6 replies to this topic

[tasman27]

I was just emailed by Comcast that I'm over my allotted 1TB of usage last month! I looked at the last 6 months and I've never used more than 60GB in a month, but the last 2 months were 900GB and 1059GB! I called Comcast and they suggested that I change all my internet and router passwords, but I'm still concerned that something (or someone) has access to my account. I have 2 PC's, a tablet, 3 mobile phones, and a Play Station connected to the Internet. The PC's and PS4 are hard wired but the rest are WiFi. I'm 2 days into my billing cycle and I'm already at 50GB! I'm retired and I'm the only one home during the day and I rarely use my PC. In December I purchased an extender as my wife was complaining that she wasn't getting service in the far side of the house. It's a Belkin EX-6100 dual band extender and according to the instructions, it's working properly with active protection. I also have a Linksys 6900 (also dual band)router which is fed by the comcast router. I'm also running Norton Internet Security Suite on all PC's and the tablet. I have a WD External Backup HD connected to one PC. Most of our Internet use during the week is after 5pm until 11pm. We don't stream movies or music. Comcast can't (or won't) give me any data on usage other than a monthly chart. I was interested in the peak times of the day to see when it's the highest, which would give me a clue. Does anyone know how to check to make sure the network is secure? I've never had this issue before now and I've had the Internet since it became available. Any assistance would be appreciated! Thanks, Taz

[paws]

Hi tasman 27, sorry to hear of the problems you are experiencing.
 
The figures you have quoted for your download usage are truly amazing and its understandable that you are concerned.
 
I have no experience of Comcast ( I'm based in the UK) but it seems very strange that they are unwilling to help, with giving you the details you seek. (ISPs here in the UK generally provide this sort of information as a matter of routine)
 
Do Comcast have a monopoly on providing the broadband in your location? if so you may be stuck with them, otherwise then maybe its time to vote with your feet?
 
There are native tools within Win 10 to let you see what that individual machine is downloading but this may not help with the multitude of devices that you have connected.
 
Many gateways/modems/routers/wireless access points these days will provide the facility you need to establish the total downloads from your home...check the operating manual for your hardware for details on how to access this, but usually you would be looking for controls labelled" usage" or similar.
 
The free version of GlassWire can be very handy for measuring this sort of thing.... take a look here:

https://www.howtogee...ding-data-caps/

Downloading music and videos is usually the reason for large usage so if this does not apply to your household then certainly some investigation is called for.

For some background reading and useful information have a look here:

https://www.broadban...-internet-usage

http://www.broadband...oad-limits.html

https://www.choose.c...band-usage.html

I'm sorry that these are mainly UK type sites but at least they should point you in the right direction!

As long as you have disabled remote access to your router management and have used secure passwords (min of 12 alphanumeric characters including a set of symbols and definitely no combination of characters that may be in any dictionary in any language then if the fruits of your research do not reveal the information you need then come back here with an update on the situation as it will then probably be necessary to refer you to our Virus and Spyware removal forum so an in depth look at your system can be made to see if any Remote access Trojans or other undesirable code have crept in to your computer despite your defences
Regards
paws

[Digerati]

In addition to paws' comments, there are a couple more things you can do/check.

 

Changing all your passwords was the first thing - and since you already did that, that is out of the way - as long as that included the "passphrase" required to access the wireless side of your network. The wifi passphrase is the MOST important as that is the easiest way a bad guy, or neighbor whizkid can gain access to your network. To hack into the Ethernet side, a bad guy would actually have to connect an Ethernet cable to your router - something that would be obvious.

 

In your router's admin menu, you should be able see the "attached devices" (or some similar name). You should only see those devices you authorized (PCs, printers, smart phones, smart TVs, Blu-Ray players, tablets, etc.). Note this table will refresh (or need to be manually refreshed) to reflect currently connected devices as they come and go. This will show you if your neighbor's are piggybacking (stealing) your bandwidth (which should not be happening if you changed the wifi passphrase to something they cannot guess).

 

Once you have verified only authorized devices are connected and using your network, you need to see which one is hogging your bandwidth.

 

The admin menu should also have a "Traffic Meter" (or something similar) feature that lets you track how much bandwidth you are using. If you see this rising when it should not be, you can go around the house and power down/disconnect each of your connected devices one-by-one and [hopefully] determine which one is "chattering" away. Just remember that many devices just go into standby mode when you press the power button, unless you unplug them from the wall or flip some master power switch. You need to actually kill the power to ensure they are not still communicating. For your Ethernet connected PC and PS4, simply disconnect their Ethernet cables. Just remember PS4s support wifi too so make sure that is disabled (or just unplug the power for now).

 

Through a process of elimination, you should be able to identify the offending device.

 

In your router's admin menu, you should also be able to set Internet access times. So you can tell your router to only allow connected (and authorized) devices access to the Internet between 6AM and 11PM, for example. You typically do this for all  devices, or pick and choose individual devices you want to authorize access. The down side to this is the later versions of Windows and many security apps are typically scheduled to check for and download important updates in the middle of the night. So if you go this route, make sure you are VERY diligent at manually checking for, and applying updates EVERY new day you use that device again.

 

You can also disable (turn off) only wifi access at scheduled times. This allows you to keep using your Ethernet connected PC while blocking all wifi access.

 

In the admin menu, you can restrict the number of devices allowed to connect at any given time. On my router, I do this by setting the IP range the DHCP (dynamic IP assignment) feature can use to assign IPs to connected devices. So, for example, if you only have 6 devices, you can tell your router to assign IP addresses in the range of 192.168.1.4 through 192.168.1.9 only.

 

You can go further, if you want and use "static" IP assignments only. This is where you manually assign specific IP addresses to each of your authorized devices (usually by their MAC address). This requires you to manually set up each device and to manually set up the router. So it is more work initially, but once done, it requires little attention (until you get a new phone or other connect device). This can also be a bit of a hassle if you have "guests" visit (kids/grandkids) who need access to network when there.

 

Or you can go mixed DHCP and Static. I do this. I have set a 10 node (device) range for DHCP, and I have "reserved" a static IP address assignment for my networked printer. In this way, my printer always get the same IP address. Having a static IP for networked printers is handy because it ensures the printer setup in the connected computers always points to the same IP.

 

 

[tasman27]

Thanks for all the replies!

 

After chatting with a Comcast security tech this morning, he told me that my meter showed about 80% download and 20% uploading of my total..... He said a residential network usually averages approx 4% U/L, so mine was unusually high. He alerted me to any peer-to-peer programs I may have on my PC. Sure enough, I have Frostwire and in the shared folder I had some tunes. Needless to say, I immediately purged the share folder to rid it of all shareable info. There's also a setting that prohibits sharing from a host PC, which I used.

 

I took paws' suggestion and installed Glasswire and it's doing a great job. After doing that, I checked the meter and it's just humming away at about 100Mg's give or take so it looks like we found the culprit. What seems odd is that I've had this program for about 6 mos, but it never was an issue on the U/L side. Guess I had some 'popular' tunes everyone wanted! LOL

 

Anyway, thanks for the replies (as usual) and I actually learned something from this experience! I'll be watching my meter for usage now to be sure that nothing is bleeding me dry! I have a little more work to do to reign in some devices and their usage, but now I know where to start!

 

Thanks paws and Digiterati!

 

Taz

[paws]

Glad you got to the bottom of it...well done!  

 

Using P2P applications is fraught with danger as you know, even if they are not used very much, they need access into your computer through your protections in order to work correctly.

 

Our standard recommendation has to be that in general they are best uninstalled, they are a major vector for the distribution of malicious code ( Virus, Trojans, Worms etc.)

 

Its your call, of course whether or not you uninstall it, but it may be useful for you to know that they are considered sufficiently dangerous for our sites Terms of Use to ban discussion of them here on our forum, except for their removal.

 

Regards and Safe surfing

paws

[tasman27]

Thanks....point taken and will make that decision.

 

Thanks for all your assistance and knowledge on the subject matter..

 

What The Tech never fails with it's determination and expertise!

 

Taz

[Digerati]

I just want to 2nd paws cautions. Filesharing via P2P sites and Torrents is one the most common methods bad guys use to distribute malware - not to mention it is commonly used to illegally distribute copyrighted materials, like longs and movies. This is because there is no one really at the helm ensuring nothing illegal or malicious is going on.

 

Note that Frostwire sprang up with "forked" (split) code from LimeWire after LimeWire was shutdown by court order due to illegal activity - similar in the way illegal telemarketers and hacker groups spring back up under different names after being shutdown.
 
I might suggest you check out Pandora. I love it. You can let it randomly select songs to play or build your own "Stations". Then based on your likes or dislikes, it will stream your favorites along with similar songs. So, for example if you "Like" Neil Young's Old Man, it may stream Marrakesh Express from CSN. Plus it will then stream in current songs of the same genre for a great mix of old classics and new songs.
 
The free version does have commercial ads every few songs, but if you find you really like Pandora, I recommend you then get Pandorian. It is a really nice free desktop client for Pandora that some how skips the commercials. And it does not run in a browser windows, which is nice (it is more like a "gadget"). In fact, I like Pandora via Pandorian so much, I donated a little bit to Pandorian's author. Something I don't do unless the freeware is exceptional, as this one is (I got a real nice, personal thank you note from the author which I appreciated too. And no, I have no connection or financial interest to plug this product - I just like it that much!).

 

You can opt for the paid version of Pandora for no commercials, better bandwidth, and other options. $3.99 per month or the discounted price of $36/year.
 
The point is, Pandora is 100% legal and malware free. And because the songs are just streamed too you and not downloaded onto your system (unless you buy them - which you can do through the Pandora interface), there's no risk of malware being dumped onto your system, or of anyone trying to access your computer to infect or steal... err... I mean to share tunes from you (or hog your bandwidth).

 

There are decent alternatives to Pandora, of course. If Pandora is not for you, I recommend you check them out too - anything but P2P and torrents.