Router Sent Packet with Nothing Attached to It

I was away from home in the last two weeks. Today I noticed that my Internet was not working. I did the normal diagnose, but nothing. I contacted my support. They said I busted transfer. I checked and it was true. Now the fun begin. When I was away, only the router got power on it with my Google Home. Stats say I uploaded 88 GB in one days.

Support says maybe someone guessed my password. Well, maybe I don’t have the must secure setup for residential there is it :

  • Strong password
  • SSID hidden
  • SSID with printer name ( so it’s not obvious that it’s a router)

After a while, he say they have a old issues that D-link router causing that and to contact the manufacturer to fix this issues. D-Link was helpless on this issues.

My question is, who is faulty ? My ISP or D-link ? I really don’t believe a 10 years old router to go crazy like that, but what your thought ?

Edit : model is DIR-615 if that mater

1 Like

Do you have any usage info on the download? Are you absolutely sure no other device was connected, not even a smart bulb?

Either the router got pwned and you got used as a proxy server, or some other device wasted all that bandwidth. How fast is your connection?

88GB a day is around 8Mbps average constantly.

Hidden SSID is useless btw, it’s not a security measure in any way.

4908.94 MB download and 88408.3 MB upload. Like I said, my Google Home was powered and now that you said, a smart bulb too.

Password is not the strongest but hard to pwed I think ( few caps character , number and a special character). Like said previously, there where my google home connected and a smart bulb.

20 mbps up and down.

I know, but I’m sure is less tempting than the hotspot named “b1g_D1ck”

I checked MAC address know by the router and I know all of them. I’m living at 8th floor of a secure building. Maybe 10 persons are in the range of the router.

Do you have a public IP and do port forwarding, by chance? How about IPv6? Is stuff properly firewalled off?

I’m on University campus. They give me one port and thing got NATed at some point ( but I don’t know how they split it). My router NAT again everything in my Network, so no public IPv4).

No ipv6 on this network.

No idea about firewall.

Edit : Most config on the router are per default, including firewall thing. No idea how University manage their firewall.

It’s not your router’s fault, somebody spent your internet, either via wifi or via cable.

The reason I asked is because many smart devices are prone to security issues and may be used in botnets.

This seems like the biggest vector for attack.

No physical access is possible. You need two key to got physical access. Maybe tens persons are in the reach of the wireless. Is it’s possible someone pwned my password in this condition ? Maybe, but don’t seem the answer to me.

I contacted support and they where hopeless. For them, their product are 100% secure and he didn’t want to talk about a possible exploit, well… it’s a Geeni.

Well, wireless ranch is really limited and the port is on is own vLan, so there are not that much people that can knock the port.

Actually the port is down, but when it will be up, I will try to capture the network to see if something is going on…

Honestly, it’s only guessing at this point. We can’t give you definitive answers unless you have Wireshark traces taken during your absence that will trace back to any device on your network responsible for the traffic.

I’d recommend you to do the following:

  1. Set encryption mode to WPA2-PSK if that is not already the case. Any other encryption method does not suffice anymore.
  2. Set a password of at least 12 characters. Randomly generated. Not your street address + number or the name of your favorite cat, or simply your SSID.
  3. Disconnect your light bulb and google home assistant from your LAN and put it on a separate (isolated) Wi-Fi network that is closely monitored
  4. If it happens again, leave a computer / Raspberry running that will dump all your LAN traffic
1 Like

Thanks for everyone help. Everything is disconnect. I will start wireshark tomorrow when I will plug thing back progressively.

1 Like

But when the package is empty, how can it send 88Gigabytes?

Never ordered from Amazon, I see.

1 Like

Of course, I ordered something with about 4KG, somehow my package had only 300g.
The employee must have eaten the rest.

Title got edited by a mod. I asked my ISP information about packet that caused the 88GB upload, but he was unable to say.

The fact that there is a DIR-615 still in service is most likely the issue.

The protocols and software base for this machine are highly dependent upon the hardware revision. The latest, a “T” model hasn’t had a firmware update for nearly 2 years, whereas the “A” model hasn’t since 2012. It doesn’t help that they kept the same name for hardware that was completely dissimilar.

If you have a supported hardware release, the first thing I would do is install the latest available OpenWRT, or DD-WRT on it, and look into replacing it in the near future. Then, move forward from there. Obviously, don’t use the same SSID, password, etc, and disable WPA in favor of WPA2 only if possible. MAC filtering may help for brute-force, but if they already know your device MAC addresses, it’s not probable can likely change all of them easily.


Funny thing, actually I’m having absolutely nothing connected, not even the router or the cable and the in the system of the ISP I’m seeing usage, like 150 MB per days.

Try plugging in a rPi directly (w/o router) and compare ifconfig data and your ISP’s usage data

Time to call the internet police.

1 Like