Wow, that sounds like a lot of work - what a pain. We have been with Rogers forever and never had this problem. It will take me some time to get you the info that you requested, so bear with me - I am not that computer literate! As for the usage logs - you will see that we rarely download anything so the recent history tells the story - somebody has hacked into our system. It's interested that the only thing that the Rogers people told me to do was change our passwords - they did mention adding a mac address to block others, but I didnt really want to do this, as when my adult children or visitors drop by, they want to use the wifi and they would be blocked.
thanks for your help. SW
Hi, yep, it can be a pain. The usage data will really tell if this is yet another case of out of the blue extremely high usage, which is why its important to have a look at it. We're talking tens if not hundreds of gigs in one day, and when you consider what you were doing that day, or days, it won't make any sense. If this is one of those cases, I would like to know so that I can forward this to the Internet Products Manager. The staff that the moderators have access to should also be able to assist. I think usually the overage is discarded or rolled back, but as I indicated earlier, you really have to know your internet habits. There have been cases for example where children were running gaming servers without advising their parents. That must have been an interesting conversation! My theory is MAC address cloning, which in theory should not be possible.
Take your time digesting the post and the to do list below. If you have any questions, please let me know.
To do list:
1. Log into MyRogers copy the daily useage data and paste it into the thread or send it to me via pm. If you click on my name when you are logged into the forum, you will get to my public page. On the upper right hand corner is a link "send this user a private message". Use that link to get to the message composition page, fill in the title and data and hit send. I'm looking for days of extremely high usage that appears out of the blue, so to speak.
2. Log into your modem, copy the STATUS.... DOCSIS WAN downstream and upstream tables and paste them into this thread. With the router in place this can be a pain. But, depending on what modem you have it can be very easy, or a pain. Try logging into 192.168.100.1 Depending on what modem you have, this might or will allow you to log into the modem without disconnecting the router and forcing the modem back to Gateway mode. This won't work with a CGN3 modem. With the CGN3ACR, probably, with the CGN3ACSMR, yes it will work. With a CGN3 modem, you will have to reset it back to Gateway mode using the reset button at the back of the modem, connect a pc or laptop directly to it and log into 192.168.0.1 to get to the STATUS....DOCSIS WAN page.
3. Check for updates for your router. Run the update if required and reset the parameters.
4. Set to disabled, both UPNP and WPS in your router.
5. Set or change the Wifi Security mode to WPA-2 Personal. Encryption mode to AES.
6. Set or change the router wifi network names and passphrases to random characters and reconnect your wifi devices to the new network names.
7. Confirm that you have the modem in Bridge mode. Please let me know. It is possible to run the modem in Gateway mode, with the wifi off, and use the router as a wifi access point. That does take some setting up to avoid any possible IP address conficts.
Yes, in my case, changing out the Cisco modem appears to have solved my issues and I have not had any re-occurences. I first had to rule out that it was not a simple case of someone piggybacking on my service.
The key for me was the IP address specified on the infringement notice did not match the one assigned to me. This IP address can be obtained from the admin console of your modem and checked by any web site that displays your geo-location.
I have learned that Rogers tracks usage via the modem's MAC address, hence my initial queries on the IP descrepency did not get me very far.
Hope this helps
Bigest thing, is as Datalink said,.. is to make sure that everything is secure.. that its not happening FROM there.
And check everything.. (not trying to blame.. or saying not to trust other family members, etc... but there have been MANY times where people have said 'oh my kids would never do that, they told me that they are not and i beleive them'.. and it WAS them doing it, etc.)
Only other possible thing i can think of...
MAY be the possibility of MAC cloning.. of the modem.
Would definately account for the USAGE..
BUT.. i THINK that in those cases, each modem is a seperate IP.. so would be different than your modem..
BUT.. not sure how the back end system works.. i know it views the same mac address, knowing its on your account.. does it then associate BOTH IPs with your account then?
But i think its still the same issue.
Its the case of a MAC cloning.
Everything is traced through the MAC address.. its assigned to your account.. and when the modem connects, gets an IP address.... and then that IP is for now tied to your account (via that MAC address of the modem on your account).
A CLONED modem, would show up attached to your account.. but likely would be assigned a DIFFERENT IP address.... but due to its the same MAC.. that BOTH the IPs would then be associated with your account.
When we receive a notice suggesting that activities associated with your IP address are infringing copyright material(s) owned or exclusively licensed by others then we send out the email to inform you.
I understand you are not downloading anything, but I have seen file sharing programs running in the background on a computer which may be just uploading and the user may not be aware.
We can definitely assist you in finding the root cause of the issue; a team member from CommunityHelps will be in touch with you shortly. Please check your Private Message box which can be accessed from the envelope icon from the top right corner of the page.
Rogers really only passes the information ALONG.
So its (disney in this case?) who detected, or THINKS they detected you doing so.
Usually, they monitor any of the major torrents of something, collect the IP addresses which was connected to it, and then send out the mailings to the ISPs to pass on to the end users.
Its possible its a mistake/false positive.
Make sure, that there is no one else in the house which is doing any torrenting etc.
Only other MINOR possibility.. would be possibly if your modem was MAC cloned.. that someone else there is illegialy appearing as YOUR modem, so it would appear as YOUR usage, etc.
(though usually with this, you would notice an INCREASE in usage on your account as well)
I recently received an email in my junk email from firstname.lastname@example.org with the subject "Rogers EUA Management Team Notice". It is about an illegal download that apparently occured on our IP address. There was also a link to a settlement offer which ended February 16th but I received the email on February 17th.
Is this a real email or spam? Should I be concerned?
Its LIKELY real.. but hard to say without really seeing it.
You could post the content here if you did wish.. just remove ANY of your information from it, including your IP address, etc.
If you or someone at your address had downloaded something.. quite often there will be people from the companies who OWN the rights to those media, who will sit on those torrents, etc as well. They will collect IP addresses of people connected.
They will then send out these notices to the ISP. The ISP doesnt really have any legal involvement otherwise.. its just their job to pass these things on.
Beyond that.. its then between the copywrite holder and you.
Its up to them if they then chose to try and take legal action against you or not.
Many of them (the small rights holders) will often try to do it just to leech money off people.. get you to pay a setlement so they DONT take you to court... even though they likely never would.
Again, rogers generally wont do much.
They could, by choice, choose to close your services if you did receive too many of these.. as doing those acts techncailly do go against the rogers ToS.