Time Warner "unwanted activity" message in my browser

[wirednuts]

You misunderstand he has choices he just does not like them as much as he likes TWC mainly due to the fact they have higher speeds over dsl and the reliability and latency over wireless stuff, so instead he claims there is a monopoly and whines when something does not go right instead of just calling them and saying hey I have this message, whats going on? And thus finding out why he is getting it.

He is OBVIOUSLY doing something he knows better than to be doing which is why he came here instead of just went to TWC. He thinks he can find some miracle defense in case they found him doing illegal thing, when most likely its nothing like that, they will just say there is unusual activity on some port and he will say oh its a game/app server I host. Or they will say this is warning #1, you don't get infinite warnings stop doing stupid shit.

But here he can be a drama queen about it...

let me speak on half of Virge. you are wrong, they are not after his illegal activity. they are simply acting as a free anti virus service for him, in a way.

 

[lagokc]

im not that smart about how isp's work.. but if theyre just routing traffic i still dont see how it effects them... honestly, i am not trying to be a pain in the ass i just want to understand it.

A lot of server admins when they notice unwanted traffic/spam/etc coming from a certain IP address simply block entire IP ranges. When server administrators start blocking dynamic IP addresses from an ISP, the ISP (and customers that get those IP addresses later) isn't going to be happy but they can't really blame the server admins.

 

[Binky]

If your boat is in a harbor, and your boat is dumping waste (poop) into the harbor, the people running the harbor absolutely have the right to kick your ass out of the harbor.

If your network is suspected of dumping poop into the whole damned internet, the ISP is just doing everybody a favor by telling you to stop dumping poop.

 

[Wizard2475]

I got this message today. I have not been downloading anything or using torrents. I recently signed up with "PrivateInternetAccess" because it not only changes your IP, it encrypts everything coming from your PC. I think that's why I got the message. Time Warner's logs for my account were encrypted, so they had no idea what I was doing and assumed it was something illegal.

 

[SheHateMe]

I thought people who torrented were smart enough to get a seedbox and a VPN?

 

[ViRGE]

I got this message today. I have not been downloading anything or using torrents. I recently signed up with "PrivateInternetAccess" because it not only changes your IP, it encrypts everything coming from your PC. I think that's why I got the message. Time Warner's logs for my account were encrypted, so they had no idea what I was doing and assumed it was something illegal.

*facepalm*

Again, and hopefully for the last time, this isn't about copyright infringement. An entirely separate notice is issued for that.

If you got the "unwanted activity" notice, then it means your connection has either been reported or detected to be engaging in spam, botnet activity, etc. VPN activity is none of the above, and it would be clear from the start that it's not harmful based on where the connection is going. So I would suggest you look over your network, as it's far more likely you have a rogue program running somewhere.

 

[Cabletek]

I agree its not about it, but these people are clearly worried about it, because they are doing it. Otherwise they'd be on TWC's customer service line telling them uh no. When the cops put a notice on your door about needing to talk to you, and you have done nothing wrong do you start asking about drone cameras recording what you do? Or do you march down there to find out if you witnessed an accident or something?

 

[1MikeG]

I got this notice today upon arriving home from home. Ran MS Malicious Removal tool and both my systems and nothing coming up so far. Going to do a deep scan on my main system a little later.

Decided to call TWC to see if they could give me any details. Support tech didn't see any flags or details on my account that reflected the notice nor could he give me any details about the supposed "botnet" I was "infected" with, the traffic that generated the notice or the MAC address from the machine that the "activity" came from.

The notification certainly wasn't "real time" by any means since I hadn't touched the computers at all before going to work today.

I straight up asked him if this notice put my account into jeopardy by any means and he said no, so we'll see if I get it again.

 

[Ketchup]

I got this notice today upon arriving home from home. Ran MS Malicious Removal tool and both my systems and nothing coming up so far. Going to do a deep scan on my main system a little later.

Decided to call TWC to see if they could give me any details. Support tech didn't see any flags or details on my account that reflected the notice nor could he give me any details about the supposed "botnet" I was "infected" with, the traffic that generated the notice or the MAC address from the machine that the "activity" came from.

The notification certainly wasn't "real time" by any means since I hadn't touched the computers at all before going to work today.

I straight up asked him if this notice put my account into jeopardy by any means and he said no, so we'll see if I get it again.

I wonder what the timeliness of them alerts are.

 

[1MikeG]

I wonder what the timeliness of them alerts are.

The only thing I did yesterday was download Fallout 3 from Steam, so I'm guessing at least more than 24 hours. Unless Steam is a botnet now.

 

[Ketchup]

The only thing I did yesterday was download Fallout 3 from Steam, so I'm guessing at least more than 24 hours. Unless Steam is a botnet now.

Oh yeah, Steam is pure evil! lol.

 

[Lorne]

Try Housecalls from Trendmicro, spybot search and destroy, Malwarebytes.
Not just one scanner as some may miss.

 

[Ichinisan]

These days, isn't it possible that even a router could be infected with malware? I could swear I've read something about malware that affects some Linux-based routers, including many Linksys routers.

 

[CZroe]

It says "from a machine connected to the cable modem on your Time warner Cable Internet connection." Someone could be using a hacked modem that's cloned from yours to get free service. They set up a computer to sniff your node and then use it on a different node. Nothing you can do about it.

 

[Lifted]

It says "from a machine connected to the cable modem on your Time warner Cable Internet connection." Someone could be using a hacked modem that's cloned from yours to get free service. They set up a computer to sniff your node and then use it on a different node. Nothing you can do about it.

Does that still work? If they cloned my modem (along with its MAC) and my modem is on 24/7/365, wouldn't TWC have some alarms going off if they see 2 modems with the same MAC?

 

[CZroe]

Does that still work? If they cloned my modem (along with its MAC) and my modem is on 24/7/365, wouldn't TWC have some alarms going off if they see 2 modems with the same MAC?

From what I understand, it's on a different node and the way DOCSIS 1.0 works they wouldn't know which node is the legitimate customer. People trade the stuff they sniff on their node using a hacked DOCSIS1 modem with people on other nodes for free intarwebernets.

 

[thumper585]

I actually just had this happen to me today from Time Warner. A random message like OP's popped up when I tried to access the website Reddit. However I would only get the message when I went to Reddit. I was able to access any other site I wanted (facebook, google, IGN, etc), but Reddit kept giving me the botnet warning.

Any explanation as to why this would happen?

 

[Ichinisan]

I actually just had this happen to me today from Time Warner. A random message like OP's popped up when I tried to access the website Reddit. However I would only get the message when I went to Reddit. I was able to access any other site I wanted (facebook, google, IGN, etc), but Reddit kept giving me the botnet warning.

Any explanation as to why this would happen?

Aggressive DNS / content caching? Perhaps only HTTP (not "HTTPS") sites were affected?

 

[John Connor]

I would,

A) Use OpenDNS

B) Make sure the WIFI was secured with WPA2

C) Change the MAC address in the router reboot the modem and acquire a new IP address.

 

[ViRGE]

I would,

A) Use OpenDNS

B) Make sure the WIFI was secured with WPA2

C) Change the MAC address in the router reboot the modem and acquire a new IP address.

Only Item B fixes any problems. A and C just get around the notifications, which is worse than doing nothing.:|

 

[skyking]

wirednuts, I'd offer one more explanation of this:
"I'm not that smart about how isp's work.. but if theyre just routing traffic i still dont see how it effects them... honestly, i am not trying to be a pain in the ass i just want to understand it."
An ISP domain is like a country. Imagine it is the US, for example.
They have routers between the states that take up all the requests and pass them along to the borders. We will call those simple routers. At the border are edge routers.
These edge routers are more robust, and designed to protect the computers inside the "country" in some ways from the other "countries".
If a bad bug gets loose it may get passed around by the simple routers among poorly protected systems inside the "country". That is a big reason they want to get your machine fixed.
Another reason they want to get your machine fixed is agreements between "countries", or other domains. If a computer in one "country" starts doing bad crap across the border into other "countries", they will notify your "country" about it. If it gets bad enough, the other "country" can and will close the border.
That is bad business right there, so they have systems in place to shut down your node entirely.
Back in the bad old days with more computers connected directly to modems, things spread across a domain like wildfire, exploiting vulnerabilities of these web-facing (mostly windows) computers.

 

[thumper585]

I would,

A) Use OpenDNS

B) Make sure the WIFI was secured with WPA2

C) Change the MAC address in the router reboot the modem and acquire a new IP address.

sorry, I'm computer ignorant and found this site from google. I have no idea what any of that means.

 

[John Connor]

A) www.opendns.com

B) https://www.grc.com/passwords.htm

And C, well if your computer ignorant you won't know how to use the MAC address clone feature in your router.

 

[lord_emperor]

i dont really understand... all the isp is doing is routing traffic... they shouldnt care what is routed as long as its not effecting other people (thats why there are cap limits). its scares me that isp's are the police now...

Until his infected PC sends out spam and the ISP's subnet gets blacklisted at major mail providers. Even if just his own IP gets blacklisted if it is dynamic it will eventually be released into the pool.

Other similar situations are applicable as well. Individuals are cut off to reduce impact to the greater population.

I would,

A) Use OpenDNS

B) Make sure the WIFI was secured with WPA2

C) Change the MAC address in the router reboot the modem and acquire a new IP address.

This is an awesome method of ignoring the issue until the ISP cuts him off completely to prompt him to call in, and force him to run virus scans and provide the logs before re-enabling the connection.