Sigh! Some system in the USA is trying to password scan the SIP server on my parents' iDNet connection, sending about 200kbps of UDP traffic continuously. I've removed the SIP server software but the incoming traffic continues. At this rate they're going to go over quota in about 5 days.
Speak to support, they may be able block to the traffic type to the connection.
Quote from: Glenn on May 10, 2013, 15:54:36
Speak to support, they may be able block to the traffic type to the connection.
An email to support has gone unanswered... Currently gobbling bandwidth allowance at about 2GB a day.
Can't they disconnect the router?
Quote from: Simon on May 11, 2013, 12:43:36
Can't they disconnect the router?
Well, they could, but that then doesn't allow them to access the Internet...
But if they disconnected for, say, 30 minutes, then reconnected, would that not stop the DOS attack?
Quote from: Simon on May 11, 2013, 13:24:10
But if they disconnected for, say, 30 minutes, then reconnected, would that not stop the DOS attack?
No, it's UDP based. The sender is blindly sending out packets and not looking at the return. I've had the "local" end: sending ICMP host unreachables, ICMP port unreachable (the default when there's nothing listening on that port), and finally nothing at all back. Nothing seems to stop it. I've reported the activity to the US hosting company... no response.
I've now got my parents to switch off their modem for the weekend, only switching it back on if they really need a connection. Hopefully iDNet can do something on Monday.
It does seem they've little choice.
And support have written back suggesting my parents change their package. ::)
:stars:
Hi,
Apologies for the confusing reply from our support team.
I've taken a look at the issue. Since that IP is not on our network theres little we can do to put a stop to the DDOS attack. I have suggested in an email I just sent to you to see if we can change the IP address the line uses as this should stop the attack, although you might have to reconfigure any servers etc you use on that connection after an IP change.
Kind regards
Simon Mulliss
IDNet support
:welc: Simon!
Thanks. Changing IP is acceptable. Changing package is impossible – no ADSL2+.
http://www.samknows.com/broadband/exchange/WNADR
I'm still concerned that they're going to face a financial penalty for something that is outwith their control.
Hi,
I have changed the IP for you. The package change you can ignore I believe my colleague sent that in error. I have forwarded your concerns about any charges on bandwidth to one of our management to get the right answer on this as it is an unusual situation.
Hope this helps,
Also Thanks Simon. Appears there are quite a few Simons associated with IDNet.
Some might say too many! :laugh:
Quote from: SimonM_IDN on May 13, 2013, 12:17:13
Also Thanks Simon. Appears there are quite a few Simons associated with IDNet.
It happens. I know Zen had a "Dave Collective". And where I used to work (Zetnet) we had two Pauls and a Saul.
Hi,
It does seem common, unfortunately for my self every major ISP I worked for all had a batch of Simon`s. I see per your email the issue now appears resolved hopefully the supplier in the US can put a stop to the DDOS attackers attempts.
Thanks
Simon Mulliss
IDNet support