Crazy high data usage for no reason, any ideas?

Forums › 2degrees (including Slingshot, Orcon, Flip, Stuff Fibre, MyRepublic, 2talk and Vocus) › Crazy high data usage for no reason, any ideas?

1 | 2 | 3

3344 posts

Uber Geek

Trusted

Vocus

#985120 12-Feb-2014 14:31

Now you've enabled the firewall that excess traffic ought to stop. You'll soon know...

Viscery

18 posts

Geek

#985122 12-Feb-2014 14:33

When I logged on this morning to check my usage it said I had already used 10gb of data today (download + upload) and none of the computers were on during the night lol

FlameBeard

344 posts

Ultimate Geek

Trusted

#985123 12-Feb-2014 14:37

Also, have you reviewed your plan recently? You should consider a move to the Unlimited plan $100 per month from memory, that way, even after your review of your network security, you won't ever be stung with over usage should you ever be breached

4th gen i7 Haswell 4770k, G.SKILL RipjawsX 16GB (4x4 Gb) DDR3 2400MHz, x1 GTS 460, Intel 180Gb 530 Series SSD, x1 Seagate 1Tb HDD, x1 Seagate 2Tb HDD, Modular 850w PSU, R.O.G. Maximus VII Formula mobo, Cooler Master Storm Trooper Chassis, Cooler Master V8 CPU cooler

"Five exclamation marks, the sure sign of an insane mind." - Terry Pratchett

No longer work for Orcon

Viscery

18 posts

Geek

#985124 12-Feb-2014 14:37

I'll change the SSID and the password and hopefully that fixes it, thanks for all your help much easier then calling up and talking to someone who has no clue!

ubergeeknz

3344 posts

Uber Geek

Trusted

Vocus

#985126 12-Feb-2014 14:38

The computers aren't involved. Opening the firewall will mean the router will listen for DNS queries on the public interface. Then it gets used in DNS amplification attacks, which seem to be very much in vogue right now.

http://www.watchguard.com/infocenter/editorial/41649.asp

https://www.us-cert.gov/ncas/alerts/TA13-088A

We're looking into potentially preventing users from disabling the firewall for this reason, but it is always on by default.

FlameBeard

344 posts

Ultimate Geek

Trusted

#985129 12-Feb-2014 14:41

Viscery: When I logged on this morning to check my usage it said I had already used 10gb of data today (download + upload) and none of the computers were on during the night lol

Ok then I would say your definitely getting DDoS'd. That explains your download usage. I would make sure the firewall is enabled. With the default security policy, reboot the modem so that it gains another IP address, so whoever is getting a reply off of you IP will cease hopefully. That should fix your problem.
Disabling that firewall is a big no no

FlameBeard

344 posts

Ultimate Geek

Trusted

#985131 12-Feb-2014 14:41

Viscery: I'll change the SSID and the password and hopefully that fixes it, thanks for all your help much easier then calling up and talking to someone who has no clue!

Good network practice to change it every so often any way.

Quic Broadband

Move to New Zealand's best fibre broadband service (affiliate link). Note that to use Quic Broadband you must be comfortable with configuring your own router.

FlameBeard

344 posts

Ultimate Geek

Trusted

#985151 12-Feb-2014 14:48

I'm going to check your firewall is configured correctly then bounce the connection to get it to re-authenticate with a new IP address.
So you're going to experience a loss in service for a few moments. I'll make sure I see it come back before I leave this though other wise I will call you on the contact details listed on your account.

The WI-FI configuration I will leave to you to decide what to do :)

FlameBeard

344 posts

Ultimate Geek

Trusted

#985164 12-Feb-2014 14:59

Ok all done, your firewall is functioning as it should be, and you've grabbed a new external IP address.
I would expect to see your usage drop right down tomorrow.

If not, please repost, and we will be more than happy to relook into this again.

Viscery

18 posts

Geek

#985174 12-Feb-2014 15:10

Splendid, will do. Thanks so much!

FlameBeard

344 posts

Ultimate Geek

Trusted

#985175 12-Feb-2014 15:11

No worries! :)

Dratsab

3946 posts

Uber Geek

Trusted

Lifetime subscriber

#985283 12-Feb-2014 16:54

Consider a MAC address whitelist for your wifi as well. It adds another little dimension to your overall security.

killerkiwinz

40 posts

Geek

#985284 12-Feb-2014 16:55

Last time this happened in our house I traced it to spotify doing it p2p thing

ubergeeknz

3344 posts

Uber Geek

Trusted

Vocus

#985285 12-Feb-2014 17:04

killerkiwinz: Last time this happened in our house I traced it to spotify doing it p2p thing

Yes, one of our staff members had this also, bit of a trap. I might see if we can get a sticky for high data usage with a few of these culprits in it.

raytaylor

4014 posts

Uber Geek

Trusted

#986530 13-Feb-2014 03:01

FlameBeard:
That coupled with the fact your firewall has been disabled, I suspect my friend you're being DDoS'd or some other form of attack

One of our customers had a kid that pissed off another player in some game. The foreign player rented a botnet and launched a ddos against our customer's ip address. In 30 minutes he had 18gb of data coming into our network and delivered to his rooftop radio - where the firewall dropped the traffic. Unfortunatley for him, the data was directed at his ip address and we delivered it to the end point so the customer got charged for the data.

Thats the thing, an ISP is just a delivery mechanism. If someone else directs traffic at you, the isp doesnt know if you want it or not so all we can do is deliver it. In this particular case the kid was warned if he kept up his antics the foreign player was going to do it, and it took down our network for 30 minutes so I wasnt happy and wasnt much I could do but wait it out.

It can happen to anyone and affect huge amounts of people - in our case this kid's antics only affected a valley of 40 customers, but Level3 in the USA which is the big bohemoth ISP-of-ISP's which is affecting thousands of customers of ISPs that buy data pipes off them, and who transit through their network.

Ray Taylor

There is no place like localhost

Spreadsheet for Comparing Electricity Plans Here

1 | 2 | 3