I have a wireless router that sits behind the cisco cable modem. I have a number of wired connections and wireless devices that access my router.
I have been receiving 'Rogers EUA Management Team' notices in the form of email's forwarded from Twentieth Century Fox. I first observed these notices in my spam filter and contacted Rogers Internet support to confirm that they were indeed valid.
I do not download or share multimedia content. We do access subscribed content via Netflix, Mubi and Amazon Prime (yes a VPN is required for this).
The notices all refer to the same file accessed via the same IP address over at least a month (I have only kept the most recent notices as I assumed it was spam initially).
The emails contain Evidentiary information that includes:
- Notice ID
- Protocol = BitTorrent
- IP Address
- Port ID
- File name
- File Size
A. The steps I had taken to investigate this issue:
1. Asked everyone in the house about their use of content (we do have access to a large quantity of paid content).
2. Educated everyone about Torrents and their use
3. Scanned my computer (and network files) for the file in question....but did not find it.
4. Scanned both my desktop and laptop for viruses and malware...have not physically scanned my sons laptops, but they have access to the same anti malware software.
5. Changed the passwords to my wireless network (I use WPA2-Personal encryption)
6. Mapped all known MAC addresses to specific IP addresses
7. Setup a specific DHCP range to capture any unknown MAC addresses connecting wirelessly.
8. Turned on logging at the router to capture suspicious activity
9. Tried to setup port blocking of the port specified in the infringement notice....not sure if this was done properly
Today I received another notice about an infringement that happend yesterday (at 17:27:52 GMT, I assume 13:27 our time). No one was home at that time and i was not able to capture the log activity as the events for this time had been overwritten before I could save them.
At this time I would like to investigate the IP address identified in the notice as it does not match the external IP address I have had over the last few days. I have asked Rogers to confirm that the notification has been routed to the correct customer, but I have not been taken seriously in this regard. The external IP address I currently have has not been renewed since I last checked and does not match the IP address found in the infridgement notice(s).
I have gone to a number of geo-location sites to confirm my external IP address. The address on the notice(s) is also a Rogers IP, but it definately was not assigned to me over that period of time.
Is there something else that I am missing or some IP translation that I don't understand. I cannot see how the IP address is mapped to me.
Any help would be appreciated.
Solved! Solved! Go to Solution.
Thanks @TeDD13 and @Gdkitty for the quick response. Went out and upgraded my modem to the Hitron...just finished reconnecting everything.
I will continue monitoring my router logs and hopefully I will not receive any further notifications. Will post again later in the week. Thanks again for the info.