I'm being abused

[Sig_ZA]

Need some help here please.

I have a 192k line with a 3gig SAIX account.

On one day this month my usage was 740meg down and 730meg up. So that's about 1.5gig in one day.

My average MONTHLY usage is 1.5 to 2 gig!!!!

-I checked and there was only one session that day.
-NOD32 Antivirus = PC clean.
-Windows Defender = PC clean.
-Spybot S&D = PC clean.
-No P2P or torrent sofware installed.

My ISP insists that this data went via the same port.

HOW THE HECK IS THIS POSSIBLE?????

 

[m0zy]

Do you have a wireless router? If so then make sure it is secure.
Lost tons of gigs that way myself last year. And it was all my fault

 

[Scooby_Doo]

Put a bandwidth counter on your PC, this will give u a total of the amount of network traffic goimg through your pc and from that u can check if it wasn't your PC... Alternatively change the password on your adsl account and make sure you changed the default username password to access your adsl router.

Wireless, disable SSID broadcast and set up WEP or some other encryption + set only authorised PCs MAC addresses to be able to connect to the router...

 

[Sig_ZA]

Do you have a wireless router? If so then make sure it is secure.

Nope, no wireless.

Alternatively change the password on your adsl account and make sure you changed the default username password to access your adsl router.

No one knows the ADSL password, but I will change it anyway.
Question, how does 'them' having access to my router enable them to download?

 

[Franna]

By having access to your router they can look at your ADSL account name and password. This can then be configured on another router to steal your bandwidth.

Change your ADSL account password and the router admin default password.

 

[vortext]

Although it won't explain your upload data, but if it all happened on one day just check it wasn't a MS patch day when Windows Update goes and automatically sucks large amounts of updates that are now "ready to be installed".

 

[antowan]

Did you perhaps forget to set the upload bandwidth limit in some p2p proggy?

 

[sybawoods]

Hi Sig

I have just had a similar problem. Switched from a 10 gig SAOL account at the beginnng of April to my old Telkomsa account which had not been used for months. Found myself capped after 10 days. Highly unusual for me, but thought perhaps I had miscalculated. This month I was capped after 3 days! Then checked the official usage logs and discovered that the account had been capped even during the months that I had not used it when I was on the SAOL account.

Shocking stuff. I have sent an email to [email protected] to investigate but am not expecting much. And yep, I done all the necessary ages ago - changed loging password, changed router password, firewalled etc. I've been an ADSL user since launch day, and this is the first time this has happened. It' ain't safe out there - change your password regularly is my only advice.

 

[krycor]

since its almost symetrical sounds like you are being used as a proxy/relay? Have you installed anything recently? Its like my brother who downloaded something and i check just morning some open port to a media company + 125MB used in a few short hrs(like 2 or 3). 'netstat -b' is the command to know

 

[pupa]

Oh my ###! Get some advise here!
http://www.capegateway.gov.za/eng/directories/services/11575/47543

 

[Sig_ZA]

Ok, changed router and adsl passwords.
No funnies installed.
Guess I'll sit back now and see what happens.

 

[krycor]

use that netstat command, it lets you know whats connected and to where/ip or url. Though you have to watch and wait for whatever it was to do its thing again assuming it is on yourside/equipment.

 

[Scooby_Doo]

Nope, no wireless.



No one knows the ADSL password, but I will change it anyway.
Question, how does 'them' having access to my router enable them to download?

It’s relatively easy for some one to write a program to scan all the South African IP addresses, and since the default user name and passwords of all the ADSL routers are readily available it can use them to gain access to any router that has not had its default username & password changed. Once they have access they can take your username and password and use it in a different router for their own internet pleasure.

Hope it helps, again try get a bandwidth counter. Also nice is a firewall cuz when a program trys to connect to the net it will tell u and u can then choose to:

a. Let it always be able to connect.
b. Only this once.
c. Never.
d. Not this time.

Which is helpfull in seeing what is trying to connect to the net, and if u see a dodgy thing trying to connect to the net u can just tell the firewall to not allow it to connect.

works for me and i've had no problems.

 

[eagle-slayor]

i had the same problem with my 3G and found out that my Windows update was giving me ***

 

[sybawoods]

Just got confirmation from TELKOM that my account was abused:

Thank you for emailing Telkom Internet Abuse.

If you are using an ADSL router, we strongly recommend that you change the
admin router password, in the admin configuration. This is not the same as
the internet password. This is a default password for all routers of the type
you are using. ADSL support on 0800375375 can assist with setting the
router password. Changing this password will make it very difficult for the
cracker.

We strongly suggest that you change your internet password. Go to the Password
Management Tool at http://www.telkomsa.net.

We have checked your logs from our side and it shows that your connection was
used from different locations. If this was not authorized by you and require
further investigation, you will need to report this to your local police
station and obtain a case number. A subpoena will then need to be made out
against us, by the police, so we can issue the details of the connections to
them to give to you.

______How to obtain a Subpoena_______________________________________

Please note that the following information is to be added on to the subpoena.

First of all, it is very important to make the Subpoena out against
TelkomSA Ltd.

On the subpoena the following must be requested:

1. The telephone number associated with the ports identified.
2. The registered owner details of the telephone numbers identified.
3. The physical installation address of the telephone numbers identified.

Please remember to add the username details.

Once the subpoena has been received by the investigating officer, the
investigating officer has to hand the original subpoena to their Technical
Support Unit (TSU). The officer at the TSU will know who the identified person
in Telkom is to accept the subpoena on our behalf.

Kind regards

Telkom Internet Abuse
E-mail: [email protected]
Tel: 10215
International: +27 12 678 5502

 

[w1z4rd]

Change the default username/password on your router, and then change your adsl password.