i was done eating around 13:00 and got a response from my isp, explaining that the extra bandwidth must be due to a virus, and i should change my wireless password.
i've told them at least five times that i don't have a wireless network, and have gone to great lengths to demonstrate that the data they're logging isn't entering my network. so, i sent them a series of snotty emails, and then took a nap, planning to shower a little later.
but, i was flummoxed, so i was up again in a few hours, and got a response from a manager at the isp, who offered to send me a test modem to verify that my mac address had been cloned. i told him i'd take the test modem, but i wasn't going to purchase it, at which point it became clear that he was just trying to sell me the modem. fucking capitalists.
in fact, i've been through something like this with teksavvy before, and i'm starting to wonder. are they basically just sending me bullshit stats to try to coerce me into upgrading, or to give me bullshit overage charges, like a bank charges user fees? is that what's really going on?
after napping again for a few hours (so that's two three hour naps), i got into a technical back and forth with the supervisor in the evening regarding the question of changing the mac address, threatening to hack my modem with a bus pirate and change it myself if they won't do it via server-side scripting (which they can do). and, i seem to have gotten through, finally.
we're in disagreement over the likelihood of a split in the line, if we take the situation at face value. they're saying that they don't want to send a tech because a cloned mac address could log in from any live cable. i'm pointing out that if my landlord cloned my mac address, he'd need to find a live cable, and the most obvious way to do it is to split my line. the point of testing with the test modem would be to prove the line was split; that wasn't registering with him, as he continued to insist that he could be logging in from saskatchewan, or something. ridiculous, of course, but the downside of cheap internet is that it's very hard to get a tech out, because the resellers have to rent them from the isps; teksavvy would have to order a tech from cogeco, and it's pricey. but, i'm not buying a new modem, and had to be really aggressive about the point to get it across.
we settled on a compromise solution - they will contact cogeco and ask how many ips are connected to the mac address, where the ips are, etc. and, if they can demonstrate to themselves that there are two users on the mac address, they will react accordingly.
that's fine.
and, then i napped for a few more hours, before getting up a little after 23:00. so, i got a full day's sleep in three installments.
in the mean time, what are my stats for the day?
wan: 3.73 gb down / 1.16 gb up
lan: 2.33 gb down / 1.59 gb up
wireless: no traffic
again: this suggests some concerns on my local network. 2.33 down is believable; 1.59 up doesn't make much sense, that's 3-5x too much. but, let's get the ridiculous stats on the sever dealt with, first.
my workaround is going to mean that i'm really only going to be connecting via the chromebook for a good, long while, and i can frequently powerwash it to try to frustrate an attacker. i'm clearly getting a lot of dropped packets on the way in, indicating somebody (probably the person that cloned the mac address.) is keying in on something. as i have completely reformatted my 90s laptop, if it is the cause of that upload spike then the pathogen is on the network. i haven't connected with my windows 7 laptop in some time, now, and my pc has the nic disabled in the bios - it stays off the internet. permanently. so, i suspect that fixing this is the same thing as changing my mac address, and perhaps the same thing as changing it frequently.
the smell in here has been getting worse all day. so, now it's time to take that shower.
i've told them at least five times that i don't have a wireless network, and have gone to great lengths to demonstrate that the data they're logging isn't entering my network. so, i sent them a series of snotty emails, and then took a nap, planning to shower a little later.
but, i was flummoxed, so i was up again in a few hours, and got a response from a manager at the isp, who offered to send me a test modem to verify that my mac address had been cloned. i told him i'd take the test modem, but i wasn't going to purchase it, at which point it became clear that he was just trying to sell me the modem. fucking capitalists.
in fact, i've been through something like this with teksavvy before, and i'm starting to wonder. are they basically just sending me bullshit stats to try to coerce me into upgrading, or to give me bullshit overage charges, like a bank charges user fees? is that what's really going on?
after napping again for a few hours (so that's two three hour naps), i got into a technical back and forth with the supervisor in the evening regarding the question of changing the mac address, threatening to hack my modem with a bus pirate and change it myself if they won't do it via server-side scripting (which they can do). and, i seem to have gotten through, finally.
we're in disagreement over the likelihood of a split in the line, if we take the situation at face value. they're saying that they don't want to send a tech because a cloned mac address could log in from any live cable. i'm pointing out that if my landlord cloned my mac address, he'd need to find a live cable, and the most obvious way to do it is to split my line. the point of testing with the test modem would be to prove the line was split; that wasn't registering with him, as he continued to insist that he could be logging in from saskatchewan, or something. ridiculous, of course, but the downside of cheap internet is that it's very hard to get a tech out, because the resellers have to rent them from the isps; teksavvy would have to order a tech from cogeco, and it's pricey. but, i'm not buying a new modem, and had to be really aggressive about the point to get it across.
we settled on a compromise solution - they will contact cogeco and ask how many ips are connected to the mac address, where the ips are, etc. and, if they can demonstrate to themselves that there are two users on the mac address, they will react accordingly.
that's fine.
and, then i napped for a few more hours, before getting up a little after 23:00. so, i got a full day's sleep in three installments.
in the mean time, what are my stats for the day?
wan: 3.73 gb down / 1.16 gb up
lan: 2.33 gb down / 1.59 gb up
wireless: no traffic
again: this suggests some concerns on my local network. 2.33 down is believable; 1.59 up doesn't make much sense, that's 3-5x too much. but, let's get the ridiculous stats on the sever dealt with, first.
my workaround is going to mean that i'm really only going to be connecting via the chromebook for a good, long while, and i can frequently powerwash it to try to frustrate an attacker. i'm clearly getting a lot of dropped packets on the way in, indicating somebody (probably the person that cloned the mac address.) is keying in on something. as i have completely reformatted my 90s laptop, if it is the cause of that upload spike then the pathogen is on the network. i haven't connected with my windows 7 laptop in some time, now, and my pc has the nic disabled in the bios - it stays off the internet. permanently. so, i suspect that fixing this is the same thing as changing my mac address, and perhaps the same thing as changing it frequently.
the smell in here has been getting worse all day. so, now it's time to take that shower.