Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
This subforum is now locked. Please post TelstraClear topics in the Vodafone forum. You can find more information here.


ForumsTelstraClearTelstraClear Cable Usage Meter - recent spikes?


16712 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Subscriber
Topic # 32524 19-Apr-2009 09:35 Send private message

Is there anybody else out there who has had looked at their TCL usage meter over recent weeks and noticed any excessive traffic usage?

I've had a couple of days recently that have large figures that I can't seem to account for.




*Need help configuring your Linksys ATA or IP Phones for New Zealand? Check my blog post

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2Next
1995 posts

Uber Geek

Trusted
  Reply # 207897 19-Apr-2009 10:49 Send private message

I've just looked at mine, 8th April and 16th April look a bit high.. Does this match your spikes?

I average 2.6gb a day.. on those two days an approx additiional gig in traffic.  Hard to tell in my usage meter as I stream 24/7 to the net so traffic can vary day to day.



16712 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Subscriber
  Reply # 207903 19-Apr-2009 11:28 Send private message

16th April was definately a spike for me.

This is also all downstream traffic and not upstream - if you suddenly get more people listening it will all mainly be upstream so any spikes would presumably look quite obvious.

Looking back I have have large amounts of upstream traffic during the days on the 7,8 and 9th. My server here does run stuff on it and I will have usage - it's just that 200MB spikes during the middle of the day seem strange.




*Need help configuring your Linksys ATA or IP Phones for New Zealand? Check my blog post

1995 posts

Uber Geek

Trusted
  Reply # 207908 19-Apr-2009 12:10 Send private message

Yes it looks like a large download spike for me at around 1am/2am on the 8th April.
Possibly a windows update?



16712 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Subscriber
  Reply # 208247 20-Apr-2009 22:22 Send private message

Interesting to start looking at some of the traffic being blocked by my router within the last few minutes. I'm presumably paying for some lam3ass to try and portscan or h8x0r me..



04-20-2009 22:14:08 User.Warning 192.168.1.1 Apr 20 22:14:27 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=61.160.217.10 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=102 ID=256 PROTO=TCP SPT=6000 DPT=1433 SEQ=363593728 ACK=0 WINDOW=16384 RES=0x00 SYN
04-20-2009 22:12:35 User.Warning 192.168.1.1 Apr 20 22:12:54 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=129.143.116.10 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=80 DPT=52390 SEQ=620210382 ACK=0 WINDOW=0 RES=0x00 RST URG
04-20-2009 22:12:35 User.Warning 192.168.1.1 Apr 20 22:12:54 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=129.143.116.10 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=80 DPT=52389 SEQ=240812101 ACK=0 WINDOW=0 RES=0x00 RST URG
04-20-2009 22:12:35 User.Warning 192.168.1.1 Apr 20 22:12:54 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=193.1.193.67 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=80 DPT=33244 SEQ=3328760997 ACK=0 WINDOW=0 RES=0x00 RST URGP
04-20-2009 22:12:35 User.Warning 192.168.1.1 Apr 20 22:12:54 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=193.1.193.67 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=80 DPT=35875 SEQ=703889888 ACK=0 WINDOW=0 RES=0x00 RST URGP=
04-20-2009 22:12:35 User.Warning 192.168.1.1 Apr 20 22:12:54 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=193.1.193.67 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=80 DPT=35876 SEQ=580334023 ACK=0 WINDOW=0 RES=0x00 RST URGP=
04-20-2009 22:12:35 User.Warning 192.168.1.1 Apr 20 22:12:54 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=193.1.193.67 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=80 DPT=35874 SEQ=2473155556 ACK=0 WINDOW=0 RES=0x00 RST URGP
04-20-2009 22:12:35 User.Warning 192.168.1.1 Apr 20 22:12:54 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=193.1.193.67 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=80 DPT=33242 SEQ=1966912953 ACK=0 WINDOW=0 RES=0x00 RST URGP
04-20-2009 22:12:35 User.Warning 192.168.1.1 Apr 20 22:12:54 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=193.1.193.67 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=80 DPT=33245 SEQ=4130482021 ACK=0 WINDOW=0 RES=0x00 RST URGP
04-20-2009 22:12:35 User.Warning 192.168.1.1 Apr 20 22:12:54 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=193.1.193.67 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=80 DPT=33241 SEQ=3922234484 ACK=0 WINDOW=0 RES=0x00 RST URGP
04-20-2009 22:11:22 User.Warning 192.168.1.1 Apr 20 22:11:41 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=129.143.116.10 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=61 ID=32501 PROTO=TCP SPT=80 DPT=52390 SEQ=620210382 ACK=3880840390 WINDOW=65535 RE
04-20-2009 22:10:47 User.Warning 192.168.1.1 Apr 20 22:11:06 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=129.143.116.10 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=61 ID=51675 PROTO=TCP SPT=80 DPT=52389 SEQ=240812101 ACK=3812705933 WINDOW=65535 RE
04-20-2009 22:10:45 User.Warning 192.168.1.1 Apr 20 22:11:04 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=129.143.116.10 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=61 ID=63193 PROTO=TCP SPT=80 DPT=51079 SEQ=1397377249 ACK=3940406176 WINDOW=65535 R
04-20-2009 22:09:41 User.Warning 192.168.1.1 Apr 20 22:10:00 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=129.143.116.10 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=61 ID=49080 PROTO=TCP SPT=80 DPT=52388 SEQ=1405240991 ACK=3755189698 WINDOW=65535 R
04-20-2009 22:08:48 User.Warning 192.168.1.1 Apr 20 22:09:07 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=129.143.116.10 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=61 ID=34459 PROTO=TCP SPT=80 DPT=52387 SEQ=3963515171 ACK=3721062822 WINDOW=65535 R
04-20-2009 22:08:03 User.Warning 192.168.1.1 Apr 20 22:08:22 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=129.143.116.10 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=61 ID=15999 PROTO=TCP SPT=80 DPT=52386 SEQ=3570326527 ACK=3681195361 WINDOW=65535 R
04-20-2009 22:07:22 User.Warning 192.168.1.1 Apr 20 22:07:41 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=193.1.193.67 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=61 ID=59557 PROTO=TCP SPT=80 DPT=35877 SEQ=4018615392 ACK=3651255836 WINDOW=65535 RES
04-20-2009 22:07:00 User.Warning 192.168.1.1 Apr 20 22:07:19 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=193.1.193.67 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=61 ID=55453 PROTO=TCP SPT=80 DPT=35876 SEQ=580334023 ACK=3644264078 WINDOW=65535 RES=




*Need help configuring your Linksys ATA or IP Phones for New Zealand? Check my blog post



16712 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Subscriber
  Reply # 208250 20-Apr-2009 22:28 Send private message

And more.. lots more

04-20-2009 22:28:15 User.Warning 192.168.1.1 Apr 20 22:28:34 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.35 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=16781 PROTO=TCP SPT=80 DPT=18261 SEQ=4174352291 ACK=3485266719 WINDOW=65535
04-20-2009 22:28:08 User.Warning 192.168.1.1 Apr 20 22:28:27 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.35 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=27393 PROTO=TCP SPT=80 DPT=18261 SEQ=4174352291 ACK=3485266719 WINDOW=65535
04-20-2009 22:28:06 User.Warning 192.168.1.1 Apr 20 22:28:25 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.35 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=8300 PROTO=TCP SPT=80 DPT=18261 SEQ=4174352291 ACK=3485266719 WINDOW=65535 R
04-20-2009 22:28:01 User.Warning 192.168.1.1 Apr 20 22:28:21 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=122.248.157.31 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=119 ID=0 PROTO=TCP SPT=80 DPT=25069 SEQ=1940676672 ACK=0 WINDOW=0 RES=0x00 RST URGP
04-20-2009 22:28:00 User.Warning 192.168.1.1 Apr 20 22:28:19 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=122.248.157.31 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=119 ID=0 PROTO=TCP SPT=80 DPT=57604 SEQ=4056586284 ACK=0 WINDOW=0 RES=0x00 RST URGP
04-20-2009 22:27:58 User.Warning 192.168.1.1 Apr 20 22:28:17 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.31 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=9954 PROTO=TCP SPT=80 DPT=25069 SEQ=1940676671 ACK=2019867632 WINDOW=65535 R
04-20-2009 22:27:54 User.Warning 192.168.1.1 Apr 20 22:28:14 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=122.248.157.35 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=119 ID=0 PROTO=TCP SPT=80 DPT=18261 SEQ=1806975392 ACK=0 WINDOW=0 RES=0x00 RST URGP
04-20-2009 22:27:51 User.Warning 192.168.1.1 Apr 20 22:28:10 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.31 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=21536 PROTO=TCP SPT=80 DPT=25069 SEQ=1940676671 ACK=2019867632 WINDOW=65535
04-20-2009 22:27:49 User.Warning 192.168.1.1 Apr 20 22:28:08 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.31 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=32375 PROTO=TCP SPT=80 DPT=25069 SEQ=1940676671 ACK=2019867632 WINDOW=65535
04-20-2009 22:27:46 User.Warning 192.168.1.1 Apr 20 22:28:05 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.31 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=11743 PROTO=TCP SPT=80 DPT=57604 SEQ=4056586283 ACK=2030144942 WINDOW=65535
04-20-2009 22:27:45 User.Warning 192.168.1.1 Apr 20 22:28:05 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=122.248.157.31 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=119 ID=0 PROTO=TCP SPT=80 DPT=25069 SEQ=1601255459 ACK=0 WINDOW=0 RES=0x00 RST URGP
04-20-2009 22:27:39 User.Warning 192.168.1.1 Apr 20 22:27:58 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.31 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=19804 PROTO=TCP SPT=80 DPT=25069 SEQ=1601255458 ACK=2019867632 WINDOW=65535
04-20-2009 22:27:39 User.Warning 192.168.1.1 Apr 20 22:27:58 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.31 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=21804 PROTO=TCP SPT=80 DPT=57604 SEQ=4056586283 ACK=2030144942 WINDOW=65535
04-20-2009 22:27:38 User.Warning 192.168.1.1 Apr 20 22:27:57 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.35 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=8627 PROTO=TCP SPT=80 DPT=18261 SEQ=1806975391 ACK=3485266719 WINDOW=65535 R
04-20-2009 22:27:37 User.Warning 192.168.1.1 Apr 20 22:27:56 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.31 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=1613 PROTO=TCP SPT=80 DPT=57604 SEQ=4056586283 ACK=2030144942 WINDOW=65535 R
04-20-2009 22:27:37 User.Warning 192.168.1.1 Apr 20 22:27:56 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.31 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=30543 PROTO=TCP SPT=80 DPT=25069 SEQ=1601255458 ACK=2019867632 WINDOW=65535
04-20-2009 22:27:33 User.Warning 192.168.1.1 Apr 20 22:27:52 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=122.248.157.31 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=119 ID=0 PROTO=TCP SPT=80 DPT=25069 SEQ=2292192324 ACK=0 WINDOW=0 RES=0x00 RST URGP
04-20-2009 22:27:31 User.Warning 192.168.1.1 Apr 20 22:27:51 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.35 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=17545 PROTO=TCP SPT=80 DPT=18261 SEQ=1806975391 ACK=3485266719 WINDOW=65535
04-20-2009 22:27:29 User.Warning 192.168.1.1 Apr 20 22:27:48 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.35 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=31484 PROTO=TCP SPT=80 DPT=18261 SEQ=1806975391 ACK=3485266719 WINDOW=65535
04-20-2009 22:27:22 User.Warning 192.168.1.1 Apr 20 22:27:41 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.31 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=6880 PROTO=TCP SPT=80 DPT=57604 SEQ=3371982579 ACK=2030144942 WINDOW=65535 R
04-20-2009 22:27:21 User.Warning 192.168.1.1 Apr 20 22:27:40 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.31 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=21350 PROTO=TCP SPT=80 DPT=25069 SEQ=2292192323 ACK=2019867632 WINDOW=65535
04-20-2009 22:27:15 User.Warning 192.168.1.1 Apr 20 22:27:34 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.31 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=19042 PROTO=TCP SPT=80 DPT=57604 SEQ=3371982579 ACK=2030144942 WINDOW=65535
04-20-2009 22:27:15 User.Warning 192.168.1.1 Apr 20 22:27:34 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.31 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=1970 PROTO=TCP SPT=80 DPT=25069 SEQ=2292192323 ACK=2019867632 WINDOW=65535 R
04-20-2009 22:27:12 User.Warning 192.168.1.1 Apr 20 22:27:31 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.31 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=26638 PROTO=TCP SPT=80 DPT=57604 SEQ=3371982579 ACK=2030144942 WINDOW=65535
04-20-2009 22:27:12 User.Warning 192.168.1.1 Apr 20 22:27:31 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.31 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=11623 PROTO=TCP SPT=80 DPT=25069 SEQ=2292192323 ACK=2019867632 WINDOW=65535




*Need help configuring your Linksys ATA or IP Phones for New Zealand? Check my blog post



16712 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Subscriber
  Reply # 208251 20-Apr-2009 22:49 Send private message

And some more.. And I have to pay for all this inbound traffic - what are you going to do about it TCL?



04-20-2009 22:48:02 User.Warning 192.168.1.1 Apr 20 22:48:21 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:08:00:30 SRC=86.26.81.0 DST=203.79.95.xxx LEN=48 TOS=0x08 PREC=0x00 TTL=109 ID=19512 DF PROTO=TCP SPT=3758 DPT=445 SEQ=2352710926 ACK=0 WINDOW=64240 RES=0x00 S
04-20-2009 22:47:59 User.Warning 192.168.1.1 Apr 20 22:48:18 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:08:00:30 SRC=86.26.81.0 DST=203.79.95.xxx LEN=48 TOS=0x08 PREC=0x00 TTL=109 ID=19080 DF PROTO=TCP SPT=3758 DPT=445 SEQ=2352710926 ACK=0 WINDOW=64240 RES=0x00 S
04-20-2009 22:47:56 User.Warning 192.168.1.1 Apr 20 22:48:15 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:10:00:30 SRC=86.26.81.0 DST=203.79.95.xxx LEN=48 TOS=0x10 PREC=0x00 TTL=109 ID=18660 DF PROTO=TCP SPT=3640 DPT=139 SEQ=2345775165 ACK=0 WINDOW=64240 RES=0x00 S
04-20-2009 22:47:53 User.Warning 192.168.1.1 Apr 20 22:48:12 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:10:00:30 SRC=86.26.81.0 DST=203.79.95.xxx LEN=48 TOS=0x10 PREC=0x00 TTL=109 ID=18231 DF PROTO=TCP SPT=3640 DPT=139 SEQ=2345775165 ACK=0 WINDOW=64240 RES=0x00 S
04-20-2009 22:47:31 User.Warning 192.168.1.1 Apr 20 22:47:50 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=222.133.11.98 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=104 ID=49944 PROTO=TCP SPT=6000 DPT=1433 SEQ=2950938787 ACK=0 WINDOW=16384 RES=0x00
04-20-2009 22:46:07 User.Warning 192.168.1.1 Apr 20 22:46:26 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:40 SRC=203.76.84.98 DST=203.79.95.xxx LEN=64 TOS=0x00 PREC=0x00 TTL=31 ID=15238 DF PROTO=TCP SPT=2488 DPT=445 SEQ=716640812 ACK=0 WINDOW=53760 RES=0x00 S
04-20-2009 22:46:04 User.Warning 192.168.1.1 Apr 20 22:46:23 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:40 SRC=203.76.84.98 DST=203.79.95.xxx LEN=64 TOS=0x00 PREC=0x00 TTL=31 ID=14620 DF PROTO=TCP SPT=2488 DPT=445 SEQ=716640812 ACK=0 WINDOW=53760 RES=0x00 S
04-20-2009 22:41:24 User.Warning 192.168.1.1 Apr 20 22:41:43 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=60.170.25.164 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=23683 DF PROTO=TCP SPT=1515 DPT=135 SEQ=946520587 ACK=0 WINDOW=65535 RES=0x00
04-20-2009 22:41:21 User.Warning 192.168.1.1 Apr 20 22:41:41 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=60.170.25.164 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=21862 DF PROTO=TCP SPT=1515 DPT=135 SEQ=946520587 ACK=0 WINDOW=65535 RES=0x00




*Need help configuring your Linksys ATA or IP Phones for New Zealand? Check my blog post

10100111001
3177 posts

Uber Geek

Trusted
Subscriber
  Reply # 208258 20-Apr-2009 23:34 Send private message

The first couple of posts show source port of 80 and dest port of random high port.  Odd as usually you see the other way around.  Maybe a worm attacking from behind a firewall that restricts everything but port 80 outbound?

the third post shows dest ports of 445, 135, 139 which are all microsoft netowrking ports (conficker worm targets 445 for rpc) and the 1433 which is typically sql server.

i'm not sure how much luck you will have trying to get anything done about it.. you could always ask for a new IP, but that might cause you more problems if you're runnning services.

A lot of tracerts, whois and abuse@isp emails can help sort it out, but that takes time and effort and ISPs often dont really seem to care - especially if you're not their customer.




Need help implementing Microsoft CRM? Give OA Systems a shout. 
Winners of CRM Solution of the Year at the 2010 Microsoft NZ Partner Awards



16712 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Subscriber
  Reply # 208263 21-Apr-2009 00:04 Send private message

They're still flooding in..

I'll take a stab and say all this uninitiated inbound traffic has possibly used somewhere in the region of 5-8GB this month. Time to start some investigation tomorrow!




*Need help configuring your Linksys ATA or IP Phones for New Zealand? Check my blog post

10100111001
3177 posts

Uber Geek

Trusted
Subscriber
  Reply # 208265 21-Apr-2009 00:09 Send private message

Unfortunately attempts by ISPs to prevent these sort of attacks from reaching subscribers has typically been met with heavy resistance.  The only way to realistically prevent it is to firewall certain ports - e.g. 25, 1433, 445, 135, 139 etc - by default and require subscribers to for them to be opened as an exception.




Need help implementing Microsoft CRM? Give OA Systems a shout. 
Winners of CRM Solution of the Year at the 2010 Microsoft NZ Partner Awards



16712 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Subscriber
  Reply # 208269 21-Apr-2009 06:37 Send private message

Wow

My TCL usage meter reset at midnight and I've already got 239MB of usage, my server is showing 2.6034 of RX traffic since midnight and .3359 TX and there will be some background traffic from my Asterisk box as well. My syslog manager is chokka full of inbound requests since midnight.

I wonder how many other TCL users are suffering the same issue?




*Need help configuring your Linksys ATA or IP Phones for New Zealand? Check my blog post

2551 posts

Uber Geek

Moderator
Trusted
Subscriber
  Reply # 208286 21-Apr-2009 09:11 Send private message

Sbiddle do you have many outward facing service ports open? Have you used Sheilds Up! to see what can be seen from outside your firewall? As long as the h8x0r does not have any luck I would expect them to move on so might not be a permanent thing.







Media centre PC - Case Silverstone LC16M with 2 X 80mm AcoustiFan DustPROOF, MOBO Gigabyte MA785GT-UD3H, CPU AMD X2 240 under volted, RAM 4 Gig DDR3 1033, HDD 120Gig System/512Gig data, Tuners 2 X Hauppauge HVR-3000, 1 X HVR-2200, Video Palit GT 220, Sound Realtek 886A HD (onboard), Optical LiteOn DH-401S Blue-ray using TotalMedia Theatre Power Corsair VX Series, 450W ATX PSU OS Windows 7 x64



16712 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Subscriber
  Reply # 208289 21-Apr-2009 09:28 Send private message

Nety: Sbiddle do you have many outward facing service ports open? Have you used Sheilds Up! to see what can be seen from outside your firewall? As long as the h8x0r does not have any luck I would expect them to move on so might not be a permanent thing.


Yes I have open ports on my server incl port 80 and 23 (for a mail server that requires authentication). I  also a VPN and a few open ports for VoIP traffic to my Asterisk box but have a script that detects brute force attacks on SIP connections and creates an iptables rule to block them.

None of my logs indicate any significant traffic on these open ports - it all seems to be attacks on closed ports.




*Need help configuring your Linksys ATA or IP Phones for New Zealand? Check my blog post

mjb

902 posts

Ultimate Geek

Trusted
Subscriber
  Reply # 208307 21-Apr-2009 10:22 Send private message

sbiddle: ... and?23 (for a?mail server that requires authentication).


You should use 587 for that then :)




contentsofsignaturemaysettleduringshipping



16712 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Subscriber
  Reply # 208723 23-Apr-2009 07:46 Send private message

Just as an update I had my IP address changed on Tuesday afternoon. My total internet traffic usage yesterday was around 150MB downstream which is about what I would have expected. This comapres to an average of 500MB - 800MB per day that was hitting my router last week with similair levels of internet activity at my end.

For 3 weeks now I've been hit by hundreds of MB's per day of uninitiated traffic that I ended up paying for (incl overusage charges since I went over my cap).. Time to ring TCL today and try and at least get them to waive that as it was hardly my problem.




*Need help configuring your Linksys ATA or IP Phones for New Zealand? Check my blog post

85 posts

Master Geek

Trusted
  Reply # 208999 24-Apr-2009 12:03 Send private message

 Time to ring TCL today and try and at least get them to waive that as it was hardly my problem.



Wait, what? You have open ports which traffic was coming in on and that's not your problem, how?

 1 | 2Next
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when new jobs are posted to our jobs board:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:




News »
FaceToFace Communications and StarLeaf bring unique cloud-based videoconferencing to Australia and New Zealand
Posted 22-May-2013 09:12

IBM Watson finds a new job: customer services
Posted 22-May-2013 08:37

Microsoft unveils Xbox One
Posted 22-May-2013 08:11

InternetNZ and AUT University form strategic partnership
Posted 21-May-2013 09:29

Microsoft expands Windows Azure with Australian region
Posted 21-May-2013 09:11

Yahoo! to Acquire Tumblr
Posted 21-May-2013 08:18


Trending now »
Hot discussions in our forums right now:

Xbox One
Created by DjShadow, last reply by merve0o0 on 22-May-2013 18:27 (37 replies)
Pages... 2 3

Cannabis is illegal yet we have really strong 'legal highs' ?
Created by qwerty7, last reply by P1n3apqlExpr3ss on 22-May-2013 21:44 (59 replies)
Pages... 2 3 4

A new project coming to Geekzone
Created by freitasm, last reply by networkn on 22-May-2013 23:26 (246 replies)
Pages... 15 16 17

Changeover issue: dial up
Created by Zigg, last reply by robjg63 on 21-May-2013 22:02 (17 replies)
Pages... 2

HTC One (2013) owners' discussion
Created by Dingbatt, last reply by psychrn on 22-May-2013 23:46 (1532 replies)
Pages... 101 102 103

"igov" online passport renewals
Created by Linuxluver, last reply by profrink on 22-May-2013 22:22 (29 replies)
Pages... 2

Orcon, Is this for real or a scam??
Created by old3eyes, last reply by DarthKermit on 22-May-2013 19:12 (29 replies)
Pages... 2

Vodafone Naked Broadband Speeds (Auckland CBD)
Created by wscalioni, last reply by grkiwi on 20-May-2013 21:13 (14 replies)


Geekzone Jobs »
Most recent NZ jobs in technology:

Intermediate Project Manager
Posted 22-May-2013 22:27

Project Manager - Data Centre
Posted 22-May-2013 22:27

Senior Embedded Software Engineer
Posted 22-May-2013 22:27

Senior Business Analyst
Posted 22-May-2013 22:27

Systems Support Administrator
Posted 22-May-2013 19:27

Senior Technical Business Analyst
Posted 22-May-2013 19:27

Network Reporting Engineer
Posted 22-May-2013 19:27


Geekzone Live »
Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Updates »
Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.