I have a wireless router that sits behind the cisco cable modem. I have a number of wired connections and wireless devices that access my router.
I have been receiving 'Rogers EUA Management Team' notices in the form of email's forwarded from Twentieth Century Fox. I first observed these notices in my spam filter and contacted Rogers Internet support to confirm that they were indeed valid.
I do not download or share multimedia content. We do access subscribed content via Netflix, Mubi and Amazon Prime (yes a VPN is required for this).
The notices all refer to the same file accessed via the same IP address over at least a month (I have only kept the most recent notices as I assumed it was spam initially).
The emails contain Evidentiary information that includes:
- Notice ID
- Protocol = BitTorrent
- IP Address
- Port ID
- File name
- File Size
A. The steps I had taken to investigate this issue:
1. Asked everyone in the house about their use of content (we do have access to a large quantity of paid content).
2. Educated everyone about Torrents and their use
3. Scanned my computer (and network files) for the file in question....but did not find it.
4. Scanned both my desktop and laptop for viruses and malware...have not physically scanned my sons laptops, but they have access to the same anti malware software.
5. Changed the passwords to my wireless network (I use WPA2-Personal encryption)
6. Mapped all known MAC addresses to specific IP addresses
7. Setup a specific DHCP range to capture any unknown MAC addresses connecting wirelessly.
8. Turned on logging at the router to capture suspicious activity
9. Tried to setup port blocking of the port specified in the infringement notice....not sure if this was done properly
Today I received another notice about an infringement that happend yesterday (at 17:27:52 GMT, I assume 13:27 our time). No one was home at that time and i was not able to capture the log activity as the events for this time had been overwritten before I could save them.
At this time I would like to investigate the IP address identified in the notice as it does not match the external IP address I have had over the last few days. I have asked Rogers to confirm that the notification has been routed to the correct customer, but I have not been taken seriously in this regard. The external IP address I currently have has not been renewed since I last checked and does not match the IP address found in the infridgement notice(s).
I have gone to a number of geo-location sites to confirm my external IP address. The address on the notice(s) is also a Rogers IP, but it definately was not assigned to me over that period of time.
Is there something else that I am missing or some IP translation that I don't understand. I cannot see how the IP address is mapped to me.
Any help would be appreciated.
Solved! Solved! Go to Solution.
Thanks @TeDD13 and @Gdkitty for the quick response. Went out and upgraded my modem to the Hitron...just finished reconnecting everything.
I will continue monitoring my router logs and hopefully I will not receive any further notifications. Will post again later in the week. Thanks again for the info.
As of today I have not received any new infringement notices. I have not had any issues or problems with the new modem/router.
Thanks again for the help....its been an interesting (if not time consuming) learning experience.
Over the last few months we have been getting emails indicating that there has been infringement claims from our IP address. We do not download anything. We were advised to change our passwords on both the modem and router, which we did. The emails stopped for a few weeks, but have since started again. I now got a notice from Rogers that we have exceeded the monthly data (270 gb) and will be charged for the excess. We are only half way through the month. I dont know what else to do. Please help - I cant afford for this to keep happening and we have done everything that Rogers advised us to do. How can we find out who is doing this and how can we end it? A friend of mine had a similar sitation and they feel that is may be a Rogers employee that is doing this....as we have changed all passwords and it is still happening?
I have the exact same problem - we received numerous emails about infringement claims and they are not being done from anyone in my household. We have changed our passwords and are still having problems. We now got a notice from Rogers that we have exceeded our monthly data alotment and it is only halfway thru the month. We have the Cisco modem that you referred to.....do you really think by changing it, that this has worked for you?
thx for your help.
Hi, can you log into MyRogers, navigate to the daily internet usage page, copy the data and either post it or send it to me in a private message. There have been problems in the past with extremely high usage being reported where people have not been at home for example or away on vacation. That hasn't happened for a while from what I've seen posted, but it doesn't mean that it can't happen again. Perhaps yours is one of those cases. You will need to have a moderator reach you via private message in order to have one of the staff contact you to assist in this particular matter. You will have to really know your internet habits and whether or not the daily download data makes any sense, given your usage habits.
Can you also log into your modem, navigate to the STATUS..... DOCSIS WAN page, copy the downstream and upstream tables and paste them into this thread. That will allow me to check for any abnormal signal levels on the RG-6 cable that feeds the modem.
For your router, you should ensure that the UPNP is disabled, WPS is disabled and that the Wifi Security mode is set to WPA-2 Personal using AES for encryption. AES should be the sole selection. Do not use WEP or the TKIP/AES combination. UPNP can be usefull but it is also a security hazard in that it can change your router settings without your knowledge. WPS, WEP and TKIP are not secure anymore and should not be used. TKIP is also not allowed by the 802.11n spec to run higher data rates and will lock the data rate to g mode rates, 54 Mb/s max.
The one way to really increase wifi security is to use a random network names, and I do mean random. Since you very very rarely have to enter the network name into anything you should use random characters, numbers, symbols etc. This can be easily done by using the password generator at: https://www.grc.com/passwords.htm
If you go to that page, you will see three different 63 or 64 character passwords. Every refresh of that page generates new password strings. The wifi network name is 32 characters in length. You can take the first 32 characters of a password string and use them for the name. For example, from the grc site, using the 63 random printable ASCII characters, ie the middle selection:
The first 32 characters can be used as the wifi network name:
If you refresh that page, the next complete string, either 63 or 64 characters long can be used for the network passphrase if you so choose. Yep, its a bit of work keying 63 or 64 characters into something like an ipod, but you won't have to change it very often. In the case of laptops, you can create a notepad file that holds both, network name and passphrase, or just the passphrase and then its just a copy and paste into the laptops password entry window when you reconnect the laptop to the new network name. That is what I do to secure my wifi networks, random network names and passphrases, using random passphrases from the grc.com site. If you don't want to use the random characters, come up with a mixed character string that means something: OURdogis13YEERSoldinSEPTEMBER or something along those lines.
Ok, so what does this do for you? Going to a completely random network name prevents hackers from using precomputed lookup tables to crack wifi networks, including those that use WPA-2 Personal AES, but with common or simple network names and passphrases. Some enterprising individual has taken the time to generate the tables necessary to crack wifi networks that use simple, common network names and passphrases from previous hacks and the dictionary, and has made them available to purchase. The easiest way to thwart those tables is to use completely random network names and passphrases. If your router doesn't like the middle passphrase due to some of the characters, you can use the top passphrase, which is a hexadecimal 64 character string.
Ok, there is some homework to get you started in ensuring that your wifi is secure from hackers, or anyone that you might suspect. You should be aware that if you have the modem running in Bridge mode, and the router running in full router mode, with its firewall up, no one from Rogers will be able to see beyond the modem. The one thing that you should do is ensure that the router is up to date with its firmware. There have been several security alerts raised over the last year to two years as vulnerabilities have been discovered in router firmware from various companies. This has resulted in firmware updates to deal with those issues, but, the router owners have to be aware of those updates and ensure that they are installed.