Unknown upload traffic

Discussion in 'C-Touch/HomeGate/SchedulePlus/PICED Software' started by DarylMc, Mar 13, 2012.

  1. DarylMc

    DarylMc

    Joined:
    Mar 24, 2006
    Messages:
    1,315
    Likes Received:
    49
    Location:
    Cleveland, QLD, Australia
    Hello everyone
    My problem is not exactly CBus related but it is concerning a Homegate PC at a customer's house which runs 24/7.
    Over the last two weeks there has been an unusual amount of upload data measured by BigPond through the 3G modem.
    On one day 1G was uploaded and the customer tells me that none of their devices were turned on that day.
    According to the BigPond usage meter there were several other days over the 2 week period where the uploaded data was 10 times the download data.
    I can't think of a reasonable explanation for this but there are several ports forwarded to applications which require a password.
    BigPond tech support was suggesting that the single PC might have uploaded 1G to Windows Update but I wouldn't have thought that likely.
    I was suspicious of a Java update waiting to be installed and wonder whether it was creating some traffic while it was waiting.
    In fact since I installed the Java update the uploads have been minimal.
    The site uses a dynamic DNS hostname set in the router and this has stopped updating yesterday for some reason which may also explain why the uploads have reduced since the computer cant be found.
    Does anyone have any other suggestions since I am very concerned to see 1G uploaded in a day without an explanation?
     
    DarylMc, Mar 13, 2012
    #1
  2. DarylMc

    daniel C-Busser Moderator

    Joined:
    Jul 26, 2004
    Messages:
    770
    Likes Received:
    21
    Location:
    Adelaide
    First eliminate intrusions by changing the router's administration password, the wifi password and closing all services that were open to the internet. If you still get traffic spikes then you know it is an inside job - check for torrent clients, trojans, etc.
     
    daniel, Mar 14, 2012
    #2
  3. DarylMc

    DarylMc

    Joined:
    Mar 24, 2006
    Messages:
    1,315
    Likes Received:
    49
    Location:
    Cleveland, QLD, Australia
    Hello Daniel
    Since the dynamic DNS has stopped working it seems I am going to have to go to the site.
    I am the only person who accesses the router, computer or its services on the site so it has me a bit worried.
    Do you think it may be possible that attacks from the internet could generate the large upload traffic yet small download without the network being compromised just by sheer volume due to the fact that I have ports forwarded on the router?
    I will have to check but I think the Milestone surveillance server offers a downloadable viewer client for the camera at around 20Mb.
    To be honest I wouldnt have thought too many people snooping around would want to download it from there but I suppose until I close all the ports I wont know.
    Thanks
     
    DarylMc, Mar 14, 2012
    #3
Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Similar Threads

  1. Cannot use local network - Reason: Unknown error (0)

  2. High error rate using traffic analyser

  3. GIU 5504GI network traffic when direct messaging

  4. Serial interface traffic optimisation

  5. "bad SAL"/"unknown cbus" command/response

  6. Cbus - "unknown response: ~~~ ***"

  7. Unknown System Category

  8. Unknown responce on C-Gate

Loading...