Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4
3885 posts

Uber Geek

Subscriber

  #1164433 29-Oct-2014 15:44
2 people support this post

charsleysa:
sbiddle: Unless you've specifically paid for it I wouldn't expect anything at all for a residential connection. ISPs protecting their network is another issue entirely.




I got told by Snap technical support that my connection received a DDoS attack and that it was affecting their network.

They also said that if I continued to receive DDoS attacks they would look into suspending or even cancelling my connection.


They are definitely justified in cancelling your connection if attacks continue. As they don't want other customers complaining of slow speeds / sites not loading. Because a DDos attack had used up Snap's international bandwidth.





DjG

11 posts

Geek


  #1164435 29-Oct-2014 15:47
One person supports this post
Send private message

There is 1 consumer based ISP I know of that has DDOS protection and has mostly asian customers.

Problem with gamers is they piss someone off they going to get DDOSed and it really does have an impact on the ISP.
say for example the ISP buys 1G of IP transit and the gamer gets a DDOS of say 1Gbit, the DDOS gets over the transit provders network and out the interface towards the ISP and hits the rate shaper limit the transit provider has for the ISP customer and this effecting the whole ISP's transit as its going to be dropping packets like a mofo.
 
The only way to sort it is by scrubbing the traffic in the US where its cheep to do so before it gets on the cable back to NZ. then again we scrub upto a certain level ie 1 - 2 Gbit and if it goes beyond that then we blackhole that /32 in the US but not to NZ or AU routes.






 
 
 
 




597 posts

Ultimate Geek


  #1164455 29-Oct-2014 16:19
Send private message

Aredwood:
charsleysa:
sbiddle: Unless you've specifically paid for it I wouldn't expect anything at all for a residential connection. ISPs protecting their network is another issue entirely.




I got told by Snap technical support that my connection received a DDoS attack and that it was affecting their network.

They also said that if I continued to receive DDoS attacks they would look into suspending or even cancelling my connection.


They are definitely justified in cancelling your connection if attacks continue. As they don't want other customers complaining of slow speeds / sites not loading. Because a DDos attack had used up Snap's international bandwidth.


Would be nice if they actually tried to help me find out if the attack was targeting something specific as that would help to know the cause.
Knowing the transport layer protocol and the ports would have helped.

Anyway I have ordered a security sweep of all the devices we have and questioned everybody.
I have determined that it was most likely a random attack and was not directed at us for any singular reason though without more information from Snap I cannot be sure.




Regards
Stefan Andres Charsley

'That VDSL Cat'
11906 posts

Uber Geek

Trusted
Spark
Subscriber

  #1164456 29-Oct-2014 16:22
Send private message

charsleysa:
Aredwood:
charsleysa:
sbiddle: Unless you've specifically paid for it I wouldn't expect anything at all for a residential connection. ISPs protecting their network is another issue entirely.




I got told by Snap technical support that my connection received a DDoS attack and that it was affecting their network.

They also said that if I continued to receive DDoS attacks they would look into suspending or even cancelling my connection.


They are definitely justified in cancelling your connection if attacks continue. As they don't want other customers complaining of slow speeds / sites not loading. Because a DDos attack had used up Snap's international bandwidth.


Would be nice if they actually tried to help me find out if the attack was targeting something specific as that would help to know the cause.
Knowing the transport layer protocol and the ports would have helped.

Anyway I have ordered a security sweep of all the devices we have and questioned everybody.
I have determined that it was most likely a random attack and was not directed at us for any singular reason though without more information from Snap I cannot be sure.


its more likely if it was of the magnitude that snap made contact it was a big one - ild be interested in how big really..


it was probably a randomized attack rather than targeted at a certain service.


as i said, could have been as simple as they were smurfing or doing really well at a high level, attacks for that are surprisingly common unfortunately... 






#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 




597 posts

Ultimate Geek


  #1164460 29-Oct-2014 16:29
Send private message

hio77:
charsleysa:

Would be nice if they actually tried to help me find out if the attack was targeting something specific as that would help to know the cause.
Knowing the transport layer protocol and the ports would have helped.

Anyway I have ordered a security sweep of all the devices we have and questioned everybody.
I have determined that it was most likely a random attack and was not directed at us for any singular reason though without more information from Snap I cannot be sure.


its more likely if it was of the magnitude that snap made contact it was a big one - ild be interested in how big really..


it was probably a randomized attack rather than targeted at a certain service.


as i said, could have been as simple as they were smurfing or doing really well at a high level, attacks for that are surprisingly common unfortunately... 




Snap didn't contact me, I contacted them because the internet utilization charts on the FritzBox had max downstream and zero upstream and I could barely connect to the FritzBox, the rest of our internal network was fine so the FritzBox dropped the packets before I could see them.

They then rang me back about half an hour later telling me that if it continues they'd take action (as if I was the one doing the DDoS attack).




Regards
Stefan Andres Charsley

'That VDSL Cat'
11906 posts

Uber Geek

Trusted
Spark
Subscriber

  #1164461 29-Oct-2014 16:32
Send private message

charsleysa: 

Snap didn't contact me, I contacted them because the internet utilization charts on the FritzBox had max downstream and zero upstream and I could barely connect to the FritzBox, the rest of our internal network was fine so the FritzBox dropped the packets before I could see them.

They then rang me back about half an hour later telling me that if it continues they'd take action (as if I was the one doing the DDoS attack).


ah. i read your first comments as they contacted you outright.




#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 


75 posts

Master Geek


  #1164494 29-Oct-2014 17:01
Send private message

I had the same issue maybe a year ago. I use a static IP because I host a dedicated server for steam games such as counter strike to play with my friends. Someone thought it would be fun to DoS my connection. My connection dropped twice after 5 minute intervals and Snap! rang me on my cell (late at night) and informed me about the problem. They then gave me a new static IP. My game server auto went live when the internet connection came back and the person who was doing the DoS attack got my new IP. Snap rang again and said they will just block the incoming traffic that was causing me the problem. Never had any talk about closing off my internet connection. I even got a replacement router.

 
 
 
 


1248 posts

Uber Geek

Trusted
Lifetime subscriber

  #1164510 29-Oct-2014 17:20
3 people support this post
Send private message

Looks like there is a use for CGNAT :-)

Wasn't me...


'That VDSL Cat'
11906 posts

Uber Geek

Trusted
Spark
Subscriber

  #1164522 29-Oct-2014 17:51
Send private message

dolsen: Looks like there is a use for CGNAT :-)

Wasn't me...



that does it! time to get a bigpipe connection and piss off all the ddoser!




#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 


2415 posts

Uber Geek

Trusted
Subscriber

  #1164532 29-Oct-2014 18:02
Send private message

sbiddle: Unless you've specifically paid for it I wouldn't expect anything at all for a residential connection. ISPs protecting their network is another issue entirely.




Most of the ISPs which purchase transit from Vocus get some protection from their Arbour Peak flow devices, some of which are offshore to stop the malicious traffic from even coming into NZ.

Back when I worked there it was always interesting to view the dashboard of the constant barrage which ISPs were subjected to, some attacks were truly massive.


776 posts

Ultimate Geek

Trusted
Snap Internet

  #1164556 29-Oct-2014 18:49
4 people support this post
Send private message

Hi All,

There are a few aspects to this one.

For some large customers they have the ability to signal to us over BGP to blackhole address's if they are subject to a DDOS. for Snap Residential customers this is not possible (as there is no routing protocol running)

At Snap like most ISP's we have automated systems to detect DDOS attacks, the real issue is that there is still a manual check just to ensure that the DDOS is valid which is then passed onto our helpdesk to call and notify the customer. We will need to give the new customer a new IP Address, and if its a static assignment it will need to be a new static address, there are people doing this 24/7/365 

Every day there are multiple DDOS attacks, but often these attacks will target specific customers. for "Mum and Dad" users a DDOS attack would be quite rare, for some customers we are seeing multiple attacks per month.

For customers that are receiving multiple attacks per month we are talking to them to see if they can have a look and see if there are any reasons for this, if it does continue (I.E more than a 3-4 over the period of a month) then we need to look at why this is happening and the best way to resolve it, it is something that is covered under the Terms and conditions much like sending Spam or having a compromised home devices, its just that DDOS's are generally not directly initiated from the client's network.

The main reason for this is that even though the systems at our end are largely automated, it does take a small amount of time to detect, time to verify it is a real DDOS, and then time for routing protocols to start blocking the destination IP. during this time if other users are gaming or watching streaming TV their experience may be less than ultimate.

Hope this helps!

Thanks,
TheRalph




Snap

0800 BROADBAND (276 232)
www.snap.net.nz

@SnapInternet on Twitter
Snap Internet on Facebook

Our Social Media Team:
^RO Ricky - Technical Lead
^AT Ashleigh - Retail Marketing Coordinator



3435 posts

Uber Geek

Trusted

  #1165344 30-Oct-2014 21:51
Send private message

A smaller ISP (Like Us) for example is generally purchasing from one or two upstream providers and will have less than one gigabit of capacity.
If one of our customers gets targeted, it will take down one or two of those links.
The only way to take action is to stop advertising the affected /24 of our ip address space to that particular upstream provider. That often means taking out our international connectivity and leaving national only running until it stops.
A /24 subnet is a block of approx 250 customers so its not something i really want to be doing.


We are lucky that we have only had one customer cause a couple DDOS attacks by antagonising another player in an online game.
The foreign player rented a botnet for exactly 30 minutes both times (I am told you rent in 15 minute blocks) and targeted our customer in the early hours of the morning.
We have threatened to disconnect that customer and he now seems to behave.

The customer also will be charged for the traffic that is delivered to their router across our network until we can stop the incoming stream of data.

In the real world, if you get a DDOS attack aimed at your ip address, its probably 99% your own fault.




Ray Taylor
Taylor Broadband (rural hawkes bay)
www.ruralkiwi.com

There is no place like localhost
For my general guide to extending your wireless network Click Here






597 posts

Ultimate Geek


  #1165358 30-Oct-2014 21:59
One person supports this post
Send private message

raytaylor: A smaller ISP (Like Us) for example is generally purchasing from one or two upstream providers and will have less than one gigabit of capacity.
If one of our customers gets targeted, it will take down one or two of those links.
The only way to take action is to stop advertising the affected /24 of our ip address space to that particular upstream provider. That often means taking out our international connectivity and leaving national only running until it stops.
A /24 subnet is a block of approx 250 customers so its not something i really want to be doing.


We are lucky that we have only had one customer cause a couple DDOS attacks by antagonising another player in an online game.
The foreign player rented a botnet for exactly 30 minutes both times (I am told you rent in 15 minute blocks) and targeted our customer in the early hours of the morning.
We have threatened to disconnect that customer and he now seems to behave.

The customer also will be charged for the traffic that is delivered to their router across our network until we can stop the incoming stream of data.

In the real world, if you get a DDOS attack aimed at your ip address, its probably 99% your own fault.


99% your fault sounds a bit ridiculous, there are various other reasons people get attacked through no fault of theirs.

Beating someone fair and square in a game, or even simply competing with them, is enough to trigger attacks which is more prominently seen during professional matches and money at stake tournaments.




Regards
Stefan Andres Charsley

3435 posts

Uber Geek

Trusted

  #1165365 30-Oct-2014 22:09
One person supports this post
Send private message

charsleysa:

99% your fault sounds a bit ridiculous, there are various other reasons people get attacked through no fault of theirs.

Beating someone fair and square in a game, or even simply competing with them, is enough to trigger attacks which is more prominently seen during professional matches and money at stake tournaments.


Yep we dont really care. If they cause service to be disrupted for any other subscriber for any reason (like winning a game, and thus aggravating another player to launch a DDOS attack) then we have to take action to protect those other subscribers. If loosing you as a customer is something we have to do to ensure service for others, then so be it.

If i was a customer and my neighbour down the street was causing my service to be disrupted, i would want them kicked off too - we have to be fair to everyone.




Ray Taylor
Taylor Broadband (rural hawkes bay)
www.ruralkiwi.com

There is no place like localhost
For my general guide to extending your wireless network Click Here




3554 posts

Uber Geek

Trusted

  #1165376 30-Oct-2014 22:35
2 people support this post
Send private message

Ah DDoS ... managing that sh!t... those were the (stressful) days...

The way to stop it is to not piss people off in online games. Not much the ISPs can generally do.

I love the CGNAT idea - haha never thought about this - I wonder what ISPs plans are around kicking off customers when a single CGNAT address gets DDoSed....




Speedtest 2019-10-14


1 | 2 | 3 | 4
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Intel introduces 10th Gen Intel Core H-series for mobile devices
Posted 2-Apr-2020 21:09


COVID-19: new charitable initiative to fund remote monitoring for at-risk patients
Posted 2-Apr-2020 11:07


Huawei introduces the P40 Series of Android-based smartphones
Posted 31-Mar-2020 17:03


Samsung Galaxy Z Flip now available for pre-order in New Zealand
Posted 31-Mar-2020 16:39


New online learning platform for kids stuck at home during COVID-19 lockdown
Posted 26-Mar-2020 21:35


New 5G Nokia smartphone unveiled as portfolio expands
Posted 26-Mar-2020 17:11


D-Link ANZ launches wireless AC1200 4G LTE router
Posted 26-Mar-2020 16:32


Ring introduces two new video doorbells and new pre-roll technology
Posted 17-Mar-2020 16:59


OPPO uncovers flagship Find X2 Pro smartphone
Posted 17-Mar-2020 16:54


D-Link COVR-2202 mesh Wi-Fi system now protected by McAfee
Posted 17-Mar-2020 16:00


Spark Sport opens its platform up to all New Zealanders at no charge
Posted 17-Mar-2020 10:04


Spark launches 5G Starter Fund
Posted 8-Mar-2020 19:19


TRENDnet launches high-performance WiFi Mesh Router System
Posted 5-Mar-2020 08:48


Sony boosts full-frame lens line-up with introduction of FE 20mm F1.8 G large-aperture ultra-wide-angle prime Lens
Posted 5-Mar-2020 08:44


Vector and Spark teamed up on smart metering initiative
Posted 5-Mar-2020 08:42



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.