In the last month my mother has had her optus serve halted twice for having an abnormal amount of traffic.

The first time the guy on optus said it was just a warning and he would start up the service again - and asked if we had a wireless router :o which we did. ZOMG!!!! So I went in and disabloed the wireless (as it wasn't being used and my mother said "Oh don't worry about setting up encryption".. tool)

Second time was this morning.... rang up, same drill. No wireless on, no p2p software, spybot has been updated and run and nothing major found, avg has been updated and run and no infected files

20gig a month is like 15 days at constant upload or 30 at half so this is like a major 'wtf' moment!


Any other ideas as to what would be using our network to send data.

Download NetLimiter and work out where your traffic is coming from!
It basically monitors all uploads and downloads coming in and out of the computer.

Thanks, I downloaded it. It seems to only give live stats on what programs are using what speed and the stats offer how much was sent and received but it doesn't look like it lets you see what porgrams used what amount of bandwidth

First up, have you restarted and set it to run in start up? It doesnt show up all programs until you do.
I have netlimiter 1.30 and if I select a program from the list down the bottom in the stats are it tells me how much it has sent since startup.

I would be using this to find out whats uploading - because its obviously a constant thing at a lowish rate, find out whats uploading(make sure nothing is uploading at all that you know of) and if something comes up with it then you know you have found the culprit.

However im not sure if it shows up all trojans etc.

Theres some DOS commands as well, that show all outgoing connections - but i cant remember them at the moment and im meant to be studying.

your mum's an internet webcam star

might be a little obvious but you could change your optus login password

i accidently set up a fileserver on your mums computer which hosted kat.zip to 20,000 horny chinese schoolkids


sorry

that deserves an uppercut

Kat have a look at Port Explorer from the DiamondCS website.

It will list what process is using which inbound/outbound ports and how much data for each.

My guess is your computer has become either a mail relay, but unlikely because Optus block that default port. Or a relay for warez kiddies moving their juwarez, which with the whole Pirate Bay fiasco would seem more likely as those people search for alternate methods to distribute.

Let us know what you find ;-)

net limiter doesn't show up some stuff on my computer, it shows the program but fails to display what it transfers. I prefer my kerio firewall for connection/speed of up or download or tcpview for just the connection status.

uploading kat.zip to everyone over the msn constantly would do something like that.

just install kerio/sunbelt it's free, fully functional for 30 days after which it keeps working but the web filtering crap and the ability to allow gateway mode are disabled so on a single computer it's not really a problem.
It lets you see exactly what programs are connecting out and allow/deny them. Just make sure whoever sets it up knows what they're doing and doesn't just keep hitting allow for everything.

start > run > cmd > netstat

uploading kat.zip to everyone over the msn constantly would do something like that.

:hi5:

My guess is your computer has become either a mail relay, but unlikely because Optus block that default port. Or a relay for warez kiddies moving their juwarez, which with the whole Pirate Bay fiasco would seem more likely as those people search for alternate methods to distribute.

yeh cause i just love moving my 0days around at 128k!

no doubt

Your mother is probably uploading and she doesnt even know it. Or knows it but doesnt tell you.

Your mother watches porn.

Or a relay for warez kiddies moving their juwarez, which with the whole Pirate Bay fiasco would seem more likely as those people search for alternate methods to distribute.

I'm not sure if you were trying to be funny but that's probably one of the most misinformed comments I've read.

1. Distribution requires huge bandwidth. On the order of 10-100Mbps. Hence someone's measly 256kbps upstream wouldn't even be worth considering.

2. Why would they upload it to you in the first place? For storage? The average mum-and-dad PC wouldn't have high-gigabyte or terrabyte-level storage to cater for storage.

A zombie PC used for attacks would be more probable than this.

might be a little obvious but you could change your optus login password

What would changing a password do to stop programs from uploading crap?

i'm keen to find out what the cause was:O

What would changing a password do to stop programs from uploading crap?

if its cable, other people can log into her account with their cable and use it to upload kat.zip

actually yeah i agree with you now on second thoughts. What would changing a password do, noob ?!

if its cable, other people can log into her account

Yeah, you'd sort of notice the lack of net access if someone kicked you off.

This is assuming 2 people can't use the same account simultaneously.

NetLimiter is what I want, I just wish it showed what programs used the bandwidth. PorExplorer looks like the go. Cheers for that.

So far there is only 32KB which was sent while no on was on the computer but that would be from normal use/email checking etc so nothing fishy yet.

Process guard doesn't want to work for me :(

If it is cable the only way two people could use it was by both accessing the network. knowing the password wouldn't really give them the power to use the cable from another site.. I mean tell me if I am wrong here

I just wish it showed what programs used the bandwidth.

From the last month?
I dont think there is anything out there that could show what used the bandwidth last month!

No, no. From here on in.

Sadly if the traffic isn't on this computer we are fooked anyway :)

No, no. From here on in.

As far as im concerned it shows total usage...and if you select the program it shows the usage for that program.
If i remember tonight ill post a screenie of mine. Maybe you havnt selected an option or something?
Mine shows me how much each program has used since i last reset it or since install if you havn't reset.
Maybe im completely missing the point, brain is pretty mushy from study already :(

What model router is in use?

Though it may not necessarily help find out exactly what's using the bandwidth, enabling SNMP and looking at details from that might help you find out a little more information. What logs are available might also reveal something you didn't already know.

Also, if you care to dump a netstat -a -n or netstat -b, someone here might spot something out of the ordinary.

last edited by Raven at 11:42:25 22/Jun/06

Fireblood, if you could that would be great. I can't see to get that working on mine :)

Raven, elvis had a look at the netstat and couldn't find anything out of the ordinary. It is a WGT624 netgear

kat im not familiar witht that router but im assuming it has mac filtering static routing..if only one pc is usng it then i would sugest enabling mac filtering and assigning static IP address along with encryption(even though the encryption is s*** and yes i know mac spoofing isnt hard..)

if posible enable logging so you can see who is logging on from what machine and at what time. that way if someone is stealing bandwidth you will be able to see it more clearly..

As far as im concerned it shows total usage...and if you select the program it shows the usage for that program.

Fireblood is correct.

As far as I know, you need Netlimiter 2.0 (or Pro) to see the stats. My older version of 1.29 didn't have the option.

Just right-click each program in turn and select "Show Stats". You can then change to a Monthly view if you desire, etc. But you'll have to wait a couple of days for it to tally all of the usage since installing the program.

http://homepage.powerup.com.au/~boldajis/images/nl.jpg

Ahhh cheers for that parabol and fireblood. I didn't think about right clicking :)

Mines 1.30 - but it does have it!
I have a panel down the bottom of the list of programs - maybe I turned it on or something...meh!
Hopefully Problem Solvered!