Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


geekIT

2418 posts

Uber Geek


#138369 1-Jan-2014 09:56
Send private message

Hi all. Just resumed with Xtra as an ISP after a four-year trouble-free break with XNet (don't ask, maybe I'm masochistic), and I've suddenly discovered I can check my daily download usage. I'm gobsmacked to find that, over the first month, my download figures correspond with the files I've downloaded, but I've somehow UPLOADED nearly four gigs!

Now, I don't use Torrent, or file sharing, so nobody has access to my secure LAN, so WTF is going on here?

Xtra's helpdesk has no answer, except that 'Well, every time you click a link on Google, or TradeMe etc, it sends a request, and that constitutes an upload'. Say what!

Ok, I can accept that there may be a tiny amount of data in a link request, but my daily UPLOADS vary from a low of 25.77MB to a whopping 621.77MB!

That's crazy. Anyone able to comment?





'Those who can make you believe absurdities can make you commit atrocities.' Voltaire

 

'A patriot must always be ready to defend his country against his government.' Edward Abbey

 

 

 

 

 

 


Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3
plambrechtsen
1948 posts

Uber Geek
Inactive user


  #959812 1-Jan-2014 10:00
Send private message

Virus.. malware or some programme being untoward.

Unplug each machine from your network starting with switching off your router and see if it continues.

Could also be if you are using a non telecom supplied router then it could be that it has been hijacked with a dns redirect or being used as a spambot.



freitasm
BDFL - Memuneh
79254 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #959817 1-Jan-2014 10:11
Send private message

What router are you using? Is the firewall in that router turned on? The router could have been used in a DNS amplification attack (where an attacker uses the DNS on your router to respond to fake requests sending the responses to another IP address to overload it).








Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup


RunningMan
8953 posts

Uber Geek


  #959818 1-Jan-2014 10:17
Send private message

Apple iCloud syncing?



geekIT

2418 posts

Uber Geek


  #960186 2-Jan-2014 09:08
Send private message

Guys, thanks for your responses.

The modem is a new Technicolor TG582N (software 8.4.4.1) and was supplied by Telecom as part of the package when we moved house in November 2013.

Security? Yes, it's turned on and the WPA-PSK code is reasonably complex.

Modem firewall: Nope, it's not turned on.

Apple iCloud syncing? No, I don't do any form of data syncing, or online backups, or Skype, or Torrent file sharing

Before we go any further, could we just confirm my thoughts on uploads? I'm an IT guy, who's spent the last 15 years building and repairing computers, but I've only ever got into the coding and programming side of computing when and as necessary. In other words, I've always taken a lot of stuff for granted.

One of these givens is that, unless I choose to SEND stuff via emails, there's virtually nothing that goes UP from my machine. Is this correct?

Something that could be enlightening: How about those of you who have Telecom accounts, checking your own accounts (via My Telecom) to see if there is any unexpected upward data traffic. I mean, I've been using the internet for pretty much as long as it's been available in NZ, and in all that time, most of which has been with Xtra, I've never thought to check that my monthly data traffic included any uploads.

So, to find that my new 30GB Telecom package (which to my simplistic way of thinking means 30GB of downloads) has been 'short-changed' to the tune of 10% is disturbing. In other words, I was expecting to have 30GB of download traffic available, but only ended up with 26GB, because the monthly UPLOADS totaled around 4GB.

Perplexed.........







'Those who can make you believe absurdities can make you commit atrocities.' Voltaire

 

'A patriot must always be ready to defend his country against his government.' Edward Abbey

 

 

 

 

 

 


freitasm
BDFL - Memuneh
79254 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #960187 2-Jan-2014 09:17
Send private message

geekIT: Modem firewall: Nope, it's not turned on.


This is the first and most important thing to do it. Right now.

geekIT: Before we go any further, could we just confirm my thoughts on uploads? I'm an IT guy, who's spent the last 15 years building and repairing computers, but I've only ever got into the coding and programming side of computing when and as necessary. In other words, I've always taken a lot of stuff for granted.

One of these givens is that, unless I choose to SEND stuff via emails, there's virtually nothing that goes UP from my machine. Is this correct?


Upload is ANY traffic coming out of the modem port into the Internet. One would assume the traffic would come from computers connected to the LAN, but the modem itself can send traffic out.

One of this traffic out is when your firewall is not enabled and the DNS service in the modem responds to requests from inside and OUTSIDE of your LAN. Robots will find it and use the open DNS to act as part of a DDoS called Smurf Attack for example.

Basically Attacker A wants to take down Victim B. One computer is not enough but Attacker A knows better. It broadcasts DNS requests to a network hosting Unsecure Routers. Those requests are fake because they have the Victim B's IP address spoofed. This cause all those Unsecure Routers to respond to Victim B's computer. 

With one request Attacker A can send thousands of packets to Victim B. If Attacker A uses another botnet to send out a few thousands requests to thousands of Unsecure Routers then Victim B ends up receiving millions of requests, crippling its servers. And YOU owner of Unsecure Router pays the upload bill for your participation in the attack.

Turn that firewall ON now.





Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup


Talkiet
4792 posts

Uber Geek

Trusted

  #960188 2-Jan-2014 09:23
Send private message

With Telecom (and most providers I believe) the traffic accounting has always counted in both directions.

In general, even if you don't actively upload things, every single packet (well, there are exceptions, but basically this is right) has to be acknowledged so for every large packet you receive, there's a small packet that your computer sends out. For a typical user, 26GB of downloads could easily be 4GB of uploads, even without running a torrent program or uploading lots of photos.

If those numbers (26 and 4GB) are your actual numbers, and the usage is reasonably even and in line with when the download usage happened - I'd suggest there's nothing wrong with the traffic counting.

If you only have one machine, there's a relatively simple way to check this... Graph or record your network card usage and watch in realtime how much traffic goes in each direction. I suggest grabbing and installing something like Netmeter

http://www.metal-machine.de/readerror/index.php?action=tpmod;dl=item23

and seeing what happens when you do various things on the Internet.

Cheers - N




Please note all comments are from my own brain and don't necessarily represent the position or opinions of my employer, previous employers, colleagues, friends or pets.


SteveON
1916 posts

Uber Geek


  #960190 2-Jan-2014 09:30

Talkiet: With Telecom (and most providers I believe) the traffic accounting has always counted in both directions.

In general, even if you don't actively upload things, every single packet (well, there are exceptions, but basically this is right) has to be acknowledged so for every large packet you receive, there's a small packet that your computer sends out. For a typical user, 26GB of downloads could easily be 4GB of uploads, even without running a torrent program or uploading lots of photos.

If those numbers (26 and 4GB) are your actual numbers, and the usage is reasonably even and in line with when the download usage happened - I'd suggest there's nothing wrong with the traffic counting.

If you only have one machine, there's a relatively simple way to check this... Graph or record your network card usage and watch in realtime how much traffic goes in each direction. I suggest grabbing and installing something like Netmeter

http://www.metal-machine.de/readerror/index.php?action=tpmod;dl=item23

and seeing what happens when you do various things on the Internet.

Cheers - N


This was my initial thought. Data cant download without a request (upload.)

 
 
 

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.
freitasm
BDFL - Memuneh
79254 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #960192 2-Jan-2014 09:36
Send private message

And on TCP every downloaded packet requires an uploaded pack with a confirmation.

That's why

a) Downloading something also requires some uploading (smaller of course)
b) Upload speeds can impact in download speeds




Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup


timmmay
20575 posts

Uber Geek

Trusted
Lifetime subscriber

  #960194 2-Jan-2014 09:44
Send private message

I just checked my stats for the past two days, which included emails but no torrents or uploads, but does include dropbox uploading - though not very much. Uploads constituted 3% of my data usage. That suggests with 24GB of downloads you should have around 720MB of uploads, though half or double that wouldn't surprise me.

TC users can get a detailed accounting of their usage as a csv file through the customer portal.

SteveON
1916 posts

Uber Geek


  #960200 2-Jan-2014 10:10

timmmay: I just checked my stats for the past two days, which included emails but no torrents or uploads, but does include dropbox uploading - though not very much. Uploads constituted 3% of my data usage. That suggests with 24GB of downloads you should have around 720MB of uploads, though half or double that wouldn't surprise me.

TC users can get a detailed accounting of their usage as a csv file through the customer portal.


Upload data depends on protocol, service, errors e.t.c.

sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #960203 2-Jan-2014 10:17
Send private message

The first thing to do is turn your firewall on, I'm not sure why you have this disabled but I'm pretty sure these Technicolor's respond to external DNS requests when this is disabled so the most likely cause right now would be a DNS amplification attack because of this.

plambrechtsen
1948 posts

Uber Geek
Inactive user


  #960227 2-Jan-2014 10:57
Send private message

sbiddle: The first thing to do is turn your firewall on, I'm not sure why you have this disabled but I'm pretty sure these Technicolor's respond to external DNS requests when this is disabled so the most likely cause right now would be a DNS amplification attack because of this.


Do a factory reset on the router and it should go back to firewall on and be in a more secure state.

morrisk
364 posts

Ultimate Geek

Lifetime subscriber

  #960243 2-Jan-2014 12:19
Send private message

I have noticed this same behaviour and noted that it began to happen on two computers that I had upgraded to OSX Mavericks. The two computers are in differed places 600km apart on separate accounts (Telecom). I use iCloud and drop box. But I was using these before the Mavericks upgrade and did not see this uploading happening - it was several GBs a day.
I have not had time to do much yet in the way of investigation but have managed the problem by turning off the computers when not using them. I was in the habit of leaving them on 24/7

geekIT

2418 posts

Uber Geek


  #960513 3-Jan-2014 08:36
Send private message

Again, thanks guys.

Freitasm: In all the time I've been on the net, I've never used a modem firewall. A close friend is Ops Manager for a big coms company and he always said it was less complicated, but just as effective, to use a firewall within Windows. So that's what I've always done. Zone Alarm has been my firewall of choice for 20 years and it seem to be pretty effective, plus it has a good feedback interface. Like' "Do you want to allow 'X' to access the internet?" and so on.

Having said that, I've had Zone Alarm switched off for the last week or so (well, uninstalled, actually - you can't effectively switch it off), because of another new issue involving slow downloads, but that's another story. Suffice to say that Zone Alarm is now back on and working. But the gratuitous UPLOADS still continue.

Talkiet: So you think 4GB out of 30GB is par for the course? Interesting. I wonder what umpteen thousand other Telecom users would think if they knew that around 13% of their plan was being frittered away on some sort of unseen, but unavoidable overhead? Anyway, I've taken your advice and installed Netmeter, though I'm not quite sure what I'm supposed to be watching...

Timmmay: 3% for you? Sounds much more reasonable than 13%, doesn't it?

sbiddle: See above for notes on modem firewall and Zone Alarm.

plambrechtsen: Over the years, my routers have always been either Dynalink or Netcomm. This latest Technicolor is a departure, for me. However, no modem model I've ever used has had the firewall switched on by default.

In case anyone's interested, here's Telecom's traffic report for Nov\Dec.






'Those who can make you believe absurdities can make you commit atrocities.' Voltaire

 

'A patriot must always be ready to defend his country against his government.' Edward Abbey

 

 

 

 

 

 


timmmay
20575 posts

Uber Geek

Trusted
Lifetime subscriber

  #960524 3-Jan-2014 09:02
Send private message

Very knowledgeable people have suggested you turn on the modem firewall, along with good reasons. I suggest you follow their advice, at least for a trial run, rather than 20 year old advice from a friend.

There's really no drawback in having the firewall in your modem turned on. If you need to forward a port, that's easy. Two levels of protection are better than one.

 1 | 2 | 3
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00


eero Pro 7 Review
Posted 23-Jul-2025 12:07


BeeStation Plus Review
Posted 21-Jul-2025 14:21


eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01


WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32


RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26


Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24


Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05


Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01


Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01


Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22


Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46


Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42


D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34


Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.