US Cable Support → Mediacom > [Cable HSI] Data Cap Abuse Question

[Cable HSI] Data Cap Abuse Question

Now that I'm subject to these new data caps, it got me thinking about the potential financial liability if my wifi was compromised. What happens if someone used my connection to exceed my bandwidth cap?

Sure, the liability was there with the possibility of someone using your network download copyrighted material leading to the DMCA 3 strikes policy. However, exceeding the usage allowance has direct access to my wallet. I expect the responsibility of securing the network attached to the Mediacom connection is up to the user. So if someone compromises a PC on your network and it becomes a spam relay or botnet zombie, then you'd be on the hook for any overages.

What happens if you are receiving unsolicited network traffic? If someone that knew your IP address wanted to run up your bill, they could (if my theory holds) send a flood or ICMP or UDP traffic towards your IP address. Your network equipment would likely just discard the traffic, but it would consume bandwidth across the modem. Would this hit the Mediacom usage meter just like any other traffic? If they completely saturated the link, I'd expect you'd notice. If they only consumed 50% of the link capacity, that still has the capacity to put you way over the bandwidth cap and may be less obvious.

Mediacom might clue you into the issue if they notify you via the primary Mediacom e-mail address like they say. I wonder if there's anyway to prove that it was some sort of abuse targeting you unless you have packet captures or sFlow/Netflow data. Although I'd love to hear them say they have the capability of distinguishing this traffic and rolling back charges, that would actually be a bit creepy.

Just before posting, I decided to search google before I get "let me google that for you" responses Found some interesting links.

»unsolicited traffic?
»The cap is all traffic to and from your IP address

TL;DR
If someone wanted to use the usage caps against you, could they (in theory) flood your IP address with unsolicited traffic to artificially inflate your usage? If so, how would you go about disputing the usage information (and charges) with Mediacom?

I think you're really reaching here. Who is liable if someone hooks into your phone line with a test handset and calls Columbia, Lithuania, and Iceland? Sure, you can dispute the charges with the phone company, and they'll probably credit you for the calls, but there is no magic liability fairy that shoulders the blame other than yourself. If you're concerned about wireless bandits, make sure your connection is locked down tight. I use MAC filtering, so only approved devices can access my network.

Also, Hide the SSID and enable WPA2 AES or why don't you use a security certificate?

MAC filtering along with hiding ssid are useless. I hope you don't think you are adding any security by doing either of those things.

Taking a few small precautions will eliminate the vast majority of these "what-if's" and should be taken regardless of the caps. Someone taking loic to your ip address is very unlikely and will be nothing but small isolated cases. A much more common problem will be carelessness on the subscribers side. Like those who install Spotify with the default settings then never close the application. Those who just waste data usage for nothing.

Hello, I will try to shed some light on this.

First of all, you have 2 options. Either you can have your own wireless router/network or you can get a wireless modem through Mediacom. In each scenario you really want to have your network as safeguarded as possible which would include things like have a WPA2 password (if possible), MAC filtering, not broadcasting your SSID and so on. While none of these scenarios are 100% to keep you safe (the WPA2 password being the strongest form of security mentioned above) the more you have in place the less likely someone will take the time and effort to access your wireless network if there is another one nearby that can be accessed more easily.

That being said if you have your own wireless router it will be 100% on you to make sure it is secure and not being compromised.

If you have Mediacom's wireless modem we will waive the fees for the first month of overages due to some sort of malicious use. Once we do that we'll make sure your network has been secured and we will show you how you can easily manage these security settings via your web browser to further keep your network safe. After the first month though you will be charged these fees if your network does get compromised.

Please let me know if you have any other questions.
--
MediacomChad
Mediacom Social Media Relations Team
»mediacomcable.com/CustomerSupport/

I shouldn't have mentioned the part about the wifi. That was my initial thought that developed into the unsolicited traffic question. That is the reason I posted. I'm not concerned about locally originated traffic since I have taken reasonable precautions.

I'm not concerned about it personally since I don't go out of my way to make myself a target. I did want to discuss the theory of potential risk with the unsolicited traffic as a possible attack vector. DDOS or DNS amplification attack against a business creates financial loss due to loss of connectivity with customers or lost productivity. Against a residential user, it's just an annoyance. With the addition of the bandwidth caps, it opens a way to do financial damage to a residential user.

I'm not even all that concerned about it myself. I wanted know if this was something that has come up before or if there have been considerations of the potential risk.

Beyond the issue of an unsecured WiFi access point, and the flagrant overages that can result from that, I am not worried about others swamping my cable modem as a residential customer. (A business customer, well now, that could be a different matter.) Although it is possible, the odds of someone specifically targeting my IP from the outside are slim. And if some group initiated a more widespread "attack" against Mediacom subnets, I would trust Mediacom to deal with that and adjust affected customers appropriately.

The best solution for me was to just take out my wireless. Took a while to run cable to all the spots I needed, but I don't have to worry about going over.

I did also start turning off the cable modem each night.

--
I did have a sig, but I had to remove it because my political views were too 'wrong' for some users on DSLr.