Noticed Welchie/Nachi in Your Bandwidth Bill, Yet?

Pinkboard Panther asks: "I have recently received my bill for Internet usage for last month and discovered it is 4 times higher than expected. Since there had been no increase in usage of the sites I run I had to search elsewhere for the exorbitant increase. Eventually I tracked it down to my firewall being bombarded with 20,000 ICMP Echo requests a minute from many different IP addresses. This adds up to $A10 per hour or $A240 a day. I still need to battle with my ISP over whether I should be paying for this. It seems that the Welchie/Nachi worm sends out pings to find what machines are out there before it moves onto deeper probes. I can't believe that I am the only site out there which is being attacked in this way. There must be lots of other sites out there who are affected this way. Maybe they just haven't received their bills, yet?"

Standing class action law suit

[m0smithslash]

We were just commenting today on how there should be a standing class action law suit against Microsoft. We could not think of a real reason, be you seem to have one here. The loss of business and revenue, whether from your pocket or your ISP's pocket, mulitplied acorss many ISPs seems like a case to me

My ISP is having almost continual problems being flooded with random worm noise.

Continuously flickering activity light

[cyberman11]

My router WAN activity light and modem activity light and are continuously flickering, even when no computers on my LAN are turned on. I tried replacing my Linksys BEFSR41 router with a Belkin F5D5231-4 router, and switching from a DSL modem to a cable modem but the new lights flicker just as much as the old ones. Since my computer is powered off, the continuous activity must be coming from the internet. I guess either hackers or worms.

Re:And you didn't notice this before, because?

[DaveJay]

I can think of one good reason -- although it's a reason that applies to me, not the person who posted the article.

Here's the reason: I don't know how to do it.

Okay, granted, it's not a GOOD reason. The thing is, I have a webstats monitor to check my WWW bandwidth, but I don't know how to check my OVERALL bandwidth. Good thing my ISP doesn't charge by the k. :)

Still, since your post seems quite confident that this should be an easy thing to do, I humbly (and sincerely) request that you give us some suggestions on how to actually monitor such traffic.

As an example, I'm running e-smith 5.5 on my home server. How would I monitor ALL my bandwidth? Not a step-by-step howto, mind you, just a "here's a great site" or "here's a good product" would help.

Thanks in advance.

Re:And you didn't notice this before, because?

[Zocalo]

Still, since your post seems quite confident that this should be an easy thing to do, I humbly (and sincerely) request that you give us some suggestions on how to actually monitor such traffic.

It is in the context of the poster - (s)he has a firewall and appears to be running a web hosting company. You on the otherhand appear to be a home user, so you may not have as much latitude depending on your ISP and how much control you have over how you get online.

The first place to start is your router, since all traffic must pass through it, or a dedicated firewall immediately behind it. The simplest way to acquire traffic stats is with SNMP using a tool like MRTG which is how I do it. If you have no control over the router, then you might be able to get the same figures off the port on your switch that it connects to. I say might, because this assumes that you have a switch (likely these days) and that it supports SNMP (not quite as likely).

Falling back further; no central point of ingress/egress you can monitor and a non-managed switch/hub... OK, we need to look at the traffic on the host NICs directly, on a per host basis. That means a bandwith monitoring and logging tool; any software site will have loads (search on "bandwidth and log") and most host based firewalls can provide this information for you as well.