Last November I noticed that my internet plan was nearing the monthly cap so I upgraded to the next plan (Internet 75). To my surprise the data usage appears to have more than trebled from an average 125GB/month to 450GB/month. Our usage habits haven't changed that much, so I'm concerned that one of the devices has a rogue P2P program, a misbehaving app, a Trojan zombie hidden in its works or there is an unauthorized user.
My home network includes a recent Shaw cable modem feeding a Linksys WRT 610n router. There are three windows 10 computers and an XBOX 360 connected by Ethernet. There are a variety of mobile devices connected by wireless: a Windows 10 mobile phone, an android phone, an android tablet, 3 iPads.
I have taken the following steps:
- I disabled the WiFi connection on the printers
- I verified that only known devices are connected to the WRT610n router
- I updated the password on the WRT610n router
- I enabled MAC address restrictions on the WRT610n and set up a whitelist
- I ran malware checkers on the Windows devices (Defender, Fixit, Trend Housecall)
- I'm using Task Manager on the Windows computers to check App History for unusual network activity on the three Ethernet connected devices
- I'm using the built in data managers on the Windows and Android devices to monitor their WiFi activity; unfortunately there doesn't seem to be a similar data manager for iOS
- Could someone log on directly to the Shaw modem/router using its wireless? I understood the cable modem was in bridge mode and the wireless was disabled. I wouldn't see this activity through my WRT610n router's interface.
- Does ShawGo count against my data plan? If so, how do I make sure someone isn't making unauthorized use of that route?
- I was thinking of flashing the WRT610n with a third party firmware such as DD-WRT, in order to get more detailed usage history, but that seems rather daunting. Could you suggest third party software/firmware that tracks internet usage at the router for me to investigate?
I'm hoping that if I can identify the source (device or unauthorized user) of the excessive traffic I can either cut it off or factory reset it.