New Zealand's largest ISP spent the weekend fighting off a DDOS attack
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!Tweet Share on Twitter.
September 8, 2014
Spark, New Zealand's largest ISP, has spent the whole weekend fighting off a DDoS attack incorrectly assumed to have a connection with last week's nude celebrity picture scandal.
The internet service provider had major issues Friday, when it Tweeted that some of its subscribers had become infected with malware that was flooding its DNS servers and making it hard to access the internet.
The malware was most likely deposited by sites purporting to offer the chance to gaze upon popular entertainers wearing no clothes.
The sites offered something along those lines, plus malware downloads. But Spark has hosed down that hypothesis, writing on Facebook that it isn't ruling out malware, but has found that cyber criminals have been accessing vulnerable customer modems on its network.
“These modems have been identified as having 'open DNS resolver' functionality, which means they can be used to carry out internet requests for anyone on the internet,” the ISP explains. “This makes it easier for cyber criminals to ‘bounce’ an internet request off them, making it appear that the NZ modem was making the request, whereas it actually originates from an overseas source.”
“Most of the culprit modems were not supplied by Spark and tend to be older or lower-end modems,” the company added.
Spark added that the attack originated in Eastern Europe and looked like this-- “The DDoS attack was dynamic, predominantly taking the shape of an amplified DNS attack which means an extremely high number of connection requests – in the order of thousands per second - were being sent to a number of overseas web addresses with the intention of overwhelming and crashing them. Each of these requests, as it passes through our network, queries our DNS server before it passes on – so our servers were bearing the full brunt of the attack.”
“While the Spark network didn't crash per se, we did experience extremely high traffic loads hitting our DNS servers which meant many customers had either slow or at times no connectivity, as their requests were timing out. There were multiple attacks, which were dynamic in nature. They began on Friday night, subsided, and then began again early Saturday, continuing over the day. By early Sunday morning, traffic levels were back to normal and have remained so since. We did see the nature of the attack evolve over the period, possibly due to the cyber criminals monitoring our response and modifying their attack to circumvent our mitigation measures – in a classic ‘whack a mole’ scenario,” the company said.
During the attack, Spark suggested that its customers point their browsers at Google's DNS servers, a handy workaround even if does mean a little more latency.
And the celebrity nudes angle? It's unverified. And likely a way to get you clicking on spam messages, or worse, downloading more malware to your computer or phone.
Source: Spark Internet NZ.
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!