Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


robscovell

123 posts

Master Geek


#10236 11-Nov-2006 13:03
Send private message

Hi,

I woke up this morning to 2 emails, within a couple of hours of each other. The first was an 80% alert from extra. The next was a 100% alert. 

I checked the xtra usage tool. It seems that in the space of 8 hours, on 11/11/06 I had used 4.5GB. I called the help desk. He said they would look into it.

Here are the possibilities:

1. An xtra metering fault.
2. Someone has hacked my WLAN and has been downloading movies.

I looked at my WLAN router admin screens (it's an aging Linksys) and noticed that there was a rogue, foreign, unwanted Mac address attached. I use 128 bit WEP encryption but I have since discovered that it can be hacked in minutes if you have the right tools. The rogue device had not got an entry in the DHCP table, however, so I am hoping they didn't actually manage to use my connection. They could, of course, have used a static IP address.

I have a few questions/issues:

1. Is this more likely to be a metering fault, or has my WLAN been abused?
2. The Linksys only supports WEP. How can I make this more secure?
3. Has this happened to anyone else?
4. Did anyone else think that the 'Broadband Unleashed' advertising implied that *existing* plans would now be at 'full speed'? It took me a while to work out that I would have to change to one of the new plans, even though the price is the same.
5. I had decided not to change my plan, because I am happy with my existing plan, and didn't want to risk any hidden disadvantages in the new plan. I have a VOIP ATA attached to my router, and my main concern is that my VOIP will get interfered with on the new plans. Is this a valid concern? Or am I being needlessly paranoid here?

Rob

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
johnr
19282 posts

Uber Geek
Inactive user


  #51982 11-Nov-2006 13:12
Send private message

Someone may have hacked into it



freitasm
BDFL - Memuneh
79257 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

#51983 11-Nov-2006 13:13
Send private message

Another possibility is someone trying to use your PC to store files. Do you have any port forwarding on your router? A few years ago I had a ftp server in one of my machines and a port forward to that. My connection got an absurd amount of traffic, of people trying to connect to that server, which they couldn't, but they kep trying hundreds of connections per minute on a brute force dictionary attack trying to find a password.







Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup


tallPete
99 posts

Master Geek


  #51984 11-Nov-2006 13:23
Send private message

I would guess that someone has used your wireless, especially if you can see the connection?

Perhaps there is a firmware update for your Linksys hardware which will update it to enable it to support WPA as well? I don't know much about whether this can be enabled in firmware alone, but certainly WPA is very similar to WEP. It is worth a quick look on the support website.

With regard to Xtra, I was on the old $49.95 5Gb cap plan, and I do get the benefits of the 'unleashing', the speed is great - I had 280KB/s over Bittorrent 2 nights ago, and more over http. I'm quite happy. However, perhaps this isn't a good example, as perhaps I have been automatically migrated to a similar plan in the new regime.



robscovell

123 posts

Master Geek


  #51985 11-Nov-2006 13:23
Send private message

If someone bombards your IP address from outside, do you get metered for it, even if none of it gets through your router? I'm guessing that yes, you do.

Bugger.

Because I think that's what's been happening.

freitasm
BDFL - Memuneh
79257 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

#51986 11-Nov-2006 13:25
Send private message

Yes, your connection is metered for all traffic.





Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup


robscovell

123 posts

Master Geek


  #51988 11-Nov-2006 13:25
Send private message

tallPete: I would guess that someone has used your wireless, especially if you can see the connection?

Perhaps there is a firmware update for your Linksys hardware which will update it to enable it to support WPA as well? I don't know much about whether this can be enabled in firmware alone, but certainly WPA is very similar to WEP. It is worth a quick look on the support website.

Thanks, I'll check that out. 

As if I have time to deal with this!!!



robscovell

123 posts

Master Geek


  #51989 11-Nov-2006 13:43
Send private message

freitasm: Yes, your connection is metered for all traffic.



I'm starting to work out what may have happened here.

I am a Mac and Linux user, but because I occasionally need to use a PC, I have a PC laptop. Now, I know how not to get infected with viruses, so I chose not to use antivirus software on it. (Degrades performance and is generally a pain in the arse.) My wife has started using the PC ... and she opened a dodgy attachment. (She knows the rules, but she was tired ... in a hurry ... didn't know what it was ... de da de da de da ...) The virus was the sort that opened up a heap of smtp connections and presumably advertised our IP address to some zombie network black hat somewhere ... who then called home and bombarded us with a zillion nefarious packets.

Moral of the story: even if you *think* your nearest and dearest know how to keep your hardware clean, think again ...

Argh.

This seems more likely than being hacked by the neighbours. Even if they did hack the WEP key, the signal would be too weak for them to download this much in that period of time. I suspect that the mac address showed up simply because their machine was in range for a while.

I have rebooted the modem, to get a new IP address ... and will be monitoring traffic very closely. The linksys can log to a syslog server, so I will be monitoring that.

Rob

 
 
 

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.
freitasm
BDFL - Memuneh
79257 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

#51990 11-Nov-2006 13:44
Send private message

Yep... Could be that. I recommend Windows Defender (www.microsoft.com/spyware) and Avast (www.avast.com), both free and very good.





Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup


robscovell

123 posts

Master Geek


  #51991 11-Nov-2006 13:47
Send private message

freitasm: Yep... Could be that. I recommend Windows Defender (www.microsoft.com/spyware) and Avast (www.avast.com), both free and very good.


Yes -- I've now put Avast on it -- I was surprised at how good it is at not interfering too much!! Although it creeps my wife out when it talks to her!!!

Rob

grant_k
3539 posts

Uber Geek

Trusted

  #52007 11-Nov-2006 19:06
Send private message

robscovell:
2. The Linksys only supports WEP. How can I make this more secure?
3. Has this happened to anyone else?

We have a Wireless Router and there is someone in a nearby house with (probably) a laptop that attempts to connect to it every few days.  This may or may not be deliberate, I don't know.

In any case, the way I have solved this problem is by enabling MAC address filtering.  Even though your router is old, it should support that option.  I have yet to see one that doesn't.

The best idea is to disable all access from any MACs that aren't listed.  Then make sure to enter the MACs from your own laptops or PCs with WiFi adapters.  That way, only your PCs (or others you trust) will be able to use your bandwidth.

Apparently it is possible to sniff and then spoof the MAC address using some hacking tools and so in theory, the MAC address filtering could be defeated.  However, this has not been a problem in our neighbourhood.  Your experience may vary.

robscovell:
5. I had decided not to change my plan, because I am happy with my existing plan, and didn't want to risk any hidden disadvantages in the new plan. I have a VOIP ATA attached to my router, and my main concern is that my VOIP will get interfered with on the new plans. Is this a valid concern? Or am I being needlessly paranoid here?

Given that you are using VoIP, and from what others have said about using Skype via the XTRA Go Large plan, I would suggest it might be a good idea to avoid this plan at least until the dust has settled, and XTRA has hopefully resolved some of the problems.  It remains to be seen whether XTRA's new L7 filtering devices will continue to target P2P packets such as Skype, or whether this is just a teething problem.

Having said that, there are some Go Large users who have reported good results with Skype, so I am not saying categorically that you would experience problems with VoIP packets on Go Large, I can only say that there is a strong possibility you could do so.

robscovell

123 posts

Master Geek


  #52013 11-Nov-2006 20:24
Send private message

Thanks, Grant, some good suggestions there.

I always feel on the back foot when it comes to security.

Rob

d0tn3t
43 posts

Geek


  #52054 12-Nov-2006 10:37
Send private message

Actually yesterday I checked my usage, and it said I had used almost 4gb on Friday, and that I had used 3.8gb on Sat @10am-ish.  Checking my usage at 11pm I had 'used' 6gb.  That morning we called them, and they just tried 'upselling' to Go Large.  We are presently on 10gb max/128.  I really dont want to be limited 10 days away from my refresh!

I have a Dlink G604T with Wireless on, with WPA and MAC Filtering.  I have never noticed any attempts by others to join the network, and DHCP is turned off.
But heck, Its saying I used almost 4gb while I was sleeping.  Netlimiter reports I had used 1.2gb across several days, and my powerbook hasnt even been used.

So now I've 'used' 16gb, but not slowed down, except my bittorrent speeds are total crap.

EDIT: So far today, I have normal usage for the day, I did reset the router last night tho (firmware upg)

freitasm
BDFL - Memuneh
79257 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

#52056 12-Nov-2006 10:46
Send private message

Bittorrent? Perhaps other users are probing your server to check for seeds and this being a virtual DDoS? Once you have a port open and P2P installed there's no much control of traffic initiated from other machines targeting yours.





Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup


juha
1317 posts

Uber Geek

Trusted

  #52057 12-Nov-2006 10:47
Send private message

As an experiment, I left my wireless access point open... it was quite interesting to see how many neighbours decided to "borrow" bandwidth. We're not talking about poor students, quite the opposite.




Filterer
489 posts

Ultimate Geek


  #52083 12-Nov-2006 13:21
Send private message

juha: As an experiment, I left my wireless access point open... it was quite interesting to see how many neighbours decided to "borrow" bandwidth. We're not talking about poor students, quite the opposite.


You missed one important step there, you are supposed to pull some kind of prank as well.
A classic one is to replace all the results from a google image search with something else.

Most people don't use google images very often but it normally gets used as some point, so they won't susspect its you :)




pɐǝɥ sıɥ uo ƃuıpuɐʇs

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00


eero Pro 7 Review
Posted 23-Jul-2025 12:07


BeeStation Plus Review
Posted 21-Jul-2025 14:21


eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01


WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32


RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26


Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24


Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05


Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01


Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01


Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22


Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46


Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42


D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34


Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.