AnsweredAssumed Answered

Internet Data Usage - Unusual Spike in Use

Question asked by prjlnw on Feb 13, 2018
Latest reply on Jul 26, 2018 by prjlnw
Last November I noticed that my internet plan was nearing the monthly cap so I upgraded to the next plan (Internet 75). To my surprise the data usage appears to have more than trebled from an average 125GB/month to 450GB/month. Our usage habits haven't changed that much, so I'm concerned that one of the devices has a rogue P2P program, a misbehaving app,  a Trojan zombie hidden in its works or there is an unauthorized user.
My home network includes a recent Shaw cable modem feeding a Linksys WRT 610n router. There are three windows 10 computers and an XBOX 360 connected by Ethernet. There are a variety of mobile devices connected by wireless: a Windows 10 mobile phone, an android phone, an android tablet, 3 iPads.

I have taken the following steps:

  • I disabled the WiFi connection on the printers
  • I verified that only known devices are connected to the WRT610n router
  • I updated the password on the WRT610n router
  • I enabled  MAC address restrictions on the WRT610n and set up a whitelist
  • I ran malware checkers on the Windows devices (Defender, Fixit, Trend Housecall)
  • I'm using Task Manager on the Windows computers to check App History for unusual network activity on the three Ethernet connected devices
  • I'm using the built in data managers on the Windows and Android devices to monitor their WiFi activity; unfortunately there doesn't seem to be a similar data manager for iOS


3 Questions

  1. Could someone log on directly to the Shaw modem/router using its wireless? I understood the cable modem was in bridge mode and the wireless was disabled. I wouldn't see this activity through my WRT610n router's interface.
  2. Does ShawGo count against my data plan? If so, how do I make sure someone isn't making unauthorized use of that route?
  3. I was thinking of flashing the WRT610n with a third party firmware such as DD-WRT, in order to get more detailed usage history, but that seems rather daunting. Could you suggest third party software/firmware that tracks internet usage at the router for me to investigate?
I'm hoping that if I can identify the source (device or unauthorized user)  of the excessive traffic I can either cut it off or factory reset it.