Local DoS attacks flare up again

A spate of denial of service attacks struck local ISPs, including Xtra, Ihug, Asia Online and KC over the weekend.

A spate of denial of service attacks struck local ISPs, including Xtra, Ihug, Asia Online and KC over the weekend.

Telecom spokesman Glen Sowry says the attacks on Friday night and Saturday on Xtra, Ihug, Asia Online and KC appear to have been aimed at IP addresses managed by the ISPs, rather than the ISPs themselves. Ihug director Nick Wood agrees:

"Usually, it's someone having a go at someone else who's been on IRC," says Wood. "It's generally not specifically targeted at the ISP, usually a customer."

Wood says his company has noticed a flurry of attacks lately, after a quiet spell, possibly because it takes those who mount such attacks some time to construct them.

"We've been trying to upgrade one of our routers to run software which effectively minimises your exposure," says Wood. "We've got it running on every router but one and we get that final router done it should minimise our exposure.

"It concentrates the blockage to that one place they're trying to have a go at, rather than overloading the router. At the moment the router gets overloaded and grinds to a halt. With this, there's still a whole lot of data trying to arrive but the router is manageable, which means you can get onto the router and block the traffic that's arriving.

"It's not a permanent fix, but it effectively stops that load arriving on the router so that you can get onto it and find out where stuff's arriving and get onto it re-route or ask your upstream provide to null-route it for you."

Asia Online general manager Kevin Francis says his company has affected by a denial of service attack "predominantly aimed at Xtra and [Telecom Global Gateway's] Netgate. This made Netgate completely congested. We do have an alternative path through our Australasian network, so we switched our customer service through that.

"We also have in place firewalling and anti-spoofing on our border routers which meant that if it was one of our customers that had initiated that attack we could have closed them down. But despite numerous requests, Telecom still won't put any such measures in place. We believe they need to do that, otherwise organisations like ourselves will continue to look elsewhere for alternatives."

The situation was complicated by the failure of two major Telecom routers; the Takapuna-based perimeter router TKBR, which went down for half an hour on Friday, causing a loss of international connectivity for at least one ISP; Global Gateway's AKBR2, which failed for nearly an hour on Sunday because of a "very unusual" episide of CEF corruption, causing loss of international service for ISPs as far afield as Wellington's Paradise.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags attacks

More about Asia OnlineGatewayGatewayParadiseXtra

Show Comments