Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsOne New Zealand (including Vodafone, WxC, Farmside)un-accounted vodafone (ex telstaclear) upload data count
Garfield69

126 posts

Master Geek


#177531 5-Aug-2015 16:47
Send private message

Since the 27th of July around 16:00, my Vodafone traffic usage meter has been recording upstream data at a rate between 50MB to 300MB per hour, even when my computers are turned off at night.
I run Netlimiter 3 on my two PCs, and they record only a couple hundred KB of upload from each per hour.
Both machine run AVAST permanently, and are clean of malware, having just finished running  malwarebytes antimalware scans on both, just in case.
I am pretty confident therefore that this upload traffic is not coming from either of my computers.

I am on the 80GB cable plan, use a NetComm N300 router to manage my ethernet traffic to both PCs, which is set to stealth mode so my WAN visibility is minimal.

I am beginning to suspect  that my vodafone cisco dpc3008 cable router, or the motorola surfboard connected to the TBOX might have been hijacked for nefarious use...
is there any way I can confirm this?
I have not raised a ticket with vodafone yet, I thought to eliminate as many possibilities myself first before I get embroiled with vodofone tech support.
 

Create new topic
Jase2985
13457 posts

Uber Geek

ID Verified
Lifetime subscriber

  #1359545 5-Aug-2015 16:55
Send private message

you dont have devices connected via wifi? could be a phone uploading pictures to the cloud or something like that.

could turning off wifi on the router as well and see if that makes makes a difference.



Garfield69

126 posts

Master Geek


  #1359551 5-Aug-2015 17:02
Send private message

Jase2985: you dont have devices connected via wifi? could be a phone uploading pictures to the cloud or something like that.

could turning off wifi on the router as well and see if that makes makes a difference.


While the N300 does have wifi capability, I have disabled that feature since I do not have any wifi devices in the house.

I think tonight, I will power off both cable modems, and check in the morning for activity on the vodafone traffic meter.
If there is none, I will power up one of the modems, and check a couple hours later and see if activity is recorded on the vodafone traffic meter. In this way I can at least determine if one or both or neither are contributing to the vodafone upstream traffic count.

johnr
19282 posts

Uber Geek
Inactive user


  #1359556 5-Aug-2015 17:12
Send private message

port 53 exploit?



Garfield69

126 posts

Master Geek


  #1359569 5-Aug-2015 17:29
Send private message

johnr: port 53 exploit?


Hi Johnr, I checked port 53 using the canyouseeme.org site, and came up clean.

Was this what you meant me to do?

dylanp
840 posts

Ultimate Geek

Trusted

  #1359801 6-Aug-2015 08:35
Send private message

Have you installed Google Photos or something similar that might be uploading large amounts of data?

sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #1359802 6-Aug-2015 08:38
Send private message

The most common cause of sudden uploading data is people with insecure routers or those who disable their firewall allowing DNS amplification attacks. it would seem that your machine is showing port 53 closed, but it would still be worth checking a nslookup against your IP.

Garfield69

126 posts

Master Geek


  #1359806 6-Aug-2015 08:57
Send private message

VodafoneDylan: Have you installed Google Photos or something similar that might be uploading large amounts of data?


Hi Dylan,
no I have not installed any additional software recently. 

I think it is worth re-stating that the Vodafone upstream traffic meter was registering usage even when both my PC were turned off during the night.

I did power off both my Vodafone modem and the N300 router last night, along with both my PCs, and traffic in both directions was zero for that period, so that is useful information.

But as it happens, now that I have been focused on the activity this last two days, I see that the upstream usage count has been trending downwards, and as of this morning, is back to normal.

It is annoying that I did not notice this earlier, I've now burned 29GB of my data cap and am in the red by 3GB over my limit, with 4 days to get before the start on my next cycle.

I shall keep a close eye on the stats to see if I get a recurrence of the event in the coming month.

 
 
 
 

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.
sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #1359810 6-Aug-2015 09:01
Send private message

If no devices were connected and usage was still there a DNS amplification attack is the very first thing to look at.

Garfield69

126 posts

Master Geek


  #1359820 6-Aug-2015 09:15
Send private message

sbiddle: The most common cause of sudden uploading data is people with insecure routers or those who disable their firewall allowing DNS amplification attacks. it would seem that your machine is showing port 53 closed, but it would still be worth checking a nslookup against your IP.


Hi sbiddle,
so I did an nslookup using a web service, and got a not found result, which is good. 

In the capture above I have erased my ip address where ever it showed.

My upstream count has trickled to nothing since this morning, so I shall keep an eye out for a recurrence and yell if I get another similar episode.

My thanks to all who replied to my post.

dylanp
840 posts

Ultimate Geek

Trusted

  #1359827 6-Aug-2015 09:23
Send private message

Garfield69:
VodafoneDylan: Have you installed Google Photos or something similar that might be uploading large amounts of data?

I think it is worth re-stating that the Vodafone upstream traffic meter was registering usage even when both my PC were turned off during the night.
I did power off both my Vodafone modem and the N300 router last night, along with both my PCs, and traffic in both directions was zero for that period, so that is useful information. ...

Cool - great points, thanks. :)

Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright