How can I trace someone stealing ADSL username and password?

Colin_69 · Post by **Colin_69** » 23 Aug 2007, 09:42

Im sure that this question has popped up a few times before. So im sorry for the double post, but this is quite urgent.

ISP is one of our company's services, and one of our clients is threatening to sue us over this issue. So what would be the quickest and most efficient way of tracing the unauthorized usage of our ADSL usernames? Can this only be done through telkom?

*stealing for heaven sake! - jee*

Colin_69 · Post by **Colin_69** » 23 Aug 2007, 09:46

I have the IP addresses assigned to the person on every sessions he used. Obviously the IPs change

PsyCLown · Post by **PsyCLown** » 23 Aug 2007, 09:55

Hmm, so your company is an ISP and now your clinet is having someone stealing his bandwidth and is complaining to sue your company.

It might be his fault as he might now have changed the default password on his router.

But I think the only way to trace the people would be through Telkom or IS (depending on whos bandwidth you are reselling).

Post by **Cameron_Losco** » 23 Aug 2007, 10:29

And don't you have something in your TOS that states that you are not responsible for unauthorized usage? I'd contact Telkom but I have a feeling that you aren't going to get very far.

Colin_69 · Post by **Colin_69** » 23 Aug 2007, 10:34

Im not to worried about him suing us, we spoke to the client again and he just wants justice, cuz he paying for 5GB every month and this person is raping all the bandwidth. We just want to stop the abuse of our client's usernames, because this issue is beginning to blow up in our faces

jPm · Post by **jPm** » 23 Aug 2007, 11:33

Hmmm.

Your client says he's/shes bandwidth is being used by some-one else. Then It should def. come up on your systems(that is there IP address).

NB: This person doesnt necessarily need a Username and Password, they could be using the WiFi of this person which has nothing to do with your ISP.

Phone your client again ask them a few questions more.

Im with Webafrica and If there is more than one person logged in at any time the IPs come up. So if the IPs are not coming up, then its defnitely through Wifi or your client just uses up alot of bandwidth

Slasher · Post by **Slasher** » 23 Aug 2007, 11:38

Well, change the username and password of your client and send it to him/her. If this does not immediately stop this bandwidth you know it is not via username but via wlan.

Did the client change the default username/password?

Also, changing should stop the access. Either you have someone in your company selling usernames or you was hacked in the database if the guy's network is secure and he did not give it out. Any other clients give complaints?

Post by **Stuart** » 23 Aug 2007, 11:53

Slasher wrote:Well, change the username and password of your client and send it to him/her. If this does not immediately stop this bandwidth you know it is not via username but via wlan.

Did the client change the default username/password?

Also, changing should stop the access.

My thoughts exactly. If someone is using his username and password, change said username and password, and tell him to protect the new details better.

Post by **KillerByte** » 23 Aug 2007, 13:46

this is why people should have their AP's encrypted using WPA. Or else you get Wardrivers getting your cap and your files. Believe me, I know, cause I am one.

Futs · Post by **Futs** » 23 Aug 2007, 15:02

KillerByte wrote:this is why people should have their AP's encrypted using WPA. Or else you get Wardrivers getting your cap and your files. Believe me, I know, cause I am one.

So you get peoples cap and files? (illegally of course)

Post by **Ron2K** » 23 Aug 2007, 15:09

This is KB we're talking about here. He wouldn't know what "legal" meant, even if he had to look it up in a dictionary, Google, or Wikipedia.

SBSP · Post by **SBSP** » 23 Aug 2007, 16:00

Or there could be a nasty application on his machine consuming bandwidth.
don't forget about that.

Sojourn · Post by **Sojourn** » 23 Aug 2007, 16:55

o_O
You are offering a service as a provider, but dont know how to limit usage to only the MAC's provided by your customers?

Once you have limited the usage to that MAC and the usage stays the same you can tell your suing client where to go.

Pls tell me who your co is so I can avoid them.

s

Post by **Ron2K** » 23 Aug 2007, 16:59

That's odd - I'm sure I replied to SBSP's post; no idea where it is. Must have navigated away from the page before I pressed "Submit".

It's entirely possible, given that most users don't have the full picture as to what their PC is doing. There could well be some sort of nasty on the client's PC that's causing excess bandwidth usage. Of course, it's also just as likely that a legitimate update process is responsible.

Given the circumstances of this case, bandwidth theft seems more likely than an app hogging the bandwidth, but that's not to say it's not a possibility.

EDIT: Sojourn, it probably wouldn't help much, given how easily a MAC address can be spoofed.

zerubabel · Post by **zerubabel** » 23 Aug 2007, 18:10

KillerByte wrote:this is why people should have their AP's encrypted using WPA. Or else you get Wardrivers getting your cap and your files. Believe me, I know, cause I am one.

Someone ban this fool plz.
You 'wardriver', you probably don't even know the first thing when it comes to accessing other people's routers etc, you just use a program and you think you are so clever and cool.
You are nothing more than a script-kiddie, and a criminal one at that.

You're lucky you are leaving soon, or i'd have you beaten at the next Uberlan/fraglan/etc.

zerubabel · Post by **zerubabel** » 23 Aug 2007, 18:11

@ Colin69, phone telscum and tell them you think someone is stealing bandwidth from this user.
They have a service to check this out... You just need to give them the username/email of the user, and which ISP it is, and they have a database to see who accessed that username when.

If they find its someone else, criminal charges can and will be pressed, otherwise it's your client who is having his internet raped via wi-lan.

RobThePyro · Post by **RobThePyro** » 23 Aug 2007, 18:22

LOL

zerubabel you forgot your <FlameON> and </FlameOn> Tags

lol... kb...

Rob.

Post by **Anthro** » 23 Aug 2007, 18:45

Killerbyte your are SUCH a **** - you need to seriously rethink posting stuff like "I wardrive.." - but I dont steal bandwidth - I only warn them

Owning yourself on Gmail is also not neccesary mmkay ?
Saying stuff like "Hacked into M&B wireless network" as a Gmail status is just incriminating.
So why dont you take that carrot up your bottom and leave ?

Screeper · Post by **Screeper** » 23 Aug 2007, 18:46

I definitely think a long chat with the client is needed. You need to make sure his wlan (if he has one running) is either disabled (doesn't need it) or properly encrypted.
Once that is assured then give the client a new password (make it a good one) to login.
Ensure that he/she tells no one else the password and see if the bandwidth consuming continues - if it does then you will know that there is an evil app running on his pc(s) or he is lying and is trying to leech as much content as possible and claim it wasn't him.