StarDestroyer.Net BBS

Posted: **2005-12-16 08:57am**

Ok recently when I turn on my internet connection something is use my banswith up. About 5 to 10 minutes after I turn my connection on anywhere between 250kbs to 500kbs is used by means unknown. Even if I turn off all known programs except critical systems its still there even though nothing is listed. How can I find out what is being transmitted or received and by what.

Posted: **2005-12-16 09:01am**

you got a wireless network?

Posted: **2005-12-16 09:12am**

Zac Naloen wrote:you got a wireless network?

Yup sure do and before you ask if some one else is using it there's no one that lives within several hunder meters. Plus I locked my router settings so only my mac addressed is a accepted. Also when I hook my laptop to the router no bandwith is used thats not supposed to be used.

Posted: **2005-12-16 09:50am**

Hum kind of interesting when I attempted to log into my router the password is not what I had put it at. So I hit the reset buttom on the router and it won't reset to factor settings like it supposed to. So I wonder if the router is screwed up. Guess I will have to run a cable across my house and see if I still have the problem with a direct connection instead of using a router.

Posted: **2005-12-16 10:49am**

First thing to do is check for malware and viruses. They tend to be the first culprits in these cases. If that is not the case, and we can rule out people using your wireless network, then it likely is the router cacking up. You running Windows XP at all? Potentially some settings may have been changed accidentally or during an update, I've had things like that happen to my net connection, though no router.

Posted: **2005-12-16 11:34am**

Routers and switches can fail more often than people realize. A while ago I noticed that two of the network activity lights on my switch were going nuts. Internet downloads slowed to a crawl because of all this traffic, and it wasn't even traffic between the Internet and my PC, but traffic between two nodes on my LAN, neither of which was doing anything!

So I turned off one of the two computers in this data transfer-fest. Not logged off, turned off. Powered it right down. And both network lights were still going crazy! Powered down the other machine too. Still no effect. At this point I realized something must be seriously wrong with my switch. So I threw it out and bought a new one, and of course, the problem went away.

Posted: **2005-12-16 11:51am**

dragon wrote:Yup sure do and before you ask if some one else is using it there's no one that lives within several hunder meters. Plus I locked my router settings so only my mac addressed is a accepted. Also when I hook my laptop to the router no bandwith is used thats not supposed to be used.

MAC filtering is worse than useless! It only gives you a false inpression of security, but it is trivial to buypass.

Enable Encryption if you have it.

From best to worse security.
WPA2
WPA
WEP
None
.
.
.
MAC filtering

Posted: **2005-12-16 10:59pm**

Faram wrote: MAC filtering is worse than useless! It only gives you a false inpression of security, but it is trivial to buypass.

Enable Encryption if you have it.

From best to worse security.
WPA2
WPA
WEP
None
.
.
.
MAC filtering

Why is mac filtering bad.

First thing to do is check for malware and viruses. They tend to be the first culprits in these cases.

Ok ran a spyware check and removed a few hundred plus removed a bunch of viruses still some there that I cant remove. Also ran hyjack and boy are there some weird crap in it. At least the computer that is corrupted is just a web surfing, game playing computer. My real work is done either on my laptop or at work.

Posted: **2005-12-16 11:38pm**

dragon wrote:
Faram wrote: MAC filtering is worse than useless! It only gives you a false inpression of security, but it is trivial to buypass.

Enable Encryption if you have it.

From best to worse security.
WPA2
WPA
WEP
None
.
.
.
MAC filtering
Why is mac filtering bad.

Because, like he said, it can be trivially bypassed. Contrary to popular belief, MAC addresses are not immutable. They can be spoofed and changed in software. An attacker can listen to traffic on a wireless network to determine which MAC addresses are accepted and then pick one to use. For a large network, the high cost in administrative overhead of maintaining a MAC ACL far outweighs the marginal benefits to security. For a small network, the second or two of work it will take you to set up a MAC ACL is about equal to the second or two of work it will take an attacker to fool it.

Posted: **2005-12-17 12:41am**

ok I started windows in safe mode with networking and I do not have any of the strange bandwith use.

Posted: **2005-12-17 04:25am**

dragon wrote:ok I started windows in safe mode with networking and I do not have any of the strange bandwith use.

Try to upgrade the drivers for the network card.

Also when you have the problem try this.

Close all programs that are running.

Run this in a command window

netstat -an

that gives you a list of all network connections.

Ignore all 127.0.0.1 and all 192.168.x.x and all that is listnening and see if you have any connections to the internet.

This might indicate spyware on your computer.

Code: Select all

TCP    192.168.0.10:1035      207.46.2.49:1863       ESTABLISHED
TCP    192.168.0.10:1164      172.215.92.178:6881    ESTABLISHED
TCP    192.168.0.10:1166      71.225.172.40:6881     ESTABLISHED
TCP    192.168.0.10:1184      62.85.120.21:6890      ESTABLISHED
TCP    192.168.0.10:1194      66.25.27.49:6881       ESTABLISHED
TCP    192.168.0.10:1237      70.25.166.90:1720      ESTABLISHED
TCP    192.168.0.10:1269      69.210.70.104:26901    ESTABLISHED
TCP    192.168.0.10:1278      200.83.71.148:17041    ESTABLISHED
TCP    192.168.0.10:1286      222.167.243.3:49252    ESTABLISHED
TCP    192.168.0.10:1287      156.34.221.239:6881    ESTABLISHED
TCP    192.168.0.10:2023      194.14.243.149:554     ESTABLISHED
TCP    192.168.0.10:2691      67.170.144.76:6883     ESTABLISHED
TCP    192.168.0.10:2866      201.1.11.81:16526      TIME_WAIT
TCP    192.168.0.10:2869      192.168.0.1:1025       CLOSE_WAIT
TCP    192.168.0.10:2884      211.30.122.2:6881      ESTABLISHED
TCP    192.168.0.10:3185      83.227.32.197:49998    ESTABLISHED
TCP    192.168.0.10:3186      203.206.5.119:6888     ESTABLISHED
TCP    192.168.0.10:3341      86.134.26.108:32459    ESTABLISHED
TCP    192.168.0.10:3436      64.7.210.130:80        ESTABLISHED
TCP    192.168.0.10:3437      64.7.210.130:80        ESTABLISHED
TCP    192.168.0.10:3449      87.115.235.251:10796   ESTABLISHED
TCP    192.168.0.10:3461      142.177.214.228:6881   ESTABLISHED
TCP    192.168.0.10:3462      154.5.16.188:6881      ESTABLISHED
TCP    192.168.0.10:3463      84.41.236.160:6881     ESTABLISHED
TCP    192.168.0.10:3465      69.192.76.188:48777    ESTABLISHED
TCP    192.168.0.10:3466      24.72.89.176:6881      ESTABLISHED
TCP    192.168.0.10:3467      203.122.214.206:6881   ESTABLISHED
TCP    192.168.0.10:3468      24.19.35.24:4881       ESTABLISHED
TCP    192.168.0.10:3504      85.64.2.232:21606      ESTABLISHED
TCP    192.168.0.10:3505      70.32.111.227:32459    ESTABLISHED
TCP    192.168.0.10:3514      32.107.45.11:80        ESTABLISHED
TCP    192.168.0.10:3531      206.210.96.180:80      CLOSE_WAIT
TCP    192.168.0.10:6881      24.222.184.6:4372      ESTABLISHED
TCP    192.168.0.10:6881      58.69.15.228:28522     ESTABLISHED

All the colons to the right are connections to the internet and if you have a list like this without running any programs then you can have a problem.

Cookie to the one that figures out what applications I am running

Posted: **2005-12-17 08:48am**

At the end there is Bittorrents classic standard port, tho I doubt that someone as knowledgeable as you would be running it in that config. Some of the other ports numbers seem familiar but I'm not in the mood to go googling for their uses.

Posted: **2005-12-17 09:02am**

Bittorrent, browsing SD.net, some site that has multiple domains/ip, and D-Link website are what I can pick out.