Increasing consistent small packet loss

Gary · Feb 18, 2014, 19:32:56

Quote from: joe on Feb 18, 2014, 17:58:40

No, not what I was hoping for today. We'll have to wait until tomorrow to see if things are better.

You line seems to have constant packet loss spikes though, no one else so far seems to. I'm wondering if there is a local/hardware issue going on as well with your connection. Have you tried a different router to see of the constant red goes away, of is your exchange congested by any chance?

Technical Ben · Feb 18, 2014, 19:39:46

It's every half hour on the dot. So I doubt it's normal congestion. I wonder what would cause that? Perhaps a device on the network and/or local interference of a timed device/equipment? Perhaps a noisy electrical device, or someone uploading backups every half hour?

Steve · Feb 18, 2014, 19:41:08

Router busy doing something else possibly!

Gary · Feb 19, 2014, 08:24:15

I noticed on AAISP they have been geting SYN Flood attacks on ZyXELs routers, they say it is effecting other ISP's. "The issue is related to specific routers, and is affecting many ISPs. In our case it is almost entirely zyxel routers that are affected. It appears to be some sort of widespread and ongoing syn flood attack that is causing routers to crash and resulting in loss of sync" Their last attack was the 7th February.

joe · Feb 19, 2014, 08:32:05

Mines a Fritz!Box 7390

Gary · Feb 19, 2014, 08:46:11

Quote from: joe on Feb 19, 2014, 08:32:05
Mines a Fritz!Box 7390

Yeah I dom't think we need to all list our routers

but with the link Technical Ben had had about certain Linskys routers and AAISP's saying for them its ZyXELs I was just wondering if this could be part of that pattern which AAISP say is effecting other ISP's.

SimonM_IDNet · Feb 19, 2014, 09:12:12

Hi Gary,

I do believe the Zyxel issue was down to a vulnerability in certain router firmware/models and with remote management. The issue was usually solved by disabling that feature or locking it to one specific IP address (or by changing router of course).

Gary · Feb 19, 2014, 09:35:04

Quote from: SimonM_IDNet on Feb 19, 2014, 09:12:12
Hi Gary,

I do believe the Zyxel issue was down to a vulnerability in certain router firmware/models and with remote management. The issue was usually solved by disabling that feature or locking it to one specific IP address (or by changing router of course).

Cheers Simon, same as the Linksys one. But since AAISP were getting SYN floods on the 7Th February stil, so could IDNet be getting them? As in yesterdays attack? Just wondered

Simon_idnet · Feb 19, 2014, 10:01:06

Quote from: Simon_idnet on Feb 18, 2014, 16:48:53
Unfortunately the attck stopped before we were able to gather sufficaient data to identify the target. But we have identified the source vector so that if the attack recurs then we will have all the data needed to put a block on it.

All of the source traffic for the DDoS attack yesterday afternoon originated from AS4134, which is China Telecom. No surprise there! Just goes to show that there are a lot of easily compromisable machines in China - hence that's where the DDoS traffic all comes from. However, the attacker controlling this stuff could be anywhere else in the world.

Gary · Feb 19, 2014, 10:54:27

Quote from: Simon_idnet on Feb 19, 2014, 10:01:06
All of the source traffic for the DDoS attack yesterday afternoon originated from AS4134, which is China Telecom. No surprise there! Just goes to show that there are a lot of easily compromisable machines in China - hence that's where the DDoS traffic all comes from. However, the attacker controlling this stuff could be anywhere else in the world.

Thanks for the info, Simon.

Gary · Feb 19, 2014, 11:31:21

Things are fine speed wise at the moment which is good.

sobranie · Feb 19, 2014, 13:29:47

Good here too!

Technical Ben · Feb 19, 2014, 13:56:54

Quote from: Simon_idnet on Feb 19, 2014, 10:01:06
All of the source traffic for the DDoS attack yesterday afternoon originated from AS4134, which is China Telecom. No surprise there! Just goes to show that there are a lot of easily compromisable machines in China - hence that's where the DDoS traffic all comes from. However, the attacker controlling this stuff could be anywhere else in the world.

Not just compromised. But setting up an attack with purchased hardware is theoretically cheaper too. So it's a target for criminals. A great example was when an entire Nintendo factory was setup. Except it was run by the mafia to both make cloned hardware at a profit, and launder money. You'd just not be able to cover such expenses in most over countries, let alone keep the illusion up long enough before you got caught.

Bill · Feb 19, 2014, 14:57:43

So far so good:

Something odd about the upload, but there's reports on tbb about other people seeing that too so likely it's either tbb or BT.

BQMs are a bit cleaner too, tho' still a trace of the red stuff.

Lance · Feb 19, 2014, 16:15:15

Trace of red on 3 of the 4 BQMs I can see too. Looks like the issue still isn't fully resolved.

sobranie · Feb 19, 2014, 16:19:28

More red stuff appearing.
Speeds back to cr*p.
Silly me, everyone's watching the curling on BBC Olympics.

Gary · Feb 19, 2014, 16:37:01

Speeds are ok here

Download speed achieved during the test was - 67.4 Mbps
For your connection, the acceptable range of speed is 55.6 Mbps-69.5 Mbps .
Additional Information:
IP Profile for your line is - 69.5 Mbps

sobranie · Feb 19, 2014, 16:45:40

Speeds all over the place from minute to minute. I did get up to the 60's and now it's :

Gary · Feb 19, 2014, 16:45:53

Nope now they are cr@p It felt like we were so close, speeds are up and down all over the place. I thought this week was the problem solved, and it really felt like it was today. This is very disheartening.

sobranie · Feb 19, 2014, 16:56:47

joe · Feb 19, 2014, 16:58:05

As have mine. Speeds in the afternoon awful as usual - not a blind bit of difference.

Quality:-

Speeds (62Mbps this morning as usual):-

Firefox:-

Chrome:-

and BT (attached)

Bill · Feb 19, 2014, 17:46:51

My speeds are fine:

The BTw tester isn't feeling co-operative atm

Gary · Feb 19, 2014, 18:06:12

Quote from: Bill on Feb 19, 2014, 17:46:51
My speeds are fine:

They always tend to be getting on for 6pm again, bill. I have noticed since the DNS upgrade pages are loading very fast. Guess the more powerful equipment has done its job well there. Speed loss for me wasn't as bad today but its still not fixed.

Gary · Feb 19, 2014, 18:17:56

Quote from: joe on Feb 19, 2014, 16:58:05
As have mine. Speeds in the afternoon awful as usual - not a blind bit of difference.

Quality:-

Speeds (62Mbps this morning as usual):-

What happened at 4pm did you reboot your router?

joe · Feb 19, 2014, 18:32:39

No Gary I did not. I am using the Fritz as base station to Fritz DECT phones which is one of its features, I will try detaching the phones to see if they are having any effect. I will then have to revert to the OR modem and linksys router I used previously to see if that is any different.

Doesn't alter the fact that everything was OK with my setup until recently. I an only suffering as others are and have in the past and since left iDNet.