Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Usage spike
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Re: Usage spike
Usage spike
15-09-2012 9:40 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Hey all,
First post here so be gentle
I have the Plusnet 60gb a month account, which is just enough for my household (but only just).
Heavy users in our house. Which roughly equates to 2gb a day.
We had a bit of shock though when we noticed that 25gb was used last Thursday. I was at work and my son, who is a computer science student checked the logs from our Netgear router and it looks like our connection was somehow breached and hijacked. The firewall is up and running, so he tells me. He checked the logs and the vast majority of the hijacked usage was being directed via China (no surprise there). Most of the usage type was detailed as streaming on the Plusnet website. No one in the house even remotely would come close to that in one session. He checked the router logs in detail and he thinks that somehow they found a vulnerability via an iPad that was connected as he identified its IP address as being the one they used as the 'carrier'.
This has left us a little bit shocked to say the least. Our only defence was to restart the router to get a new IP address. The router at the time had been on the same IP for 6 consecutive days.
We did a search on the internet and didnt turn up any similar stories so we are completely baffled. Thanks goodness for dynamic IP allocation. At least we know when we restart there is no way they can find us again.
I am just gutted we now have less than half our usage allowance left and are only 5 days into the month!
Anyone had anything similar happen?
Cheers for now.
First post here so be gentle
I have the Plusnet 60gb a month account, which is just enough for my household (but only just).
Heavy users in our house. Which roughly equates to 2gb a day.
We had a bit of shock though when we noticed that 25gb was used last Thursday. I was at work and my son, who is a computer science student checked the logs from our Netgear router and it looks like our connection was somehow breached and hijacked. The firewall is up and running, so he tells me. He checked the logs and the vast majority of the hijacked usage was being directed via China (no surprise there). Most of the usage type was detailed as streaming on the Plusnet website. No one in the house even remotely would come close to that in one session. He checked the router logs in detail and he thinks that somehow they found a vulnerability via an iPad that was connected as he identified its IP address as being the one they used as the 'carrier'.
This has left us a little bit shocked to say the least. Our only defence was to restart the router to get a new IP address. The router at the time had been on the same IP for 6 consecutive days.
We did a search on the internet and didnt turn up any similar stories so we are completely baffled. Thanks goodness for dynamic IP allocation. At least we know when we restart there is no way they can find us again.
I am just gutted we now have less than half our usage allowance left and are only 5 days into the month!
Anyone had anything similar happen?
Cheers for now.
Message 1 of 5
(1,308 Views)
4 REPLIES 4
Re: Usage spike
15-09-2012 10:58 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Were these Chinese IP addresses definitely associated with the usage, or just intrusion attempts that the router thwarted?
Could there be a less sinister explanation - perhaps the iPad was downloading iTunes purchases, or iCloud synchronisation (onto the iPad rather than out of it), or Video podcast (vodcast) subscriptions updating?
I imagine that if it was 25GB in one day it wasn't iCloud uploading of your photos (since 1Mbps upload maxed out can only manage around 10GB per day, and 448kbps even less). That suggests that it was all, or mainly, downloads of some sort.
Is the iPad jailbroken, or stock?
Could there be a less sinister explanation - perhaps the iPad was downloading iTunes purchases, or iCloud synchronisation (onto the iPad rather than out of it), or Video podcast (vodcast) subscriptions updating?
I imagine that if it was 25GB in one day it wasn't iCloud uploading of your photos (since 1Mbps upload maxed out can only manage around 10GB per day, and 448kbps even less). That suggests that it was all, or mainly, downloads of some sort.
Is the iPad jailbroken, or stock?
Message 2 of 5
(406 Views)
Re: Usage spike
15-09-2012 11:25 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Regardless of your current issue, if 60GB is tight for you there's a 120GB option available if you look at Extra Usage at https://portal.plus.net/wizard/?wizard_id=20
jelv (a.k.a Spoon Whittler) Why I have left Plusnet (warning: long post!) Broadband: Andrews & Arnold Home::1 (FTTC 80/20) Line rental: Pulse 8 Home Line Rental (£14.40/month) Mobile: iD mobile (£4/month) |
Message 3 of 5
(406 Views)
Re: Usage spike
15-09-2012 11:51 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Thanks jelv for the tip... I will look into that. Didn't know that option existed.
Thanks CX23880 for your suggestions as well.
The IP addresses were associated with the usage and there were multiple ones involved, majority being Chinese and several were from Taiwan. It almost suggest a botnet type of attack. My thinking being there is some sort of hole perhaps in Safari for iPad that they have discovered, as it is Safari that is most active most on that iPad.
interesting thoughts as regards iCloud but I don't have the photo upload option turned on as yet in iCloud.
Also, I don't subscribe to any Video podcasts at all and that would be a huge amount of iTunes purchases.
The iPad is a 2nd gen and is stock and not jailbroken at all.
It would be nice to get an idea of what happened as it is a worry.
It is even more annoying and embarrassing as I operate quite a strict security regime, with password changes on a regular bases. And I consider myself more knowledgable than most in these things....
Just proof that you are never as completely safe as you think you are.
Thanks CX23880 for your suggestions as well.
The IP addresses were associated with the usage and there were multiple ones involved, majority being Chinese and several were from Taiwan. It almost suggest a botnet type of attack. My thinking being there is some sort of hole perhaps in Safari for iPad that they have discovered, as it is Safari that is most active most on that iPad.
interesting thoughts as regards iCloud but I don't have the photo upload option turned on as yet in iCloud.
Also, I don't subscribe to any Video podcasts at all and that would be a huge amount of iTunes purchases.
The iPad is a 2nd gen and is stock and not jailbroken at all.
It would be nice to get an idea of what happened as it is a worry.
It is even more annoying and embarrassing as I operate quite a strict security regime, with password changes on a regular bases. And I consider myself more knowledgable than most in these things....
Just proof that you are never as completely safe as you think you are.
Message 4 of 5
(406 Views)
Re: Usage spike
15-09-2012 10:16 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: flighty Our only defence was to restart the router to get a new IP address.
Are you sure about that?
It is possible for someone to direct unrequested packets (such as in a DDoS attack) which would be considered to be part of your usage, and possible for those packets to be made huge. This isn't standard usage of IP, but is certainly possible. However, it just isn't very likely.
It is thus rather more likely that the usage came from established connections.
However, the presence of a firewall makes it unlikely that a connection would be made incoming... so the likelihood is that it is an outbound connection made from something on your side of the firewall. And if that is true, then it is unlikely to care about the IP address, nor about whether the router has been restarted.
Note that this is about the direction of establishment of the connection, which is different from the direction that the bulk of the usage went in.
Plusnet Customer
Using FTTC since 2011. Currently on 80/20 Unlimited Fibre Extra.
Using FTTC since 2011. Currently on 80/20 Unlimited Fibre Extra.
Message 5 of 5
(406 Views)
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page