On Thu, 2004-02-19 at 00:08, [EMAIL PROTECTED] wrote: > Hi all, > > A client who uses (is stuck with) bigpong adsl has had some mysterious > traffic during the night lately. > > Twice so far, around 50mb. > Strange that there may be no traffic for an hour then an hour totaling > maybe 20mb. > [snip] > He closes the lid on his G4 PB and goes to bed. > Helstra hasn't given an explanation, only an offer to remove the > mystery usage. > My 1st hunch was his much loved BBC radio streams, but they are thin > ones at 16 or 32kbps or so.
That can really add up. > Not to mention the computer is off/asleep. ... but not if the machine can't be streaming audio. > I'm most curious though, can anyone hazard a guess as to what this may > be? > My current stab in the dark is a glitch (or hack) in helstra's > monitoring system, could someone be stealling bandwidth/throughput from > bigpong? (a) Telstra monitoring glitch (b) Some background app on the system doing stupid things (think swupdate) (c) Someone using some sort of backdoor to remote control the mac (d) someone sending traffic at his IP while his computer is not active (easy if connected via a DSL router) Note that a computer need not even be on for udp traffic, tcp SYN packets, etc to be sent to the connection, so long as the connection it's self is active - say, via a router. If you have a colocated server at an ISP and want to make a Telstra user signed up to a pathetic plan miserable, a high speed ping or a udp traffic generator will do nicely. They'll be charged for the "usage" because there's really no way to tell if they requested it or not. (Of course, they could probably dispute the usage, and if kept going too long the traffic would be detected - resulting in much pain for the traffic sender). Note that this situation is very unlikely, but I'm including it to show that the traffic needn't even be intended for him. For example, this can happen innocently if somebody is trying to communicate with his IP, because that's the IP they were talking to before it was reassigned. Of course, few programs will generate 50mb of traffic over a few hours just trying to connect... Best way to find out: if you can, start a tcpdump (surely OSX has tcpdump or similar tools) and leave the machine running overnight. Examine the resulting packet trace file and see what's going on. Ethereal is a wonderful program to examine packet traces, and I think it's available for OSX. Craig Ringer
