bandwidth notification - very high

SimonM_IDNet · May 14, 2013, 13:21:29

Hi,

As Simon said earlier regarding sniffing/snooping its a major can of worms and I think it is one for now we will avoid as we have no plans to do this on our customers traffic.

tfw7, as a precaution I have changed your IP. Please reboot your router as if you left it on default connection settings it should dynamically get the IP from us anyway. I would advise to monitor the connection with wireless of still and we can check this again tomorrow and see if this makes a difference.

As for nowster`s proposal regarding testing with our own test router on a separate IDNet test line, I certainly do not mind doing this and should other issues like this arise it can be something we can test as an alternative for our customers.

Kind regards
Simon Mulliss
IDNet support

nowster · May 14, 2013, 14:09:18

Quote from: Simon on May 14, 2013, 12:42:04
I think that's a whole new can of worms, isn't it?

Of course, hence me mentioning the Regulation of Investigatory Powers Act...

tfw7 · May 14, 2013, 14:18:32

Quote from: SimonM_IDNet on May 14, 2013, 13:21:29
Hi,

As Simon said earlier regarding sniffing/snooping its a major can of worms and I think it is one for now we will avoid as we have no plans to do this on our customers traffic.

tfw7, as a precaution I have changed your IP. Please reboot your router as if you left it on default connection settings it should dynamically get the IP from us anyway. I would advise to monitor the connection with wireless of still and we can check this again tomorrow and see if this makes a difference.

As for nowster`s proposal regarding testing with our own test router on a separate IDNet test line, I certainly do not mind doing this and should other issues like this arise it can be something we can test as an alternative for our customers.

Kind regards
Simon Mulliss
IDNet support

Thanks Simon - will reboot router tonight; keep wireless off; and check in with you tomorrow to see what the stats say. Hopefully that will do the trick!!

tfw7 · May 14, 2013, 19:18:38

ok have rebooted router; wireless is still off.
Will turn pc off again shortly, so there will be no usage from my side overnight again until tomo evening

SimonM_IDNet · May 15, 2013, 09:52:44

Hi,

Looking a lot better today. hopefully this has resolved the matter.

145835465    - 2013-05-14 21:49:27:00 - Downloads: 0.01 MB : Uploads: 0.01 MB Rate: PEAK
145842526    - 2013-05-14 22:49:26:00 - Downloads: 0.01 MB : Uploads: 0.01 MB Rate: PEAK
145849280    - 2013-05-14 23:48:03:00 - Downloads: 0.01 MB : Uploads: 0.01 MB Rate: PEAK
145855837    - 2013-05-15 00:46:46:00 - Downloads: 0.01 MB : Uploads: 0.01 MB Rate: OFF PEAK
145862694    - 2013-05-15 01:47:18:00 - Downloads: 0.01 MB : Uploads: 0.01 MB Rate: OFF PEAK
145869568    - 2013-05-15 02:49:22:00 - Downloads: 0.01 MB : Uploads: 0.01 MB Rate: OFF PEAK
145876367    - 2013-05-15 03:50:09:00 - Downloads: 0.01 MB : Uploads: 0.01 MB Rate: OFF PEAK
145883554    - 2013-05-15 04:50:41:00 - Downloads: 0.01 MB : Uploads: 0.01 MB Rate: OFF PEAK
145890146    - 2013-05-15 05:49:21:00 - Downloads: 0.01 MB : Uploads: 0.01 MB Rate: OFF PEAK
145896485    - 2013-05-15 06:47:09:00 - Downloads: 0.01 MB : Uploads: 0.01 MB Rate: OFF PEAK
145904249    - 2013-05-15 07:47:24:00 - Downloads: 0.01 MB : Uploads: 0.01 MB Rate: OFF PEAK
145911595    - 2013-05-15 08:49:12:00 - Downloads: 0.01 MB : Uploads: 0.01 MB Rate: OFF PEAK

Kind regards
Simon Mulliss
IDNet support

Steve · May 15, 2013, 10:08:48

tfw7 · May 15, 2013, 10:20:23

yay!! thank goodness for that!
Many thanks to SimonM and everyone else for their help support.

One question though - was it just some completely random, uncommon, unfortunate incident - or is there something I should/could be doing to prevent it happening again?

nowster · May 15, 2013, 11:55:06

Quote from: tfw7 on May 15, 2013, 10:20:23
One question though - was it just some completely random, uncommon, unfortunate incident - or is there something I should/could be doing to prevent it happening again?

Random and unfortunate, yes. Uncommon, no. And there is absolutely nothing you can do from your end to stop it.

Simon · May 15, 2013, 13:01:16

Curious perhaps, though, that I don't recall this being reported on here before (although, it might have been), yet we seem to have had two in one week. Coincidence?

Lance · May 15, 2013, 13:14:18

Probably. A targeted attack against the IDNet IP range would probably have resulted in more complaints on here.

Steve · May 15, 2013, 13:51:41

Does anyone know if the warning regarding bandwidth utilisation works on the amount downloaded or on a predicted figure. If you have a high download allowance ie 100Gb it's going to take a few days before you get anywhere near whereas with only 4Gb a you'll soon find out.

andrue · May 15, 2013, 15:17:23

Quote from: Steve on May 15, 2013, 13:51:41
Does anyone know if the warning regarding bandwidth utilisation works on the amount downloaded or on a predicted figure. If you have a high download allowance ie 100Gb it's going to take a few days before you get anywhere near whereas with only 4Gb a you'll soon find out.

Also, Support told me the warning only goes out on certain dates. Something like the 7th, 14th, 21st and 28th I think.

I raised the issue myself several months ago because my FTTC connection can consume nearly 500MB a minute at full flow which means 50p a minute if you exceed your allowance

Steve · May 15, 2013, 17:19:05

So theoretically if you go away for a week or so and leave your router on,suffer a persistent DDOS attack in the meantime . End result could be a very expensive bill. I do leave my router on whilst away as often people baby sit the house and dog,I don't check emails whilst abroad, perhaps I should think again.

Simon · May 15, 2013, 17:42:04

On the Billion, you can set it to detect 'Intrusions'. Would that offer any protection?

talos · May 15, 2013, 18:03:10

https://www.grc.com/x/ne.dll?bh0bkyd2

Don't know if this may be of any use, it's supposed to sniff out vulnerabilities.

Steve · May 15, 2013, 18:23:03

Quote from: Simon on May 15, 2013, 17:42:04
On the Billion, you can set it to detect 'Intrusions'. Would that offer any protection?

Don't think so as it doesn't stop them coming down the line, it tell you whats happening but the only sure way is to turn the router off or change the IP address.

Steve · May 15, 2013, 18:25:41

Quote from: talos on May 15, 2013, 18:03:10
https://www.grc.com/x/ne.dll?bh0bkyd2

Don't know if this may be of any use, it's supposed to sniff out vulnerabilities.

Yes it's useful Bob as a security check of your networks exposure to the WAN but it still doesn't stop the b*stards looking at or flooding the connection, which is what has happened here.

Simon · May 15, 2013, 19:17:21

It is slightly worrying that there seems to be no way to prevent this from happening. $:-\$

tfw7 · May 15, 2013, 19:24:20

Quote from: Steve on May 15, 2013, 13:51:41
Does anyone know if the warning regarding bandwidth utilisation works on the amount downloaded or on a predicted figure. If you have a high download allowance ie 100Gb it's going to take a few days before you get anywhere near whereas with only 4Gb a you'll soon find out.

predicted figure I think - because my peak limit is really low at 4GB, if I do happen to download a few things in the first week of the month I often get a warning, but then by the end of the month find I haven't exceeded my limit at all.

Not sure if they go out on set dates, but tracking back through a few I've had (yes I keep all the emails!) they seem to come a week apart - ie you only get a 2nd one 7 days after the first one.

tfw7 · May 15, 2013, 19:24:47

Quote from: Simon on May 15, 2013, 19:17:21
It is slightly worrying that there seems to be no way to prevent this from happening. $:-\$

indeed

mervl · May 15, 2013, 19:54:54

I suppose I've always realised this danger of static IPs, but if I get it right IDNet charge on data which passes through their servers to the IP address, so it's irrelevant whether the data flood gets into your local network or not (i.e. is blocked by the router). Is the only way round this to disconnect the router or PC in the case of a direct connection, so there's no synchronisation with IDNet's server and no data flow beyond IDNet's server for them to measure (or are you stuffed as the data is still moving through their network), whilst you get them to change your IP address? The router and PC will often if secured show nothing amiss, only the IDNet reporting 24 hours or more later. The only thing I'm unsure about is if your router is set to block all port scans from the internet, why would an attacker mount an attack if "nothing's ever there", the same as an unused address? With a dynamic address you can reboot after a suitable delay to ensure you get a new IP address.

Does using a one of the free VPN's for all traffic help - prevents sniffing of traffic I suppose to identify an active address, but the unlikelihood of an attack has to be balanced with the loss of some entertainment/financial and business services which also need to identify your IP address for location purposes. (As far as I can tell they can detect VPN software is installed even if it's not running?).

Why can't the website and hence the connected widget, show real time or hourly updates, though if these are available to IDNet as seems to be the case?

nowster · May 15, 2013, 23:48:54

Quote from: mervl on May 15, 2013, 19:54:54
Why can't the website and hence the connected widget, show real time or hourly updates, though if these are available to IDNet as seems to be the case?

ADSL is conveyed over the backhaul to/from the DSLAM (exchange equipment) as PPP encapsulated in L2TP. (21CN and LLU may work differently. I've not been in the business for getting on for 4 years now.) The cost for bandwidth is for the backhaul from DSLAM to LNS (originally called a Home Gateway) at the ISP. If there's no PPP session (ie. the modem is off) the traffic is dropped at the LNS and doesn't travel over the backhaul, so is not chargeable.

The traffic will still be reaching the ISP over their links to other ISPs (upstreams and peers), but that cost is at least two orders of magnitude less than that of backhauling between the customer's exchange and their own network.

Periodically, the LNS reports the traffic associated with an individual PPP link, using a RADIUS accounting report. It depends on how often it reports as to how often the ISP can update their billing database. Depending on how the ISP is structured, they may or may not have direct control of parts of this infrastructure.

Going_Digital · May 16, 2013, 20:37:50

This happened to me as well and has pushed me way over the limit and at IDNets exorbitant data rates of £1 per Gigabyte I'm facing extra charges

. Despite having been an EXTREMLY light user on average less than 1.5GB of my 15GB allowance every month for the last 2 years IDNet insist on making the charge even though I could do nothing to stop the flood being aimed at me. I have decided to ask for a MAC and switch to Plusnet so I don't get hit with unexpected charges. There is no way that it costs anywhere near £1 per GB in bandwidth charges, you would have thought in a case like this that there would be some leeway but seems IDNet would rather get a one off fee and loose a customer.

Simon · May 16, 2013, 21:27:54

Actually, IDNet's additional bandwidth charges are fairly competitive, when compared with like for like ISPs. Zen, for example, charge £1.52 per Gb for an 'overdraft'. I do see your point, though. It doesn't seem fair that a customer should have to foot the bill for something out of their control, but I guess it's not IDNet's fault either, so it's a bit of a catch 22.

Steve · May 16, 2013, 22:42:55

It is the customers responsility ultimately to keep an eye on their usage. Perhaps in light of recent events we should all be more vigilant.