Alarming amount of outbound data on my DD-WRT WAN page

[Format _C:]

I have a Netgear R7500v2 flashed with DD-WRT firmware and the past coupple of days there has been a very high amount of outbound (uploaded) data. I have not connected any new devices to my network or gave anyone my WiFi password nor do I see any devices I don't recognize on my network. I also have not changed any settings on cloud based apps (Google Drive or Microsoft OneDrive). So what gives?

 

[Nobu]

Got any p2p update programs installed and set up to share? I know WoW had that option, and I think windows update did for a while (or at least over the lan).

Is it coming from one device, or multiple, and what ports is it going out on? Might need to dust off the old packet sniffer if your router doesn't say.

 

[MrGuvernment]

Comprimised maybe? Not sure of any current DD-WRT exploits though, have any NAT rules? SSH enabled or anything? Is it up to date with the latest DD-WRT ? plenty of routers stock firmware's have been exploited in 2020

 

[pendragon1]

look in the log or turn everything off and back on one at a time. if you figured out how to flash it you should be able to figure out how to track it down.

 

[Format _C:]

Got any p2p update programs installed and set up to share? I know WoW had that option, and I think windows update did for a while (or at least over the lan).

Is it coming from one device, or multiple, and what ports is it going out on? Might need to dust off the old packet sniffer if your router doesn't say.

I don't have any p2p programs running at least since October 12th. I was too busy downloading *cough* *linux* distros. That is the problem I don't know what device is sending it out.

Comprimised maybe? Not sure of any current DD-WRT exploits though, have any NAT rules? SSH enabled or anything? Is it up to date with the latest DD-WRT ? plenty of routers stock firmware's have been exploited in 2020

I am using an older version by kong before He stopped doing DD-WRT the new ones were not stable for my router it would only last 1 day - to 1 week before it just automatically rebooted itself

 

[MrGuvernment]

Does DD-WRT not show where the data is going out from, like a LAN ip? or just shows as coming from the router?

Could consider setting up a temp syslog server and dumping everything from DD-WRT to that, I think DD-WRT can dump to an external syslog server...

Could always reset it entirely, reinstall DD-WRT and see if it continues. is there a reason you went with DD-WRT over the stock firmware? I know everyone says use DD-WRT but if you are not using any of the added features, and your router maker has released recent firmware updates into 2020, you may be more secure going that route.

 

[Format _C:]

I use DD-WRT because I like the interface better then the Netgear "Genie" Stock firmware also the Netgear's interface is very slow navigation and applying settings.
I also found the culprit my Galaxy S9+ got an update the other day from AT&T and it asked me to sign back into my Samsung account and apparently that enabled auto backup.
I hate Bixby I want nothing of it but I do like the Samsung Galaxy line oh well.

 

[SamirD]

Glad you found the root cause. I was going to say disconnect the Internet for a few hours and then check if any of the devices had error message on them.

 

[Format _C:]

Glad you found the root cause. I was going to say disconnect the Internet for a few hours and then check if any of the devices had error message on them.

Yes I was wondering where all of my data was actually going I am glad I found out it was not someone in China or other Country stealing my personal information to sell on the "black web" not like I have any actual personal data or stuff to hide but still a relief to know where it went.

 

[SamirD]

Yes I was wondering where all of my data was actually going I am glad I found out it was not someone in China or other Country stealing my personal information to sell on the "black web" not like I have any actual personal data or stuff to hide but still a relief to know where it went.

This is a very real fear in today's cyberwar. I can't wait until the enemy is simply blocked from our domestic traffic. All those scam packets being routed constantly wasting bandwidth is absurd.

 

[Format _C:]

Yes there is a lot of scam sites out there. I was looking for a service manual for my RCA (Panasonic made) S-VHS VCR (remember those! ) anyway there is a lot of sites that claim to have it for free (a lot leading to Google Docs page shame on you for allowing this Google).

There are also a lot of what I call "placeholder" type sites like Popscreen picclick and probably a whole lot more. The on-line connected world today is full of scammers and bad things.

I was on Facebook a week ago and there was an Ad (Shame on you Zuckerburg) advertising a 2019 Honda Accord for $1,200 USD (when they put USD it is a clear sign of a scam because in the US that is assumed, also the picture of the car had palm trees there are no palm trees in New Haven Connecticut the last time I looked)

 

[pendragon1]

I was looking for a service manual for my RCA (Panasonic made) S-VHS VCR

pm me the model, i still have a couple kicking around and my google-fu strong

 

[SamirD]

Yes there is a lot of scam sites out there. I was looking for a service manual for my RCA (Panasonic made) S-VHS VCR (remember those! ) anyway there is a lot of sites that claim to have it for free (a lot leading to Google Docs page shame on you for allowing this Google).

There are also a lot of what I call "placeholder" type sites like Popscreen picclick and probably a whole lot more. The on-line connected world today is full of scammers and bad things.

I was on Facebook a week ago and there was an Ad (Shame on you Zuckerburg) advertising a 2019 Honda Accord for $1,200 USD (when they put USD it is a clear sign of a scam because in the US that is assumed, also the picture of the car had palm trees there are no palm trees in New Haven Connecticut the last time I looked)

The 'freedom' of the Internet unfortunately has allowed humanity to do what it does best--ruin it. 'This is why we can't have nice things' comes to mind.

The funny thing is that all of this stuff can be stopped with responsibility being tacked on to site publishers, hosting companies, and platforms. If in real life your building is being used as the headquarters for nefarious purposes, you can get in trouble. But in the online world, it's one big party where you can bait and switch all day, import fake goods and lie outright and just prey on people who may not know better because there are no laws to protect them. The big hairy mess that is the Internet is getting locked down and the EU is leading that charge, and in a good way. Without regulation and fairness being imposed and forced, people will just behave recklessly and irresponsibly, and large US based companies are leading the charge. It's really sad that integrity is next to nonexistent. As the owner of an online platform, I would feel horrible if my platform was being used to harm others.

 

[Format _C:]

Yes I agree 100% with SamirD's statement above.
I think the EU is right this time but other times they need to get lost.

Why ban lamps for LED junk that claims to last 25 years (how do they know that? as LED's for general lightning purposes have not even been around for 25 years) the other good stuff (Metal Halide, Mercury Vapor High/Low Pressure Sodium and don't forget incandescent or magnetically ballasted fluorescent fixtures) yes I am a lighting collector and enthusiast.

 

[SamirD]

There used to be some sort of 'truth in advertising' liability. But the fakers/fraudsters have been getting away with violating that without any consequences so now everyone does it. BIG HINT--the reason the third world is what it is, is because of the lack of law enforcement. By not putting our foot down and enforcing laws, we are slowly sliding into the gutter...