[TelstraClear] TelstraClear Cable Usage Meter

Forums › One New Zealand (including Vodafone, WxC, Farmside) › [TelstraClear] TelstraClear Cable Usage Meter - recent spikes?

1 | 2

mjb

996 posts

Ultimate Geek

Trusted

#209001 24-Apr-2009 12:11

anatoki: Wait, what? You have open ports which traffic was coming in on and that's not your problem, how?

sbiddle: None of my logs indicate any significant traffic on these open ports - it all seems to be attacks on closed ports.

It's likely that the previous tenant of the IP address sbiddle had was the target of attack.. (or maybe him... who knows).

contentsofsignaturemaysettleduringshipping

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#209004 24-Apr-2009 12:19

anatoki:
Time to ring TCL today and try and at least get them to waive that as it was hardly my problem.

Wait, what? You have open ports which traffic was coming in on and that's not your problem, how?

The attacks were not on open ports. The traffic was all being blocked by my router. DD-WRT has very good logging so it was very clear what was going on. Analysing LAN traffic on my server and Asterisk box show no escessive traffic hitting these machines.

I've also had that IP for around 5 years so it wasn't a case of the preious owner being attacked, for some reason my IP or a range of IP's was being attacked.

anatoki

85 posts

Master Geek

Trusted

#209006 24-Apr-2009 12:29

Well I apologise for that, I skim read the thread! :p

However..

All traffic (both upstream and downstream) will be counted towards the monthly traffic allowance limit. All traffic sent to and from the TelstraClear servers will also be counted towards your traffic allowance limit, including any traffic rejected by security software or hardware (such as a firewall) on your own equipment. We will charge you on a monthly basis at the stated overage rate on your plan for any usage over the stated traffic allowance. Overage is charged on a block basis and you will be charged for the whole block even if you do not use all the capacity in the block.

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#209017 24-Apr-2009 13:03

anatoki: Well I apologise for that, I skim read the thread! :p

However..

All traffic (both upstream and downstream) will be counted towards the monthly traffic allowance limit. All traffic sent to and from the TelstraClear servers will also be counted towards your traffic allowance limit, including any traffic rejected by security software or hardware (such as a firewall) on your own equipment. We will charge you on a monthly basis at the stated overage rate on your plan for any usage over the stated traffic allowance. Overage is charged on a block basis and you will be charged for the whole block even if you do not use all the capacity in the block.

I am well aware of that. There is no harm in asking however! :-)

The larger issue here is that same issue could be happening to anybody. It took me several weeks to actually investigate it and if a range of IP's is being targetted then there are potentially others on the same subnet range who are having their data usage hit quite significantly through no fault of their own.

I realise there are no simple solutions however it does raise questions as to whether they have monitoring to notice significant spikes in traffic if a range of IP's or infact a whole subet is being hit.

Nety

2584 posts

Uber Geek

Retired Mod

Trusted

Lifetime subscriber

#209070 24-Apr-2009 18:27

anatoki: Well I apologise for that, I skim read the thread! :p

However..

All traffic (both upstream and downstream) will be counted towards the monthly traffic allowance limit. All traffic sent to and from the TelstraClear servers will also be counted towards your traffic allowance limit, including any traffic rejected by security software or hardware (such as a firewall) on your own equipment. We will charge you on a monthly basis at the stated overage rate on your plan for any usage over the stated traffic allowance. Overage is charged on a block basis and you will be charged for the whole block even if you do not use all the capacity in the block.

antoki, I agree that you cannot expect Telstra to not bill you for the traffic stemming from the attack (although they may do so to keep a customer happy) however it is certainly a situation that you as a customer would want to be aware of and correct as sbiddle has done.

I will certainly be having a good look at my usage as I have had the same IP for 7 odd years now.

Media centre PC - Case Silverstone LC16M with 2 X 80mm AcoustiFan DustPROOF, MOBO Gigabyte MA785GT-UD3H, CPU AMD X2 240 under volted, RAM 4 Gig DDR3 1033, HDD 120Gig System/512Gig data, Tuners 2 X Hauppauge HVR-3000, 1 X HVR-2200, Video Palit GT 220, Sound Realtek 886A HD (onboard), Optical LiteOn DH-401S Blue-ray using TotalMedia Theatre Power Corsair VX Series, 450W ATX PSU OS Windows 7 x64

phindmarsh

117 posts

Master Geek

#210524 29-Apr-2009 13:47

that might explain why my usage is through the roof this month. Every 12 hours I get an email saying I have used additional blocks, even though no one was at home...

Must be time to check the server logs...

Jizah

236 posts

Master Geek

#210637 29-Apr-2009 19:34

Did you guys not have your IP changed when tcl removed the 1/10th traffic split and reassigned everyone on paradise with new IPs?

Quic Broadband

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.

phindmarsh

117 posts

Master Geek

#211042 30-Apr-2009 21:21

Just wanted to say thanks sbiddle, I had been tearing my hair out because I was chewing through bandwidth and I had no idea how. Turns out someone was trying to bruteforce my ssh server. I had never thought to check the logs for that!

Now I have installed DenyHosts which should keep the attacks to a minimum.

1 | 2