Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


wsnz

649 posts

Ultimate Geek


#240203 26-Aug-2018 10:49
Send private message

Has anyone noticed issues with resolving the 1drv.ms domain using the Spark [Xtra] DNS servers 122.56.237.1 and 210.55.111.1? External DNS servers resolve the name without an issue. As a test I've tried three different Spark-connected Xtra-DNS using connections and all had the same issue.

 

 


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
rscole86
4973 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  #2079343 26-Aug-2018 11:05
Send private message

Same problem here on my Spark VDSL and Skinny mobile connections.



DjShadow
4084 posts

Uber Geek

ID Verified
Trusted

  #2079345 26-Aug-2018 11:21
Send private message

Same for Spark Fibre


sonyxperiageek
2958 posts

Uber Geek

Trusted

  #2079393 26-Aug-2018 15:32
Send private message

Same here on Spark at work, stopped working about 2 hours ago. Can't even ping both their DNS servers anymore.





Sony




Linux
11391 posts

Uber Geek

Trusted
Lifetime subscriber

  #2079394 26-Aug-2018 15:34
Send private message

@hio77 Maybe he can add some value

 

John


Talkiet
4792 posts

Uber Geek

Trusted

  #2079419 26-Aug-2018 17:10
Send private message

sonyxperiageek:

 

Same here on Spark at work, stopped working about 2 hours ago. Can't even ping both their DNS servers anymore.

 

 

You never could ICMP ping the main DNS servers... You can Tcping them on port 53 though...

 

As for not being able to see 1drv.ms.... I don't get resolution either - I wonder if anyone has told the helpdesk?

 

Cheers - N





Please note all comments are from my own brain and don't necessarily represent the position or opinions of my employer, previous employers, colleagues, friends or pets.


sonyxperiageek
2958 posts

Uber Geek

Trusted

  #2079421 26-Aug-2018 17:15
Send private message

Talkiet:

 

sonyxperiageek:

 

Same here on Spark at work, stopped working about 2 hours ago. Can't even ping both their DNS servers anymore.

 

 

You never could ICMP ping the main DNS servers... You can Tcping them on port 53 though...

 

As for not being able to see 1drv.ms.... I don't get resolution either - I wonder if anyone has told the helpdesk?

 

Cheers - N

 

 

Ah right. I was testing them against your Spark Digital customers' DNS servers which I could ICMP ping.

 

But either way, i can't get to any site with your main DNS servers.





Sony


Talkiet
4792 posts

Uber Geek

Trusted

  #2079423 26-Aug-2018 17:24
Send private message

sonyxperiageek:

 

Talkiet:

 

sonyxperiageek:

 

Same here on Spark at work, stopped working about 2 hours ago. Can't even ping both their DNS servers anymore.

 

 

You never could ICMP ping the main DNS servers... You can Tcping them on port 53 though...

 

As for not being able to see 1drv.ms.... I don't get resolution either - I wonder if anyone has told the helpdesk?

 

Cheers - N

 

 

Ah right. I was testing them against your Spark Digital customers' DNS servers which I could ICMP ping.

 

But either way, i can't get to any site with your main DNS servers.

 

 

Heh... Despite being 99% sure, your comment was dramatic enough to make me log in and check some basic basic stats.

 

BB traffic is unchanged from last sunday at this time and there's no drop... And DNS queries are unchanged...

 

 

Yes, I have cut off the scale deliberately.

 

There are also no changes in distribution of Rcodes etc...

 

So it's likely very isolated if you can't get resolution for any sites using our DNS servers then it's certainly not a widespread issue... Have you verified with nslookup to 210.55.111.1 or 122.56.237.1 ?

 

 

 

Cheers - N

 

 





Please note all comments are from my own brain and don't necessarily represent the position or opinions of my employer, previous employers, colleagues, friends or pets.


 
 
 

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.
sonyxperiageek
2958 posts

Uber Geek

Trusted

  #2079449 26-Aug-2018 19:16
Send private message

I think our Mikrotiks may have been hacked. There was a bunch of DNS statics pointing to one IP address with lots of different names pointing to ethereum mining etc....

 

The first Trace Route was with those DNS statics on, the second with it deleted.

 

 

 

Tracing route to trademe.co.nz [185.206.144.149]
over a maximum of 30 hops:

 

1 <1 ms <1 ms <1 ms 192.168.48.1
2 * * * Request timed out.
3 19 ms 18 ms 18 ms mdr-ip24-int.msc.global-gateway.net.nz [122.56.116.6]
4 18 ms 18 ms 18 ms ae8-10.akbr6.global-gateway.net.nz [122.56.116.5]
5 18 ms 18 ms 18 ms ae7-2.akbr7.global-gateway.net.nz [122.56.119.53]
6 19 ms 19 ms 19 ms ae10-10.tkbr12.global-gateway.net.nz [202.50.232.29]
7 142 ms 142 ms 145 ms xe8-0-2-0.lebr7.global-gateway.net.nz [210.55.202.194]
8 147 ms 148 ms 147 ms ae3-10.sjbr3.global-gateway.net.nz [122.56.127.25]
9 151 ms 151 ms 151 ms ae0.pabr5.global-gateway.net.nz [203.96.120.74]
10 148 ms 148 ms 148 ms palo-b1-link.telia.net [62.115.145.204]
11 335 ms 335 ms 335 ms nyk-bb4-link.telia.net [62.115.122.37]
12 334 ms 334 ms 334 ms prs-bb4-link.telia.net [80.91.251.101]
13 334 ms 334 ms 334 ms ffm-bb4-link.telia.net [62.115.122.139]
14 309 ms 309 ms 309 ms win-bb2-link.telia.net [62.115.133.78]
15 330 ms 330 ms 330 ms sfia-b2-link.telia.net [62.115.135.31]
16 321 ms 322 ms 323 ms belcloud-ic-327742-sfia-b2.c.telia.net [62.115.55.9]
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 Transmit error: code 1231.

 

Trace complete.

 

C:\>tracert trademe.co.nz

 

Tracing route to trademe.co.nz [202.162.73.2]
over a maximum of 30 hops:

 

1 <1 ms <1 ms <1 ms 192.168.48.1
2 * * * Request timed out.
3 * 18 ms 18 ms mdr-ip24-dom.msc.global-gateway.net.nz [122.56.116.10]
4 18 ms 18 ms 18 ms ae8-20.akcr11.global-gateway.net.nz [122.56.116.9]
5 19 ms 19 ms 19 ms ae10-44.tkcr5.global-gateway.net.nz [122.56.127.210]
6 21 ms 21 ms 21 ms trade-me-dom.tkcr5.global-gateway.net.nz [122.56.118.38]
7 21 ms 21 ms 21 ms 203.57.145.139
8 20 ms 20 ms 20 ms www.trademe.co.nz [202.162.73.2]

 

Trace complete.

 

 





Sony


Talkiet
4792 posts

Uber Geek

Trusted

  #2079451 26-Aug-2018 19:22
Send private message

Ergh! Thanks for the followup and tentative explanation. Any idea of the attack vector?

 

 

 

Cheers - N





Please note all comments are from my own brain and don't necessarily represent the position or opinions of my employer, previous employers, colleagues, friends or pets.


hio77
12999 posts

Uber Geek

ID Verified
Trusted
Lizard Networks

  #2079468 26-Aug-2018 20:28
Send private message

I had one isolated example of this passed through to me late last week (i don't run front lines so i only hear from those who know me well)

 

 

 

Was awaiting their IT company to come back with valid tests as on my personal connections it's fine.

 

I do have to echo neils question, Has anyone raised it with the helpdesk?

 

 





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 

 


sonyxperiageek
2958 posts

Uber Geek

Trusted

  #2079475 26-Aug-2018 20:47
Send private message

Talkiet:

Ergh! Thanks for the followup and tentative explanation. Any idea of the attack vector?


 


Cheers - N



No idea at the moment.




Sony


sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #2079482 26-Aug-2018 21:13
Send private message

Talkiet:

Ergh! Thanks for the followup and tentative explanation. Any idea of the attack vector?


 


Cheers - N



A RouterOS exploit occurred last year and another one related appeared this year. They're will known issues.

wsnz

649 posts

Ultimate Geek


  #2079484 26-Aug-2018 21:19
Send private message

A CPE Mikrotik exploit with static routes, isn't the cause of the issue in my case.

 

The separate connections tested have a Huawei H659B, an Edgerouter Lite and a Mikrotik (respectively) and all are reporting the same inability to resolve the 1drv.ms domain.

 

Now that I know it's not just me, I'll follow this up with the Spark helpdesk shortly. Thanks checking on your connections!

 

 


sonyxperiageek
2958 posts

Uber Geek

Trusted

  #2079492 26-Aug-2018 22:24
Send private message

sbiddle:
Talkiet:

 

Ergh! Thanks for the followup and tentative explanation. Any idea of the attack vector?

 

Cheers - N

 



A RouterOS exploit occurred last year and another one related appeared this year. They're will known issues.

 

Yes, it will have been this one then: https://thehackernews.com/2018/08/mikrotik-router-hacking.html 





Sony


sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #2079504 27-Aug-2018 07:08
Send private message

sonyxperiageek:

 

sbiddle:
Talkiet:

 

Ergh! Thanks for the followup and tentative explanation. Any idea of the attack vector?

 

Cheers - N

 



A RouterOS exploit occurred last year and another one related appeared this year. They're will known issues.

 

Yes, it will have been this one then: https://thehackernews.com/2018/08/mikrotik-router-hacking.html 

 

 

That's just a side consequence of the exploit which that has been written about extensively and Mikrotik have sent so many emails out about. I wrote about months ago https://www.geekzone.co.nz/sbiddle/8978

 

Basically if you have a router that's pre 6.40.6 or 6.42.1 and it has port 80 or port 8291 winbox access open either locally or via the internet and that this isn't heavily locked to down source IP ranges it will be hacked. Guaranteed.

 

This latest hack is just smart hackers using this security exploit to enable crypto mining.

 

 

 

 


 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00


eero Pro 7 Review
Posted 23-Jul-2025 12:07


BeeStation Plus Review
Posted 21-Jul-2025 14:21


eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01


WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32


RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26


Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24


Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05


Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01


Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01


Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22


Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46


Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42


D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34


Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.