Checked my daily usage and we shot up to nearly 5.8 GB Saturday, as compared to 3.7 the day before and under 1.5 the previous two days.
Thing is, on Saturday we went to Montreal for the day to visit my folks. Left at 10AM and got back after 8:30PM. Couple of hours of Netflix (SD) between the boys and us, checked my e-mail in the morning. Would have been like a regular work week, except less. For Wednesday and Thursday the usage was under 1.5 GB each day. Also our upload for Saturday was 249, which is more than 5x the usual amount.
I'd say someone is leeching our internet. Any ideas? I guess next time I leave I'll just turn off the wireless router.
The router logs show repeated "Xmas port scan attack from WAN (ip:205.150.8.7) detected" and others that I've googled and they appear "normal".
My router isn't fancy, but I'm looking at the MAX Filtering Rules page and I see:
- my desktop
- my laptop
- my BB (hmm, even though I've disabled the home network profile on it)
- my son's ipod
- my other son's desktop
- my HP network printer
Then I see two other devices -- one is "0009978Q" and the other one has no name (blank or empty string). One of these is probably my wife's laptop (it's off and she doesn't know its name off-hand) but not the other one. I've also got a Wii but it's got a name (can't remember it now but it incorporates our family name in it, so it wasn't in the list -- it's been off for a while).
So there was some device -- either the unnamed one or "0009978Q" -- that I suspect was leeching significant b/w from use.
Edit: Continuing this post from last night (I started playing with my router settings and buggered things up -- had to re-set it manually). Checked the cap again and we used up another 5.6 GB on Sunday. I'm now at 27 -- close to half my monthly cap just 8 days into the billing period.
What I've done now is enabled MAC address filtering and only have my laptop, printer, desktop and BB in the list. I'll have to add the rest later when I have time). I realize that this wouldn't stop an experienced hacker but I'm hoping that's not the case here.
Still, it makes me wonder. This isn't someone accidentally signing on to a network that has nothing enabled. Sure, I'm only using WEP but it's still password protected, so someone would have to go way out of their way to crack it (using WEP because one of the devices -- don't remember which one -- couldn't do better than that).
Should I invest in a fancier router that has more options (such as time of day rules?) or plug my router in through a Cristmas light timer to turn it off during the day? Any way to try and catch this person? I've got 2 MAC addresses -- I suspect one of them is the guilty party.
Home
Publications
