Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | ... | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 
1948 posts

Uber Geek
+1 received by user: 469
Inactive user


  Reply # 1126916 12-Sep-2014 08:13
Send private message

Was going to post this at 4am but decided to post it now.

Quite a few more changes on the network so even the small minority of customers who were still impacted should be resolved now.

3658 posts

Uber Geek
+1 received by user: 2178

Trusted
Spark NZ

  Reply # 1126992 12-Sep-2014 08:58
One person supports this post
Send private message

plambrechtsen: Was going to post this at 4am but decided to post it now.

Quite a few more changes on the network so even the small minority of customers who were still impacted should be resolved now.


There's still one ridiculously small edge case where DNS resolution might fail for customers, but it's a tiny fraction of a tiny fraction of a tiny fraction of users. I'll be surprised if anyone is still affected.

"Five to one against and falling..." she said, "four to one against and falling...three to one...two...one...probability factor of one to one...we have normality, I repeat we have normality." She turned her microphone off — then turned it back on, with a slight smile and continued: "Anything you still can’t cope with is therefore your own problem."

Cheers - N (It's not even a hard quote to find!)

BDFL - Memuneh
61170 posts

Uber Geek
+1 received by user: 11943

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 1126997 12-Sep-2014 09:16
Send private message
3658 posts

Uber Geek
+1 received by user: 2178

Trusted
Spark NZ

  Reply # 1127016 12-Sep-2014 09:23
4 people support this post
Send private message

freitasm: So, at the end do we still don't know if this was a premeditated event brought upon Spark by unknown actors?




As far as we're concerned, it's not the end of it. We have some pretty good mitigations in place now, and more going in, in the short (days), medium and long term. As for whether it was a premeditated attack on Spark? I don't think we have enough info to say that for sure.

It wasn't the first DDOS attack on an NZ ISP and it won't be the last. It was one of the most effective so far and certainly had some novel (to us at least) elements.

I do note in another thread that VF has also moved to block port 53 inbound to their customers and noted (correctly) that this may affect some users with very old modems. Great to see a proactive change there - learning from the attack on us. I'd recommend all ISPs in NZ follow suit actually - if you haven't already.

Cheers - N


BDFL - Memuneh
61170 posts

Uber Geek
+1 received by user: 11943

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 1127457 12-Sep-2014 20:44
Send private message

Received this today from Spark:


 

As you probably know, one of the mitigation options in response to the DDoS attacks during the weekend involves blocking port 53, which effectively stops one of the means for some customer devices and modems to be misused. We’re aware other ISPs have done the same thing in the past week or so in order to combat this latest development in cyber-threats. However in certain cases blocking port 53 does have other impacts on connectivity. So since the weekend we’ve been continuing to make enhancements and changes.

 

 

 

As part of these enhancements, we took some further steps this morning to enable us to better look ‘under the hood’ across some parts of the network. While the initial measures taken had largely mitigated the impact of the attacks, we didn’t have total visibility of everything that was going on, especially in terms of abnormal traffic patterns. Within the first hour of taking these further steps this morning we saw DNS traffic coming from just three of our home broadband customers representing4% of our total DNS traffic for that period. One connection alone had 1.2 million DNS requests in an hour. As we have port 53 blocked, we believe that this may be due to malware previously installed on these customers’ devices. We don’t believe this is a new attack, it’s likely the malware was installed before the weekend’s issues. We must stress that because of the actionswe’ve been taking over recent days, this abnormal activity is not impacting on our overall customer experience. We’re now contacting these customers and working with them to disinfect their home systems.

 

 

 

You’ll recall during the weekend issues that among other things we saw incoming traffic being bounced off a number of vulnerable customer modems (those with DNS open resolver functionality). Today’s insights did not involve any significant level of incoming traffic, which tends to point to device malware, rather than a specific modem issue. This demonstrates there were a number of different vectors involved in the weekend’s DDoS attacks.

 

 

 

This is just one vivid illustration of the potential scale of cyber-threats and the impact that can be generated from just a very small number of connections. Like all ISPs we see evidence of literally thousands of attacks every year and the vast majority of these never impact on the customer experience across our network because of proactive management.

 





709 posts

Ultimate Geek
+1 received by user: 404

Trusted
Vodafone NZ

  Reply # 1129037 15-Sep-2014 14:13
Send private message

Talkiet: "Five to one against and falling..." she said, "four to one against and falling...three to one...two...one...probability factor of one to one...we have normality, I repeat we have normality." She turned her microphone off — then turned it back on, with a slight smile and continued: "Anything you still can’t cope with is therefore your own problem."

Cheers - N (It's not even a hard quote to find!)


Got to love Trillian :)




1 | ... | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.