DoS attack

Started by nowster, May 10, 2013, 15:28:27

Previous topic - Next topic

0 Members and 3 Guests are viewing this topic.

nowster

Sigh! Some system in the USA is trying to password scan the SIP server on my parents' iDNet connection, sending about 200kbps of UDP traffic continuously. I've removed the SIP server software but the incoming traffic continues. At this rate they're going to go over quota in about 5 days.

Glenn

Speak to support, they may be able block to the traffic type to the connection.
Glenn
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

nowster

Quote from: Glenn on May 10, 2013, 15:54:36
Speak to support, they may be able block to the traffic type to the connection.
An email to support has gone unanswered... Currently gobbling bandwidth allowance at about 2GB a day.

Simon

Can't they disconnect the router?
Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.

nowster

Quote from: Simon on May 11, 2013, 12:43:36
Can't they disconnect the router?
Well, they could, but that then doesn't allow them to access the Internet...

Simon

But if they disconnected for, say, 30 minutes, then reconnected, would that not stop the DOS attack?
Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.

nowster

Quote from: Simon on May 11, 2013, 13:24:10
But if they disconnected for, say, 30 minutes, then reconnected, would that not stop the DOS attack?
No, it's UDP based. The sender is blindly sending out packets and not looking at the return. I've had the "local" end: sending ICMP host unreachables, ICMP port unreachable (the default when there's nothing listening on that port), and finally nothing at all back. Nothing seems to stop it. I've reported the activity to the US hosting company... no response.

nowster

I've now got my parents to switch off their modem for the weekend, only switching it back on if they really need a connection. Hopefully iDNet can do something on Monday.

Steve

It does seem they've little choice.
Steve
------------
This post reflects my own views, opinions and experience, not those of IDNet.

nowster

And support have written back suggesting my parents change their package.  ::)

Simon

Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.

SimonM_IDNet

Hi,

Apologies for the confusing reply from our support team.

I've taken a look at the issue. Since that IP is not on our network theres little we can do to put a stop to the DDOS attack. I have suggested in an email I just sent to you to see if we can change the IP address the line uses as this should stop the attack, although you might have to reconfigure any servers etc you use on that connection after an IP change.

Kind regards
Simon Mulliss
IDNet support

Simon

Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.

nowster

Thanks. Changing IP is acceptable. Changing package is impossible – no ADSL2+.

http://www.samknows.com/broadband/exchange/WNADR

I'm still concerned that they're going to face a financial penalty for something that is outwith their control.

SimonM_IDNet

Hi,

I have changed the IP for you. The package change you can ignore I believe my colleague sent that in error. I have forwarded your concerns about any charges on bandwidth to one of our management to get the right answer on this as it is an unusual situation.

Hope this helps,

Also Thanks Simon. Appears there are quite a few Simons associated with IDNet.

Simon

Some might say too many!  :laugh:
Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.

nowster

Quote from: SimonM_IDN on May 13, 2013, 12:17:13
Also Thanks Simon. Appears there are quite a few Simons associated with IDNet.
It happens. I know Zen had a "Dave Collective". And where I used to work (Zetnet) we had two Pauls and a Saul.

SimonM_IDNet

Hi,

It does seem common, unfortunately for my self every major ISP I worked for all had a batch of Simon`s. I see per your email the issue now appears resolved hopefully the supplier in the US can put a stop to the DDOS attackers attempts.

Thanks
Simon Mulliss
IDNet support