Outbound traffic to Amazon space

Ah, ok, I didn't know you had the 20 series. His FW is only for the 50 series. :smileywink:

Ya, keep whats working if it's all good. 

Hi!

I've been toggling between a few threads as I try to figure out exactly why we keep bumping up against our Xfinity data limit suddenly.  My story seems similar to others.  We have a Netgear C6250 AC1600 modem with its only connection to the RBR50 Orbi router (with 2 satellites placed upstairs and in the basement).  Our data usage was around 400-500 GB for as long as I can remember.  Then suddenly in July, we got an email that we were close to our 1.2 TB limit.  What?!  Our usage should have been LESS since the kids had finished (virtual) school and we were on devices less.  We did discover that someone had hacked our Xfiniity account and added themselves as a user.  We got that removed and reset our passwords to EVERYTHING (including resetting the modem and router and re-adding every attached device one by one so we could ensure we knew what it was).  But same "almost overage" issue in August.  And now we're in September and still struggling.  I HATE that I can't see WHICH darn device is using the data.  We've done all the usual "recommended" things: stop videos from auto-playing, ensure there isn't any 4K streaming (no devices in our home support it so it shouldn't be an issue anyway), stop "auto" updates for the Xbox, turn off the "snapshot capture" in Ring.

I HATE that we can't see which device is the culprit! My son built a raspberry pi top computer a couple of years ago and I was reading about the "pi-hole". I'm not super tech savvy but I am good at following directions.  I saw a post on another thread from you talking about "access to pi-hole and using it as internal DNS server ..." with more details.  Should I be doing/trying this? I can log direclty into the modem and there is spot to block "stuff" (I say "stuff" b/c I am not quite clear if it's websites that I need to be blocking or something else and if this would accomplish the same task without going through the process of creating a pi-hole).

Is there anything I can buy that I could connect to the orbi that would show this detail? I feel like if i can pinpoint which device it is, I can delve deeper into that device to figure out what is going on.  I can't do the "disconnect everything" for long periods because everyone is working and doing school from home so there is a LOT of panic whenever the wifi goes down.  I'd love some advice!!

You can use your piHole as an internal DNS server/resolver for _only_ your Orbi unit(s). Configure the piHole to blacklist the domain names I previously mentioned in this thread. Point your Orbi's DNS server setting to the piHole's IP address. This way any name resolution that Orbi is doing will be intercepted/resolved by piHole.

piHole's graphical interface has basic logs and a nice dashboard. Once you changed the Orbi's DNS IP address, take a mental snapshot of how many times piHole blocked queries before and after to get an idea. There is also a separate graph/table in piHole, called 'Top Clients (Blocked Only)' and 'Top Clients (Total)' which most likely will point at the Orbi's IP address as the biggest abuser.

Once you get comfortable with piHole as your DNS server, you can change your DHCP settings on your WiFi/DSL/Cable modem/router to use piHole's IP as a DNS server for the rest of your home users. piHole is great at blocking ads, malware infected domains etc.

There will be some learning curve to understand why access to some web site is not working. The piHole's logs will show which names the local clients are trying to resolve. It will show allowed and blocked resolution logs. Btw, if you had little kids at your house and wanted to restrict access to some web sites, piHole can be used for parental controls as well.