Kitz Forum

Broadband Related => Known Network Issues + MSO's => Topic started by: Weaver on November 19, 2015, 04:31:48 PM

Title: Andrews & Arnold under attack (DDOS) - now under control
Post by: Weaver on November 19, 2015, 04:31:48 PM

See :  https://aastatus.net/2178 (https://aastatus.net/2178)

It may well be that it was an AA customer that was being attacked, not AA themselves.

Title: Re: Andrews & Arnold under attack (DDOS) - now under control
Post by: kitz on November 19, 2015, 09:03:14 PM

Sounds a bit weird.

More info
http://aa.net.uk/news-20151119-dos.html

Title: Re: Andrews & Arnold under attack (DDOS) - now under control
Post by: sevenlayermuddle on November 19, 2015, 11:40:32 PM

Whatever may have happened, it is quite a treat to see a meaningful and literate response from somebody who clearly understands the issues, AND who happens to be a Director of the Company.  :)

A very satisfying company to work for I'd imagine, at least for those who are themselves competent.

Title: Re: Andrews & Arnold under attack (DDOS) - now under control
Post by: Weaver on November 20, 2015, 01:56:33 AM

...and who writes code that goes into my router. :-)

Title: Re: Andrews & Arnold under attack (DDOS) - now under control
Post by: Weaver on November 20, 2015, 01:58:08 AM

Thanks to Kitz for that link. It's clearly not the whole story, good job the police are involved now.

Title: Re: Andrews & Arnold under attack (DDOS) - now under control
Post by: Bowdon on November 20, 2015, 11:28:37 AM

Sadly a lot of people play fast and loose with their IP addresses being made public. It only needs them to meet someone with malicious intent to cause trouble.

The biggest culprit for exposing a person's IP address is Skype. I've learned recently that there is a website that as long as the Skype user is online, this website can reveal the persons IP address. Most (if not all) of these living gaming stream 'swattings' happen because the streamer talked to someone on skype at some point, or his skype name is known.

Thankfully this security hole in Skype is now becoming more widely known and people are preferring to use voice servers instead, hosted at a central location that doesn't give away a users IP address to others.

Title: Re: Andrews & Arnold under attack (DDOS) - now under control
Post by: jelv on November 20, 2015, 12:11:17 PM

Interesting that when they moved users to a different range the attack followed. I'm guessing that implies that some public services are being run by the target and the IP address was looked up via DNS rather then it being a harvested IP.

Title: Re: Andrews & Arnold under attack (DDOS) - now under control
Post by: Weaver on November 20, 2015, 04:05:38 PM

[aside] For those of you who are interested in the workings of DDoS attacks, Team Cymru's short videos on YouTube are very educational.

Title: Re: Andrews & Arnold under attack (DDOS) - now under control
Post by: Weaver on November 20, 2015, 11:03:18 PM

See also http://www.revk.uk/2015/11/bgp-blackhole-routes.html (http://www.revk.uk/2015/11/bgp-blackhole-routes.html)


a post from RevK about the plumbing of the Internet, which is relevant to this recent incident.