Unoffical empeg BBS

Quick Links: Empeg FAQ | RioCar.Org | Hijack | BigDisk Builder | jEmplode | emphatic
Repairs: Repairs

Topic Options
#54569 - 03/01/2002 22:26 Cable Modem Usage help
Liufeng
member

Registered: 14/09/1999
Posts: 149
Loc: Alaska
Hi,
I'm asking for a friend, but I know a lot of people on this BBS are in the know about this kind of stuff.

He's got a single computer hooked up to a cable modem and the ISP gives 5 GB a month in bandwidth. Last month he used 8GB and they charge an extra $20 for each additional GB. This turned into a problem when he got his bill. But I'm thinking about it and I don't know how even someone sitting at the computer constantly viewing web pages could use this much bandwidth. So, naturally, I suspect someone is using his computer as a network hard drive and uploading and downloading from it at odd times of day (since he leaves it on all the time) and is probably using a windows remote exploit to be undetected. Question is how do I look for dormant viruses or trogans that allow someone to use his connection this way? Also, there are of a lot of stuff against me here, such as he is using WINME and AOL... both known for being open to exploits. Thanks for any help,

Tom
_________________________
Reg #2845: Mark 1 #00173, Mark 2 #119, Mark 2a

Top
#54570 - 03/01/2002 22:28 Re: Cable Modem Usage help [Re: Liufeng]
Liufeng
member

Registered: 14/09/1999
Posts: 149
Loc: Alaska
Ok more information has come to light,

He has the upnp thing working... I don't use it myself being mostly Win2000 and 98 user.. I've never used ME or Xp.

-Tom
_________________________
Reg #2845: Mark 1 #00173, Mark 2 #119, Mark 2a

Top
#54571 - 03/01/2002 22:33 Re: Cable Modem Usage help [Re: Liufeng]
mandiola
enthusiast

Registered: 26/12/2001
Posts: 386
Loc: Miami, FL - Sioux Falls, SD
Why dont you install a firewall on there for him and see whats comming and going? I would suggest ZoneAlarm since its free and is created from a great company. You just have to install it and it will tell you EVERYTHING that is comming into and exiting the computer and it will ask you if you want to allow it or not. You can get it here http://www.zonelabs.com/

-Greg

Top
#54572 - 03/01/2002 22:37 Re: Cable Modem Usage help [Re: mandiola]
Liufeng
member

Registered: 14/09/1999
Posts: 149
Loc: Alaska
Hey thanks,

Thats a good idea.. I'll check it out and see if it tells me what ports are open, etc.. maybe I'll be able to track down what is using all this bandwidth.

Tom
_________________________
Reg #2845: Mark 1 #00173, Mark 2 #119, Mark 2a

Top
#54573 - 04/01/2002 07:16 Re: Cable Modem Usage help [Re: Liufeng]
jwtadmin
enthusiast

Registered: 05/09/2000
Posts: 210
Loc: Ipswich, MA
Try this site
http://www.hackerwhacker.com/

It does a port scan and tells you if you have any open security holes. This is good to do even if you have a firewall just to see if it's working.
_________________________
___ John Turner "It's easier to ask for forgiveness than to ask for permission"

Top
#54574 - 04/01/2002 09:43 Re: Cable Modem Usage help [Re: mandiola]
rtundo
addict

Registered: 27/02/2001
Posts: 569
Loc: Albany, NY
I also would recommend zonelab's zone alarm. It can give you the IP address of what's coming into your computor. There are then other websites which may be able to identify who's trying to access the computor from the address. Another good site is Steve Gibson (Developed Spinrite) at http://grc.com

This site has port scanners and a lot of other info on computor protection.

Top
#54575 - 04/01/2002 20:50 Update [Re: Liufeng]
Liufeng
member

Registered: 14/09/1999
Posts: 149
Loc: Alaska
Ok,

Just in case anyone is interested... I talked to the cable ISP and it looks like for only and addition $10 a month you can double your allowable bandwidth. Not a bad deal considering they charge an additional $20 per giga without it. But I still haven't been able to track down how that much bandwidth could have been used in such a short time. Thanks for the suggestions of programs.. so far I haven't found anything too unusual. I still suspect someone is using my friends computer to store their warez, mp3, etc.

Tom
_________________________
Reg #2845: Mark 1 #00173, Mark 2 #119, Mark 2a

Top
#54576 - 04/01/2002 20:55 Re: Cable Modem Usage help [Re: Liufeng]
wfaulk
carpal tunnel

Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
Was he downloading binaries off of the newsgroups? It's easy to burn through a gig downloading VCDs.
_________________________
Bitt Faulk

Top
#54577 - 05/01/2002 02:35 Re: Cable Modem Usage help [Re: wfaulk]
Liufeng
member

Registered: 14/09/1999
Posts: 149
Loc: Alaska
I don't think so. This guy is a real computer light weight and basically only uses the internet for web browsing, email, etc. It boggles the mind the number of web pages and time to read 8GB of bandwidth. Ah, well I've spent too much time on this already and not found anything.

-Tom
_________________________
Reg #2845: Mark 1 #00173, Mark 2 #119, Mark 2a

Top
#54578 - 05/01/2002 02:43 Re: Cable Modem Usage help [Re: Liufeng]
charcoalgray99
enthusiast

Registered: 14/05/2001
Posts: 279
Look for an app called DU Meter. It has a feature that keeps track of your transferred bandwidth. You could use that for a month, and then compare with the ISP. Or check it daily and watch for inconsistencies.

Tom

Top
#54579 - 05/01/2002 11:24 Re: Cable Modem Usage help [Re: Liufeng]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31596
Loc: Seattle, WA
I don't think so. This guy is a real computer light weight and basically only uses the internet for web browsing, email, etc.

In my experience, those are the ones who "discover" the pr0n pretty quickly.

But you're right, there's also the chance that he's been hacked and someone is using is PC as a free hosted site. Service pack the hell out of his system, scan it for viruses, and install a personal firewall (ZoneAlarm or Black Ice Defender).

For ultimate security, I would actually recommend a hardware NAT/firewall/router box. I personally wouldn't ever use a broadband connection without one.
_________________________
Tony Fabris

Top