Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




18 posts

Geek


# 139542 12-Feb-2014 12:49
Send private message

Hi all

As stated in the title, on my orcon bill it says I've gone over my data cap and quite dramatically. I'm not sure how this is possible when in previous months I fail to even use 50% of my 200gb cap let alone the 400gb that orcon state I have used in the previous 30 days. Has anyone else experienced this or has any idea what I can do? I obviously have a password on my wifi and a password on my router itself and there are only two computers in my house that are connected to the internet.

I've attached a picture of my usage from the orcon website if that helps at all.



Thanks in advance 
Shalen

Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3
2119 posts

Uber Geek
+1 received by user: 1200


  # 985019 12-Feb-2014 12:56
Send private message

What is the structure of your household? Kids, students?
What type of security does your wireless use?

I'd bet it's torrenting.




Location: Dunedin

 




18 posts

Geek


  # 985023 12-Feb-2014 13:00
Send private message

Hi, thanks for your reply.

My household is comprised of two people; myself a student and my mother.

I doubt she knows how to use torrents and I know I haven't been downloading torrents in the past month since I've been working.
I think my wifi security is WPA2, I've currently turned off the wifi to see if someone else has been using the internet outside my house who somehow knows the password.

 
 
 
 


578 posts

Ultimate Geek
+1 received by user: 46


  # 985027 12-Feb-2014 13:11
Send private message

Maybe someone has developed a programme to say they are you even though they are not and are using your internet data without your permission as the rightful owner of said cap?


345 posts

Ultimate Geek
+1 received by user: 59

Trusted

  # 985044 12-Feb-2014 13:36
Send private message

Can you PM me your username please>?




4th gen i7 Haswell 4770k, G.SKILL RipjawsX 16GB (4x4 Gb) DDR3 2400MHz, x1 GTS 460, Intel 180Gb 530 Series SSD, x1 Seagate 1Tb HDD, x1 Seagate 2Tb HDD, Modular 850w PSU, R.O.G. Maximus VII Formula mobo, Cooler Master Storm Trooper Chassis, Cooler Master V8 CPU cooler

"Five exclamation marks, the sure sign of an insane mind." - Terry Pratchett

No longer work for Orcon



18 posts

Geek


  # 985052 12-Feb-2014 13:43
Send private message

PM'd you FlameBeard

345 posts

Ultimate Geek
+1 received by user: 59

Trusted

  # 985095 12-Feb-2014 14:09
Send private message

Cheers for that, so of the two users, which I am guessing you mean you are a student living in the residence and your mother, can you account for the nine different devices which have a DHCP lease in the DHCP pool on the router, which have connected in the last four days since it was rebooted?

I'm seeing two PC's and two android phones, the others though I would have to perform an OUI look-up to ascertain what vendor they belong to.

If you cannot account for them, then your wireless has been breached and I would highly recommend changing the password.
Three of the devices are wired in via Ethernet and six of them are wireless devices.

Edit: Spelling (everytime without fail)




4th gen i7 Haswell 4770k, G.SKILL RipjawsX 16GB (4x4 Gb) DDR3 2400MHz, x1 GTS 460, Intel 180Gb 530 Series SSD, x1 Seagate 1Tb HDD, x1 Seagate 2Tb HDD, Modular 850w PSU, R.O.G. Maximus VII Formula mobo, Cooler Master Storm Trooper Chassis, Cooler Master V8 CPU cooler

"Five exclamation marks, the sure sign of an insane mind." - Terry Pratchett

No longer work for Orcon

27989 posts

Uber Geek
+1 received by user: 7469

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  # 985096 12-Feb-2014 14:10
Send private message

Do you have your router firewall enabled? It's hard to tell what's upstream and what is downstream on that list but if it's upstream you're probably a DNS or NTP bot.

DNS and NTP amplification attacks are absolutely out of control at present.

 
 
 
 


345 posts

Ultimate Geek
+1 received by user: 59

Trusted

  # 985099 12-Feb-2014 14:12
Send private message

sbiddle: Do you have your router firewall enabled? It's hard to tell what's upstream and what is downstream on that list but if it's upstream you're probably a DNS or NTP bot.

DNS and NTP amplification attacks are absolutely out of control at present.


No the user has disabled this from the factory default. (remote access is lovely)




4th gen i7 Haswell 4770k, G.SKILL RipjawsX 16GB (4x4 Gb) DDR3 2400MHz, x1 GTS 460, Intel 180Gb 530 Series SSD, x1 Seagate 1Tb HDD, x1 Seagate 2Tb HDD, Modular 850w PSU, R.O.G. Maximus VII Formula mobo, Cooler Master Storm Trooper Chassis, Cooler Master V8 CPU cooler

"Five exclamation marks, the sure sign of an insane mind." - Terry Pratchett

No longer work for Orcon



18 posts

Geek


  # 985100 12-Feb-2014 14:13
Send private message

Theres my own computer, two laptops, my phone, my mums two phones, our wireless printer and our tv which has wireless. Those are all the devices I can account for.

3344 posts

Uber Geek
+1 received by user: 1089

Trusted
Vocus

  # 985102 12-Feb-2014 14:14
Send private message

FlameBeard:
sbiddle: Do you have your router firewall enabled? It's hard to tell what's upstream and what is downstream on that list but if it's upstream you're probably a DNS or NTP bot.

DNS and NTP amplification attacks are absolutely out of control at present.


No the user has disabled this from the factory default. (remote access is lovely)


That will almost certainly be the problem.  Folks please don't disable your routers' firewalls, they are there for a reason :/

345 posts

Ultimate Geek
+1 received by user: 59

Trusted

  # 985103 12-Feb-2014 14:16
Send private message

Viscery: Theres my own computer, two laptops, my phone, my mums two phones, our wireless printer and our tv which has wireless. Those are all the devices I can account for.


so now from your original post of two computers, you now have three computers connected to the internet, and three phones. I only mention this as updates on these devices can cause unaccounted for usage.
That coupled with the fact your firewall has been disabled, I suspect my friend you're being DDoS'd or some other form of attack

Edit: clarification





4th gen i7 Haswell 4770k, G.SKILL RipjawsX 16GB (4x4 Gb) DDR3 2400MHz, x1 GTS 460, Intel 180Gb 530 Series SSD, x1 Seagate 1Tb HDD, x1 Seagate 2Tb HDD, Modular 850w PSU, R.O.G. Maximus VII Formula mobo, Cooler Master Storm Trooper Chassis, Cooler Master V8 CPU cooler

"Five exclamation marks, the sure sign of an insane mind." - Terry Pratchett

No longer work for Orcon



18 posts

Geek


  # 985104 12-Feb-2014 14:17
Send private message

Yes sorry, I forgot to include her work laptop and phone



18 posts

Geek


  # 985107 12-Feb-2014 14:20
Send private message

I've turned the firewall back on now, is there anything else that I could do?

345 posts

Ultimate Geek
+1 received by user: 59

Trusted

  # 985114 12-Feb-2014 14:25
Send private message

I've checked the usage for your account too, the last seven days of your billing cycle, your connection downloaded total of (upload+download) 311.66Gb of data, give or take a GB or two

That is a steady increase from the 4gb total per day average.




4th gen i7 Haswell 4770k, G.SKILL RipjawsX 16GB (4x4 Gb) DDR3 2400MHz, x1 GTS 460, Intel 180Gb 530 Series SSD, x1 Seagate 1Tb HDD, x1 Seagate 2Tb HDD, Modular 850w PSU, R.O.G. Maximus VII Formula mobo, Cooler Master Storm Trooper Chassis, Cooler Master V8 CPU cooler

"Five exclamation marks, the sure sign of an insane mind." - Terry Pratchett

No longer work for Orcon

345 posts

Ultimate Geek
+1 received by user: 59

Trusted

  # 985119 12-Feb-2014 14:31
Send private message

Viscery: I've turned the firewall back on now, is there anything else that I could do?


Change SSID and password would be my first port of call. I can do this for you if you want to PM me something you would like them changed to. Keeping in mind though that you will need to re-add the printer in my experience on the PC's (assuming they're running windows)

If you really wanted to get crazy to ensure nothing got on without your say so, you could statically assign every device on your home network from a different subnet range than default, then disable DHCP. That way, even if they breach your SSID, they're not going to get an IP address nor can they allocate one should they be exceptionally knowledgeable on how Orcon's modems assign IP's.

Depends how crazy you want to go




4th gen i7 Haswell 4770k, G.SKILL RipjawsX 16GB (4x4 Gb) DDR3 2400MHz, x1 GTS 460, Intel 180Gb 530 Series SSD, x1 Seagate 1Tb HDD, x1 Seagate 2Tb HDD, Modular 850w PSU, R.O.G. Maximus VII Formula mobo, Cooler Master Storm Trooper Chassis, Cooler Master V8 CPU cooler

"Five exclamation marks, the sure sign of an insane mind." - Terry Pratchett

No longer work for Orcon

 1 | 2 | 3
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Dunedin selects Telensa to deliver smart street lighting for 15,000 LEDs
Posted 18-Jul-2019 10:21


Sprint announces a connected wallet card with built-in IoT support
Posted 18-Jul-2019 08:36


Educational tool developed at Otago makes international launch
Posted 17-Jul-2019 21:57


Symantec introduces cloud access security solution
Posted 17-Jul-2019 21:48


New Zealand government unveils new digital service to make business easier
Posted 16-Jul-2019 17:35


Scientists unveil image of quantum entanglement
Posted 13-Jul-2019 06:00


Hackers to be challenged at University of Waikato
Posted 12-Jul-2019 21:34


OPPO Reno Z now available in New Zealand
Posted 12-Jul-2019 21:28


Sony introduces WF-1000XM3 wireless headphones with noise cancellation
Posted 8-Jul-2019 16:56


Xero announces new smarter tools, push into the North American market
Posted 19-Jun-2019 17:20


New report by Unisys shows New Zealanders want action by social platform companies and police to monitor social media sites
Posted 19-Jun-2019 17:09


ASB adds Google Pay option to contactless payments
Posted 19-Jun-2019 17:05


New Zealand PC Market declines on the back of high channel inventory, IDC reports
Posted 18-Jun-2019 17:35


Air New Zealand uses drones to inspect aircraft
Posted 17-Jun-2019 15:39


TCL Electronics launches its first-ever 8K TV
Posted 17-Jun-2019 15:18



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.