Community Forum

Troubleshooting data usage using my Gateway

Regular Visitor

Troubleshooting data usage using my Gateway

 

I just ran a few reports from my gateway and the results are odd and concerning. . . I am not sophisticated in technology, my efforts, thoughts, and conclusions are my own brand of research and deduction, so please be kind.  (Thanks for taking the time to review this info, I know it is a lot)

 

PROBLEM - My household has been running over the Tb internet data cap.  I have given much effort to ID the cause(s) and fixing the problems.   I think I have spent the equivalent of a month on the phone with Xfinity and we have not agreed,  I was unable to find a department or individual that has knowlege of what this information means. This is a little surprising, because this is a rental from the company.  Let me say it is my determination that there is no over-usage from our side AND I am willing to accept that a lot data is being shoved to my gateway,  My gateway is very busy - let me show you . . 2 Questions and 3 reports.  

 

QUESTIONS: 

1)  WHEN DEVICES OUTSIDE OF MY HOME  NETWORK CONTINUOUSLY TRY (THOUSANDS AND THOUSANDS OF TIMES EACH DAY) TO GAIN ACCESS IS DATA USED?  

2)  WHAT IN  THE HECK IS GOING ON? AND WHAT SHOULD i DO?

-------------------------------------------------------------

1) EVENT LOGS: I ran for the last 90 days - the report is 42 pages long 

All logs for Last 90 Days        772 Critical Events

These are the types of events listed.

1)  Occurred 6 Times   [Wifi][839]: KeyPassphrase changed    

2)  Occurred 18 Times    Dhcpc][2172]: erouter0 got new IP 

3)  Occurred too Many times to count  [Docsis][1002]: No Ranging Response received - T3 time-out       

4)  Occurred 13Times   Firewall[506]: DoS Attack - TCP SYN Flooding IN=erouter0 OUT= MAC=80:b2:34:35:92:c6:00:01:5c:88:0e:46:08:00 src=84.249.8.166 DST=73.255.142.200 LEN=52 TOS=00 PREC=0x20 TTL=112 ID=1453 DF PROTO=TCP SPT=59543 DPT=6881 SEQ=1613655 [Dhcpc][2069]: erouter0 T1 Expired, Enter Renew State        2017/12/29

5) (Didn't find this variant when I first counted, #?) [Dhcpc][2069]: erouter0 T1 Expired, Enter Renew State

 

2) MANAGED DEVICES I ran for the last 90 days - the report is 13 pages long

Feb 20 through Feb 28,2018 -  60547 Attempts Blocked in 9 days

Time

Date / Time

Device MAC Address

Attempts

Outcome

Total by Device

# Days

1045p

Feb 20 22:45:11 2018

Device #1 MAC:30:8D:99:2B:C6:80  

   791

Device Blocked

         7327

     9

1158p

Feb 21 23:58:02 2018

  

   914

Device Blocked

 

 

1158p

Feb 22 23:58:01 2018

 

   848

Device Blocked

 

 

1158p

Feb 23 23:58:02 2018

 

   833

Device Blocked

 

 

1158p

Feb 24 23:58:02 2018

 

   787

Device Blocked

 

 

1158p

Feb 25 23:58:02 2018

 

   788

Device Blocked

 

 

1137p

Feb 26 23:37:15 2018

 

    620

Device Blocked

 

 

1158p

Feb 27 23:58:01 2018

 

    805

Device Blocked

 

 

1158p

Feb 28 23:58:02 2018

 

    941

Device Blocked

 

 

358p

Feb 21 15:58:01 2018

Device #2 MAC:B4:7C:9C:57:38:02    

   4645

Device Blocked

   12484

    2

958p

Feb 20 21:58:01 2018

 

   7839

Device Blocked

 

 

158am

Feb 25 01:58:02 2018

Device  #3 MAC:C4:9D:ED:37:F79

   6

Device Blocked

   3761

    7

258am

Feb 27 02:58:02 2018

 

   6

Device Blocked

 

 

927am

Feb 24 09:27:04 2018

 

   926

Device Blocked

 

 

1058p

Feb 20 22:58:02 2018

 

    20

Device Blocked

 

 

1158p

Feb 22 23:58:01 2018

 

 1926

Device Blocked

 

 

1158p

Feb 23 23:58:02 2018

 

   867

Device Blocked

 

 

1158p

Feb 26 23:58:02 2018

 

    10

Device Blocked

 

 

1158p

Feb 20 23:58:01 2018

Device #4 MAC:54:BE:F7:04:CD:E4    

 4197

Device Blocked

   36975

   9

1158p

Feb 21 23:58:02 2018

 

 7549

Device Blocked

 

 

1158p

Feb 22 23:58:01 2018

 

 2144

Device Blocked

 

 

1158p

Feb 23 23:58:02 2018

 

2064

Device Blocked

 

 

1158p

Feb 24 23:58:02 2018

 

4325

Device Blocked

 

 

1158p

Feb 25 23:58:02 2018

 

3921

Device Blocked

 

 

1158p

Feb 26 23:58:02 2018

 

5399

Device Blocked

 

 

1158p

Feb 27 23:58:01 2018

 

5480

Device Blocked

 

 

1158p

Feb 28 23:58:02 2018

 

1896

Device Blocked

 

 

 

3) FIREWALL LOGS:  This is 1 of the 3 pages covering FIREWALL LOGS in the  last 30 days.

 

This report is the scariest to me. . .  

Device MAC:44:6D:6C:89:8F:AF , 794 Attempts, 2018/3/22 02:24:19

Device Blocked

 

FW.IPv6 FORWARD drop , 390 Attempts, 2018/3/22 02:24:19

Firewall Blocked

 

Device MAC:54:BE:F7:04:CD:E4 , 1186 Attempts, 2018/3/22 01:58:01

Device Blocked

 

FW.IPv6 FORWARD drop , 368 Attempts, 2018/3/21 23:58:01

Firewall Blocked

 

Device MAC:44:6D:6C:89:8F:AF , 2041 Attempts, 2018/3/21 23:5h:01

Device Blocked

 

Device MAC:C4:9D:ED:37:F79 , 5532 Attempts, 2018/3/21 15:30:24

Device Blocked

 

FW.WANATTACK DROP , 81 Attempts, 2018/3/21 14:58:02

Firewall Blocked

 

FW.IPv6 INPUT drop , 4 Attempts, 2018/3/21 10:58:01

Firewall Blocked

 

FW.IPv6 FORWARD drop , 349 Attempts, 2018/3/20 23:26:06

Firewall Blocked

 

FW.IPv6 INPUT drop , 4 Attempts, 2018/3/20 20:58:02

Firewall Blocked

 

Device MACC:3A:5E:71:32:EB , 1093 Attempts, 2018/3/20 15:30:18

Device Blocked

 

Device MAC:54:BE:F7:04:CD:E4 , 615 Attempts, 2018/3/20 12:00:20

Device Blocked

 

FW.IPv6 FORWARD drop , 310 Attempts, 2018/3/19 23:58:02

Firewall Blocked

 

FW.IPv6 INPUT drop , 13 Attempts, 2018/3/19 22:58:01

Firewall Blocked

 

FW.WANATTACK DROP , 240 Attempts, 2018/3/19 17:58:01

Firewall Blocked

 

FW.IPv6 FORWARD drop , 124 Attempts, 2018/3/18 23:58:02

Firewall Blocked

 

FW.IPv6 INPUT drop , 3 Attempts, 2018/3/18 16:58:01

Firewall Blocked

 

FW.WANATTACK DROP , 161 Attempts, 2018/3/18 14:58:02

Firewall Blocked

 

FW.IPv6 FORWARD drop , 146 Attempts, 2018/3/17 22:58:02

Firewall Blocked

 

FW.IPv6 INPUT drop , 2 Attempts, 2018/3/17 21:58:01

Firewall Blocked

 

FW.IPv6 FORWARD drop , 73 Attempts, 2018/3/16 20:58:02

Firewall Blocked

 

FW.IPv6 FORWARD drop , 104 Attempts, 2018/3/15 23:58:02

Firewall Blocked

 

FW.IPv6 INPUT drop , 3 Attempts, 2018/3/15 21:58:02

Firewall Blocked

 

FW.LAN2SELF DROP , 4 Attempts, 2018/3/15 18:58:01

Firewall Blocked

 

FW.WANATTACK DROP , 109 Attempts, 2018/3/15 18:58:01

Firewall Blocked

 

FW.IPv6 FORWARD drop , 278 Attempts, 2018/3/14 22:58:01

Firewall Blocked

 

Device MAC:54:BE:F7:04:CD:E4 , 450 Attempts, 2018/3/14 22:11:35

Device Blocked

 

FW.IPv6 INPUT drop , 15 Attempts, 2018/3/14 20:58:01

Firewall Blocked

 

Device MAC:C4:9D:ED:37:F79 , 82 Attempts, 2018/3/14 19:48:54

Device Blocked

 

Device MAC:30:8D:99:2B:C6:80 , 500 Attempts, 2018/3/14 19:48:54

Device Blocked

 

Device MAC:60:45:BD:99:A8:B8 , 12 Attempts, 2018/3/14 01:58:01

Device Blocked

 

Device MAC:30:8D:99:2B:C6:80 , 641 Attempts, 2018/3/13 23:58:01

Device Blocked

 

FW.IPv6 FORWARD drop , 220 Attempts, 2018/3/13 21:58:02

Firewall Blocked

 

Device MAC:C4:9D:ED:37:F79 , 3925 Attempts, 2018/3/13 15:30:37

Device Blocked

 

FW.IPv6 FORWARD drop , 396 Attempts, 2018/3/12 23:47:08

Firewall Blocked

 

Device MAC:30:8D:99:2B:C6:80 , 570 Attempts, 2018/3/12 23:16:36

Device Blocked

 

Device MAC:44:6D:6C:89:8F:AF , 7784 Attempts, 2018/3/12 21:58:01

Device Blocked

 

Device MAC:60:45:BD:99:A8:B8 , 2 Attempts, 2018/3/12 01:30:08

Device Blocked

 

FW.IPv6 FORWARD drop , 530 Attempts, 2018/3/11 23:58:02

Firewall Blocked

 

Device MAC:30:8D:99:2B:C6:80 , 593 Attempts, 2018/3/11 22:54:26

Device Blocked

 

Device MAC:60:45:BD:99:A8:B8 , 22 Attempts, 2018/3/11 15:30:36

Device Blocked

 

Device MAC:C4:9D:ED:37:F79 , 116 Attempts, 2018/3/11 12:58:02

Device Blocked

 

FW.WANATTACK DROP , 33 Attempts, 2018/3/11 08:58:01

Firewall Blocked

 

Device MAC:30:8D:99:2B:C6:80 , 571 Attempts, 2018/3/10 23:58:01

Device Blocked

 

FW.IPv6 FORWARD drop , 556 Attempts, 2018/3/10 23:58:01

Firewall Blocked

 

Device MAC:54:BE:F7:04:CD:E4 , 2015 Attempts, 2018/3/10 18:58:01

Device Blocked

 

FW.IPv6 INPUT drop , 1 Attempts, 2018/3/10 18:58:01

Firewall Blocked

 

FW.WANATTACK DROP , 110 Attempts, 2018/3/10 09:58:01

Firewall Blocked

 

Device MAC:C4:9D:ED:37:F79 , 94 Attempts, 2018/3/10 08:55:20

Device Blocked

 

Device MAC:44:6D:6C:89:8F:AF , 101 Attempts, 2018/3/10 00:58:02

Device Blocked

 

Device MAC:54:BE:F7:04:CD:E4 , 4892 Attempts, 2018/3/09 23:58:02

Device Blocked

 

FW.IPv6 FORWARD drop , 195 Attempts, 2018/3/09 23:58:02

Firewall Blocked

 

Device MAC:44:6D:6C:89:8F:AF , 16604 Attempts, 2018/3/09 23:58:02

Device Blocked

 

FW.IPv6 INPUT drop , 2 Attempts, 2018/3/09 23:50:00

Firewall Blocked

 

Device MAC:30:8D:99:2B:C6:80 , 759 Attempts, 2018/3/09 23:15:36

Device Blocked

 

Device MAC:C4:9D:ED:37:F79 , 58 Attempts, 2018/3/09 02:58:01

Device Blocked

 

Device MAC:30:8D:99:2B:C6:80 , 787 Attempts, 2018/3/08 23:58:02

Device Blocked

 

Device MAC:54:BE:F7:04:CD:E4 , 1448 Attempts, 2018/3/08 23:58:02

Device Blocked

 

Device MAC:44:6D:6C:89:8F:AF , 12937 Attempts, 2018/3/08 23:58:02

Device Blocked

 

FW.IPv6 FORWARD drop , 66 Attempts, 2018/3/08 22:58:01

Firewall Blocked

 

Device MAC:C4:9D:ED:37:F79 , 21 Attempts, 2018/3/08 02:58:02

Device Blocked

 

Device MAC:30:8D:99:2B:C6:80 , 712 Attempts, 2018/3/07 23:58:02

Device Blocked

 

FW.IPv6 FORWARD drop , 19 Attempts, 2018/3/07 23:58:02

Firewall Blocked

 

Device MAC:44:6D:6C:89:8F:AF , 15899 Attempts, 2018/3/07 23:58:02

Device Blocked

 

Device MAC:54:BE:F7:04:CD:E4 , 1203 Attempts, 2018/3/07 20:58:01

Device Blocked

 

Device MAC0:04:01:3C:5E:EE , 9 Attempts, 2018/3/07 17:58:01

Device Blocked

 

FW.WANATTACK DROP , 4 Attempts, 2018/3/07 02:58:01

Firewall Blocked

 

Device MAC:54:BE:F7:04:CD:E4 , 1823 Attempts, 2018/3/06 23:58:02

Device Blocked

 

Device MAC:44:6D:6C:89:8F:AF , 17197 Attempts, 2018/3/06 23:58:02

Device Blocked

 

Device MAC:30:8D:99:2B:C6:80 , 851 Attempts, 2018/3/06 23:53:11

Device Blocked

 

FW.IPv6 FORWARD drop , 45 Attempts, 2018/3/06 13:58:02

Firewall Blocked

 

Device MAC:C4:9D:ED:37:F79 , 2 Attempts, 2018/3/06 02:58:01

Device Blocked

 

FW.IPv6 INPUT drop , 1 Attempts, 2018/3/06 00:58:02

Firewall Blocked

 

Device MAC:30:8D:99:2B:C6:80 , 713 Attempts, 2018/3/05 23:58:01

Device Blocked

 

Device MAC:44:6D:6C:89:8F:AF , 16376 Attempts, 2018/3/05 23:58:01

Device Blocked

 

FW.IPv6 FORWARD drop , 33 Attempts, 2018/3/05 18:58:02

Firewall Blocked

 

FW.IPv6 INPUT drop , 1 Attempts, 2018/3/05 09:58:01

Firewall Blocked

 

Device MAC:C4:9D:ED:37:F79 , 22 Attempts, 2018/3/05 02:58:01

Device Blocked

 

Device MAC:44:6D:6C:89:8F:AF , 13289 Attempts, 2018/3/04 23:58:01

Device Blocked

 

Device MAC:30:8D:99:2B:C6:80 , 409 Attempts, 2018/3/04 23:52:50

Device Blocked

 

FW.IPv6 FORWARD drop , 1205 Attempts, 2018/3/04 22:58:01

Firewall Blocked

 

FW.IPv6 INPUT drop , 4 Attempts, 2018/3/04 21:12:25

Firewall Blocked

 

Device MAC:54:BE:F7:04:CD:E4 , 2579 Attempts, 2018/3/04 19:58:02

Device Blocked

 

FW.WANATTACK DROP , 202 Attempts, 2018/3/04 10:29:02

Firewall Blocked

 

Device MAC:30:8D:99:2B:C6:80 , 789 Attempts, 2018/3/03 23:58:02

Device Blocked

 

Device MAC:54:BE:F7:04:CD:E4 , 3439 Attempts, 2018/3/03 23:58:02

Device Blocked

 

FW.IPv6 INPUT drop , 1 Attempts, 2018/3/03 19:58:02

Firewall Blocked

 

FW.IPv6 FORWARD drop , 204 Attempts, 2018/3/03 15:58:01

Firewall Blocked

 

Device MAC:C4:9D:ED:37:F79 , 2 Attempts, 2018/3/03 14:58:02

Device Blocked

 

Device MAC:44:6D:6C:89:8F:AF , 5834 Attempts, 2018/3/03 07:58:01

Device Blocked

 

Device MAC:30:8D:99:2B:C6:80 , 939 Attempts, 2018/3/02 23:58:02

Device Blocked

 

Device MAC:44:6D:6C:89:8F:AF , 4200 Attempts, 2018/3/02 23:58:02

Device Blocked

 

Device MAC:54:BE:F7:04:CD:E4 , 2133 Attempts, 2018/3/02 23:58:02

Device Blocked

 

FW.IPv6 INPUT drop , 2 Attempts, 2018/3/02 19:58:02

Firewall Blocked

 

FW.WANATTACK DROP , 80 Attempts, 2018/3/02 01:58:01

Firewall Blocked

 

Device MAC:30:8D:99:2B:C6:80 , 941 Attempts, 2018/3/01 23:58:01

Device Blocked

 

Device MAC:54:BE:F7:04:CD:E4 , 1975 Attempts, 2018/3/01 23:58:01

Device Blocked

 

Device MAC:30:8D:99:2B:C6:80 , 941 Attempts, 2018/2/28 23:58:02

Device Blocked

 

Device MAC:54:BE:F7:04:CD:E4 , 1896 Attempts, 2018/2/28 23:58:02

Device Blocked

 

FW.WANATTACK DROP , 31 Attempts, 2018/2/28 04:58:02

Firewall Blocked

 

Device MAC:30:8D:99:2B:C6:80 , 805 Attempts, 2018/2/27 23:58:01

Device Blocked

 

Device MAC:54:BE:F7:04:CD:E4 , 5480 Attempts, 2018/2/27 23:58:01

Device Blocked

 

FW.IPv6 FORWARD drop , 180 Attempts, 2018/2/27 06:58:02

Firewall Blocked

 

Device MAC:C4:9D:ED:37:F79 , 6 Attempts, 2018/2/27 02:58:02

Device Blocked

 

Device MAC:54:BE:F7:04:CD:E4 , 5399 Attempts, 2018/2/26 23:58:02

Device Blocked

 

FW.IPv6 FORWARD drop , 201 Attempts, 2018/2/26 23:58:02

Firewall Blocked

 

Device MAC:C4:9D:ED:37:F79 , 10 Attempts, 2018/2/26 23:58:02

Device Blocked

 

Device MAC:30:8D:99:2B:C6:80 , 620 Attempts, 2018/2/26 23:37:15

Device Blocked

 

FW.IPv6 INPUT drop , 1 Attempts, 2018/2/26 19:52:51

Firewall Blocked

 

Device MAC:30:8D:99:2B:C6:80 , 788 Attempts, 2018/2/25 23:58:02

Device Blocked

 

FW.IPv6 FORWARD drop , 581 Attempts, 2018/2/25 23:58:02

Firewall Blocked

 

Device MAC:54:BE:F7:04:CD:E4 , 3921 Attempts, 2018/2/25 23:58:02

Device Blocked

 

Device MAC:C4:9D:ED:37:F79 , 6 Attempts, 2018/2/25 01:58:02

Device Blocked

 

Device MAC:30:8D:99:2B:C6:80 , 787 Attempts, 2018/2/24 23:58:02

Device Blocked

 

Device MAC:54:BE:F7:04:CD:E4 , 4325 Attempts, 2018/2/24 23:58:02

Device Blocked

 

FW.IPv6 FORWARD drop , 359 Attempts, 2018/2/24 22:58:02

Firewall Blocked

 

FW.IPv6 INPUT drop , 260 Attempts, 2018/2/24 15:58:02

Firewall Blocked

 

Device MAC:C4:9D:ED:37:F79 , 926 Attempts, 2018/2/24 09:27:04

Device Blocked

 

Device MAC:C4:9D:ED:37:F79 , 867 Attempts, 2018/2/23 23:58:02

Device Blocked

 

Device MAC:30:8D:99:2B:C6:80 , 833 Attempts, 2018/2/23 23:58:02

Device Blocked

 

Device MAC:54:BE:F7:04:CD:E4 , 2064 Attempts, 2018/2/23 23:58:02

Device Blocked

 

 

 ---------------------  

Thanks, Cathy

 

 

Contributor

Re: Troubleshooting data usage using my Gateway

For what it's worth, I looked in my router's logs and I saw 126 DoS attacks yesterday.  However, I'm still at 33GB total for the month so far.  I don't know if things like that get counted, but it would apparently take a LOT of them to generate big data usage numbers.  (Mine is not a comcast-provided unit so it may not log exactly the same things in the same ways as yours.)

 

You do have a lot of devices being blocked, however, I THINK those are just things on your local network and if they are being blocked, then they are not using data (at least when they are blocked.)  Do you have parental controls or some other kind of access control turned on?

 

It would probably be a good idea to look at whatever data use reporting tool each device has.  Or if that fails, turn some of them off for several days a time and see what effect it has.

Regular Visitor

Re: Troubleshooting data usage using my Gateway

I do not know the devices. They are not on my home network. But, they are trying real hard to get in.
Diamond Problem Solver

Re: Troubleshooting data usage using my Gateway

Things like DOS attacks affect only the WAN interface of the router / router component / of a gateway device / firewall. They do not cross the modem / modem component interface, therefore they do not count.

Contributor

Re: Troubleshooting data usage using my Gateway

I went to: https://macvendorlookup.com/  and looked up some of the devices.

 

54:BE:F7:04:CD:E4 Pegatron Corp

30:8D:99:2B:C6:80 Hewlett Packard

44:6D:6C:89:8F:AF Samsung Elec Co.,Ltd

C4:9D:ED:37:smiley face - Sorry! couldn't decode the smiley face!

 

Pegatron seems to be related to ASUS.  Do you happen to have a Samsung Smart TV or a HP computer, tablet, wireless printer or scanner? Asus computer or wi-fi adapter?

 

As far as I know, MAC addresses don't generally travel over the internet so I assume when something is showing MAC addresses that these are local things.  Non-local things are usually refered to by IP address.