New OS = slow Internet?

[Ruben]

Hi!

Recently, I replaced my router for a newer, a Thomson TG784. The problem is that now the speed of downloads / uploads are greatly diminished. Before, I had a 11 Mbits constant download speed. Now I'm lucky if I'm able to reach 5 Mbps . The only difference is that now I am using Windows 7 Ultimate 64bits. Before I used Windows XP SP3 32bits.

Also, in the configuration page of the router, in the "DSL connection" section, appears a bandwidth of 509 / 12.284 (in Kbits), which means that there is something "eating" bandwidth, as 5 Mbits = 5120 Kbits, which results in 7164 Kbits lost! The only other device connected to the router is a TV Box, but I already had that connected before and I had no problems whatsoever.

These are the steps I took to solve the problem, none of which worked:

- Disabled the Windows 7 firewall
- Disabled the Antivirus (ESET 4)
- Reinstalled / Updated the Lan drivers (Atheros Gigabit/Fast Ethernet Driver [onboard])
- Tried several Network configurations (Domestic, Work and Public)
- Disabled IPv6 protocol in my Network connection

Does anyone have any idea what's going on? Ideas, sugestions? Any help is great. Thanks!

 

[Guest]

When you upgraded to Windows 7, did you select Upgrade or Did you do a Clean Installation?

Also, is your Windows 7 Legitimate or did you use a torrent version?

Both questions are legitimate as choosing to upgrade your windows instead of doing a clean install can cause all sorts of unwanted problems and if you used a torrented version, then it's very possible that your install came with a pre-installed Malware package, Bots and all.

Otherwise, if your Windows version is legit and you did a clean install, then we need to look at other possible culprits.

On the off chance that someone may have broken into your router and may be leaching off it;

Does your Router logs show any other MAC IDs or IPs logging using the Router?

With your Router, is it secured with a strong password?

What form security are you using, WEP, WPA-PSK, WPA2-PSK or WPA/WPA2-PSK?

Strong passwords are needs to keep out would be hackers and worms (yes, worms) which use dictionary attacks).

WEP is easily broken these days and last year, it was also found that using TKIP enables wireless encryption to be easily cracked within a minute or so. I'd post a link to the security article if I had it bookmarked, but sadly I don't. You're best off using WPA2-PSK with AES. Anyone with access to the information on the TKIP security hole can do this if you're using TKIP.

Off hand, that is all I can think of at the moment.

Let's see what kind of answers we hear from you and if there is/was any other symptoms.

Maybe someone else can think of something else in the meantime?

 

[Ruben]

Hi, Renegade_Warrior, thanks for the reply.

When you upgraded to Windows 7, did you select Upgrade or Did you do a Clean Installation?

Yes, I did a clean install and my Windows 7 is legitimate.

Does your Router logs show any other MAC IDs or IPs logging using the Router?

A few entries look like this:

FIREWALL replay check (1 of 1): Protocol: ICMP Src ip: 89.74.153.213 Dst ip: 85.243.51.170 Type: Destination Unreachable Code: Port Unreacheable

My IP right now is 85.243.51.170. If I type the Src ip on the browser, I get a message saying "It works!" and the url changes to http://89.74.153.213/apache2-default/ so I believe it has something to do with my localhost and Apache.

With your Router, is it secured with a strong password?

Yes, a large alphanumeric string.

What form security are you using, WEP, WPA-PSK, WPA2-PSK or WPA/WPA2-PSK?

That's related to Wi-Fi? If so, I never use it, so I disabled that interface. Also, the security mode is WPA-PSK.

 

[Guest]

If the Wi-Fi is disabled, then you don't need to worry about it then as no one can leech off your wireless if it's disabled

But if it were enabled and someone was leeching, then that would explain the loss of bandwidth.

If you want, you can change the DNS settings of your Router and use OpenDNS with a Free Account.

The settings are as follows:

208.67.220.220
208.67.222.222

With a Free account, you can use the OpenDNS DashBoard (online) to check your stats to see what's what with your connection. Also The service active blocks Conflicker and other BotNets which is a plus.

I recommend using the free account with the settings from the following site: Block - list 25...

If you're interested in Router logs, this site may prove useful, albeit a bit scary.
SANS Internet Storm Center

Now what ever you do, do not be trying out any of the Src IP addresses you see in your router logs. SRC = Source, that is to say, where the hack attempts are coming from. And yes, if your router has detailed logs, then you will see lots of hack attempts which is very common place these days.

The 89.74.153.213 address is from Poland and here is the Whois record which also includes a note about Hack attempts coming from this IP.

EDIT Edited to fix a link.