Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: KCOM apologises as 'several thousand' lose internet access  (Read 7149 times)

Bowdon

  • Content Team
  • Kitizen
  • *
  • Posts: 2395
KCOM apologises as 'several thousand' lose internet access
« on: November 28, 2016, 08:10:44 PM »

KCOM apologises as 'several thousand' lose internet access

Quote
KCOM has apologised after thousands of people in Hull were cut off from the internet over the weekend.

Many are still without broadband access today as the operator struggles to rectify the disruption, which first hit users on Saturday.

The firm says that the issue is an "intermittent problem" and is not concentrated on any particular area.

Mark Jardine, who lives off Beverley Road, said he was watching Netflix when his internet went off just after 8pm on Sunday evening.

He remains without internet access at home today.

From the comments on the article it sounds like KCOM are really bad. Not sure if any other forum people are with KCOM and what their experience is of them?
Logged
BT Full Fibre 500 - Smart Hub 2

NEXUS2345

  • Reg Member
  • ***
  • Posts: 235
Re: KCOM apologises as 'several thousand' lose internet access
« Reply #1 on: November 28, 2016, 09:08:18 PM »

 I was with Eclipse before I was with Zen and after the KCOM takeover, I started to find that my internet connection became extremely throttled when downloading stuff. Like, they would reduce my bandwidth by 80%. I then noticed that all their residential packages had disappeared, so I pretty much came to the conclusion that they wanted their residential customers gone. My experience was bad with them. Even their customer support took 3 phone calls to fix an issue, over a period of about 3-4 weeks. I have since moved to Zen and for the past year and a half with them not had an issue.
Logged
Security improvement and remediation consultant with infrastructure specialisation

IDNet Openreach FTTP 1000/115 + Asus RT-AX92U | Virgin Media 200 + SuperHub 3 + Synology MR2200ac mesh | Sky 80/20 with WiFi Guarantee on Huawei 288 cabinet

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 33879
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: KCOM apologises as 'several thousand' lose internet access
« Reply #2 on: December 02, 2016, 12:21:07 PM »

KCOM has the monopoly for Hull.  In fact not just the monopoly but they are practically the only provider - About the only alternative is wifi broadband via Connexin.

At one time I wondered if KCom were going to branch out more nationwide as they bought out Mistral who were one of the major SP's used by Utilities Warehouse, but they seem to have not done anything much with it.  It seems they are doing the same with Eclipse.  I'm not quite sure the logic behind purchasing national ISPs then in effect winding down the residential retail arm.

Quote
Many are still without broadband access today as the operator struggles to rectify the disruption, which first hit users on Saturday.

The firm says that the issue is an "intermittent problem" and is not concentrated on any particular area.

"While some customers have been able to reconnect immediately, other customers' routers will need to be reset before they can connect to the internet again."


They had obviously been hit by the Mirai type bot too.   
I was made aware of the problem several days ago but after reassurances that the VMG series were not involved, was requested not to post anything until affected ISPs had the patches available to roll out.   
 
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker

broadstairs

  • Kitizen
  • ****
  • Posts: 3697
Re: KCOM apologises as 'several thousand' lose internet access
« Reply #3 on: December 02, 2016, 03:22:31 PM »

They had obviously been hit by the Mirai bot too.   
I was made aware of the problem several days ago but after reassurances that the VMG series were not involved, was requested not to post anything until affected ISPs had the patches available to roll out.   

I'm disappointed (but not surprised) that they wanted to cover it up and perhaps more disappointed that you agreed. I think this should have been made public as soon as possible. Waiting for a roll out of a fix is not acceptable, however turning off tr069 and 064 would have been a good move in my view. I will never run any modem with anything like that enabled as I certainly dont trust any ISP to have access to my router for any purpose.

Stuart
Logged
ISP:Vodafone Router:Vodafone Wi-Fi hub FTTP

j0hn

  • Kitizen
  • ****
  • Posts: 4093
Re: KCOM apologises as 'several thousand' lose internet access
« Reply #4 on: December 02, 2016, 03:53:56 PM »

I completely disagree. Further publicising the issue with details of any vulnerability will only serve to increase the likelihood of it being exploited by others.
Logged
Talktalk FTTP 550/75 - Speedtest - BQM

ejs

  • Kitizen
  • ****
  • Posts: 2078
Re: KCOM apologises as 'several thousand' lose internet access
« Reply #5 on: December 02, 2016, 04:26:30 PM »

The details are already publicly available on the web. Not so much about which devices are or aren't vulnerable, but the technical details of the firmware implementation flaws are very clear.

It seems such a huge glaring flaw, that it's quite possible that it was being quietly exploited on a low-scale long before it became public and widespread recently.
Logged

broadstairs

  • Kitizen
  • ****
  • Posts: 3697
Re: KCOM apologises as 'several thousand' lose internet access
« Reply #6 on: December 02, 2016, 05:29:55 PM »

The details are already publicly available on the web. Not so much about which devices are or aren't vulnerable, but the technical details of the firmware implementation flaws are very clear.

It seems such a huge glaring flaw, that it's quite possible that it was being quietly exploited on a low-scale long before it became public and widespread recently.

I also feel that keeping quiet meant that those who had not been exploited lost the opportunity to turn off those functions and therefore prevent a problem, plus those who had been exploited continued in ignorance and maybe just maybe could have stuff harvested from their PCs or network..

I'm sorry but keeping this quiet is not a good idea, except n one solitary circumstance and that is where someone finds a potential hole and reports it to the manufacturer prior to its exploitation but if in any doubt it has been used then it should become public.

Stuart
Logged
ISP:Vodafone Router:Vodafone Wi-Fi hub FTTP

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 33879
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: KCOM apologises as 'several thousand' lose internet access
« Reply #7 on: December 02, 2016, 09:09:57 PM »

If it had been the VMG series then my re-action would have been entirely different.  I only got to hear about the Zyxel's AMG1302.
Afaik no-one on this forum uses them as they are ISP modems used by KCom and locked down to Eircom.  We dont have any of their users as regs.  TBH at the time I thought it was only Eircom and didn't know about Kcom until later.

If you notice, no-one including the press publically announced this until a fix had been found and the ISPs concerned had started rolling it out.
Letting the world know that many thousands of AMG1302 are vulnerable and wide open to the world is hardly a good idea.   They were in a state of the WAN interface being wide open and being publicly accessible to ANYONE, not just those who had released the exploit.

As ejs says the basic info about the flaw is and already was available. Once info was in the public domain then all it would  take is script kiddies to start going through all of KCom/Eircoms IPs.  It wouldnt take them too long to put 2 and 2 together.  They then could possibly have access to a lot more info and do far more damage than the current situation which was being unable to access the internet.

Srsly if I'd said anything publicly then it would have been akin to announcing hey go attack the following IP ranges and you'll be right inside their network.  There's currently x thousand modems wide open this week to do what you want with.  Most, if not all ISPs knew what was going on quite soon, but decided it was best not saying anything until after the patches had been released otherwise you are just exposing many thousands more who do not read tech news and wouldnt have a clue how to block ports.

From what I can gather (my assumption) is that who-ever was behind the release this past week wasn't going after anything specific and it was probably more of a proof of concept type attack to show just what was possible, rather than actually hack user info.
IMHO the ISPs concerned did the best thing by trying to keep a lid on it until their modems were patched, the alternative could have been one heck of a lot worse.

Hopefully this has been a wake-up call to the industry.   
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker

ejs

  • Kitizen
  • ****
  • Posts: 2078
Re: KCOM apologises as 'several thousand' lose internet access
« Reply #8 on: December 02, 2016, 09:33:52 PM »

Knocking people offline was probably not the intention, the likely intention of the worm / botnet is to spread by infecting more devices and use their Internet connections for DDoS purposes. If people were knocked offline completely, that could have been due to the attempt to download and execute the software into the router failing, but corrupting the settings and causing the device to stop working.
Logged