[TelstraClear] TelstraClear Cable Usage Meter

Forums › One New Zealand (including Vodafone, WxC, Farmside) › [TelstraClear] TelstraClear Cable Usage Meter - recent spikes?

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#32524 19-Apr-2009 09:35

Is there anybody else out there who has had looked at their TCL usage meter over recent weeks and noticed any excessive traffic usage?

I've had a couple of days recently that have large figures that I can't seem to account for.

1 | 2

3009 posts

Uber Geek

ID Verified

Trusted

#207897 19-Apr-2009 10:49

I've just looked at mine, 8th April and 16th April look a bit high.. Does this match your spikes?

I average 2.6gb a day.. on those two days an approx additiional gig in traffic. Hard to tell in my usage meter as I stream 24/7 to the net so traffic can vary day to day.

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#207903 19-Apr-2009 11:28

16th April was definately a spike for me.

This is also all downstream traffic and not upstream - if you suddenly get more people listening it will all mainly be upstream so any spikes would presumably look quite obvious.

Looking back I have have large amounts of upstream traffic during the days on the 7,8 and 9th. My server here does run stuff on it and I will have usage - it's just that 200MB spikes during the middle of the day seem strange.

ZollyMonsta

3009 posts

Uber Geek

ID Verified

Trusted

#207908 19-Apr-2009 12:10

Yes it looks like a large download spike for me at around 1am/2am on the 8th April.
Possibly a windows update?

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#208247 20-Apr-2009 22:22

Interesting to start looking at some of the traffic being blocked by my router within the last few minutes. I'm presumably paying for some lam3ass to try and portscan or h8x0r me..

04-20-2009 22:14:08 User.Warning 192.168.1.1 Apr 20 22:14:27 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=61.160.217.10 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=102 ID=256 PROTO=TCP SPT=6000 DPT=1433 SEQ=363593728 ACK=0 WINDOW=16384 RES=0x00 SYN
04-20-2009 22:12:35 User.Warning 192.168.1.1 Apr 20 22:12:54 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=129.143.116.10 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=80 DPT=52390 SEQ=620210382 ACK=0 WINDOW=0 RES=0x00 RST URG
04-20-2009 22:12:35 User.Warning 192.168.1.1 Apr 20 22:12:54 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=129.143.116.10 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=80 DPT=52389 SEQ=240812101 ACK=0 WINDOW=0 RES=0x00 RST URG
04-20-2009 22:12:35 User.Warning 192.168.1.1 Apr 20 22:12:54 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=193.1.193.67 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=80 DPT=33244 SEQ=3328760997 ACK=0 WINDOW=0 RES=0x00 RST URGP
04-20-2009 22:12:35 User.Warning 192.168.1.1 Apr 20 22:12:54 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=193.1.193.67 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=80 DPT=35875 SEQ=703889888 ACK=0 WINDOW=0 RES=0x00 RST URGP=
04-20-2009 22:12:35 User.Warning 192.168.1.1 Apr 20 22:12:54 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=193.1.193.67 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=80 DPT=35876 SEQ=580334023 ACK=0 WINDOW=0 RES=0x00 RST URGP=
04-20-2009 22:12:35 User.Warning 192.168.1.1 Apr 20 22:12:54 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=193.1.193.67 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=80 DPT=35874 SEQ=2473155556 ACK=0 WINDOW=0 RES=0x00 RST URGP
04-20-2009 22:12:35 User.Warning 192.168.1.1 Apr 20 22:12:54 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=193.1.193.67 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=80 DPT=33242 SEQ=1966912953 ACK=0 WINDOW=0 RES=0x00 RST URGP
04-20-2009 22:12:35 User.Warning 192.168.1.1 Apr 20 22:12:54 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=193.1.193.67 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=80 DPT=33245 SEQ=4130482021 ACK=0 WINDOW=0 RES=0x00 RST URGP
04-20-2009 22:12:35 User.Warning 192.168.1.1 Apr 20 22:12:54 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=193.1.193.67 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=80 DPT=33241 SEQ=3922234484 ACK=0 WINDOW=0 RES=0x00 RST URGP
04-20-2009 22:11:22 User.Warning 192.168.1.1 Apr 20 22:11:41 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=129.143.116.10 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=61 ID=32501 PROTO=TCP SPT=80 DPT=52390 SEQ=620210382 ACK=3880840390 WINDOW=65535 RE
04-20-2009 22:10:47 User.Warning 192.168.1.1 Apr 20 22:11:06 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=129.143.116.10 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=61 ID=51675 PROTO=TCP SPT=80 DPT=52389 SEQ=240812101 ACK=3812705933 WINDOW=65535 RE
04-20-2009 22:10:45 User.Warning 192.168.1.1 Apr 20 22:11:04 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=129.143.116.10 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=61 ID=63193 PROTO=TCP SPT=80 DPT=51079 SEQ=1397377249 ACK=3940406176 WINDOW=65535 R
04-20-2009 22:09:41 User.Warning 192.168.1.1 Apr 20 22:10:00 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=129.143.116.10 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=61 ID=49080 PROTO=TCP SPT=80 DPT=52388 SEQ=1405240991 ACK=3755189698 WINDOW=65535 R
04-20-2009 22:08:48 User.Warning 192.168.1.1 Apr 20 22:09:07 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=129.143.116.10 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=61 ID=34459 PROTO=TCP SPT=80 DPT=52387 SEQ=3963515171 ACK=3721062822 WINDOW=65535 R
04-20-2009 22:08:03 User.Warning 192.168.1.1 Apr 20 22:08:22 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=129.143.116.10 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=61 ID=15999 PROTO=TCP SPT=80 DPT=52386 SEQ=3570326527 ACK=3681195361 WINDOW=65535 R
04-20-2009 22:07:22 User.Warning 192.168.1.1 Apr 20 22:07:41 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=193.1.193.67 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=61 ID=59557 PROTO=TCP SPT=80 DPT=35877 SEQ=4018615392 ACK=3651255836 WINDOW=65535 RES
04-20-2009 22:07:00 User.Warning 192.168.1.1 Apr 20 22:07:19 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=193.1.193.67 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=61 ID=55453 PROTO=TCP SPT=80 DPT=35876 SEQ=580334023 ACK=3644264078 WINDOW=65535 RES=

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#208250 20-Apr-2009 22:28

And more.. lots more

04-20-2009 22:28:15 User.Warning 192.168.1.1 Apr 20 22:28:34 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.35 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=16781 PROTO=TCP SPT=80 DPT=18261 SEQ=4174352291 ACK=3485266719 WINDOW=65535
04-20-2009 22:28:08 User.Warning 192.168.1.1 Apr 20 22:28:27 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.35 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=27393 PROTO=TCP SPT=80 DPT=18261 SEQ=4174352291 ACK=3485266719 WINDOW=65535
04-20-2009 22:28:06 User.Warning 192.168.1.1 Apr 20 22:28:25 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.35 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=8300 PROTO=TCP SPT=80 DPT=18261 SEQ=4174352291 ACK=3485266719 WINDOW=65535 R
04-20-2009 22:28:01 User.Warning 192.168.1.1 Apr 20 22:28:21 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=122.248.157.31 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=119 ID=0 PROTO=TCP SPT=80 DPT=25069 SEQ=1940676672 ACK=0 WINDOW=0 RES=0x00 RST URGP
04-20-2009 22:28:00 User.Warning 192.168.1.1 Apr 20 22:28:19 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=122.248.157.31 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=119 ID=0 PROTO=TCP SPT=80 DPT=57604 SEQ=4056586284 ACK=0 WINDOW=0 RES=0x00 RST URGP
04-20-2009 22:27:58 User.Warning 192.168.1.1 Apr 20 22:28:17 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.31 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=9954 PROTO=TCP SPT=80 DPT=25069 SEQ=1940676671 ACK=2019867632 WINDOW=65535 R
04-20-2009 22:27:54 User.Warning 192.168.1.1 Apr 20 22:28:14 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=122.248.157.35 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=119 ID=0 PROTO=TCP SPT=80 DPT=18261 SEQ=1806975392 ACK=0 WINDOW=0 RES=0x00 RST URGP
04-20-2009 22:27:51 User.Warning 192.168.1.1 Apr 20 22:28:10 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.31 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=21536 PROTO=TCP SPT=80 DPT=25069 SEQ=1940676671 ACK=2019867632 WINDOW=65535
04-20-2009 22:27:49 User.Warning 192.168.1.1 Apr 20 22:28:08 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.31 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=32375 PROTO=TCP SPT=80 DPT=25069 SEQ=1940676671 ACK=2019867632 WINDOW=65535
04-20-2009 22:27:46 User.Warning 192.168.1.1 Apr 20 22:28:05 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.31 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=11743 PROTO=TCP SPT=80 DPT=57604 SEQ=4056586283 ACK=2030144942 WINDOW=65535
04-20-2009 22:27:45 User.Warning 192.168.1.1 Apr 20 22:28:05 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=122.248.157.31 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=119 ID=0 PROTO=TCP SPT=80 DPT=25069 SEQ=1601255459 ACK=0 WINDOW=0 RES=0x00 RST URGP
04-20-2009 22:27:39 User.Warning 192.168.1.1 Apr 20 22:27:58 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.31 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=19804 PROTO=TCP SPT=80 DPT=25069 SEQ=1601255458 ACK=2019867632 WINDOW=65535
04-20-2009 22:27:39 User.Warning 192.168.1.1 Apr 20 22:27:58 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.31 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=21804 PROTO=TCP SPT=80 DPT=57604 SEQ=4056586283 ACK=2030144942 WINDOW=65535
04-20-2009 22:27:38 User.Warning 192.168.1.1 Apr 20 22:27:57 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.35 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=8627 PROTO=TCP SPT=80 DPT=18261 SEQ=1806975391 ACK=3485266719 WINDOW=65535 R
04-20-2009 22:27:37 User.Warning 192.168.1.1 Apr 20 22:27:56 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.31 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=1613 PROTO=TCP SPT=80 DPT=57604 SEQ=4056586283 ACK=2030144942 WINDOW=65535 R
04-20-2009 22:27:37 User.Warning 192.168.1.1 Apr 20 22:27:56 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.31 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=30543 PROTO=TCP SPT=80 DPT=25069 SEQ=1601255458 ACK=2019867632 WINDOW=65535
04-20-2009 22:27:33 User.Warning 192.168.1.1 Apr 20 22:27:52 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=122.248.157.31 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=119 ID=0 PROTO=TCP SPT=80 DPT=25069 SEQ=2292192324 ACK=0 WINDOW=0 RES=0x00 RST URGP
04-20-2009 22:27:31 User.Warning 192.168.1.1 Apr 20 22:27:51 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.35 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=17545 PROTO=TCP SPT=80 DPT=18261 SEQ=1806975391 ACK=3485266719 WINDOW=65535
04-20-2009 22:27:29 User.Warning 192.168.1.1 Apr 20 22:27:48 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.35 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=31484 PROTO=TCP SPT=80 DPT=18261 SEQ=1806975391 ACK=3485266719 WINDOW=65535
04-20-2009 22:27:22 User.Warning 192.168.1.1 Apr 20 22:27:41 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.31 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=6880 PROTO=TCP SPT=80 DPT=57604 SEQ=3371982579 ACK=2030144942 WINDOW=65535 R
04-20-2009 22:27:21 User.Warning 192.168.1.1 Apr 20 22:27:40 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.31 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=21350 PROTO=TCP SPT=80 DPT=25069 SEQ=2292192323 ACK=2019867632 WINDOW=65535
04-20-2009 22:27:15 User.Warning 192.168.1.1 Apr 20 22:27:34 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.31 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=19042 PROTO=TCP SPT=80 DPT=57604 SEQ=3371982579 ACK=2030144942 WINDOW=65535
04-20-2009 22:27:15 User.Warning 192.168.1.1 Apr 20 22:27:34 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.31 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=1970 PROTO=TCP SPT=80 DPT=25069 SEQ=2292192323 ACK=2019867632 WINDOW=65535 R
04-20-2009 22:27:12 User.Warning 192.168.1.1 Apr 20 22:27:31 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.31 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=26638 PROTO=TCP SPT=80 DPT=57604 SEQ=3371982579 ACK=2030144942 WINDOW=65535
04-20-2009 22:27:12 User.Warning 192.168.1.1 Apr 20 22:27:31 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=122.248.157.31 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=11623 PROTO=TCP SPT=80 DPT=25069 SEQ=2292192323 ACK=2019867632 WINDOW=65535

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#208251 20-Apr-2009 22:49

And some more.. And I have to pay for all this inbound traffic - what are you going to do about it TCL?

04-20-2009 22:48:02 User.Warning 192.168.1.1 Apr 20 22:48:21 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:08:00:30 SRC=86.26.81.0 DST=203.79.95.xxx LEN=48 TOS=0x08 PREC=0x00 TTL=109 ID=19512 DF PROTO=TCP SPT=3758 DPT=445 SEQ=2352710926 ACK=0 WINDOW=64240 RES=0x00 S
04-20-2009 22:47:59 User.Warning 192.168.1.1 Apr 20 22:48:18 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:08:00:30 SRC=86.26.81.0 DST=203.79.95.xxx LEN=48 TOS=0x08 PREC=0x00 TTL=109 ID=19080 DF PROTO=TCP SPT=3758 DPT=445 SEQ=2352710926 ACK=0 WINDOW=64240 RES=0x00 S
04-20-2009 22:47:56 User.Warning 192.168.1.1 Apr 20 22:48:15 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:10:00:30 SRC=86.26.81.0 DST=203.79.95.xxx LEN=48 TOS=0x10 PREC=0x00 TTL=109 ID=18660 DF PROTO=TCP SPT=3640 DPT=139 SEQ=2345775165 ACK=0 WINDOW=64240 RES=0x00 S
04-20-2009 22:47:53 User.Warning 192.168.1.1 Apr 20 22:48:12 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:10:00:30 SRC=86.26.81.0 DST=203.79.95.xxx LEN=48 TOS=0x10 PREC=0x00 TTL=109 ID=18231 DF PROTO=TCP SPT=3640 DPT=139 SEQ=2345775165 ACK=0 WINDOW=64240 RES=0x00 S
04-20-2009 22:47:31 User.Warning 192.168.1.1 Apr 20 22:47:50 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:28 SRC=222.133.11.98 DST=203.79.95.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=104 ID=49944 PROTO=TCP SPT=6000 DPT=1433 SEQ=2950938787 ACK=0 WINDOW=16384 RES=0x00
04-20-2009 22:46:07 User.Warning 192.168.1.1 Apr 20 22:46:26 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:40 SRC=203.76.84.98 DST=203.79.95.xxx LEN=64 TOS=0x00 PREC=0x00 TTL=31 ID=15238 DF PROTO=TCP SPT=2488 DPT=445 SEQ=716640812 ACK=0 WINDOW=53760 RES=0x00 S
04-20-2009 22:46:04 User.Warning 192.168.1.1 Apr 20 22:46:23 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:40 SRC=203.76.84.98 DST=203.79.95.xxx LEN=64 TOS=0x00 PREC=0x00 TTL=31 ID=14620 DF PROTO=TCP SPT=2488 DPT=445 SEQ=716640812 ACK=0 WINDOW=53760 RES=0x00 S
04-20-2009 22:41:24 User.Warning 192.168.1.1 Apr 20 22:41:43 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=60.170.25.164 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=23683 DF PROTO=TCP SPT=1515 DPT=135 SEQ=946520587 ACK=0 WINDOW=65535 RES=0x00
04-20-2009 22:41:21 User.Warning 192.168.1.1 Apr 20 22:41:41 kernel: DROP IN=vlan1 OUT= MAC=00:14:bf:88:30:e9:00:90:1a:40:74:41:08:00:45:00:00:30 SRC=60.170.25.164 DST=203.79.95.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=21862 DF PROTO=TCP SPT=1515 DPT=135 SEQ=946520587 ACK=0 WINDOW=65535 RES=0x00

Regs

4066 posts

Uber Geek

Trusted

Snowflake

#208258 20-Apr-2009 23:34

The first couple of posts show source port of 80 and dest port of random high port. Odd as usually you see the other way around. Maybe a worm attacking from behind a firewall that restricts everything but port 80 outbound?

the third post shows dest ports of 445, 135, 139 which are all microsoft netowrking ports (conficker worm targets 445 for rpc) and the 1433 which is typically sql server.

i'm not sure how much luck you will have trying to get anything done about it.. you could always ask for a new IP, but that might cause you more problems if you're runnning services.

A lot of tracerts, whois and abuse@isp emails can help sort it out, but that takes time and effort and ISPs often dont really seem to care - especially if you're not their customer.

Sales Engineer
Snowflake
www.snowflake.com

about.me/nzregs
Twitter: @nzregs

Sharesies

Trade NZ and US shares and funds with Sharesies (affiliate link).

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#208263 21-Apr-2009 00:04

They're still flooding in..

I'll take a stab and say all this uninitiated inbound traffic has possibly used somewhere in the region of 5-8GB this month. Time to start some investigation tomorrow!

Regs

4066 posts

Uber Geek

Trusted

Snowflake

#208265 21-Apr-2009 00:09

Unfortunately attempts by ISPs to prevent these sort of attacks from reaching subscribers has typically been met with heavy resistance. The only way to realistically prevent it is to firewall certain ports - e.g. 25, 1433, 445, 135, 139 etc - by default and require subscribers to for them to be opened as an exception.

Sales Engineer
Snowflake
www.snowflake.com

about.me/nzregs
Twitter: @nzregs

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#208269 21-Apr-2009 06:37

Wow

My TCL usage meter reset at midnight and I've already got 239MB of usage, my server is showing 2.6034 of RX traffic since midnight and .3359 TX and there will be some background traffic from my Asterisk box as well. My syslog manager is chokka full of inbound requests since midnight.

I wonder how many other TCL users are suffering the same issue?

Nety

2584 posts

Uber Geek

Retired Mod

Trusted

Lifetime subscriber

#208286 21-Apr-2009 09:11

Sbiddle do you have many outward facing service ports open? Have you used Sheilds Up! to see what can be seen from outside your firewall? As long as the h8x0r does not have any luck I would expect them to move on so might not be a permanent thing.

Media centre PC - Case Silverstone LC16M with 2 X 80mm AcoustiFan DustPROOF, MOBO Gigabyte MA785GT-UD3H, CPU AMD X2 240 under volted, RAM 4 Gig DDR3 1033, HDD 120Gig System/512Gig data, Tuners 2 X Hauppauge HVR-3000, 1 X HVR-2200, Video Palit GT 220, Sound Realtek 886A HD (onboard), Optical LiteOn DH-401S Blue-ray using TotalMedia Theatre Power Corsair VX Series, 450W ATX PSU OS Windows 7 x64

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#208289 21-Apr-2009 09:28

Nety: Sbiddle do you have many outward facing service ports open? Have you used Sheilds Up! to see what can be seen from outside your firewall? As long as the h8x0r does not have any luck I would expect them to move on so might not be a permanent thing.

Yes I have open ports on my server incl port 80 and 23 (for a mail server that requires authentication). I also a VPN and a few open ports for VoIP traffic to my Asterisk box but have a script that detects brute force attacks on SIP connections and creates an iptables rule to block them.

None of my logs indicate any significant traffic on these open ports - it all seems to be attacks on closed ports.

mjb

996 posts

Ultimate Geek

Trusted

#208307 21-Apr-2009 10:22

sbiddle: ... and?23 (for a?mail server that requires authentication).

You should use 587 for that then :)

contentsofsignaturemaysettleduringshipping

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#208723 23-Apr-2009 07:46

Just as an update I had my IP address changed on Tuesday afternoon. My total internet traffic usage yesterday was around 150MB downstream which is about what I would have expected. This comapres to an average of 500MB - 800MB per day that was hitting my router last week with similair levels of internet activity at my end.

For 3 weeks now I've been hit by hundreds of MB's per day of uninitiated traffic that I ended up paying for (incl overusage charges since I went over my cap).. Time to ring TCL today and try and at least get them to waive that as it was hardly my problem.

anatoki

85 posts

Master Geek

Trusted

#208999 24-Apr-2009 12:03

Time to ring TCL today and try and at least get them to waive that as it was hardly my problem.

Wait, what? You have open ports which traffic was coming in on and that's not your problem, how?

1 | 2