Telstra usage meter redux

Last week, I wrote about concerns that Telstra’s Bigpond usage meter was not measuring usage accurately. Similar issues were echoed by David Firth in The Australian who quoted from my experience (I posted my account on Whirlpool with the username ‘EconProf’ — that wasn’t to be anonymous but I must have chosen that at some earlier stage). It is time for an update. Bottom line: thanks to some help in providing an independent measurement (thank you Kwang), I was wrong (in one important sense at least).

[DDET Read more]

First, before describing that, let me note that both here and on Whirlpool, the overwhelming advice to my plight was to abandon Telstra and go to somewhere else like iiNet. The problem is that I am on the edge of an exchange zone and so ADSL2+ is unlikely to work too well from my home. You can see here the speed I get on Bigpond Cable:

ZZ5FB9DAB5

I was laughed at by experts who claimed that the ‘theoretical maximum’ was 30Mbps. I don’t think so. So you can see my reluctance to give up the best broadband connection in the country. I resisted that option and went for ‘voice’ rather than ‘exit.’

Recall that my issue was (a) that the usage was correlated with my usage and (b) it was all in downloads. That suggested that no neighbour was using my connection as that use is usually casual and illegal (with lots of uploads through torrents). My security was set at WPA2 and the password changed every few months. The high usage had been going on for at least a year. My guess it was twice my usage (that is, an extra 30GB per month).

To get to the bottom of this, I need an independent measure. The tool I used to measure usage was the PRTG Traffic Grapher which could monitor all of the ports on my Time Capsule. (It’s free if you aren’t using it much). It took a little time but when I had it running on one computer, I stopped everything else. That computer wasn’t using the net but something else was at steady download stream of 50MB per hour. Work that out and you get 30GB or more per month. The tool also allowed me to work out it was coming through the wireless. Kill the wireless and the traffic went away. The problem was at the time, no machines were logged on to the wireless.

So I changed the password and that killed that stream and this time it hasn’t come back. So if it was one of my devices, that wasn’t the cause. Telstra, whose attention was grabbed by Firth and my posting, sent out a technician yesterday. After marveling at the speed of my connection, he could not pinpoint a cause. It could have been someone sophisticated logging on but this might be taking CIA level hacking and for what purpose it is hard to imagine.

The upshot of this is that I was wrong about over-counting of overall usage. Near as I can tell the Bigpond usage meter is accurate.

Where it is not accurate — and this can be a worry for billing — is that it does not necessarily log traffic according to the date it was incurred. That means that on the last day of the billing month, as happened to me this month, you can think you are safe with 1GB left and not receive extra charges but, in fact, not be and receive those charges. Why it can’t be real time given that Telstra internally can tell these things is beyond me. Put simply, if you are a high user, having the PRTG going is a good idea.

For me, so long as that extra traffic does not return, I will be well under my cap with relaxed usage. So I’m pleased about that. I am troubled that we can’t rule out a security issue so I am now monitoring for that and the logs I keep might help identify what happens if it returns.

The point is that had I just down tools and switched providers, I would have had a slower connection and continued to have had high usage. Sometimes, it isn’t Telstra’s fault.

[/DDET]

7 thoughts on “Telstra usage meter redux”

  1. I agree that hacking into your wireless seems unlikely if you are using wpa2. More likely is a) a fault in one of your computers or network devices or b) one of your machines has been compromised by a virus that is not working properly (hence the lack of uploads).

    Like

  2. But all devices were off and there was still a download. Also, if it was a computer virus how come it depends on the network password. Shouldn’t it just restart. And why are they downloading those usually upload.
    And all this has to happen on Macs? The Telstra people ruled all that out.

    Like

  3. Is it possible that you either: have both WPA2 and something weaker like WEP enabled on the wireless router; or have more than one device acting as a wireless router (possibly with default settings)?

    Like

  4. No extra wireless routers and all running WPA2. As I said, a Telstra expert came in and audited my network security and gave it a clean bill of health.

    Like

  5. that’s very disturbing re untraceable downloads. Is it possible that you have a cable modem virus? They’re rather obscure, but do exist, or at least have in the past (eg http://www.dslreports.com/shownews/78295). Can you flash/update the firmware or something?
    Also, Telstra itself advertises its bigpond cable extreme as max 30 mbps so it’s rather strange (and lucky!) that you get above  it ;).

    Like

  6. For those of you interested, most routers support a protocol called snmp, which reports bandwidth (and various other details) for each of the ports. Using software like mrtg or prtg, you can document your network’s behaviour. The key thing is that you can exclude `local’ traffic across the machines on your own network, and isolate how much is going through the wireless interface, how much up/down to your internet service provider, etc.

    Like

  7. 1) Being an ‘online-content-savvy’ person, 30gb is a lot of  content (0.5gb on a high compression gives you  roughly an hour). The volume probably adds to the confusion but I don’t think any other type of data would generate that sort of volume.
    2) Torrents (which generate upload activity) aren’t the only content distribution method. Newsgroups are another culprit, but in your case, I’d guess filehosting services such as rapidshare or even viewing media streams (such as YouTube). Both of these only generate one-way traffic.
    3) As for compromising network security, I’d take a stab and guess that your home computer has been compromised. The weakest link in your security would likely be the point where you set it up (especially if someone was logging your keystrokes).   If the problem does come back, try using MAC-address filtering and hide your SSID.
    4) Of course, the obvious explanation is, your kids have evolved into cyborgs and are downloading Vintage Wiggles directly to their Hypothalamus.

    Like

Comments are closed.