Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




126 posts

Master Geek
+1 received by user: 4


# 177531 5-Aug-2015 16:47
Send private message

Since the 27th of July around 16:00, my Vodafone traffic usage meter has been recording upstream data at a rate between 50MB to 300MB per hour, even when my computers are turned off at night.
I run Netlimiter 3 on my two PCs, and they record only a couple hundred KB of upload from each per hour.
Both machine run AVAST permanently, and are clean of malware, having just finished running  malwarebytes antimalware scans on both, just in case.
I am pretty confident therefore that this upload traffic is not coming from either of my computers.

I am on the 80GB cable plan, use a NetComm N300 router to manage my ethernet traffic to both PCs, which is set to stealth mode so my WAN visibility is minimal.

I am beginning to suspect  that my vodafone cisco dpc3008 cable router, or the motorola surfboard connected to the TBOX might have been hijacked for nefarious use...
is there any way I can confirm this?
I have not raised a ticket with vodafone yet, I thought to eliminate as many possibilities myself first before I get embroiled with vodofone tech support.
 

Create new topic
8662 posts

Uber Geek
+1 received by user: 2980

Lifetime subscriber

  # 1359545 5-Aug-2015 16:55
Send private message

you dont have devices connected via wifi? could be a phone uploading pictures to the cloud or something like that.

could turning off wifi on the router as well and see if that makes makes a difference.



126 posts

Master Geek
+1 received by user: 4


  # 1359551 5-Aug-2015 17:02
Send private message

Jase2985: you dont have devices connected via wifi? could be a phone uploading pictures to the cloud or something like that.

could turning off wifi on the router as well and see if that makes makes a difference.


While the N300 does have wifi capability, I have disabled that feature since I do not have any wifi devices in the house.

I think tonight, I will power off both cable modems, and check in the morning for activity on the vodafone traffic meter.
If there is none, I will power up one of the modems, and check a couple hours later and see if activity is recorded on the vodafone traffic meter. In this way I can at least determine if one or both or neither are contributing to the vodafone upstream traffic count.

 
 
 
 


19282 posts

Uber Geek
+1 received by user: 2600
Inactive user


  # 1359556 5-Aug-2015 17:12
Send private message

port 53 exploit?



126 posts

Master Geek
+1 received by user: 4


  # 1359569 5-Aug-2015 17:29
Send private message

johnr: port 53 exploit?


Hi Johnr, I checked port 53 using the canyouseeme.org site, and came up clean.

Was this what you meant me to do?

758 posts

Ultimate Geek
+1 received by user: 344

Trusted

  # 1359801 6-Aug-2015 08:35
Send private message

Have you installed Google Photos or something similar that might be uploading large amounts of data?

27989 posts

Uber Geek
+1 received by user: 7469

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  # 1359802 6-Aug-2015 08:38
Send private message

The most common cause of sudden uploading data is people with insecure routers or those who disable their firewall allowing DNS amplification attacks. it would seem that your machine is showing port 53 closed, but it would still be worth checking a nslookup against your IP.






126 posts

Master Geek
+1 received by user: 4


  # 1359806 6-Aug-2015 08:57
Send private message

VodafoneDylan: Have you installed Google Photos or something similar that might be uploading large amounts of data?


Hi Dylan,
no I have not installed any additional software recently. 

I think it is worth re-stating that the Vodafone upstream traffic meter was registering usage even when both my PC were turned off during the night.

I did power off both my Vodafone modem and the N300 router last night, along with both my PCs, and traffic in both directions was zero for that period, so that is useful information.

But as it happens, now that I have been focused on the activity this last two days, I see that the upstream usage count has been trending downwards, and as of this morning, is back to normal.

It is annoying that I did not notice this earlier, I've now burned 29GB of my data cap and am in the red by 3GB over my limit, with 4 days to get before the start on my next cycle.

I shall keep a close eye on the stats to see if I get a recurrence of the event in the coming month.

 
 
 
 


27989 posts

Uber Geek
+1 received by user: 7469

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  # 1359810 6-Aug-2015 09:01
Send private message

If no devices were connected and usage was still there a DNS amplification attack is the very first thing to look at.







126 posts

Master Geek
+1 received by user: 4


  # 1359820 6-Aug-2015 09:15
Send private message

sbiddle: The most common cause of sudden uploading data is people with insecure routers or those who disable their firewall allowing DNS amplification attacks. it would seem that your machine is showing port 53 closed, but it would still be worth checking a nslookup against your IP.


Hi sbiddle,
so I did an nslookup using a web service, and got a not found result, which is good. 

In the capture above I have erased my ip address where ever it showed.

My upstream count has trickled to nothing since this morning, so I shall keep an eye out for a recurrence and yell if I get another similar episode.

My thanks to all who replied to my post.

758 posts

Ultimate Geek
+1 received by user: 344

Trusted

  # 1359827 6-Aug-2015 09:23
Send private message

Garfield69:
VodafoneDylan: Have you installed Google Photos or something similar that might be uploading large amounts of data?

I think it is worth re-stating that the Vodafone upstream traffic meter was registering usage even when both my PC were turned off during the night.
I did power off both my Vodafone modem and the N300 router last night, along with both my PCs, and traffic in both directions was zero for that period, so that is useful information. ...

Cool - great points, thanks. :)

Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Dunedin selects Telensa to deliver smart street lighting for 15,000 LEDs
Posted 18-Jul-2019 10:21


Sprint announces a connected wallet card with built-in IoT support
Posted 18-Jul-2019 08:36


Educational tool developed at Otago makes international launch
Posted 17-Jul-2019 21:57


Symantec introduces cloud access security solution
Posted 17-Jul-2019 21:48


New Zealand government unveils new digital service to make business easier
Posted 16-Jul-2019 17:35


Scientists unveil image of quantum entanglement
Posted 13-Jul-2019 06:00


Hackers to be challenged at University of Waikato
Posted 12-Jul-2019 21:34


OPPO Reno Z now available in New Zealand
Posted 12-Jul-2019 21:28


Sony introduces WF-1000XM3 wireless headphones with noise cancellation
Posted 8-Jul-2019 16:56


Xero announces new smarter tools, push into the North American market
Posted 19-Jun-2019 17:20


New report by Unisys shows New Zealanders want action by social platform companies and police to monitor social media sites
Posted 19-Jun-2019 17:09


ASB adds Google Pay option to contactless payments
Posted 19-Jun-2019 17:05


New Zealand PC Market declines on the back of high channel inventory, IDC reports
Posted 18-Jun-2019 17:35


Air New Zealand uses drones to inspect aircraft
Posted 17-Jun-2019 15:39


TCL Electronics launches its first-ever 8K TV
Posted 17-Jun-2019 15:18



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.