Download Allowance Disappears

Discussion in 'Windows 7 Networking' started by wt.pm, Nov 29, 2010.

  1. wt.pm

    wt.pm Senior Member

    Joined:
    May 23, 2009
    Messages:
    184
    Likes Received:
    0
    Hi just got a new laptop, from day one I have had this problem, and have done everything I can think of to correct it. To start, I have a download allowance of 375MB/day (except between 1am-5am when it's unlimited I use free download manager, and schedule most download during these hours), we are running a wireless set up, with my pc, another pc that is used two or three hours/week, and two video games. Until I started using this laptop we would use 150-275MB/day. In the first few days after getting this machine we would use the whole 375MB in about 5 hrs. There was one time I watched 150MB disappear in one hour. I installed a secondary firewall, and set it so I had to approve any connection (for a few days I approved a one time only connection, before finally approving blanket approval for each program). That didn't work, so after going through about 5 network monitoring programs, I finally found "netbalancer", which allows me to actually see what process is connected to the internet and how much it is up/downloading, and set limits to what it can up/download. I also have installed "Wlan Watcher", which tells me what machines are connected to our wi-fi, and approve or block that connection. (I have never found a rouge machine connected). But even now there is probably 50-75MB/day unaccounted for. I have already taken into account updates and such. As I said, I am watching every kb that is transferred, I add up the legitimate downloads/updates and it falls short of what is actually being downloaded.
    I have scanned with two anti-virus, three anti-spyware/malware, and two programs that look for open ports/security holes, and one on-line program that simulates an attack on your machine, they all say I am invisible outside my network/no open holes.
    I would be more worried about large amounts of data going out, but I can't figure out what is coming in, or why. My main concern is when we go over our allowance our speed is cut to 1/3 of it's normal, which means it's almost impossible for us to surf because it takes 3-7 minutes to load one webpage.
    Does anyone have ANY suggestion? I welcome any suggestion. If you need more info let me know.

    Thank You in advance
    Robby
     
  2. TorrentG

    TorrentG Banned

    Joined:
    May 31, 2010
    Messages:
    7,814
    Likes Received:
    372
    Hey...

    One thing you can do to lessen traffic, although it isn't a great amount, is to block "Host Process For Windows Services" from network access. This is needed for Windows Update to work and when you do so, you can manually allow it then when done, set it to block again.

    What you really need to do in this scenario, if you are really that serious on finding all traffic and logging it, is to install Wireshark on every machine. Every little packet that is sent or received, across the lan or the internet, will be logged. You can then easily apply all sorts of filters to the logs, such as packet type, destination (lan, wan or other types such as ICMP, Syn/Ack, UDP, TCP etc...).

    Once you have a look at these things on all machines, you'll have an excellent idea of what is or what is not going on, on your entire network.

    Another possibility is to set up an old machine you might have. A Pentium II would even suffice. Install Linux on it and physically place it between your modem and router. It would need two network adapters. One to connect to the modem and one to connect to the router.

    This can act as a firewall and also have the ability to log absolutely every packet transferred in either direction. This too would give you a perfect understanding of everything going on:

    List of router or firewall distributions - Wikipedia, the free encyclopedia

    Hope this helps. :)
     
  3. wt.pm

    wt.pm Senior Member

    Joined:
    May 23, 2009
    Messages:
    184
    Likes Received:
    0
    Thanks Torrent, I have a program identical to Wireshark and it is working great. However this is not a system wide thing, it only happens if my laptop is connected. I can turn mine off, and powerup the other three machines for a whole day, and there won't be one kb missing, as soon as my pc connects to the internet we start losing MB's. I have done everything except format and reinstall windows, and I don't want to go through all of that, have to reinstall all my programs, and restore my documents from my external where I backup. Because with my luck, I'll reinstall whatever is eating the bandwith anyway.lol.
    I need to find the process that is downloading all this stuff, when I have both firewalls, all four anti-virus/anti-spy/malware programs doing "real time scanning", and then running both network monitors I have almost eliminated the problem. However you can imagine the resources that are eaten up running all 8 protection programs. It seems to be hiding itself from the protection programs, I have never had this much trouble finding a rouge program, so I am at a loss of where/how to look next.
     
  4. TorrentG

    TorrentG Banned

    Joined:
    May 31, 2010
    Messages:
    7,814
    Likes Received:
    372
    If it's only happening on the laptop and it is wireless, then simply make sure you are using WPA2 security with a very long passphrase as the password. Longer the better. Like long as in one of these:

    https://www.grc.com/passwords.htm

    That's because there is a monkey-in-the-middle or also known as man-in-the-middle type of hacks where another wireless machine can fool the router into believing that your machine is connected to it - and at the same time it can fool your machine into thinking it is connected to the router. All traffic can be intercepted this way. Doubtful, but possible, that this is something going on here.

    The longer your passphrase, the less a chance of this happening. But if it was, you wouldn't be able to detect it as a rogue connection.

    You know this is happening to you when your machine gets knocked offline for no apparent reason, and then automatically reconnected soon thereafter. Well in this scenario, the "reconnect" is to the hacker and not your own router.
     
  5. wt.pm

    wt.pm Senior Member

    Joined:
    May 23, 2009
    Messages:
    184
    Likes Received:
    0
    VERY interesting. Hypothetically, if this is happening, would changing the default ip add. of the legitimate machines help? ie... instead of 123.456.789.0 change it to something like 963.852.741, by going into the router control panel and changing it there. This way the person has to try to find the ip range, instead of it being of the "three"(?) standard.
     
  6. TorrentG

    TorrentG Banned

    Joined:
    May 31, 2010
    Messages:
    7,814
    Likes Received:
    372
    No, that wouldn't deter someone intelligent enough to pull off the hack in the first place.

    If you only use this wireless machine connected to that router and no place else, you can set a static ip on all of your machines and disable the DHCP server in the router.

    Another thing you should definitely do regardless of anything, is to hide the SSID broadcast in the router settings. You will have to set up the connection manually then, on all wireless machines you'd like to connect.
    The reason for this is that it disallows any Windows machine from sniffing traffic or even knowing that the radio broadcast even exists - only Linux would then be able to even have a chance at hacking.

    Basically, if you set a very long passphrase while using WPA2 AES, then nobody is going to be able to hack you no matter what.

    If you want to take it to the very extreme level of security like a bank would have, then you can learn about setting up a RADIUS server to verify all wireless connections. Basically, one machine on your network will authenticate any wireless connections in this scenario.
     
    #6 TorrentG, Dec 3, 2010
    Last edited: Dec 3, 2010
  7. Trouble

    Trouble Noob Whisperer

    Joined:
    Nov 30, 2009
    Messages:
    13,845
    Likes Received:
    833
    Also you may consider that a lot of new laptops and laptop manufacturers include in their bloatware a backdoor program that maintains an almost perpetual connection to support their own hardware and software update infrastructure. Rather than letting this problem drive you crazy consider checking you running processess using process explorer or autoruns and see if you can zero in on any such program. Or as a last resort a clean install of Win7 minus all the bloatware. Drastic but likely to resolve the problem.
     
  8. wt.pm

    wt.pm Senior Member

    Joined:
    May 23, 2009
    Messages:
    184
    Likes Received:
    0
    Thank you for the information. I'm sure it will be a big help.
     

Share This Page

Loading...