A spate of denial of service attacks struck New Zealand ISPs, including Telecom New Zealand Ltd's Xtra, The Internet Group Ltd.'s Ihug, Asia Online Ltd. and KC Computer Services Ltd. over the weekend.
Telecom New Zealand spokesman Glen Sowry says the attacks on Friday night and Saturday on Xtra, Ihug, Asia Online and KC appear to have been aimed at IP (Internet protocol) addresses managed by the ISPs, rather than the ISPs themselves. Ihug director Nick Wood agrees. "Usually, it's someone having a go at someone else who's been on IRC," says Wood. "It's generally not specifically targeted at the ISP, usually a customer."
Wood says his company has noticed a flurry of attacks lately, after a quiet spell, possibly because it takes those who mount such attacks some time to construct them.
"We've been trying to upgrade one of our routers to run software which effectively minimizes your exposure," says Wood. "We've got it running on every router but one and we get that final router done it should minimize our exposure.
"It concentrates the blockage to that one place they're trying to have a go at, rather than overloading the router. At the moment the router gets overloaded and grinds to a halt. With this, there's still a whole lot of data trying to arrive but the router is manageable, which means you can get onto the router and block the traffic that's arriving.
"It's not a permanent fix, but it effectively stops that load arriving on the router so that you can get onto it and find out where stuff is arriving and get onto it re-route or ask your upstream provide to null-route it for you."
Asia Online general manager Kevin Francis says his company has affected by a denial of service attack "predominantly aimed at Xtra and [Telecom Global Gateway's] Netgate. This made Netgate completely congested. We do have an alternative path through our Australasian network, so we switched our customer service through that.
"We also have in place firewalling and anti-spoofing on our border routers which meant that if it was one of our customers that had initiated that attack we could have closed them down. But despite numerous requests, Telecom still won't put any such measures in place. We believe they need to do that, otherwise organizations like ourselves will continue to look elsewhere for alternatives."
The situation was complicated by the failure of two major Telecom routers; the Takapuna-based perimeter router TKBR, which went down for half an hour on Friday, causing a loss of international connectivity for at least one ISP; Global Gateway's AKBR2, which failed for nearly an hour on Sunday because of a "very unusual" episode of CEF corruption, causing loss of international service for ISPs as far afield as Wellington's Paradise.