Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




123 posts

Master Geek


Topic # 10236 11-Nov-2006 13:03
Send private message

Hi,

I woke up this morning to 2 emails, within a couple of hours of each other. The first was an 80% alert from extra. The next was a 100% alert. 

I checked the xtra usage tool. It seems that in the space of 8 hours, on 11/11/06 I had used 4.5GB. I called the help desk. He said they would look into it.

Here are the possibilities:

1. An xtra metering fault.
2. Someone has hacked my WLAN and has been downloading movies.

I looked at my WLAN router admin screens (it's an aging Linksys) and noticed that there was a rogue, foreign, unwanted Mac address attached. I use 128 bit WEP encryption but I have since discovered that it can be hacked in minutes if you have the right tools. The rogue device had not got an entry in the DHCP table, however, so I am hoping they didn't actually manage to use my connection. They could, of course, have used a static IP address.

I have a few questions/issues:

1. Is this more likely to be a metering fault, or has my WLAN been abused?
2. The Linksys only supports WEP. How can I make this more secure?
3. Has this happened to anyone else?
4. Did anyone else think that the 'Broadband Unleashed' advertising implied that *existing* plans would now be at 'full speed'? It took me a while to work out that I would have to change to one of the new plans, even though the price is the same.
5. I had decided not to change my plan, because I am happy with my existing plan, and didn't want to risk any hidden disadvantages in the new plan. I have a VOIP ATA attached to my router, and my main concern is that my VOIP will get interfered with on the new plans. Is this a valid concern? Or am I being needlessly paranoid here?

Rob

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
19282 posts

Uber Geek
+1 received by user: 2600
Inactive user


  Reply # 51982 11-Nov-2006 13:12
Send private message

Someone may have hacked into it

BDFL - Memuneh
60034 posts

Uber Geek
+1 received by user: 11121

Administrator
Trusted
Geekzone
Lifetime subscriber

Reply # 51983 11-Nov-2006 13:13
Send private message

Another possibility is someone trying to use your PC to store files. Do you have any port forwarding on your router? A few years ago I had a ftp server in one of my machines and a port forward to that. My connection got an absurd amount of traffic, of people trying to connect to that server, which they couldn't, but they kep trying hundreds of connections per minute on a brute force dictionary attack trying to find a password.







 
 
 
 


Try Wrike: fast, easy, and efficient project collaboration software
99 posts

Master Geek


  Reply # 51984 11-Nov-2006 13:23
Send private message

I would guess that someone has used your wireless, especially if you can see the connection?

Perhaps there is a firmware update for your Linksys hardware which will update it to enable it to support WPA as well? I don't know much about whether this can be enabled in firmware alone, but certainly WPA is very similar to WEP. It is worth a quick look on the support website.

With regard to Xtra, I was on the old $49.95 5Gb cap plan, and I do get the benefits of the 'unleashing', the speed is great - I had 280KB/s over Bittorrent 2 nights ago, and more over http. I'm quite happy. However, perhaps this isn't a good example, as perhaps I have been automatically migrated to a similar plan in the new regime.



123 posts

Master Geek


  Reply # 51985 11-Nov-2006 13:23
Send private message

If someone bombards your IP address from outside, do you get metered for it, even if none of it gets through your router? I'm guessing that yes, you do.

Bugger.

Because I think that's what's been happening.

BDFL - Memuneh
60034 posts

Uber Geek
+1 received by user: 11121

Administrator
Trusted
Geekzone
Lifetime subscriber



123 posts

Master Geek


  Reply # 51988 11-Nov-2006 13:25
Send private message

tallPete: I would guess that someone has used your wireless, especially if you can see the connection?

Perhaps there is a firmware update for your Linksys hardware which will update it to enable it to support WPA as well? I don't know much about whether this can be enabled in firmware alone, but certainly WPA is very similar to WEP. It is worth a quick look on the support website.

Thanks, I'll check that out. 

As if I have time to deal with this!!!





123 posts

Master Geek


  Reply # 51989 11-Nov-2006 13:43
Send private message

freitasm: Yes, your connection is metered for all traffic.



I'm starting to work out what may have happened here.

I am a Mac and Linux user, but because I occasionally need to use a PC, I have a PC laptop. Now, I know how not to get infected with viruses, so I chose not to use antivirus software on it. (Degrades performance and is generally a pain in the arse.) My wife has started using the PC ... and she opened a dodgy attachment. (She knows the rules, but she was tired ... in a hurry ... didn't know what it was ... de da de da de da ...) The virus was the sort that opened up a heap of smtp connections and presumably advertised our IP address to some zombie network black hat somewhere ... who then called home and bombarded us with a zillion nefarious packets.

Moral of the story: even if you *think* your nearest and dearest know how to keep your hardware clean, think again ...

Argh.

This seems more likely than being hacked by the neighbours. Even if they did hack the WEP key, the signal would be too weak for them to download this much in that period of time. I suspect that the mac address showed up simply because their machine was in range for a while.

I have rebooted the modem, to get a new IP address ... and will be monitoring traffic very closely. The linksys can log to a syslog server, so I will be monitoring that.

Rob

BDFL - Memuneh
60034 posts

Uber Geek
+1 received by user: 11121

Administrator
Trusted
Geekzone
Lifetime subscriber



123 posts

Master Geek


  Reply # 51991 11-Nov-2006 13:47
Send private message

freitasm: Yep... Could be that. I recommend Windows Defender (www.microsoft.com/spyware) and Avast (www.avast.com), both free and very good.


Yes -- I've now put Avast on it -- I was surprised at how good it is at not interfering too much!! Although it creeps my wife out when it talks to her!!!

Rob

3535 posts

Uber Geek
+1 received by user: 125

Trusted

  Reply # 52007 11-Nov-2006 19:06
Send private message

robscovell:
2. The Linksys only supports WEP. How can I make this more secure?
3. Has this happened to anyone else?

We have a Wireless Router and there is someone in a nearby house with (probably) a laptop that attempts to connect to it every few days.  This may or may not be deliberate, I don't know.

In any case, the way I have solved this problem is by enabling MAC address filtering.  Even though your router is old, it should support that option.  I have yet to see one that doesn't.

The best idea is to disable all access from any MACs that aren't listed.  Then make sure to enter the MACs from your own laptops or PCs with WiFi adapters.  That way, only your PCs (or others you trust) will be able to use your bandwidth.

Apparently it is possible to sniff and then spoof the MAC address using some hacking tools and so in theory, the MAC address filtering could be defeated.  However, this has not been a problem in our neighbourhood.  Your experience may vary.

robscovell:
5. I had decided not to change my plan, because I am happy with my existing plan, and didn't want to risk any hidden disadvantages in the new plan. I have a VOIP ATA attached to my router, and my main concern is that my VOIP will get interfered with on the new plans. Is this a valid concern? Or am I being needlessly paranoid here?

Given that you are using VoIP, and from what others have said about using Skype via the XTRA Go Large plan, I would suggest it might be a good idea to avoid this plan at least until the dust has settled, and XTRA has hopefully resolved some of the problems.  It remains to be seen whether XTRA's new L7 filtering devices will continue to target P2P packets such as Skype, or whether this is just a teething problem.

Having said that, there are some Go Large users who have reported good results with Skype, so I am not saying categorically that you would experience problems with VoIP packets on Go Large, I can only say that there is a strong possibility you could do so.



123 posts

Master Geek


  Reply # 52013 11-Nov-2006 20:24
Send private message

Thanks, Grant, some good suggestions there.

I always feel on the back foot when it comes to security.

Rob

43 posts

Geek


  Reply # 52054 12-Nov-2006 10:37
Send private message

Actually yesterday I checked my usage, and it said I had used almost 4gb on Friday, and that I had used 3.8gb on Sat @10am-ish.  Checking my usage at 11pm I had 'used' 6gb.  That morning we called them, and they just tried 'upselling' to Go Large.  We are presently on 10gb max/128.  I really dont want to be limited 10 days away from my refresh!

I have a Dlink G604T with Wireless on, with WPA and MAC Filtering.  I have never noticed any attempts by others to join the network, and DHCP is turned off.
But heck, Its saying I used almost 4gb while I was sleeping.  Netlimiter reports I had used 1.2gb across several days, and my powerbook hasnt even been used.

So now I've 'used' 16gb, but not slowed down, except my bittorrent speeds are total crap.

EDIT: So far today, I have normal usage for the day, I did reset the router last night tho (firmware upg)

BDFL - Memuneh
60034 posts

Uber Geek
+1 received by user: 11121

Administrator
Trusted
Geekzone
Lifetime subscriber

Reply # 52056 12-Nov-2006 10:46
Send private message

Bittorrent? Perhaps other users are probing your server to check for seeds and this being a virtual DDoS? Once you have a port open and P2P installed there's no much control of traffic initiated from other machines targeting yours.





Juha
1318 posts

Uber Geek
+1 received by user: 5

Trusted
Subscriber

  Reply # 52057 12-Nov-2006 10:47
Send private message

As an experiment, I left my wireless access point open... it was quite interesting to see how many neighbours decided to "borrow" bandwidth. We're not talking about poor students, quite the opposite.




484 posts

Ultimate Geek
+1 received by user: 5


  Reply # 52083 12-Nov-2006 13:21
Send private message

juha: As an experiment, I left my wireless access point open... it was quite interesting to see how many neighbours decided to "borrow" bandwidth. We're not talking about poor students, quite the opposite.


You missed one important step there, you are supposed to pull some kind of prank as well.
A classic one is to replace all the results from a google image search with something else.

Most people don't use google images very often but it normally gets used as some point, so they won't susspect its you :)




pɐǝɥ sıɥ uo ƃuıpuɐʇs

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

TCF and Telcos Toughen Up on Scam Callers
Posted 23-Apr-2018 09:39


Amazon launches the International Shopping Experience in the Amazon Shopping App
Posted 19-Apr-2018 08:38


Spark New Zealand and TVNZ to bring coverage of Rugby World Cup 2019
Posted 16-Apr-2018 06:55


How Google can seize Microsoft Office crown
Posted 14-Apr-2018 11:08


How back office transformation drives IRD efficiency
Posted 12-Apr-2018 21:15


iPod laws in a smartphone world: will we ever get copyright right?
Posted 12-Apr-2018 21:13


Lightbox service using big data and analytics to learn more about customers
Posted 9-Apr-2018 12:11


111 mobile caller location extended to iOS
Posted 6-Apr-2018 13:50


Huawei announces the HUAWEI P20 series
Posted 29-Mar-2018 11:41


Symantec Internet Security Threat Report shows increased endpoint technology risks
Posted 26-Mar-2018 18:29


Spark switches on long-range IoT network across New Zealand
Posted 26-Mar-2018 18:22


Stuff Pix enters streaming video market
Posted 21-Mar-2018 09:18


Windows no longer Microsoft’s main focus
Posted 13-Mar-2018 07:47


Why phone makers are obsessed with cameras
Posted 11-Mar-2018 12:25


New Zealand Adopts International Open Data Charter
Posted 3-Mar-2018 12:48



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.


©2002-2018 Geekzone®