Have Glasswire, now what?

  • 1
  • Problem
  • Updated 3 years ago
  • In Progress
We have been WildBlue/Exede customers for approx. 10 years.  We are aware that we have to limit our usage.  We occassionly go over our monthly data usage, but most months we keep it in check.  A couple of months ago we became aware of the 150gb package that was being offered.  We upgraded from our 18gb plan to the 150gb plan.  In the two months we have been on this plan we have used up our data allowance in about 2 weeks time.   The first month we thought that maybe we just got a little too lax.  The second month, we suspect that we have been hacked or some other problem.
I have contacted Exede customer service, but don't receive any helpful information.  Exede only tells us to reset the wi-fi router and change our password.  I have done that and nothing has improved.  I have been searching on this forum and saw the recommendations of Glasswire.  I have it installed, now how do I interpret the information it is telling me?

In contacting Exede they have told me that I have a different brand of wi-fi router then I actually have.  They have also told me there is an iPhone that has been using our data plan since 2014.  We don't have an iphone, never have, never will.  We have always kept our wi-fi router password protected and we don't give it out to anyone.

We are extremely frustrated that Exede is not more willing to help us figure out the problem and get this under control.  I know it is not their job to monitor my data usage, but it would be helpful if they could maybe offer some suggestions of things to check (besides re-set your router and change the password).

10 years as a customer and we can't get help.  Obviously there is a problem if we are used to having gb restrictions and now we can't stay in our package.  Wonder if it is time to reach out to our State Attorney General.  He would love to chew up a company like this.
Photo of D Morris

D Morris

  • 18 Posts
  • 2 Reply Likes
  • frustrated!!!!

Posted 3 years ago

  • 1
Photo of Brad

Brad, Viasat Employee

  • 3518 Posts
  • 1320 Reply Likes
Official Response
We won't be able to assist with Glasswire as that's a 3rd party software so we cannot recommend, endorse, or anything like that with it. Some users on here use it and I'm sure they can talk to you more about it.

When it comes to devices being identified on your router it's all based on the browser. Have you been able to use eSVT? https://community.exede.com/exede/topics/give-our-new-usage-tool-a-test-drive it's a more informative meter and it's what our tech support uses to see usage type and everything. It gives a better breakdown of data. 
Photo of D Morris

D Morris

  • 18 Posts
  • 2 Reply Likes
Yes, I have reviewed that other website. I don't find it very helpful though. It does show me devices being used, but it doesn't show how much is being used by device. It also doesn't give me the option to block a device. It only shows that we are over our package usage until the new month starts. Am I missing something else that it is showing me?
(Edited)
Photo of Wes Menzel

Wes Menzel

  • 79 Posts
  • 14 Reply Likes
Have you taken the time to go in to your wifi and router settings to help lock the users down?  That way if someone IS stealing your internet, you can put a stop to it.
You can set up an WiFi access list to only allow known devices by MAC address as well as assign each known device its own IP address and not hand out any addresses to any other device.
Pretty simple operation.  Might help narrow things down a bit.
Just a thought. :)
Photo of D Morris

D Morris

  • 18 Posts
  • 2 Reply Likes
THANKS!!!!  I am just now getting my internet to work fast enough to access this site.  I haven't done this part yet, but I will be doing it.  I am willing to do whatever lockdown possible to cut the excess use.
Photo of Brad

Brad, Viasat Employee

  • 3518 Posts
  • 1320 Reply Likes
Unfortunately just because while some customers want that sort of information, others may feel it's a violation of privacy. So we kind of give general information like what devices are on, what hours are seeing more usage, what data type is being used most (some of those break down further like Streaming video types to include Netflix, ect) But for the information you're looking for a 3rd party data monitor or maybe if your router has a built in monitor you may find a better representation of what you're wanting. 
Photo of Gwalk900

Gwalk900, Champion

  • 451 Posts
  • 471 Reply Likes

D Morris,

  "I have been searching on this forum and saw the recommendations of Glasswire.  I have it installed, now how do I interpret the information it is telling me?"

Networking and the various "measurement points" can get very confusing so lets see if we can break things down a little.

Not so long ago routers, switched and wireless access points and extenders were limited to small and large businesses. Those businesses had their own internal "IT Departments" to manage those Networks. Residential users typically had a single commuter connected directly to their ISP's modem. That meant that there was only a single "usage connection path" between the subscribers one and only device and their internet connection. It looked rather like this:


  

There were no "intersections" to the path. Everything had to be used either on the users single computer (with is 65,536 connection ports) or it could be "going up in smoke" (in the context of a satellite connection) on the ISP's side due to things like failing hardware that uses data through failed transmissions that require RETRANSMISSION of data.

In the above you can measure usage at both ends of the "path" ... the single computer and the modem. Your ISP is going to measure at the Modem. You can measure THAT computer with software like Glasswire. The two should match pretty closely. In fact you may find that Glasswire reports MORE data usage than your ISP due to "compression" on the part of the ISP. They "dehydrate" a file, whenever possible, send you the compressed file, something like a ZIP file in a way, The requested file is compressed at the Gateway, downloaded to your Modems along with "command & control" data and the modem decompresses the file and "unzips" it for you. A measuring tool like Glasswire would report the full size, the modem and your ISP's usage meter would report the compressed file size. Not all activity can be compressed however.

Then along came residential Routers and that changed the networking picture in ways that many users do not fully understand.

Adding a Router now makes our Network look like this:

The number of "connection paths" has skyrocketed. We now have the potential of four WIRED devices plus we have added the potential off  ... varies buy Router .. perhaps 256 wireless devices.

It also adds one more element of potential use ... the Routers internal cloud services and wireless connections over perhaps as many as three different wireless frequencies that may or may not be properly secured.

Glasswire does a terrific job of monitoring and reporting of both the Programs and the Processes that use the 65,536 ports on a single computer but it is NOT the central point in a Network that has a Router at its heart. For that you need to monitor the "path" between the Router itself on your end of the network and compare usage to what the Modem is reporting at the ISP's end of the Network.

Many routers have "traffic analyzer" functions that will report usage per day, per device. If you have an issue with what your ISP is claiming you need to have a counterpoint to that, that will cover your entire Network.

You use the Routers ability to report data per device to ID "high consumption" users on your Network. You then use software like Glasswire to zero in on just what programs and background processes are using in detail.

Setting up Glasswire:


Understanding the output:


If your Network is simple in that it only has a single directly connected computer you can read and correlate the usage data directly.

If you have a Router then you must identify how much data is being used per defined period, per device. That requires a better router. It is a very good investment if you wish a counterpoint to your ISP's usage claims.

The shots below are from my Asus RT-AC3100. There are other less expensive models that give the same info. Do your research:

Usage per day, per device:

  


Statistical Breakdown:

 


List of Asus models that will give the info as depicted above:

Photo of GabeU

GabeU, Champion

  • 2222 Posts
  • 1356 Reply Likes
What he said.  :)
Photo of D Morris

D Morris

  • 18 Posts
  • 2 Reply Likes
THANK YOU!!!!  I am not a technical person, but I was able to follow along with most of the info you gave.  I think I would really like one of the routers that tracks down all of the info by device.  May have to do an upgrade!!!
I will keep reading below.  I am just now able to get back on the internet because we are on lock down because it is so SSSSSSSSLLLLLLLLLLOOOOOOOOOWWWWWW!!!!  THANKS again!!!
Photo of Deku (The #1 Hero Data Saver)

Deku (The #1 Hero Data Saver), Champion

  • 931 Posts
  • 505 Reply Likes
hey Gwalk900 i wanted to ask ya what is the program you are using that i all in just blue??? if ya can tell me thank you!!! :3
Photo of Gwalk900

Gwalk900, Champion

  • 451 Posts
  • 471 Reply Likes
Tirzy,
The bottom two above are screenshots of my routers interface showing usage per day per device on the first one and usage time and statistics on the second.
The router is an Asus RT-AC3100
There are other less expensive models with the same Traffic Analyzer function.
Photo of Deku (The #1 Hero Data Saver)

Deku (The #1 Hero Data Saver), Champion

  • 931 Posts
  • 505 Reply Likes
Gwalk900 oh ok thank you :3
Photo of GabeU

GabeU, Champion

  • 2222 Posts
  • 1356 Reply Likes
D Morris,

Keep in mind that Glasswire will only monitor the data on the computer it's installed on, so if you have other devices, it's not going to count their data usage.  

The biggest thing is to change the options to "Incoming & Outgoing" and "External", like shown in Gwalk900's snapshot above.  You don't want the computer's internal traffic mixed in with your data results.  Then, when you want to make the comparison between Glasswire and Exede, change the dates to coincide with your data allowance reset,  and check what Glasswire has for a total usage in those dates in comparison to whatever Exede says.  If starting after your refill date, take a snapshot of what Exede says you have used thus far, then you can check from that point on in comparison with the same dates on Glasswire.  So if it's the 15th, take a snapshot of what Exede says you have used thus far, then in few days, say the 18th, set the dates in Glasswire on the 15th through the 18th (check the hours, too) and check what Exede says you have used since you took the snaphot on the 15th.  If the amounts don't match closely, something could be up.  
 
(Edited)
Photo of D Morris

D Morris

  • 18 Posts
  • 2 Reply Likes
I do understand that Glasswire only tracks the one laptop it is installed on, but how do I understand what it is telling me? 

For instance, if I click on the Usage tab, my laptop has been on less then one hour and it is showing the usage as 485.2MB.  Is that high usage or normal usage?    Then under the middle section that is called "Hosts" there are two little green flags at the top, then a bunch of American flags beside the activities listed under host.  There are a bunch listed, then towards the bottom it also says "plus 934 more".  I assume that means more "hosts".  That seems like a problem to me, but I don't know how to interpret it.
If I click on one of the lines under the "host" area that has the little green flag looking thing then the IP address is Region: Other and then lists and IP address starting with 54.

Oh and how do I find the MAC addresses on our devices to only allow them to access our wi-fi?  We have a couple HP laptops, Samsung Galaxy tablets and Samsung Galaxy phones.  No Apple/Ipad devices like Exede keeps telling us is using the data.

THANKS so much!!!
Denise
Photo of GabeU

GabeU, Champion

  • 2222 Posts
  • 1356 Reply Likes
Do you have the correct setting to reflect it only counting that hour since you've been on?  

Make sure when you are looking at the usage it is set to "All" on the left.  Then, on the upper right, select "Day".  Then, on the bottom, adjust the left slider to just before you got onto the computer an hour ago, and leave the right one all the way to the right.  This will then tell you what your data usage is since you turned the computer on an hour ago.  The amount you've used will show under "Total".   
 
With all of the hosts it's showing it sounds like it is set to be looking at more data than just the last hour.  
(Edited)
Photo of GabeU

GabeU, Champion

  • 2222 Posts
  • 1356 Reply Likes
Also, a lot of hosts is nothing that unusual.  For me, today, I have what shows in the list, then it says "+659 more."  Individual web pages can actually have many elements on them that each connect to their own host.  Plus, your computer itself can have processes running that connect to hosts.  

In addition to that, above where the hosts are listed, there are dates.  They are from/to dates.  When you've had Glasswire installed for a few days, you can actually use those to select dates to see your data.  For instance, I can change them to look at my data usage from Jan 28th through Jan 30th.  That sort of thing.  The dates, plus the day, week and month choices, and the sliders, as well, can give you a lot of options on how to pinpoint the times and dates for which you want to view your data usage.  

The apps and hosts can give an idea of what is using the most data, which is especially helpful if you seem to be using more than you should during any given time. 
 
(Edited)
Photo of Gwalk900

Gwalk900, Champion

  • 451 Posts
  • 471 Reply Likes

D Morris,

Here are some screenshots that I had made up for another user that may help you in using Glasswire:


Just kind of go by the numbers





And in this last one, if you click on a program or process is the left column window, the details of that programs or process's connection activity is shown in the right hand window.

As GabeU stated above, a web page for instance is not a single "entity" but is instead built up of many segments each having their own host address.

The idea behind Glasswire is to identify the top data users and take a closer look at the activity. From there we can dig deeper to find root-cause users ....... embedded video, pre-fetch video, high volume of Ads ....

We also have to look at the aggregate usage of background processes. Not only do they use data but those types of processes are favorite targets of virus and malware writers.

One Hughes user recently had a high data usage episode, followed through on posting Glasswire screenshots. The Big User was quickly seen as a process called Windows Explorer (not to be confused with Internet Explorer). Windows Explorer is Windows "file manager" process and show NOT be connecting to the internet and should NOT be using any data.

In the end it was determined she had picked up a malware bug. She installed the free version of Malwarebytes and ran a scan. It found issues, cleaned them up and usage dropped back to normal levels.

https://community.hughesnet.com/hughesnet/topics/data-usage-disappearing

In the end it is a process of discovery and elimination.

You need to find out the main "heavy hitters" of your data and then review things like browser settings (telemetry/crash reports) and web pages visited, Many have constantly updated content and if a tab is left open the page continues to burn data even though you are in another window or another tab.

 


  

Photo of D Morris

D Morris

  • 18 Posts
  • 2 Reply Likes
I have Windows Explorer listed as a usage for 178 mb in the last hour (if I have all of my settings correct as you have instructed me to).  I have downloaded Malwarebytes and have run the scan.  It found 12 potential risks, but Windows Explorer was not listed.  I did quarantine these files.  The malware scan was done prior to the Windows Explorer host being listed on my Glasswire usage chart.  So does this mean that this problem has not been identified and dealt with?

We have been completely shutting off our laptops and also shutting down the modem and wi-fi when we are not actively using it.

THANKS for all of your help!!!  I have received more help from you then I have from Exede.  I think Exede could learn a lot from you guys and should support their customers by helping them recognize potential leaks in their data usage.

THANKS again!!!
Denise
Photo of Gwalk900

Gwalk900, Champion

  • 451 Posts
  • 471 Reply Likes
Remember there is Internet Explorer ( the web browser) and Windows Explorer (the file manager .. sometimes listed as explorer.exe)
Can you post a screenshot of Glasswire?
Photo of D Morris

D Morris

  • 18 Posts
  • 2 Reply Likes
Shoot. Didn't do a screens hot. Will try it later tonight when I turn the service back on and am by my laptop. THANKS!!!
Photo of GabeU

GabeU, Champion

  • 2222 Posts
  • 1356 Reply Likes
D Morris,

Do you know how to use the snipping tool?  It comes with Windows and it's under Windows Accessories.  Use the rectangular snip, save it to your computer as a Jpeg, and you can upload that.  Once you know how to use it, it makes it a lot easier to take snips of things of all sizes.  That way you don't have to take a snapshot of the entire screen if you don't need to.  Like so...

 

Also, in case you are unaware, when you click on a picture in a post, like this one, the picture will open up to the original size in a new page.  A lot of people are unaware of this, which is why I mention it.  
 
Photo of D Morris

D Morris

  • 18 Posts
  • 2 Reply Likes
I have never heard of the snipping tool.  But thank you.  I will give it a try.  I was just trying to figure out how I was going to get a screen shot to share.
THANKS!!!
Photo of D Morris

D Morris

  • 18 Posts
  • 2 Reply Likes

So, I changed the time period it is showing so you can see the Windows Explorer listed.  I will change the time frame and post another screen shot for right now when I just turned everything back on.
Photo of Gwalk900

Gwalk900, Champion

  • 451 Posts
  • 471 Reply Likes

Windows Explorer is the "file manager" process for Microsoft Windows and should not be accessing your connecting and using data.

I suspect virus or malware activity.

I see you have Malwarebytes installed, I suggest you open the program, update its definitions and perform a scan. Take a screenshot of the scan results and post it here.

Also, when that scan is complete, open Norton, force an update and do a scan with that as well.


Photo of D Morris

D Morris

  • 18 Posts
  • 2 Reply Likes
THANK YOU!!!  That is awesome to be able to do that!!!  Here is the current time period.  So does it look like the Windows Explorer thing is gone?  Like the Malwarebytes scan I ran did some good?




Oh and I have spent some time today collecting the MAC addresses of our devices.  I have now changed the Linksys Router settings to only allow the devices that I have listed for MAC addresses.

What other suggestions do you have?  We are considering purchasing one of the routers that was suggested above to track usage by device.  I think that would be awesome, since we have a pre-teen in the house.  He is very respectful and doesn't over use the internet, but it would be nice to be able to track it.  The Wi-fi is password protected and the guest settings are turned off.
Photo of D Morris

D Morris

  • 18 Posts
  • 2 Reply Likes
Malwarebytes running right now, then will do a Norton scan.  What do you mean by "Update its deffinitions"?

THANKS so much for your help.  It would be wonderful if Exede would help their customers as much as you guys are.  I know I appreciate it!!!
Photo of Gwalk900

Gwalk900, Champion

  • 451 Posts
  • 471 Reply Likes

For Malwarebytes:



For Norton, you will have to wing it ... I haven't used Norton in years. Try doing a right mouse click on Norton's systray icon on the screens lower right. Look for a dialog window that offers to update the virus definitions.

I ask that you give those updates a manual "push" because in many cases the first thing a Nasty Bug will do is either disable protective software or try to hobble it by preventing updates that increases the chances of it catching the "Nasty".

That process used nearly 1 GB in just a few days and that is a process that while it uses RAM and processor cycles but does not itself connect to the internet.

 



Photo of GabeU

GabeU, Champion

  • 2222 Posts
  • 1356 Reply Likes
Tis what I was trying to remember, too.  It's been years since I've used Norton and I'm sure the GUI is completely different now, anyway.  

I think with having just downloaded Malwarebytes the program itself will be up to date, and if it's anything like the free version it checks for updates before it scans. 
 
Photo of D Morris

D Morris

  • 18 Posts
  • 2 Reply Likes
Malware report:
Photo of GabeU

GabeU, Champion

  • 2222 Posts
  • 1356 Reply Likes
That's good.  Did it find anything when you ran the very first scan, or is this the first scan you ran?  Malwarebytes checks for updates when you initiate a scan, so you should be up to date with that.  

With your Norton, there should be a way you can initiate a check for definition updates.  It may on a screen when it's opened or it may be under settings or something like that.  It will say something to the effect of "check for updates."  
Photo of Gwalk900

Gwalk900, Champion

  • 451 Posts
  • 471 Reply Likes
Denise,
The last Glasswire shot you posted looked good even if it only covered a short time period.
Let's keep a close eye on things and see how it goes.
Post back with any updates or questions that come to mind.
Photo of D Morris

D Morris

  • 18 Posts
  • 2 Reply Likes
Malware scan didn't find anything.  The first time it found like 12 things.  Most of them were PUP (don't remember what that stands for), but they were like set up files of programs that I want.  It did find a Malware, or something it tagged as Malware and so I quarantined it.

Norton scan is still running.  Had to leave for a bit and laptop died because it was not plugged in properly.  Having it do a full scan.  Will post back if it finds anything.

Now moving on to my hubby's laptop.  Will install the malware program and scan it.

Again, THANKS so much for all of your help.  You guys do a great job of explaining stuff to a non-techy person.
Photo of GabeU

GabeU, Champion

  • 2222 Posts
  • 1356 Reply Likes
With it finding twelve things, it would not at all be surprising to find that they were playing a part in chewing through data.  PUP stands for Potentially Unwanted Programs.  There are thousands upon thousands of malware programs out there.  That you had twelve, in a way, was not bad.  I've scanned computers before that had dozens upon dozens.  

BTW, things labeled as PUP are quarantined by default, which is most likely why you didn't see them when you ran the scan the second time.  And PUP programs may look harmless, but they may very well not be what they seem.  I quarantine EVERY PUP that it finds.  

When the Premium trial runs out on the Malwarebytes it will revert to the general free version, which is still great, it's just that it won't update, nor run scans, on it's own.  You'll have to initiate them, and it's best to update it and run a scan on a weekly basis.  It's a fantastic program, and I wouldn't have a Windows computer today that didn't have Malwarebytes installed on it.  

Hopefully your Norton won't find anything, but if it does, in a way, that's good too.  At least it will be clean, either way.  
 
(Edited)
Photo of D Morris

D Morris

  • 18 Posts
  • 2 Reply Likes
So, I have some additional questions.

As of 2pm Central on 2/6/17, I set up the MAC addresses on our WI-FI router to only allow the devices I built in to it.  When I look at the extra Exede website that allows us to view our usage by day it is still showing an Iphone and another device using Linux.  We don't have an Apple products that access the internet.  It is showing the iPhone and the other device as using our internet as late as 2/6/17.

If these two devices don't disappear when Exede's information updates, what is my recourse.  Or what can I do additionally to stop them from using our data.  I have changed our wi-fi password, turned off the "guest" access and have only included the MAC addresses of the devices we want to use our wi-fi.  Is there something additional I need to be doing?

THANKS again for all your help!!!
Photo of Gwalk900

Gwalk900, Champion

  • 451 Posts
  • 471 Reply Likes

Hi Denise,

A user can either whitelist (allow) or blacklist (dis-allow) MAC addresses in their router. While doing so does add an extra layer of security you have to keep in mind it is rather like door locks .. the locks only keep out honest people. MAC addresses are easily spoofed, however it usually isn't a problem for us rural folks.

The real "door" to your network in the context of wireless devices lays in having a decent level of wireless encryption enabled on ALL available wireless frequencies.

Some routers only have a 2.4 GHZ wireless frequency.

Others will have a 2.4 and a 5 GHZ frequency available and each must have its own wireless encryption passkey set up.

Still other routers will have a 2.4 and dual 5 GHZ wireless network connections available so that has the potential need for THREE separate encryption passkeys that are generated and entered into devices that you allow to have access to your connection.

Any "Guest Account(s)" will have their own access keys but it is possible to have multiple Guest Accounts. In my opinion Guest Accounts should be disabled unless there is a current need for that feature. It is possible to disable one Guest Account but have a second one enabled and running "open", that is to say no passkey having been generated. Anything that comes within range can and likely will connect. Think a visitor with a cellphone or similar in their pocket.

We also have to consider the potential usage by the router itself as a "consumer" of data:

Is WPS disabled?

Is Remote Access disabled?

Are any internal "cloud and Sync" functions disabled?

Are all of the "cloud" based router services that may access outside databases disabled?

Wired devices have no "protection" limiting connection other than the need for physical access to the routers LAN (Local Area Network) ports. If you can get to it, you can use it.

In addition to the above mentioned wireless passkeys that limit/control access to the wireless side of the router there is also the need to change the username and password from the default values of the router manufacture. This will be the one that limits access to the routers GUI (Graphical User Interface) ... the internal router pages that contain network settings.

Only a single user should have access to the Router's "internals" ... there should only be one System Administrator.

So lets look at a router and see what it IS and what it DOES.

I'm sure you know that every network capable device has its own unique MAC address, your laptops, tablets, cellphones and this also includes the Modem and your Router.

Your Modem can only "see" the MAC address of a single directly connected device. It will then negotiate a "lease" with that device .. a IP address is generated and communication is possible. One computer directly connected to the Modem ... and your ISP can "see" the MAC address of the single connected device. Part of the "string" making up that devices MAC address will be data that identifies the type of device and it manufacturer. .... But they (your ISP) can only see the MAC address of only that single connected device.

When you add a Router things change. A Router has two "faces", its LAN (Local Area Network and its WAN side (Wide Area Network). You can think of these as the Private Side and the Public Side. What divides the two is a "Firewall".


When you connect a Router to the Modem, the Modem can "see" the Routers forward facing (Public Side), they negotiate a "lease" and IP addresses are assigned and communication can commence. Your ISP can "see" the MAC address of the Router that is connected but no further because of the Routers Firewall.

The Private side of the Router however can "see" more that a single MAC address and will assign "Private IP Addresses" for those devices and as they "connect" the Routers NAT firewall (Network Address Translation) provides a "public IP address" to the Modem but the devices MAC address is not shown. Only the Routers MAC address is registered with the Modem.

The Router will keep track of all of the LAN side device IP requesting data and will "route" the returned data to the proper device as it is received back from the Modem.

Except for some certain circumstances your individual devices and their MAC addresses are hidden behind your Routers NAT firewall.

Considering all of the above, you have to take your ISP's listing of "connected devices" with a grain of salt.

They can see "traffic" and in the traffic will be strings of "data" that will define browser type and so forth along with "destination" .... (hey! , lets go to iTunes, therefore I must be an Apple device.

They cannot see the MAC addresses of your connected devices only that of your connected router.

I have a Asus Router, if I look at my Modems control center I can see the Asus MAC address .. and that will "identify" as Asus .... until I installed a third party firmware (Merlin) and that breaks the "string" so my connected Router MAC address is shown but it identifies as "unknown".

Take their "connected devices" list with a grain of salt. Concentrate   instead on network security and pinpointing and controlling usage per device.

Look at what info your Router can provide you.

Example:

Client List (even if the device is not currently present:

(click on picture for larger image)


DHCP "lease list":


Remember, your Router "connects" to your Modem and hence to the Internet. Your devices "connect" to your Router. It handles routing and NAT duties.



Photo of D Morris

D Morris

  • 18 Posts
  • 2 Reply Likes
So, basically you are saying that Exede telling me there is an iPhone and another device using our network is not accurate? One of the customer service gals encouraged me to file a police report because "someone is stealing from you".

So, at this point there really isn't a lot more I can do except turn on the modem and Wi-Fi and hope for the best. I have done everything that I can figure out how to do. I don't understand the other security stuff you were talking about. How do I check this stuff?

Is WPS disabled?

Is Remote Access disabled?

Are any internal "cloud and Sync" functions disabled?

Are all of the "cloud" based router services that may access outside databases disabled?

Again, I appreciate you breaking it down for a non-technical person to understand.
Photo of GabeU

GabeU, Champion

  • 2222 Posts
  • 1356 Reply Likes
With regard to what Exede is telling you regarding the iPhone and the other device supposedly connected to your router, like Gwalk says, you should take that with a grain of salt, and a HUGE one, at that.  Exede can't really get into your router to see what is connected, and their software is only assuming that you have those devices connected because of the data it is seeing in your traffic.     

There's actually another thread on here where a customer had Exede telling them that there were nearly 200 devices connecting to their router.  It was completely wrong, of course, but it's a good example of how ridiculously incorrect that software can be in making those assumptions.  

Remember, too, that you can look in your router's interface (where you go to see and change the settings) to see what's connecting, and with most routers, what has connected in the past.  I'd be willing to bet that the two things Exede is saying are connected don't show in that record.  

I'll defer to others for your router based questions, as I don't know enough about routers' settings to answer them.
  
 
Photo of Gwalk900

Gwalk900, Champion

  • 451 Posts
  • 471 Reply Likes

"So, basically you are saying that Exede telling me there is an iPhone and another device using our network is not accurate?"

Lets look at it this way ....

Suppose for a moment you had a Mac computer. If you hooked the Mac directly to the modem Exede could indeed say with 100% certainty that you had a Mac because they could see the computers MAC address which in part would identify that computer as a Macintosh.

Next we are going to connect the Mac to a Router and connect the Router to your Modem.

Exede could then only read the MAC address of the Router .. they could tell you what brand of router it was but .... they could not DIRECTLY see what brand of devices or even how many devices you had connected to the router.  Key word here is DIRECTLY.

They can however INFER what you have connected by the type of traffic being generated.

That inference can be misleading. If you were to visit a webpage that had a lot of Apple ads and those ads used a lot of data, they would see a lot of Apple traffic .......


 "One of the customer service gals encouraged me to file a police report because "someone is stealing from you"."

This statement is really going out on a limb.


There are four areas of concern to a Router:

The first is the "Control Room" for lack of a better term.

This is where all of the "buttons and switches" that control access to your network and  internet connections are located.

That "Control Room" has an address. Mine is 192.168.1.1

This is known as the LAN IP

Access to the Control Room HAS to be limited if there is to be any security to your network at all. That security is in the form of a username and password that needs to be entered before the Control Room can be entered.

Here is mine:

Question #1: Do you know how to find the entrance to your Routers "Control Room"?

Question #2: Have you changed the username and password from the manufacturers default values?


Once logged in you will see the Routers Main Page:

It is from the column on the left that we select the functions we wish to address.

Question #3: Can you access the Routers "Control Room"?


The second area of concern is related to internal Router "services" that may be enabled.

Some of these can fall into a "protective" category:

While not dangerous they can use considerable data without your knowledge and possibly slow your connection as outside databases are accessed.

Question #4: Do you know what internal services are enabled?


In addition to the above and of greater concern are the Remote Access and Sync functions:

If Remote Access it setup it can allow backdoor access to your network and to your internet connection.

These types of services should only be enabled with the upmost care.


The third of the four areas of concern is that of physical access to the Router and its wire LAN ports. Anything that is connected to one of the wired ports will have complete access to your internet connection. This will also include wired LAN servers and printers. Permissions afforded to a printer can have a big impact on data use if they are allowed to update drivers and other related printer software.

Question #5; Do you KNOW what is connected by wire and what and what that devices "permissions" are?


Now we come to the final area of concern: Wireless.

And this is the hardest to get handle on.

Out of the box the wireless radio channels are "open". That is to say that any wireless device that comes within range of the Router is free to connect and free to use data.

The only way to tell what is connected at any given moment  is to open the Routers interface, login and look for something like a network map or a heading like "Connected Devices":

The above will show me what devices are connected NOW but not what WAS connected at other times.

For that you need a Router that has a Traffic Analyzer function:

That will specify by date, device name, MAC address the devices that connected and the amount of data each used.

You can also track what websites or online functions were visited by these devices.

The important thing to understand is that we are to this point running an "Open Network". anything that comes within range can and will connect.

This would include a neighbor with a iPhone in their pocket. It doesn't even have to come out of the pocket or in visible use for it to connect and use data.

Radio waves are funny. At times you can have issues keeping a signal across the room but at the same time can be picked up 1/2 mile away. You can't depend on distance to keep your connection safe from unauthorized users and unauthorized devices.

For that we have to rely upon Wireless Encryption.

Wireless encryption has to be enabled to prevent unauthorized users from gaining access to the network. Encryption comes in different levels. These are the most common in increasing order of strength:

WEP

WPA-PSK [TKIP]

WPA2-PSK [AES]

WPA-PSK [TKIP] + WPA2-PSK [AES]


WEP is now so weak and so easily cracked that it really is no protection at all.

It is recommended for a home user to enable WPA2-PSK[AES]

All residential Routers are going to broadcast on the 2.4 GHZ frequency band so encryption needs to be enabled for that wireless frequency.

Other Routers may have one or more 5GHZ frequency bands available. It is possible to enable encryption on one frequency thereby excluding unauthorized devices but to have missed one of the others thereby having an Open Network in that area. If a visitor stops by with that iPhone in the pocket it will latch onto that open network.

Wireless encryption is setup from the Routers "control room" wireless list:

The passkeys generated here are entered into devices that you wish to have authorized wireless access so be careful of the devices you authorize.


WPS options are also found as a wireless function:

WPS was originally intended to make it easier for novice users to add wireless devices to their Networks. It made it so easy it was soon exploited and is now considered to be a potential vulnerability and should be disabled.

We also have "Guest Accounts" that allow you to give access to  ... guests.

It usually pays to disable ALL guest account access. Remember there are usually at least two. It is possible to disable one and leave another enabled. If not encrypted ... there is another Open Network wireless channel for unauthorized devices to connect to.


Other devices:

Some Routers have USB ports that allow the connection of other devices such as network drives or a Hot Spot connection for splitting usage among two different ISP's so beware of the chance of these devices using your network connection.

Question #6: Do you KNOW that an effective encryption level has be enabled on ALL available frequencies?

Question #7: Do you know that common vulnerabilities such as Remote Access, WPS and Guest Access have been disabled?

 

Photo of D Morris

D Morris

  • 18 Posts
  • 2 Reply Likes
GWalk900 and GabeU, again, I want to come back and thank you for all of your assistance in figuring out our data usage issues.  I followed the majority of your advice and was able to correct our problem.  We have had our wi-fi turned back on for a couple weeks now and we have not had any excess usage.  With your guy's help we were able to get this locked down and secure.

Now, we seem to have the opposite problem and we have only 10 days left in our billing period and we have only used about 28% of our data.

THANK you for your help.  I sure wish Exede would show a little more concern for their customers and try and give them some of the info you offered above and help their customers.  I am sure they would have a lot more happy customers.  Although I understand it is not Exede's responsibility to help people monitor their data usage, it just seems like a basic thing to do to have happy customers.

I truly appreciate your help.
THANKS again!!!
Denise
Photo of Gwalk900

Gwalk900, Champion

  • 451 Posts
  • 471 Reply Likes

Denise,

You are more than welcome, I'm glad I could help.


Photo of GabeU

GabeU, Champion

  • 2222 Posts
  • 1356 Reply Likes
Glad to hear it.  
Photo of Jim16

Jim16

  • 2453 Posts
  • 2183 Reply Likes
Exede create this community forum to do just that.
Can you tell us what the issue was with your data loss?
(Edited)