Stealing my bandwidth at night

B

bryan

Member
Joined
Aug 5, 2003
Messages
11
Reaction score
0
Location
South Africa.
Someone is stealing bandwidth from my ADSL usage!.
For the last 2 months, it <i><b>appears</b></i> thatI have exceeded the cap and have been "punished" accordingly. Convinced that I had NOT used that amount of traffic, I switch the modem off every evening at 5, and note the daily usage befroe doing so.
Imagine my annoyance to find that someone used over 130Mb on my login last night!!!!.
The real annoyance is that I dont know who to phone or how to take it from here.
Can someone please advise (or comment)????
 
Telkoms usage tracker is not real-time and may not have recorded the days usage till the following morning.

To be certain try switching your ADSL off for two days and then see if your usage has increased...in the event your usage has indeed increased phone your ISP and request a change of password and/or username.

According to a post by helper it is poosible with at least the marconi units to steal a username and password.

see this thread : http://www.myadsl.co.za/forum/topic.asp?TOPIC_ID=281

<font color="orange">Please note I cannot verify if the above is true or not, merely that a forum visitor has posted the possibility.</font id="orange">
 
Thanks for the advice.
You recommend phoning the ISP - my point exactly - Telkom or SAIX (i thought they were the same) are my ISP but each says I must contact the other - the closed loop theory I guess.
Has anyone ever found the correct number to dial to change login and password - I dont have a clue
 
Phone 0800 375 375 - Explain your problem and the actions you took to verify this was a problem and ask him/her for advise, if they can't assist ask them for the number of someone who can. Be warned it can be many numbers later but you should be able to get someone who can advise.
 
I will verify that it is possible, on the Marconi and Netgear modems - not that I have done any hacking on either. By simply looking at the configuration of my modems I can see some security flaws in the default setup. Someone with a little network knowledge and the right tools will be able to grab your login and password to the ADSL network.

The problem is the default security settings on not only the Marconi, but also the Netgear modems. The first thing any user should do is change the default username and/or password on the modems. You also need to disable remote administration. If you haven't done so, you need to do this immediatly. Afterwards it would also be advisable to change your password for your ISP account.

Telkom technicians should assist new users in securing their connections when the installation is done, but it doesn't seem like Telkom places a high priority on security.
 
Just to scare you guys a bit further - one of the engineers here at work told me that he discovered (I don't know how) that one of Telkom's routers has a default username and password (no, I didn't want to know which one). Apparently it would then be child's play to bump an idle user off the router and then use his bandwidth.

Anyone know anyone at Telkom who can confirm this?
 
Don't know if it is relevant, but my firewall reports regularly attempts to access my PC from Telkom ADSL users. (IP = 165.165.xxx.xxx)
 
I have reported a possible hack method to Telkom and the tech admitted it was possible and will inform his supervisor. I got the feeling he was geniunely concerned about this matter and will at least test this hack method.
 
Please, all of you, disable filesharing if you are not using it on your pc, or at least give permission to only those who need it. So many DSL users have open shares. It's a HUGE security risk, not only for private data, but also usernames and passwords or work relating to business that may be saved on your drives.

Rather play it safe.
 
syntax,

passwords are not enough. Patch your MS based OS'es regularly. If you're not patched you are vulnerable to a NULL password hack which can give some1 admin privledges on the machine. If you really do need to enable your shares, invest in a dedicated machine to act as a firewall - an old p75 will do the trick.
 
<blockquote id="quote"><font size="1" face="Verdana, Arial, Helvetica" id="quote">quote:<hr height="1" noshade id="quote"><i>Originally posted by Pumba</i>
<br />Don't know if it is relevant, but my firewall reports regularly attempts to access my PC from Telkom ADSL users. (IP = 165.165.xxx.xxx)
<hr height="1" noshade id="quote"></blockquote id="quote"></font id="quote">
This is normal. I get this from all over the world. If you have a Windows machine, you should see plenty of hits to port 137 - that's just Netbios broadcast. But if you've disabled Netbios over IP on your ADSL link, set-up your Firewall right and protected your shares properly (share level security is not enough!), you shouldn't worry.
What can be a problem is if you're seeing hits to 135 (as I am more and more) - that could be the MS Blaster thing. Make sure you apply that patch Microsoft released a month ago.
 
well, if you did you reading up, you would find out that the ADSL modem that telkom provides is very nisecure, the insecurity allows a remote user to run script, run programs and piggy back of of your connection... [}:)]
 
I was just checking my usage figures for august and it seems very strange.

In a typical month i upload 100mb. From 1 - 18 August everything on the usage graph fits my average trend, but then on 19 August my upload graph jumps by what looks to be about 600mb! so currently now i am sitting on 803 mb uploaded for the month.

How is this possible? i dont play games over the net, and where would i be sending so much information anyway!
 
In terms of phantom bandwidth being used, I have noticed that some of the new viruses out, may not seriously mess your machine up, but they do try and connect to other servers, I have seen clients try and download mail and their sent bytes skyrocket.
 
came in this morning and on my pc was a kazza conversation dialog between two people (i never msgd anyone).
could someone have been using my ip address on kazaa and thats why i was receiving those messages?thus using my bandwidth
 
<blockquote id="quote"><font size="1" face="Verdana, Arial, Helvetica" id="quote">quote:<hr height="1" noshade id="quote"><i>Originally posted by SuPaStA</i>
<br />came in this morning and on my pc was a kazza conversation dialog between two people (i never msgd anyone).
could someone have been using my ip address on kazaa and thats why i was receiving those messages?thus using my bandwidth

<hr height="1" noshade id="quote"></blockquote id="quote"></font id="quote">
Well you might have received those messages if you got the IP address from a previous Kazaa user who was messaging.
But that wouldn't mean he was using your bandwidth really. It just means your PC will get request for files that it doesn't have.
Anyway, I don't recommend leaving your Kazaa connected over prolonged periods of time - not with our 3GB cap. If you have something to offer, you'll be capped within 2 days.
 
Telkom has on occasion been assigning duplicate ip addresses. A few weeks ago i tried to enter a chat room (don't ask) and someone else i know from durban had the same ip address as me...preventing me from logging into the chat at all. Is telkom assigning entirely random ip addresses?
 
what happens now

Well this is quite a unique topic , i want to know who is at fault here....:eek:

what i mean by this is if somebody[ the hacker ] is useing your[the user] ISP to download and upload lots of data is it the user's fault for not making his router secure and alowing the hacker to login and use his bandwidth,
or
is the hacker at fault for being a bad boy and scaning the IP ranges to try and see which routers are open and to then test the security of that rougter,
or
is it telkoms fault for not helping the user to setup a secure PC enviroment for there user and therefore leaving there customer wide open to these types of attacks.:o

The reason i want to know is because how would any normal user who is loosing there bandwidth followup on the hacker.What if this hacker managed to download 30gigs on a account, why should the user pay for it and why should the hacker pay for it if telkom does not try to ensure that there users are secure.

I recently have heared that there were a hole bunch of new internet laws that came into place , does anybody know what they are or where we can find out where we can check them out. :rolleyes:

thanks
 
Welcome back to the land of the living ... Mr Thread. You are now 2 years old.
 
I have never tested this, but there is a link on the telkomsa.net site that allows you to change your Telkom Internet Password. Its under member services and called "ADSL password tool"
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X