:21 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=122.248.157.31 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=119 ID=0 PROTO=TCP SPT=80 DPT=25069 SEQ=1940676672 ACK=0 WINDOW=0 RES=0x00 RST URGP
04-20-2009 22:28:00 User.Warning 192.168.1.1 Apr 20 22:28:19 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=122.248.157.31 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=119 ID=0 PROTO=TCP SPT=80 DPT=57604 SEQ=4056586284 ACK=0 WINDOW=0 RES=0x00 RST URGP
04-20-2009 22:27:58 User.Warning 192.168.1.1 Apr 20 22:28:17 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.31 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=9954 PROTO=TCP SPT=80 DPT=25069 SEQ=1940676671 ACK=2019867632 WINDOW=65535 R
04-20-2009 22:27:54 User.Warning 192.168.1.1 Apr 20 22:28:14 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=122.248.157.35 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=119 ID=0 PROTO=TCP SPT=80 DPT=18261 SEQ=1806975392 ACK=0 WINDOW=0 RES=0x00 RST URGP
04-20-2009 22:27:51 User.Warning 192.168.1.1 Apr 20 22:28:10 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.31 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=21536 PROTO=TCP SPT=80 DPT=25069 SEQ=1940676671 ACK=2019867632 WINDOW=65535
04-20-2009 22:27:49 User.Warning 192.168.1.1 Apr 20 22:28:08 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.31 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=32375 PROTO=TCP SPT=80 DPT=25069 SEQ=1940676671 ACK=2019867632 WINDOW=65535
04-20-2009 22:27:46 User.Warning 192.168.1.1 Apr 20 22:28:05 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.31 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=11743 PROTO=TCP SPT=80 DPT=57604 SEQ=4056586283 ACK=2030144942 WINDOW=65535
04-20-2009 22:27:45 User.Warning 192.168.1.1 Apr 20 22:28:05 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=122.248.157.31 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=119 ID=0 PROTO=TCP SPT=80 DPT=25069 SEQ=1601255459 ACK=0 WINDOW=0 RES=0x00 RST URGP
04-20-2009 22:27:39 User.Warning 192.168.1.1 Apr 20 22:27:58 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.31 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=19804 PROTO=TCP SPT=80 DPT=25069 SEQ=1601255458 ACK=2019867632 WINDOW=65535
04-20-2009 22:27:39 User.Warning 192.168.1.1 Apr 20 22:27:58 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.31 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=21804 PROTO=TCP SPT=80 DPT=57604 SEQ=4056586283 ACK=2030144942 WINDOW=65535
04-20-2009 22:27:38 User.Warning 192.168.1.1 Apr 20 22:27:57 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.35 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=8627 PROTO=TCP SPT=80 DPT=18261 SEQ=1806975391 ACK=3485266719 WINDOW=65535 R
04-20-2009 22:27:37 User.Warning 192.168.1.1 Apr 20 22:27:56 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.31 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=1613 PROTO=TCP SPT=80 DPT=57604 SEQ=4056586283 ACK=2030144942 WINDOW=65535 R
04-20-2009 22:27:37 User.Warning 192.168.1.1 Apr 20 22:27:56 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.31 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=30543 PROTO=TCP SPT=80 DPT=25069 SEQ=1601255458 ACK=2019867632 WINDOW=65535
04-20-2009 22:27:33 User.Warning 192.168.1.1 Apr 20 22:27:52 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=122.248.157.31 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=119 ID=0 PROTO=TCP SPT=80 DPT=25069 SEQ=2292192324 ACK=0 WINDOW=0 RES=0x00 RST URGP
04-20-2009 22:27:31 User.Warning 192.168.1.1 Apr 20 22:27:51 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.35 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=17545 PROTO=TCP SPT=80 DPT=18261 SEQ=1806975391 ACK=3485266719 WINDOW=65535
04-20-2009 22:27:29 User.Warning 192.168.1.1 Apr 20 22:27:48 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.35 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=31484 PROTO=TCP SPT=80 DPT=18261 SEQ=1806975391 ACK=3485266719 WINDOW=65535
04-20-2009 22:27:22 User.Warning 192.168.1.1 Apr 20 22:27:41 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.31 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=6880 PROTO=TCP SPT=80 DPT=57604 SEQ=3371982579 ACK=2030144942 WINDOW=65535 R
04-20-2009 22:27:21 User.Warning 192.168.1.1 Apr 20 22:27:40 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.31 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=21350 PROTO=TCP SPT=80 DPT=25069 SEQ=2292192323 ACK=2019867632 WINDOW=65535
04-20-2009 22:27:15 User.Warning 192.168.1.1 Apr 20 22:27:34 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.31 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=19042 PROTO=TCP SPT=80 DPT=57604 SEQ=3371982579 ACK=2030144942 WINDOW=65535
04-20-2009 22:27:15 User.Warning 192.168.1.1 Apr 20 22:27:34 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.31 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=1970 PROTO=TCP SPT=80 DPT=25069 SEQ=2292192323 ACK=2019867632 WINDOW=65535 R
04-20-2009 22:27:12 User.Warning 192.168.1.1 Apr 20 22:27:31 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.31 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=26638 PROTO=TCP SPT=80 DPT=57604 SEQ=3371982579 ACK=2030144942 WINDOW=65535
04-20-2009 22:27:12 User.Warning 192.168.1.1 Apr 20 22:27:31 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.31 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=11623 PROTO=TCP SPT=80 DPT=25069 SEQ=2292192323 ACK=2019867632 WINDOW=65535



19352 posts

Uber Geek
+1 received by user: 1193

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 208251 20-Apr-2009 22:49 Send private message

And some more.. And I have to pay for all this inbound traffic - what are you going to do about it TCL?



04-20-2009 22:48:02 User.Warning 192.168.1.1 Apr 20 22:48:21 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:08:00:30 SRC=86.26.81.0 DST=203.79.95.xxx LEN=48 TOS=0x08 PREC=0x00 TTL=109 ID=19512 DF PROTO=TCP SPT=3758 DPT=445 SEQ=2352710926 ACK=0 WINDOW=64240 RES=0x00 S
04-20-2009 22:47:59 User.Warning 192.168.1.1 Apr 20 22:48:18 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:08:00:30 SRC=86.26.81.0 DST=203.79.95.xxx LEN=48 TOS=0x08 PREC=0x00 TTL=109 ID=19080 DF PROTO=TCP SPT=3758 DPT=445 SEQ=2352710926 ACK=0 WINDOW=64240 RES=0x00 S
04-20-2009 22:47:56 User.Warning 192.168.1.1 Apr 20 22:48:15 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:10:00:30 SRC=86.26.81.0 DST=203.79.95.xxx LEN=48 TOS=0x10 PREC=0x00 TTL=109 ID=18660 DF PROTO=TCP SPT=3640 DPT=139 SEQ=2345775165 ACK=0 WINDOW=64240 RES=0x00 S
04-20-2009 22:47:53 User.Warning 192.168.1.1 Apr 20 22:48:12 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:10:00:30 SRC=86.26.81.0 DST=203.79.95.xxx LEN=48 TOS=0x10 PREC=0x00 TTL=109 ID=18231 DF PROTO=TCP SPT=3640 DPT=139 SEQ=2345775165 ACK=0 WINDOW=64240 RES=0x00 S
04-20-2009 22:47:31 User.Warning 192.168.1.1 Apr 20 22:47:50 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=222.133.11.98 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=104 ID=49944 PROTO=TCP SPT=6000 DPT=1433 SEQ=2950938787 ACK=0 WINDOW=16384 RES=0x00
04-20-2009 22:46:07 User.Warning 192.168.1.1 Apr 20 22:46:26 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:40 SRC=203.76.84.98 DST=203.79.95.xxx LEN=64 TOS=0x00 PREC=0x00 TTL=31 ID=15238 DF PROTO=TCP SPT=2488 DPT=445 SEQ=716640812 ACK=0 WINDOW=53760 RES=0x00 S
04-20-2009 22:46:04 User.Warning 192.168.1.1 Apr 20 22:46:23 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:40 SRC=203.76.84.98 DST=203.79.95.xxx LEN=64 TOS=0x00 PREC=0x00 TTL=31 ID=14620 DF PROTO=TCP SPT=2488 DPT=445 SEQ=716640812 ACK=0 WINDOW=53760 RES=0x00 S
04-20-2009 22:41:24 User.Warning 192.168.1.1 Apr 20 22:41:43 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=60.170.25.164 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=23683 DF PROTO=TCP SPT=1515 DPT=135 SEQ=946520587 ACK=0 WINDOW=65535 RES=0x00
04-20-2009 22:41:21 User.Warning 192.168.1.1 Apr 20 22:41:41 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=60.170.25.164 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=21862 DF PROTO=TCP SPT=1515 DPT=135 SEQ=946520587 ACK=0 WINDOW=65535 RES=0x00

Infrastructure Geek
3645 posts

Uber Geek
+1 received by user: 74

Trusted
Microsoft NZ
Subscriber

  Reply # 208258 20-Apr-2009 23:34 Send private message

The first couple of posts show source port of 80 and dest port of random high port.  Odd as usually you see the other way around.  Maybe a worm attacking from behind a firewall that restricts everything but port 80 outbound?

the third post shows dest ports of 445, 135, 139 which are all microsoft netowrking ports (conficker worm targets 445 for rpc) and the 1433 which is typically sql server.

i'm not sure how much luck you will have trying to get anything done about it.. you could always ask for a new IP, but that might cause you more problems if you're runnning services.

A lot of tracerts, whois and abuse@isp emails can help sort it out, but that takes time and effort and ISPs often dont really seem to care - especially if you're not their customer.





Technical Evangelist
Microsoft NZ
about.me/nzregs
Twitter: @nzregs


Conference tickets selling out fast, Keynote/TechLive only tickets still available - http://newzealand.msteched.com

TechEd New Zealand 2014 Sep 7-9




19352 posts

Uber Geek
+1 received by user: 1193

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 208263 21-Apr-2009 00:04 Send private message

They're still flooding in..

I'll take a stab and say all this uninitiated inbound traffic has possibly used somewhere in the region of 5-8GB this month. Time to start some investigation tomorrow!


Infrastructure Geek
3645 posts

Uber Geek
+1 received by user: 74

Trusted
Microsoft NZ
Subscriber

  Reply # 208265 21-Apr-2009 00:09 Send private message

Unfortunately attempts by ISPs to prevent these sort of attacks from reaching subscribers has typically been met with heavy resistance.  The only way to realistically prevent it is to firewall certain ports - e.g. 25, 1433, 445, 135, 139 etc - by default and require subscribers to for them to be opened as an exception.





Technical Evangelist
Microsoft NZ
about.me/nzregs
Twitter: @nzregs


Conference tickets selling out fast, Keynote/TechLive only tickets still available - http://newzealand.msteched.com

TechEd New Zealand 2014 Sep 7-9




19352 posts

Uber Geek
+1 received by user: 1193

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 208269 21-Apr-2009 06:37 Send private message

Wow

My TCL usage meter reset at midnight and I've already got 239MB of usage, my server is showing 2.6034 of RX traffic since midnight and .3359 TX and there will be some background traffic from my Asterisk box as well. My syslog manager is chokka full of inbound requests since midnight.

I wonder how many other TCL users are suffering the same issue?


2578 posts

Uber Geek
+1 received by user: 3

Mod Emeritus
Trusted
Subscriber

  Reply # 208286 21-Apr-2009 09:11 Send private message

Sbiddle do you have many outward facing service ports open? Have you used Sheilds Up! to see what can be seen from outside your firewall? As long as the h8x0r does not have any luck I would expect them to move on so might not be a permanent thing.







Media centre PC - Case Silverstone LC16M with 2 X 80mm AcoustiFan DustPROOF, MOBO Gigabyte MA785GT-UD3H, CPU AMD X2 240 under volted, RAM 4 Gig DDR3 1033, HDD 120Gig System/512Gig data, Tuners 2 X Hauppauge HVR-3000, 1 X HVR-2200, Video Palit GT 220, Sound Realtek 886A HD (onboard), Optical LiteOn DH-401S Blue-ray using TotalMedia Theatre Power Corsair VX Series, 450W ATX PSU OS Windows 7 x64



19352 posts

Uber Geek
+1 received by user: 1193

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 208289 21-Apr-2009 09:28 Send private message

Nety: Sbiddle do you have many outward facing service ports open? Have you used Sheilds Up! to see what can be seen from outside your firewall? As long as the h8x0r does not have any luck I would expect them to move on so might not be a permanent thing.


Yes I have open ports on my server incl port 80 and 23 (for a mail server that requires authentication). I  also a VPN and a few open ports for VoIP traffic to my Asterisk box but have a script that detects brute force attacks on SIP connections and creates an iptables rule to block them.

None of my logs indicate any significant traffic on these open ports - it all seems to be attacks on closed ports.


mjb

922 posts

Ultimate Geek
+1 received by user: 21

Trusted

  Reply # 208307 21-Apr-2009 10:22 Send private message

sbiddle: ... and?23 (for a?mail server that requires authentication).


You should use 587 for that then :)




contentsofsignaturemaysettleduringshipping



19352 posts

Uber Geek
+1 received by user: 1193

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 208723 23-Apr-2009 07:46 Send private message

Just as an update I had my IP address changed on Tuesday afternoon. My total internet traffic usage yesterday was around 150MB downstream which is about what I would have expected. This comapres to an average of 500MB - 800MB per day that was hitting my router last week with similair levels of internet activity at my end.

For 3 weeks now I've been hit by hundreds of MB's per day of uninitiated traffic that I ended up paying for (incl overusage charges since I went over my cap).. Time to ring TCL today and try and at least get them to waive that as it was hardly my problem.



85 posts

Master Geek

Trusted

  Reply # 208999 24-Apr-2009 12:03 Send private message

 Time to ring TCL today and try and at least get them to waive that as it was hardly my problem.



Wait, what? You have open ports which traffic was coming in on and that's not your problem, how?

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:




News »

Trending now »
Hot discussions in our forums right now:

Vodafone TV multicast settings on pfSense?
Created by kenkeniff, last reply by TimA on 22-Aug-2014 19:14 (131 replies)
Pages... 7 8 9


CGA. Is it fair?
Created by BTR, last reply by bazzer on 22-Aug-2014 11:02 (86 replies)
Pages... 4 5 6


Lightbox press event release
Created by freitasm, last reply by Lightbox on 22-Aug-2014 17:04 (469 replies)
Pages... 30 31 32


Free: Smart Button for your Android device
Created by freitasm, last reply by TimA on 22-Aug-2014 16:11 (102 replies)
Pages... 5 6 7


Fluoride is safe, who knew?
Created by networkn, last reply by DarthKermit on 22-Aug-2014 18:09 (19 replies)
Pages... 2


It was hardly 'hacking' was it?
Created by CB_24, last reply by gzt on 21-Aug-2014 22:26 (97 replies)
Pages... 5 6 7


How to refresh WinXP
Created by Rickles, last reply by allan on 20-Aug-2014 14:25 (19 replies)
Pages... 2


Opotiki SPCA vote
Created by JayADee, last reply by JayADee on 22-Aug-2014 19:53 (17 replies)
Pages... 2



Geekzone Live »
Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.