ISP hacked- I need a good traffic monitor program

john70t · 02-11-2015, 04:08 PM

Last month our internet bill went from $80 to $200.
I can't imagine software updates would require 12 gigabytes of traffic.

This month we used 10GB within the first 5 days or so.
(No movies, very limited youtube, etc.)

I did notice the router constantly flashing while the computer was off as well.
-We changed the network password to a more difficult one(from the factory 8 digit).
-I uninstalled Skype and the camera software for good measure as well.

After that the router has acted more 'normal', but it got me thinking...
I'd like to be able to see the pinging attempts and where they are originating from.
I'd like to catch this intruder.
This is a quiet elderly neighborhood so the list of suspects are limited.

I did a full MS Security Essentials sweep in safe mode. Nothing was found on this computer.
A virus is still a possibility though.
One thing odd is that Firefox won't connect to the Verizon numerical website and instead diverts to the default search engine. Also, while on Yahoo e-mail my arrow navigation keys stop working.

Any geeks know of a good traffic monitor?

Scott R · Scott R's Garage

Well "Wireshark" is always tried and true inspection tool. Just out of curiosity do you have any teenagers at home?

john70t · 02-11-2015, 04:26 PM

Only several dogs and one thoroughly diabolical and extremely evil cat. Hmm...

72doug2,2S · 72doug2,2S's Garage

tounces?

stomachmonkey · 06:53 PM

Sounds like someone was using your wifi network for torrent activity.

The Piratebay is back although there are suspicions that it's now a government run honey pot collecting IP addresses from visitors.

A smart habitual torrentor is not going to use his own network and lead the feds to his doorstep.

They were most likely parked in a car close to the house.

Wardriving - Wikipedia, the free encyclopedia

biosurfer1 · 02-11-2015, 06:59 PM

What is the Verizon website you're trying to get to? If anyone else can get to it but you can't thats a sign of malware

Brando · Brando's Garage

I vote your network was hijacked. Although, I can hit 10gb without using torrents easy. Netflix and Amazon Prime streaming video.

You may want to investigate any vulnerabilities in your router/access point. Maybe update firmware as well.

Sicklyscott · 02-12-2015, 05:49 PM

X2 on wireshark BUT if you're not a techie it might just be gibberish to you.

How often do you turn your PC off? If you keep it off and usage is still high that's your answer. If it's on but you're not doing anything and your bill is high then it's a nicely hidden piece of malware.

john70t · 02-12-2015, 06:44 PM

I think it's fixed for now.
It's an older air card with a warm battery. I thought at first it was having trouble getting signal and constantly pinging for towers. Doesn't do that anymore. Just don't want other neighbors having the same situation so I'll spread the word.

The numerical web address was something like 192.168.etc.etc.
Verizon's online setup utility for the router.
Worked in I.E. but F.F. didn't seem to recognize the address as valid.

I'll try the Wireshark thanks.
It may be well above my pay grade but worth learning a smidgen about networking.
I'd like to catch the %$#@.

Pelicans: Don't let this happen to you!
Change your OE router simple password to a long combo string.

Lapkritis · Lapkritis's Garage

192.168.1.1 is the LAN side to setup the router. You should be able to access this without connecting to the internet on the WAN. Set up a network passcode and also change the password to the router. If you find you're locked out, there's a physical reset button on the router to restore factory defaults.

VincentVega · 02-12-2015, 08:00 PM

Quote:

I think it's fixed for now.
It's an older air card with a warm battery. I thought at first it was having trouble getting signal and constantly pinging for towers. Doesn't do that anymore. Just don't want other neighbors having the same situation so I'll spread the word.

Are you sharing wifi with your neighbors? What did you fix?

stomachmonkey · 02-12-2015, 08:20 PM

Quote:

Originally Posted by john70t

I'd like to catch the %$#@.

Don't waste your time.

If they hacked your WIFI the only IP address they will have is the one assigned by your network.

Meaning the only trail will only lead right back to you because that's where it starts.

If your router supports VPN and they hacked in and used you as a relay they are smarter than you so you won't catch them and they probably live in China anyway.

john70t · 02-13-2015, 03:36 AM

The VPN angle is interesting but not quite sure how that works.
I thought an air card was just a telephone, which uses short range Bluetooth/WiFi to extend to a pc within 500 yards.

1). So someone on the other side of the world makes a connection, bypasses security, and obtains special permissions from my p.c.'s operating system.
2). And this allows them direct access to my card and ISP using a separate loop.
3). But wouldn't they need to pay their existing ISP for receiving the 10GB of traffic which they routed through my connection?

Mind blow at this point. Too early in the morning
I need a visual to understand it and need to research it by myself at this point.
You don't have to explain how the internet works.
Thanks for the advice.

Lapkritis · Lapkritis's Garage

Consider checking your software for available updates. Adobe Flash had a publicised vulnerability recently.

There is also the option of a smart power supply to the router. Depending on need, you may want to shut it down when you're asleep.

VincentVega · 02-13-2015, 06:23 AM

Quote:

2). And this allows them direct access to my card and ISP using a separate loop.

Quote:

3). But wouldn't they need to pay their existing ISP for receiving the 10GB of traffic which they routed through my connection?

Why would anyone pay for anything? Most folks dont launch attached from a bandwidth limited phone.

Most likely your pc was/is compromised. Your focus should be cleaning your pc and installing solid firewall/av protection.

stomachmonkey · 02-13-2015, 08:05 AM

Quote:

Originally Posted by john70t

The VPN angle is interesting but not quite sure how that works.
I thought an air card was just a telephone, which uses short range Bluetooth/WiFi to extend to a pc within 500 yards.

1). So someone on the other side of the world makes a connection, bypasses security, and obtains special permissions from my p.c.'s operating system.
2). And this allows them direct access to my card and ISP using a separate loop.
3). But wouldn't they need to pay their existing ISP for receiving the 10GB of traffic which they routed through my connection?

Mind blow at this point. Too early in the morning
I need a visual to understand it and need to research it by myself at this point.
You don't have to explain how the internet works.
Thanks for the advice.

First off I would like to retract part of my response, it was late, I was tired and had a goblet of the red stuff.

When I said "smarter" than you that was a mistype and unintended, I meant to say their skill set in this particular area exceeds yours. As in, just because I understand the concept of the game of golf I have no illusion that I could step on a course and play competitively against someone who plays 5 rounds a week.

OK,

A few ways for this to work.

1) They brute forced your WIFI networks password. They attached to that network and stole your bandwidth. They would have to be fairly close to do that. A neighbor or parked on the street likely no more than a house away.

2) They brute forced their way into the public facing side of your router. Most consumer home routers can be accessed from the outside as well as the inside. Depending on the routers capabilities they can now do all sorts of unpleasant things from setting up a VPN to obfuscate the true source of their activities to accessing your computers.

So for the VPN example, if their originating IP address was X and your routers public IP address were Y and they are torrenting files the destination for the torrents appears to be Y, meaning Y hides X. Their would be log entries in your router for X while it's happening but most consumer routers do not have a large enough memory to hold more than a day's, if that, of logs. So to find X you'd need to be looking while it's happening. Some consumer routers can be set up to email you the log file which gives you more data over time. That's all well and good assuming they are routing through only one VPN. They could bounce through multiple VPN's.

As far as their being charged from their ISP for the data? Most of us pay one monthly price for unlimited data. I could shove 1,000 GB's through my connection, (which I regularly do) does not cost me a dime extra.

john70t · 02-13-2015, 09:32 AM

Quote: