-
Join the MyBroadband community
South Africa’s biggest forum. Discuss, discover, and connect with thousands of members.
-
Question of the Day: If you were buying a TV today, which brand would you choose?
Crystal Web ADSL performance feedback thread Part 3...
- Thread starter Crystal Web Support
- Start date
- Status
AfricanTech
Honorary Master
Then you have to pin the culprit down the hard way. See above re stepping through one device at a time.
The only thing I can think of is a torrent client set to run without limits. Your router would normally load balance the amount of traffic going through which is why you wouldn't notice while the rest of you are on.
Last edited:
I don't have that Explora addon that MickeyD does. I can see all wifi activity in my Ubiquiti UniFi interface. Of the TV stuff, only the Apple TV is using wifi, and a paltry amount at that due to a lack of recent use.
I get good usage indicators in my Ubiquiti UniFi interface though. Every device belonging to a family member or friend has been accurately named (eg. Taylor's phone, Mike's laptop, Apple TV etc.), so a new device with just a MAC address for a name will stand out immediately. Not to mention the data usage would make it stand out.
So far not a squeak since changing to a prepaid account.
AfricanTech
Honorary Master
Ask CW to cancel your account and create a new one for you.
I don't want to do anything that could jeopardise my ability to reclaim losses though. Getting rid of the problem account won't help unless a hacker is confirmed and I get a refund. For now I want to see if the suspicious behaviour resurfaces.
Up and running on a full replacement account for the month.
AfricanTech
Honorary Master
Are there any younger family members (15 - 22) with access?
Orihalcon
Expert Member
Being DDOS'd maybe?
Sinbad
Honorary Master
- Joined
- Jun 5, 2006
- Messages
- 88,690
- Reaction score
- 41,233
Good possibility. That happened to me too.
Oh my god. I can stream Twitch in source quality for the first time in months. I assume that means my issues were specific to CW then.
Just one that age group. Uses a laptop that can't get faster than 20Mbps, and isn't a particularly data heavy user.
What do you recommend? I have a pretty expensive Zyxel SBG3300-N. Not keen to buy another router tbh, especially when my current one can handle ADSL, VDSL and fibre.
Wouldn't that result in me losing connectivity? I haven't noticed any degraded service at all throughout all this crap.
Just one that age group. Uses a laptop that can't get faster than 20Mbps, and isn't a particularly data heavy user.
What do you recommend? I have a pretty expensive Zyxel SBG3300-N. Not keen to buy another router tbh, especially when my current one can handle ADSL, VDSL and fibre.
Wouldn't that result in me losing connectivity? I haven't noticed any degraded service at all throughout all this crap.
AfricanTech
Honorary Master
From what I can see, you should be able to see the mac address of every device that is connected to the router - have your cross referenced all of them?
You'll probably want to be spending some quality time during business hours with the CW folk to see if you can get to the bottom of the issue.
wingnut771
Honorary Master
It probably is a ddos attack, and by changing isp's you're changing your IP. You could also leave your router off for 20 mins to get a new IP.
Orihalcon
Expert Member
A DDOS won't dc you. It will however eat your bandwidth. Your reporting software also won't catch it as it happens on route level.
You'll need a pFsense box running to monitor that.
I know this because I was, like a few other CW clients, DDOS'd a few months ago. Lost my cap in a single day. No other connection shown in their logs...nothing.
I also considered the hack option, but no.
Ask CW to pass the investigation up the tech chain to investigate a possible DDOS on your account.
You'll need a pFsense box running to monitor that.
I know this because I was, like a few other CW clients, DDOS'd a few months ago. Lost my cap in a single day. No other connection shown in their logs...nothing.
I also considered the hack option, but no.
Ask CW to pass the investigation up the tech chain to investigate a possible DDOS on your account.
I did cross reference the MAC addresses. As expected, the only omissions from the UniFi interface were my PC, the other wired PC, the switch and the CCTV DVR. Sigh. This situation really sucks. Going to use a voucher system from now on perhaps. Nice and Orwellian.
AfricanTech
Honorary Master
AfricanTech
Honorary Master
Do you have any additional info that you can share on how this attack is executed?
If it's sole purpose it to consume individuals' bandwidth, then this seems like a pretty directed attack on the ISP
Orihalcon
Expert Member
I think SinBad was also hit by this when it happened a few months back. It was against IS customers specifically at that time.
I don't think the sole purpose is to steal bandwidth. That is just a side effect of being on a capped account. I mean if you're on uncapped then it will just continue.
No idea why this would be happening to Bryn now though. His situation just sounds 1:1 identical to what happened to me.
No strange MAC addresses, no connections, no tracking in my logs on BOTH the router and PCs.
Just on the IS page I could see my connection having used a ton of data in a short span of time.
From what he's said I am 9/10 convinced this is a DDoS against him. Explains why when using another ISP account this does not happen.
Anyway. He should kick it up to CW tech support to check the account.
Sinbad
Honorary Master
- Joined
- Jun 5, 2006
- Messages
- 88,690
- Reaction score
- 41,233
yeah I was getting 100mb/sec of large UDP packets to random ports on my IP.
Bryn, try moving your cctv dvr to an offline router. They could be trying to access your cctv cameras to look what is going on in your house.
Just a thought.
- Status