Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




994 posts

Ultimate Geek
+1 received by user: 588


# 138369 1-Jan-2014 09:56
Send private message

Hi all. Just resumed with Xtra as an ISP after a four-year trouble-free break with XNet (don't ask, maybe I'm masochistic), and I've suddenly discovered I can check my daily download usage. I'm gobsmacked to find that, over the first month, my download figures correspond with the files I've downloaded, but I've somehow UPLOADED nearly four gigs!

Now, I don't use Torrent, or file sharing, so nobody has access to my secure LAN, so WTF is going on here?

Xtra's helpdesk has no answer, except that 'Well, every time you click a link on Google, or TradeMe etc, it sends a request, and that constitutes an upload'. Say what!

Ok, I can accept that there may be a tiny amount of data in a link request, but my daily UPLOADS vary from a low of 25.77MB to a whopping 621.77MB!

That's crazy. Anyone able to comment?





Any fool can make money, but it takes a very special person to earn the respect of respectable people.


Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3
1948 posts

Uber Geek
+1 received by user: 469
Inactive user


  # 959812 1-Jan-2014 10:00
Send private message

Virus.. malware or some programme being untoward.

Unplug each machine from your network starting with switching off your router and see if it continues.

Could also be if you are using a non telecom supplied router then it could be that it has been hijacked with a dns redirect or being used as a spambot.

BDFL - Memuneh
63821 posts

Uber Geek
+1 received by user: 14279

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 959817 1-Jan-2014 10:11
Send private message

What router are you using? Is the firewall in that router turned on? The router could have been used in a DNS amplification attack (where an attacker uses the DNS on your router to respond to fake requests sending the responses to another IP address to overload it).








 
 
 
 


5473 posts

Uber Geek
+1 received by user: 1914


  # 959818 1-Jan-2014 10:17
One person supports this post
Send private message

Apple iCloud syncing?



994 posts

Ultimate Geek
+1 received by user: 588


  # 960186 2-Jan-2014 09:08
Send private message

Guys, thanks for your responses.

The modem is a new Technicolor TG582N (software 8.4.4.1) and was supplied by Telecom as part of the package when we moved house in November 2013.

Security? Yes, it's turned on and the WPA-PSK code is reasonably complex.

Modem firewall: Nope, it's not turned on.

Apple iCloud syncing? No, I don't do any form of data syncing, or online backups, or Skype, or Torrent file sharing

Before we go any further, could we just confirm my thoughts on uploads? I'm an IT guy, who's spent the last 15 years building and repairing computers, but I've only ever got into the coding and programming side of computing when and as necessary. In other words, I've always taken a lot of stuff for granted.

One of these givens is that, unless I choose to SEND stuff via emails, there's virtually nothing that goes UP from my machine. Is this correct?

Something that could be enlightening: How about those of you who have Telecom accounts, checking your own accounts (via My Telecom) to see if there is any unexpected upward data traffic. I mean, I've been using the internet for pretty much as long as it's been available in NZ, and in all that time, most of which has been with Xtra, I've never thought to check that my monthly data traffic included any uploads.

So, to find that my new 30GB Telecom package (which to my simplistic way of thinking means 30GB of downloads) has been 'short-changed' to the tune of 10% is disturbing. In other words, I was expecting to have 30GB of download traffic available, but only ended up with 26GB, because the monthly UPLOADS totaled around 4GB.

Perplexed.........







Any fool can make money, but it takes a very special person to earn the respect of respectable people.


BDFL - Memuneh
63821 posts

Uber Geek
+1 received by user: 14279

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 960187 2-Jan-2014 09:17
Send private message

geekIT: Modem firewall: Nope, it's not turned on.


This is the first and most important thing to do it. Right now.

geekIT: Before we go any further, could we just confirm my thoughts on uploads? I'm an IT guy, who's spent the last 15 years building and repairing computers, but I've only ever got into the coding and programming side of computing when and as necessary. In other words, I've always taken a lot of stuff for granted.

One of these givens is that, unless I choose to SEND stuff via emails, there's virtually nothing that goes UP from my machine. Is this correct?


Upload is ANY traffic coming out of the modem port into the Internet. One would assume the traffic would come from computers connected to the LAN, but the modem itself can send traffic out.

One of this traffic out is when your firewall is not enabled and the DNS service in the modem responds to requests from inside and OUTSIDE of your LAN. Robots will find it and use the open DNS to act as part of a DDoS called Smurf Attack for example.

Basically Attacker A wants to take down Victim B. One computer is not enough but Attacker A knows better. It broadcasts DNS requests to a network hosting Unsecure Routers. Those requests are fake because they have the Victim B's IP address spoofed. This cause all those Unsecure Routers to respond to Victim B's computer. 

With one request Attacker A can send thousands of packets to Victim B. If Attacker A uses another botnet to send out a few thousands requests to thousands of Unsecure Routers then Victim B ends up receiving millions of requests, crippling its servers. And YOU owner of Unsecure Router pays the upload bill for your participation in the attack.

Turn that firewall ON now.





4102 posts

Uber Geek
+1 received by user: 2858

Trusted

  # 960188 2-Jan-2014 09:23
4 people support this post
Send private message

With Telecom (and most providers I believe) the traffic accounting has always counted in both directions.

In general, even if you don't actively upload things, every single packet (well, there are exceptions, but basically this is right) has to be acknowledged so for every large packet you receive, there's a small packet that your computer sends out. For a typical user, 26GB of downloads could easily be 4GB of uploads, even without running a torrent program or uploading lots of photos.

If those numbers (26 and 4GB) are your actual numbers, and the usage is reasonably even and in line with when the download usage happened - I'd suggest there's nothing wrong with the traffic counting.

If you only have one machine, there's a relatively simple way to check this... Graph or record your network card usage and watch in realtime how much traffic goes in each direction. I suggest grabbing and installing something like Netmeter

http://www.metal-machine.de/readerror/index.php?action=tpmod;dl=item23

and seeing what happens when you do various things on the Internet.

Cheers - N




--

 

Please note all comments are the product of my own brain and don't necessarily represent the position or opinions of my employer, previous employers, colleagues, friends or pets.


1917 posts

Uber Geek
+1 received by user: 110


  # 960190 2-Jan-2014 09:30
One person supports this post

Talkiet: With Telecom (and most providers I believe) the traffic accounting has always counted in both directions.

In general, even if you don't actively upload things, every single packet (well, there are exceptions, but basically this is right) has to be acknowledged so for every large packet you receive, there's a small packet that your computer sends out. For a typical user, 26GB of downloads could easily be 4GB of uploads, even without running a torrent program or uploading lots of photos.

If those numbers (26 and 4GB) are your actual numbers, and the usage is reasonably even and in line with when the download usage happened - I'd suggest there's nothing wrong with the traffic counting.

If you only have one machine, there's a relatively simple way to check this... Graph or record your network card usage and watch in realtime how much traffic goes in each direction. I suggest grabbing and installing something like Netmeter

http://www.metal-machine.de/readerror/index.php?action=tpmod;dl=item23

and seeing what happens when you do various things on the Internet.

Cheers - N


This was my initial thought. Data cant download without a request (upload.)

 
 
 
 


BDFL - Memuneh
63821 posts

Uber Geek
+1 received by user: 14279

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 960192 2-Jan-2014 09:36
One person supports this post
Send private message

And on TCP every downloaded packet requires an uploaded pack with a confirmation.

That's why

a) Downloading something also requires some uploading (smaller of course)
b) Upload speeds can impact in download speeds




14869 posts

Uber Geek
+1 received by user: 2790

Trusted
Subscriber

  # 960194 2-Jan-2014 09:44
Send private message

I just checked my stats for the past two days, which included emails but no torrents or uploads, but does include dropbox uploading - though not very much. Uploads constituted 3% of my data usage. That suggests with 24GB of downloads you should have around 720MB of uploads, though half or double that wouldn't surprise me.

TC users can get a detailed accounting of their usage as a csv file through the customer portal.

1917 posts

Uber Geek
+1 received by user: 110


  # 960200 2-Jan-2014 10:10

timmmay: I just checked my stats for the past two days, which included emails but no torrents or uploads, but does include dropbox uploading - though not very much. Uploads constituted 3% of my data usage. That suggests with 24GB of downloads you should have around 720MB of uploads, though half or double that wouldn't surprise me.

TC users can get a detailed accounting of their usage as a csv file through the customer portal.


Upload data depends on protocol, service, errors e.t.c.

27965 posts

Uber Geek
+1 received by user: 7456

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  # 960203 2-Jan-2014 10:17
Send private message

The first thing to do is turn your firewall on, I'm not sure why you have this disabled but I'm pretty sure these Technicolor's respond to external DNS requests when this is disabled so the most likely cause right now would be a DNS amplification attack because of this.

1948 posts

Uber Geek
+1 received by user: 469
Inactive user


  # 960227 2-Jan-2014 10:57
Send private message

sbiddle: The first thing to do is turn your firewall on, I'm not sure why you have this disabled but I'm pretty sure these Technicolor's respond to external DNS requests when this is disabled so the most likely cause right now would be a DNS amplification attack because of this.


Do a factory reset on the router and it should go back to firewall on and be in a more secure state.

175 posts

Master Geek
+1 received by user: 36

Lifetime subscriber

  # 960243 2-Jan-2014 12:19
Send private message

I have noticed this same behaviour and noted that it began to happen on two computers that I had upgraded to OSX Mavericks. The two computers are in differed places 600km apart on separate accounts (Telecom). I use iCloud and drop box. But I was using these before the Mavericks upgrade and did not see this uploading happening - it was several GBs a day.
I have not had time to do much yet in the way of investigation but have managed the problem by turning off the computers when not using them. I was in the habit of leaving them on 24/7



994 posts

Ultimate Geek
+1 received by user: 588


  # 960513 3-Jan-2014 08:36
Send private message

Again, thanks guys.

Freitasm: In all the time I've been on the net, I've never used a modem firewall. A close friend is Ops Manager for a big coms company and he always said it was less complicated, but just as effective, to use a firewall within Windows. So that's what I've always done. Zone Alarm has been my firewall of choice for 20 years and it seem to be pretty effective, plus it has a good feedback interface. Like' "Do you want to allow 'X' to access the internet?" and so on.

Having said that, I've had Zone Alarm switched off for the last week or so (well, uninstalled, actually - you can't effectively switch it off), because of another new issue involving slow downloads, but that's another story. Suffice to say that Zone Alarm is now back on and working. But the gratuitous UPLOADS still continue.

Talkiet: So you think 4GB out of 30GB is par for the course? Interesting. I wonder what umpteen thousand other Telecom users would think if they knew that around 13% of their plan was being frittered away on some sort of unseen, but unavoidable overhead? Anyway, I've taken your advice and installed Netmeter, though I'm not quite sure what I'm supposed to be watching...

Timmmay: 3% for you? Sounds much more reasonable than 13%, doesn't it?

sbiddle: See above for notes on modem firewall and Zone Alarm.

plambrechtsen: Over the years, my routers have always been either Dynalink or Netcomm. This latest Technicolor is a departure, for me. However, no modem model I've ever used has had the firewall switched on by default.

In case anyone's interested, here's Telecom's traffic report for Nov\Dec.






Any fool can make money, but it takes a very special person to earn the respect of respectable people.


14869 posts

Uber Geek
+1 received by user: 2790

Trusted
Subscriber

  # 960524 3-Jan-2014 09:02
4 people support this post
Send private message

Very knowledgeable people have suggested you turn on the modem firewall, along with good reasons. I suggest you follow their advice, at least for a trial run, rather than 20 year old advice from a friend.

There's really no drawback in having the firewall in your modem turned on. If you need to forward a port, that's easy. Two levels of protection are better than one.

 1 | 2 | 3
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Scientists unveil image of quantum entanglement
Posted 13-Jul-2019 06:00


Hackers to be challenged at University of Waikato
Posted 12-Jul-2019 21:34


OPPO Reno Z now available in New Zealand
Posted 12-Jul-2019 21:28


Sony introduces WF-1000XM3 wireless headphones with noise cancellation
Posted 8-Jul-2019 16:56


Xero announces new smarter tools, push into the North American market
Posted 19-Jun-2019 17:20


New report by Unisys shows New Zealanders want action by social platform companies and police to monitor social media sites
Posted 19-Jun-2019 17:09


ASB adds Google Pay option to contactless payments
Posted 19-Jun-2019 17:05


New Zealand PC Market declines on the back of high channel inventory, IDC reports
Posted 18-Jun-2019 17:35


Air New Zealand uses drones to inspect aircraft
Posted 17-Jun-2019 15:39


TCL Electronics launches its first-ever 8K TV
Posted 17-Jun-2019 15:18


E-scooter share scheme launches in Wellington
Posted 17-Jun-2019 12:34


Anyone can broadcast with Kordia Pop Up TV
Posted 13-Jun-2019 10:51


Volvo and Uber present production vehicle ready for self-driving
Posted 13-Jun-2019 10:47


100,000 customers connected to fibre broadband network through Enable
Posted 13-Jun-2019 10:35


5G uptake even faster than expected
Posted 12-Jun-2019 10:01



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.