kordia packet storm affecting isps

Forums › New Zealand Broadband › kordia packet storm affecting isps

raytaylor

4080 posts

Uber Geek
+1 received by user: 1298

Trusted

#81129 8-Apr-2011 12:11

As I understand, kordia have a packet storm on their network and its affecting a few isps at the moment

Ray Taylor

There is no place like localhost

Spreadsheet for Comparing Electricity Plans Here

1 | 2

Professional yak shaver
1599 posts

Uber Geek
+1 received by user: 7

Trusted

BitSignal

Lifetime subscriber

#456710 8-Apr-2011 12:22

Where did you get this info from?

"Roads? Where we're going, we don't need roads." - Doc Emmet Brown

Beccara

1473 posts

Uber Geek
+1 received by user: 517

ID Verified

#456718 8-Apr-2011 12:36

Kordia?

Most problems are the result of previous solutions...

All comment's I make are my own personal opinion and do not in any way, shape or form reflect the views of current or former employers unless specifically stated

xpd

Geek of Coastguard
14128 posts

Uber Geek
+1 received by user: 4594

Retired Mod

ID Verified

Trusted

Lifetime subscriber

#456722 8-Apr-2011 12:42

raytaylor: As I understand, kordia have a packet storm on their network and its affecting a few isps at the moment

If youre going to make an announcement such as that, please give more info (source would be nice).

XPD / Gavin

LinkTree

skewt

754 posts

Ultimate Geek
+1 received by user: 216

#456739 8-Apr-2011 13:39

Communications where i work were affected, use kordia for the wan, even now still got issues, started about 11:20 or so

raytaylor

4080 posts

Uber Geek
+1 received by user: 1298

Trusted

#456749 8-Apr-2011 13:53

More info:

Source - SafeNZ, an isp for a few of our clients
It was affecting national traffic between safenz, orcon and telecom and they reckon a between a few other isp's.

Has now been resolved.

Ray Taylor

There is no place like localhost

Spreadsheet for Comparing Electricity Plans Here

freitasm

BDFL - Memuneh
80714 posts

Uber Geek
+1 received by user: 41174

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#456757 8-Apr-2011 14:02

raytaylor: Source - SafeNZ, an isp for a few of our clients
It was affecting national traffic between safenz, orcon and telecom and they reckon a between a few other isp's.

"They reckon" is a bit vague and sounds like "they think it may be the case".

I haven't seen any mention in the NZNOG.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

Apple TV

Stream your favourite shows now on Apple TV (affiliate link).

rhughes

3 posts

Wannabe Geek

Trusted

Kordia

#456762 8-Apr-2011 14:29

We did have an issue on the Kordia network affecting one traffic queue caused by a broadcast storm on a customer's network. We're investigating why this issue caused impairments to other customers. Our apologies to those affected.

Regan
IP architect
Kordia

freitasm

BDFL - Memuneh
80714 posts

Uber Geek
+1 received by user: 41174

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#456763 8-Apr-2011 14:30

Thanks for the update!

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

velofille

42 posts

Geek

Trusted

#456777 8-Apr-2011 15:36

Rimuhosting have some of our VPS in there, and we got told it was a DoS attack. our servers are under hosting direct network, so this is where we got our information

raytaylor

4080 posts

Uber Geek
+1 received by user: 1298

Trusted

#456789 8-Apr-2011 16:18

Sorry.
I wouldn't have posted if I didn't think it was true.
It wasn't a case of an isp trying to place blame on someone else, I had done the traceroutes from a couple of isps that showed something was definitley wrong.

They reckon is a reflection on how I type the same way I talk.

Ray Taylor

There is no place like localhost

Spreadsheet for Comparing Electricity Plans Here

Sounddude

I fix stuff!
1935 posts

Uber Geek
+1 received by user: 640

Trusted

2degrees

Lifetime subscriber

#456795 8-Apr-2011 16:32

velofille: Rimuhosting have some of our VPS in there, and we got told it was a DoS attack. our servers are under hosting direct network, so this is where we got our information

Unrelated issue :-)

Dyson

Shop now for Dyson appliances (affiliate link).

velofille

42 posts

Geek

Trusted

#456797 8-Apr-2011 16:40

How many issues were there? :O

1080p

1332 posts

Uber Geek
+1 received by user: 152
Inactive user

#456841 8-Apr-2011 20:02

Yah, got mail this afternoon:

1. Introduction

The purpose of this email is to provide a time-line and identify the root
cause of the network attack that occurred on April 8, 2011 which affected
all clients at our Piermark Datacentre. The attack centred on the core
network equipment which was bombarded by a DDOS attack originating from China.
Clients experienced a wide range of issues = intermittent or inaccessibility to complete outages
during the network event.

Event Time: 12:30pm - 2:30pm

2. Time-line Summary

At 12:30pm, engineers began to notice severe network latency
within the Managed Hosting network. While troubleshooting the network
latency it became apparent that the latency was part of a bigger issue within the core network and upstream. The Infrastructure team began troubleshooting the fiber links as a possible source of the network congestion. Upon further troubleshooting it was noted an attack originating from China was the root cause of network latency issues. The manner in which this attack worked was to flood our equipment with short byte empty UDP packets of data to the point it became overloaded and saturated.

Within 30 minutes of the attack we had requested our upstream provider to start null routing all IP's that were taking part in the attack.

3. Root Cause Analysis

There were 16 ?B Class? IP's originating from China which were leading the attack on our core network causing network degradation. There were also an array of C class IP's taking part.

4. Conclusion/Q&A

Why did it take 2 hours to resolve?

Hosting Direct maintains a very sophisticated network that utilizes many different types of equipment to deal with different situations. The issue today was down to a series of attacks that were from a vast range of different IP's. Each time progress was made through a corrective or isolation action the attacks presented themselves in another manner. Until all attacker IP's were simultaneously blocked, we were unable to stop the network congestion.

Why did a failure in a redundant network still impact my hosted site?

The issue today was not a ?hard? hard ware failure but a overload of system equipment caused by the network being maxed out by a DDOS attack.

What actions are being taken to prevent this from re-occurring?

In the process of working with our upstream provider, we have taken the plan of action to diversify our upstream providers. At this time, we do not have a scheduled date as to when this will change but we will provide notice as soon as this change has taken place.

Best Regards,
- Hosting Direct Limited

velofille

42 posts

Geek

Trusted

#456845 8-Apr-2011 20:07

"sophisticated network"

michaelmurfy

meow
13587 posts

Uber Geek
+1 received by user: 10932

Moderator

ID Verified

Trusted

Lifetime subscriber

#456855 8-Apr-2011 20:48

velofille: "sophisticated network"

Hardly :P

Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

1 | 2