dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
9
share rss forum feed

TechNut2

join:2010-05-17
canada
reply to Asawulf

Re: [INTERNET] - What to do when you experience a DDoS attack?

Cable customers are well known targets. It's easy to look up the IP block for big cable co and probe for whom has a open relay. In my case, I had a bad firewall rule that was redirecting DNS requests to the wrong internal IP. The device that it was directed too has a known DNS vulnerability that cannot be fixed (it's old and not supported by the manufacturer anymore). So, given that cable networks tend to have big fast connections to home, and the variety of easy targets, makes Cogeco a logical choice. Rogers, as I understand it, when it detects the attacks blocks the traffic. While it does happen on DSL ISP's, it's far likely because the upload and latency tends to be higher. It's not really an effective attack, since you are trying to drown the victim packets. Slow upload is not really great for that.

It's really a question of how do you want to handle customer escalations. Do you block it, then customers complain that you did it to protect them? Or do you leave it open say it is happening but let it go indefinitely. In my case, the use of that old DNS device was on going for over 6 months. At what point does the ISP step in? It went undetected until whomever was doing the attacks increased the number of packets per second. I only happened to notice because VoIP was starting to get laggy. I then reached out to Abuse after checking with Marcer (once he confirmed it was not a node issue) to find that this was something Cogeco knew about for months. My downloads on the whole where just fine, and because on a Business account I'm not concerned about usage, I never check it. If I was paying for usage, and overages because of this, and Cogeco knew but did nothing to stop it, well, I'm not sure I would be impressed, even if the fact was I had a bad device. If the ISP sees a problem, they need to do something about it. They could have at least called, and sent the email....

I can see on Enterprise accounts where Cogeco just provides a circuit and transit, that they would do nothing. But for the SMB space, especially with all the cap crap, and the relative capacity constraints of local nodes, this would be in Cogeco's best interest to resolve quickly, not just send an email and forget it.



urbanriot
Premium
join:2004-10-18
Canada
kudos:3
Reviews:
·Cogeco Cable

said by TechNut2:

But for the SMB space

In the SMB space, the business' should have someone competent configure their DNS server that's responding to DNS requests rather than rely on the company that provides their connection to the internet.

What sort of equipment do you have between the internet and your DNS server?


dillyhammer
START me up
Premium,MVM
join:2010-01-09
Scarborough, ON
kudos:10
Reviews:
·WIND Mobile
·Start Communicat..
reply to TechNut2

said by TechNut2:

But for the SMB space, especially with all the cap crap, and the relative capacity constraints of local nodes, this would be in Cogeco's best interest to resolve quickly, not just send an email and forget it.

Wait. Huh?

Cogeco, a government-sanctioned monopoly, takes action to benefit a customer and reduce net revenue as a result?

Am I reading that right or did I miss something?

Mike
--
Cogeco - The New UBB Devil -»[Burloak] Usage Based Billing Nightmare
Cogeco UBB, No Modem Required - »[Niagara] 40gb of "usage" while the modem is unplugged


urbanriot
Premium
join:2004-10-18
Canada
kudos:3

No, it sounds more more along the case of someone asking an internet service provider to do an IT service provider's job.


TechNut2

join:2010-05-17
canada
reply to urbanriot

said by urbanriot:

said by TechNut2:

But for the SMB space

In the SMB space, the business' should have someone competent configure their DNS server that's responding to DNS requests rather than rely on the company that provides their connection to the internet.

What sort of equipment do you have between the internet and your DNS server?

I'm not sure you know what "SMB" means. In general, most small businesses who are the SMB's who would use a business internet service provided by Cogeco would likely NOT have someone to help set them up. In an ideal world, sure, but most do not.

What I would expect on a SMB connection is if there is a on-going attack on a system, the right thing for the ISP to do is some kind of intervention.

If you must know, I have a old cranky Nortel VPN box that has DNS turned on. It's crashes when changing settings, but, the VPN clients connect just fine. It was deciding to reply as a open DNS relay. Yes, I could go buy something else, but, such is life. It was just a firewall rule pointing to the wrong IP. Otherwise, my other DNS servers do not have that issue, and it stopped once the IP address was changed