A couple of weeks ago, we got a warning that we were going over our bandwidth limit of 320Gb, which is excessive for us. When inspecting the Hitron, there were 3 rules added under port forwarding, that were not there before. I originally setup the router and changed the cusadmin default password and told nobody, so I do not know how the port rules were added.
I called Rogers tech support and explained. They were puzzled too. We factory reset the modem and went on.
Two weeks later, in a new billing period, I checked bandwidth usage. During a day when internet useage was very light, we did almost 8Gb of data. When I logged into the Hitron, there were again, 3 port forwarding rules added. 1 Toredo and 2 Skype. We don't use Skype. I have to assume somebody is logging into the Hitron from the WAN (internet) port to make changes, as I have secured the Hitron from my local side. No open WiFi, no unrecognized clients connected, default passwords changed.
I called Rogers, and got escalated to a Tech Expert. They had no answers or explanations. Again we factory reset the Hitron. They also recommended that I leave the Hitron unplugged for 8 hours to get a new WAN IP assigned and see if that helps (I call this security through obsurity), which is not a great solution. I am unable to diasable the login through the WAN port.
My question, is anybody else experiencing this type of behaviour?
It is worriesome as it appears I am being billed for bandwidth that I am not using. The Hitron has no features either to help assist with the detective work, ie. good logs or routing tables. For now I am just watching closely my Hitron and data useage.
Solved! Solved! Go to Solution.
I also had Teredo port forwarding rule added recently which coincided with the firmware update, I got 188.8.131.52 version recently and probably it has something to do with firmware, but for sure it looks weird...
Yes, that's for CGNM, I got a firmware update On March 25, so Teredo port forwarding rule was added within the last several days. I removed it now, so curious if it will be added back.
P.S. And the new firmware also changed my IP from 99.XX.XX.XX to 7.XX.XX.XX
Thanks for the info in your post - I've also had disturbing usage numbers from Rogers reports .. often 5 days or more a month with a range of 6GBs to 15GBs. March 17th we had a single day hit of over 41 GBs .. our Plan limit was 80GBs the day before we had only used 75% of our allowed bandwidth & the day after we were at 125%. I also called Rogers to see what they could do - and apparently nothing, I did get a template e-mail saying what I could do on average with Band width - none of their examples went anywhere near the 41GB usage level I experienced & they didn't have any idea what to do except upgrade.
So we did upgrade to a new plan Ignite 60 with a 200GB limit. I'm still searching for a cause - hoping that something was wrong in the old modem which Rogers replaced with a Hetron.
Thank you for the heads up on port forwarding - I will check on that regularly.I just took a look and have no rules set up, but the Port Forwarding was enabled. I assume that's a default set-up. So I disabled it & will add this to a checklist of what to verify on a reular (maybe weekly) basis to avoid these overages. If I'm really lucky the new Router will staop whatever the driver was for the 41GBs - but I don't really expect that to be the case.
It's pretty clear that I either accept being eventually pushed to the expense of unlimited bandwidth or spend a lot of personal time & effort finding tools that actually provide data that can be analyzed, and doing my own tracking.
The port forwarding stuff, should have nothing in general to do with your usage overage.
One thing that has come up is the possibility of MAC address cloning.. changing over to the new modem, will be a new MAC and would hopefully help with that.
Generally though usage i find pretty darn close to accurate.. only times i have seen number up, is when i KNOW i was doing something... downloading, torrenting, lots of streaming, etc.
One thing to do, is make sure EVERY device is ok.
Power cycle everything with an internet connection.
Make sure none of them is trying to SYNC anything (something like a cloud snyc that is stuck, etc), etc.
As i had reported earlier in the thread.
Those entries are being added (and not removed properly) by them trying to fix the UPNP issues on the CGN3.
They should normally be invisible in the background and not seen.
Teredo tunneling, the forwarding its doing.. is part of something that is done usually as part of an IPv6 to IPv4 setup.
Likely as specfic devices on the home network there, which MIGHT have IPv6 enabled on them.. may be trying to set up their tunnel connection.
These are not malicious.
As i had stated earlier, unless you specifically need it, best bet overall is to turn off the UPNP on the gateway.
I tried it aswell clearing port forwarding of 1 u/k entry and now the modem will not connect? The is a new modem as tech was here today to exchange it. Unfortunately he didn't allow me to do a speed test before he left. I have a package with 250Mbps and I was getting 50Mbps wired up?
If you have port forwarding rules showing up without your input, its most likely due to UPNP being enabled. Check and ensure that it is disabled, then clear out the port forwarding rule, save the settings as you are doing this and then reboot the modem. After the reboot you shouldn't have port forwarding rules showing up unexpectedly.
I am reading this forum because I too have discovered these Toredo & Skype forwarded port mysteriously added to my Hitron CGN3 router. Thanks for all who contributed. I will turn of UPnP and try to digest/understand if this is indeed a 'fix' or what was the real problem. I am uneasy that I can't change the CGN3 username which gives Rogers and others a backdoor into my network.
As long as you change your password, someone shouldnt be able to get into your modem.. (unless they brute forced the password). That login should not be visible externally.. so really only someone within your own network would then be able to.
Regardless of your regular login username/password... rogers will still have access to the modem.
They have a MSO, Superadmin login.. which gives them access to other settings, etc that we do not see (such as changing stuff like the channel binding, etc).
Even back with the old modem only modems, rogers always has access from their back end, internally, to be able to access it and change things, restart it remotely, etc.
As for the fix.. well its a 'workaround' type fix.
It SHOULD be properly fixed IMHO.. but still hasnt yet.
With UPNP, it should turn open the port as needed and then remove it. The problem is, its not removing them.
I have it turned off and have not has any issues Skype or anything else not working, etc.
Do these port forward rules only show up on Rogers gateways or do they also show up on third party routers - as in a config where you have the CGN3 in bridge mode and have another router doing the actual NAT, firewall, etc.