Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




624 posts

Ultimate Geek


#240203 26-Aug-2018 10:49
Send private message

Has anyone noticed issues with resolving the 1drv.ms domain using the Spark [Xtra] DNS servers 122.56.237.1 and 210.55.111.1? External DNS servers resolve the name without an issue. As a test I've tried three different Spark-connected Xtra-DNS using connections and all had the same issue.

 

 


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
4369 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  #2079343 26-Aug-2018 11:05
Send private message

Same problem here on my Spark VDSL and Skinny mobile connections.

3137 posts

Uber Geek

Trusted

  #2079345 26-Aug-2018 11:21
Send private message

Same for Spark Fibre


 
 
 
 


2698 posts

Uber Geek

Trusted

  #2079393 26-Aug-2018 15:32
Send private message

Same here on Spark at work, stopped working about 2 hours ago. Can't even ping both their DNS servers anymore.





5911 posts

Uber Geek

Trusted
Lifetime subscriber

  #2079394 26-Aug-2018 15:34
Send private message

@hio77 Maybe he can add some value

 

John


4320 posts

Uber Geek

Trusted

  #2079419 26-Aug-2018 17:10
Send private message

sonyxperiageek:

 

Same here on Spark at work, stopped working about 2 hours ago. Can't even ping both their DNS servers anymore.

 

 

You never could ICMP ping the main DNS servers... You can Tcping them on port 53 though...

 

As for not being able to see 1drv.ms.... I don't get resolution either - I wonder if anyone has told the helpdesk?

 

Cheers - N





--

 

Please note all comments are the product of my own brain and don't necessarily represent the position or opinions of my employer, previous employers, colleagues, friends or pets.


2698 posts

Uber Geek

Trusted

  #2079421 26-Aug-2018 17:15
Send private message

Talkiet:

 

sonyxperiageek:

 

Same here on Spark at work, stopped working about 2 hours ago. Can't even ping both their DNS servers anymore.

 

 

You never could ICMP ping the main DNS servers... You can Tcping them on port 53 though...

 

As for not being able to see 1drv.ms.... I don't get resolution either - I wonder if anyone has told the helpdesk?

 

Cheers - N

 

 

Ah right. I was testing them against your Spark Digital customers' DNS servers which I could ICMP ping.

 

But either way, i can't get to any site with your main DNS servers.





4320 posts

Uber Geek

Trusted

  #2079423 26-Aug-2018 17:24
Send private message

sonyxperiageek:

 

Talkiet:

 

sonyxperiageek:

 

Same here on Spark at work, stopped working about 2 hours ago. Can't even ping both their DNS servers anymore.

 

 

You never could ICMP ping the main DNS servers... You can Tcping them on port 53 though...

 

As for not being able to see 1drv.ms.... I don't get resolution either - I wonder if anyone has told the helpdesk?

 

Cheers - N

 

 

Ah right. I was testing them against your Spark Digital customers' DNS servers which I could ICMP ping.

 

But either way, i can't get to any site with your main DNS servers.

 

 

Heh... Despite being 99% sure, your comment was dramatic enough to make me log in and check some basic basic stats.

 

BB traffic is unchanged from last sunday at this time and there's no drop... And DNS queries are unchanged...

 

 

Yes, I have cut off the scale deliberately.

 

There are also no changes in distribution of Rcodes etc...

 

So it's likely very isolated if you can't get resolution for any sites using our DNS servers then it's certainly not a widespread issue... Have you verified with nslookup to 210.55.111.1 or 122.56.237.1 ?

 

 

 

Cheers - N

 

 





--

 

Please note all comments are the product of my own brain and don't necessarily represent the position or opinions of my employer, previous employers, colleagues, friends or pets.


 
 
 
 


2698 posts

Uber Geek

Trusted

  #2079449 26-Aug-2018 19:16
Send private message

I think our Mikrotiks may have been hacked. There was a bunch of DNS statics pointing to one IP address with lots of different names pointing to ethereum mining etc....

 

The first Trace Route was with those DNS statics on, the second with it deleted.

 

 

 

Tracing route to trademe.co.nz [185.206.144.149]
over a maximum of 30 hops:

 

1 <1 ms <1 ms <1 ms 192.168.48.1
2 * * * Request timed out.
3 19 ms 18 ms 18 ms mdr-ip24-int.msc.global-gateway.net.nz [122.56.116.6]
4 18 ms 18 ms 18 ms ae8-10.akbr6.global-gateway.net.nz [122.56.116.5]
5 18 ms 18 ms 18 ms ae7-2.akbr7.global-gateway.net.nz [122.56.119.53]
6 19 ms 19 ms 19 ms ae10-10.tkbr12.global-gateway.net.nz [202.50.232.29]
7 142 ms 142 ms 145 ms xe8-0-2-0.lebr7.global-gateway.net.nz [210.55.202.194]
8 147 ms 148 ms 147 ms ae3-10.sjbr3.global-gateway.net.nz [122.56.127.25]
9 151 ms 151 ms 151 ms ae0.pabr5.global-gateway.net.nz [203.96.120.74]
10 148 ms 148 ms 148 ms palo-b1-link.telia.net [62.115.145.204]
11 335 ms 335 ms 335 ms nyk-bb4-link.telia.net [62.115.122.37]
12 334 ms 334 ms 334 ms prs-bb4-link.telia.net [80.91.251.101]
13 334 ms 334 ms 334 ms ffm-bb4-link.telia.net [62.115.122.139]
14 309 ms 309 ms 309 ms win-bb2-link.telia.net [62.115.133.78]
15 330 ms 330 ms 330 ms sfia-b2-link.telia.net [62.115.135.31]
16 321 ms 322 ms 323 ms belcloud-ic-327742-sfia-b2.c.telia.net [62.115.55.9]
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 Transmit error: code 1231.

 

Trace complete.

 

C:\>tracert trademe.co.nz

 

Tracing route to trademe.co.nz [202.162.73.2]
over a maximum of 30 hops:

 

1 <1 ms <1 ms <1 ms 192.168.48.1
2 * * * Request timed out.
3 * 18 ms 18 ms mdr-ip24-dom.msc.global-gateway.net.nz [122.56.116.10]
4 18 ms 18 ms 18 ms ae8-20.akcr11.global-gateway.net.nz [122.56.116.9]
5 19 ms 19 ms 19 ms ae10-44.tkcr5.global-gateway.net.nz [122.56.127.210]
6 21 ms 21 ms 21 ms trade-me-dom.tkcr5.global-gateway.net.nz [122.56.118.38]
7 21 ms 21 ms 21 ms 203.57.145.139
8 20 ms 20 ms 20 ms www.trademe.co.nz [202.162.73.2]

 

Trace complete.

 

 





4320 posts

Uber Geek

Trusted

  #2079451 26-Aug-2018 19:22
Send private message

Ergh! Thanks for the followup and tentative explanation. Any idea of the attack vector?

 

 

 

Cheers - N





--

 

Please note all comments are the product of my own brain and don't necessarily represent the position or opinions of my employer, previous employers, colleagues, friends or pets.


'That VDSL Cat'
11713 posts

Uber Geek

Trusted
Spark
Subscriber

  #2079468 26-Aug-2018 20:28
Send private message

I had one isolated example of this passed through to me late last week (i don't run front lines so i only hear from those who know me well)

 

 

 

Was awaiting their IT company to come back with valid tests as on my personal connections it's fine.

 

I do have to echo neils question, Has anyone raised it with the helpdesk?

 

 





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.


2698 posts

Uber Geek

Trusted

  #2079475 26-Aug-2018 20:47
Send private message

Talkiet:

Ergh! Thanks for the followup and tentative explanation. Any idea of the attack vector?


 


Cheers - N



No idea at the moment.




28692 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  #2079482 26-Aug-2018 21:13
3 people support this post
Send private message

Talkiet:

Ergh! Thanks for the followup and tentative explanation. Any idea of the attack vector?


 


Cheers - N



A RouterOS exploit occurred last year and another one related appeared this year. They're will known issues.



624 posts

Ultimate Geek


  #2079484 26-Aug-2018 21:19
One person supports this post
Send private message

A CPE Mikrotik exploit with static routes, isn't the cause of the issue in my case.

 

The separate connections tested have a Huawei H659B, an Edgerouter Lite and a Mikrotik (respectively) and all are reporting the same inability to resolve the 1drv.ms domain.

 

Now that I know it's not just me, I'll follow this up with the Spark helpdesk shortly. Thanks checking on your connections!

 

 


2698 posts

Uber Geek

Trusted

  #2079492 26-Aug-2018 22:24
One person supports this post
Send private message

sbiddle:
Talkiet:

 

Ergh! Thanks for the followup and tentative explanation. Any idea of the attack vector?

 

Cheers - N

 



A RouterOS exploit occurred last year and another one related appeared this year. They're will known issues.

 

Yes, it will have been this one then: https://thehackernews.com/2018/08/mikrotik-router-hacking.html 





28692 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  #2079504 27-Aug-2018 07:08
Send private message

sonyxperiageek:

 

sbiddle:
Talkiet:

 

Ergh! Thanks for the followup and tentative explanation. Any idea of the attack vector?

 

Cheers - N

 



A RouterOS exploit occurred last year and another one related appeared this year. They're will known issues.

 

Yes, it will have been this one then: https://thehackernews.com/2018/08/mikrotik-router-hacking.html 

 

 

That's just a side consequence of the exploit which that has been written about extensively and Mikrotik have sent so many emails out about. I wrote about months ago https://www.geekzone.co.nz/sbiddle/8978

 

Basically if you have a router that's pre 6.40.6 or 6.42.1 and it has port 80 or port 8291 winbox access open either locally or via the internet and that this isn't heavily locked to down source IP ranges it will be hacked. Guaranteed.

 

This latest hack is just smart hackers using this security exploit to enable crypto mining.

 

 

 

 


 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

New Vodafone mobile data plans with unlimited data
Posted 26-Feb-2020 06:55


Vodafone launches innovation initiatives to help businesses use 5G
Posted 26-Feb-2020 05:00


Ultimate Ears HYPERBOOM brings massive sound and extreme bass
Posted 25-Feb-2020 09:00


Withings launches three new devices to help monitor heart health from home
Posted 13-Feb-2020 20:05


Auckland start-up Yourcar matches new car buyers with dealerships
Posted 13-Feb-2020 18:05


School gardens go high tech to teach kids the importance of technology
Posted 13-Feb-2020 11:10


Malwarebytes finds Mac threats outpace Windows for the first time
Posted 13-Feb-2020 08:01


Amazon launches Echo Show 8 in Australia and New Zealand
Posted 8-Feb-2020 20:36


Vodafone New Zealand starts two year partnership with LetsPlay.Live
Posted 28-Jan-2020 11:24


Ring launches indoor-only security camera
Posted 23-Jan-2020 17:26


New report findings will help schools implement the digital technologies curriculum content
Posted 23-Jan-2020 17:25


N4L to upgrade & support wireless internet inside schools
Posted 23-Jan-2020 17:22


Netflix releases 21 Studio Ghibli works
Posted 22-Jan-2020 11:42


Vodafone integrates eSIM into device and wearable roadmap
Posted 17-Jan-2020 09:45


Do you need this camera app? Group investigates privacy implications
Posted 16-Jan-2020 03:30



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.