Cool Ideas Fibre ISP – Feedback Thread 2

[zolly]

I’m just trying to have a discussion since there hasn’t been any feedback or progress with CI in a very long time.

No progress? You mean that they haven't managed to deal with attacks which have grown in scale/complexity as quick as you or some would like?

 

[semaphore]

No progress? You mean that they haven't managed to deal with attacks which have grown in scale/complexity as quick as you or some would like?

No they haven’t otherwise we would have functional internet.

 

[Looney]

No progress? You mean that they haven't managed to deal with attacks which have grown in scale/complexity as quick as you or some would like?

Hmmm when was the last feedback from CI? How many of you are still having issues?

 

[zolly]

So Supersonic was attacked yesterday too, but managed to resolve it quite quickly?

Do you know the details of this attack? Because if you don't you're comparing apples to oranges. If the scale was the same and from the same source, then by all means, CISP dropped the ball, but otherwise there are many factors that could have played into why some ISPs are able to resolve these issues quickly and others not.

 

[zolly]

Hmmm when was the last feedback from CI? How many of you are still having issues?

I'm fine. Been playing games for the last hour, which was why I wasn't bothered to reply to people still haunting this thread despite having completely functional internet.

Also, I don't expect them to give me hourly updates. In the past their communication has been lacking, but posting semi-frequent updates on the site is all I expect from them. I can do my own checks my side to see if things are completed borked or getting there.

 

[Looney]

I'm fine. Been playing games for the last hour, which was why I wasn't bothered to reply to people still haunting this thread despite having completely functional internet.

Awesome! At least CI was able to fix your internet. I’m actually really glad, I truly am. I just hope for your sake it lasts.

 

[zolly]

Jesus reaching a bit are we ? Of course I was referencing other ISP's.

It doesn't matter what you were referencing.

Please tell us all who will remain on a service that doesn't resolve issues like this and just have to be told over and over to have patience. I would love to know of this secret society.

Here's the thing right. We live in a 3rd world/developing country. The above statement is applicable to so many things. Do you sit on the internet whining about it or do you see if there's a reasonable response and then go about your business?

The point I am trying to make is a lot of people are being bloody unreasonable. I'm not saying stay on the service. If you want to go, then go. What I am saying is that expecting a specific turnaround time without all the information about what's going on is just not kosher. People could be busting their butts trying to fix this problem and many people here have been whining as if they can see inside CI's offices and they're all having a bloody orgy while our internet was screwed.

 

[Markd]

So Supersonic was attacked yesterday too, but managed to resolve it quite quickly?

I don't know about yesterday but they were hit the LAST time CISP went offline for an entire weekend from a smaller attack and they seemed to be able to mitigate better. Like I say - 1 last shot for CISP, and in the mean time I'll keep an eye on feedback for Supersonic, and next time I'm pulling the trigger and switching.

 

[Markd]

So two members who joined in 2010 are now suddenly supersonic supporters?

what exactly are you suspicious about?

 

[fogbound]

DB has been the canary in the coal mine.

 

[Markd]

Do you know the details of this attack? Because if you don't you're comparing apples to oranges. If the scale was the same and from the same source, then by all means, CISP dropped the ball, but otherwise there are many factors that could have played into why some ISPs are able to resolve these issues quickly and others not.

We are getting the opinion that people on other ISP's get to spend more time on the INTERNET than us chumps here on CISP. We don't really need anything else - I dont care about the source, the scale, etc. etc. I care about being able to use the service I'm paying for and if that means going to a better ISP then that's what I'll have to do.

 

[Looney]

We are getting the opinion that people on other ISP's get to spend more time on the INTERNET than us chumps here on CISP. We don't really need anything else - I dont care about the source, the scale, etc. etc. I care about being able to use the service I'm paying for and if that means going to a better ISP then that's what I'll have to do.

My lort! Finally someone that gets it!

 

[r00igev@@r]

People are obviously catching up on some porn time as no-one is posting about problems but only moaning.

 

[Herr der Verboten]

People are obviously catching up on some porn time as no-one is posting about problems but only moaning.

If only they lasted longer

 

[RiaanBurger]

For people on our local WhatsApp group, I wanted to post an easy-to-understand update. Perhaps it helps others too. Please correct it where I may have been wrong and I'll forward update accordingly.

An update on the DDoS (most notably felt by those of us on Vuma / Cool Ideas fibre). The DDoS attack is ongoing. Throughout the attack period Cool Ideas and their selection of upstream providers for international bandwidth and service try to mitigate the attack while the attackers try to alter the attack to counter the mitigations. Think of it as a terror attack and free market counter by mathematicians where the free nature of the internet greatly weighs in favour of the attackers.

The attack is not necessarily on Cool Ideas, though they are very much affected. Other ISPs locally also went down over the weekend and depending on their upstream services, were able to counter by switching or not. To put this in context, this is one of the biggest DDoS attacks of the year, internationally. This attack is at least ten times as big as the previous one from Cool Ideas' perspective and that is just measuring the traffic, it may be just as much more innovative too.

You may recall that on ADSL you were able to switch accounts. Well, on some fibre providers you still can (like OpenServe), but on Vuma you cannot and have to go through a process that takes some time. Even if you could switch, most of those with other options also reported down time on them over the weekend. A backup ADSL service for those whose businesses depend on internet access will help, but will still not be a perfect solution. In this one instance, I haven't seen any problems with Vox, so if you had a backup ADSL with Vox perhaps their upstream providers are significantly different enough for the pair to be fairly good backups to each other.

Someone asked about Cell C and wanted a "plain English" explanation.

I saw reports of Cell C and Vodacom affected. They are huge compared to the fibre ISPs though so should be able to switch upstream providers quite quickly to one that isn't affected while their systems administrators get to work on mitigating the ones that are in the background. From what I can see no internet service were completely unaffected, some remained online, some did not and some like Cool Ideas are highly affected and battle to keep online. They will come out of this with some of the best battle hardened experience of them all.

Plain English is difficult. For example, I keep wondering if I should just use the term DDoS or explain more about what it is.

Someone asked what DDoS is.

What is a DDoS? A DoS attack is a Denial of Service attack. An attacker on the internet sends a lot of traffic to a victim who didn't request the traffic. The victim needs to deal with the traffic somehow. The victim will either block traffic with the originating address of the attacker at his end device (like a PC or TV) or further along the route the traffic takes to reach the victim, like at the victim's ISP.

A DDoS attack is a Distributed Denial of Service attack. The attacker compromises many internet-connected devices (like TVs, webcams, Windows machines and other small devices people forget to keep up to date, like routers). The software the attacker then runs on these devices are called bots (from robot, just signifying that they are programmatically automated; you get good bots too).

A network of these bots is called a bot net and they are controlled by command & control (C&C) servers.

Commonly botsnets are, these days, controlled by APTs (Advanced Persistent Threats, which are long-running entities that are well staffed, commonly funded by governments).

There is a part of the internet known as the Dark Net which mostly just means part of the internet not commonly visible on the regular World Wide Web in your browsers. If you ever want to explore it, use a tool called Tor, but be warned, you can easily do things that is criminal on there, so be careful not to do so. On the Dark Net you can buy and sell all kinds of things like drugs and even murder for hire, but also the services like these DDoS attacks from those who control bot nets. Now keep in mind that they cost serious money at the scale of this DDoS, so you have to consider what motivates someone to buy or run one. In most cases these days they are used to hide more serious direct attacks, like hacking. When you find a vulnerability in software that nobody else knows about that vulnerability is called a Zero-Day (Zero days since the creators or the world have been aware of it and can fix it). These are very valuable and also traded on the Dark Net. You can probably get $2 mil for a full Android phone compromising vulnerability (though Google now offers more money in a bounty program if you let them know first).

APTs collect Zero-Day vulnerabilities and when they have a target they need to execute an attack on, they use their C&C servers to control a bot bet; They may use DDoSes to hide the attack. Bet you never thought you'd understand a sentence like that! ;-)

Early DDoS attacks were easier to stop or party stop (mitigate) but they have dramatically increased in size and complexity. I fight significant ones off on our infrastructure maybe three times a year now when, a couple of years ago, they were just the stuff of stories told by very large companies. To fight one you have to identify the nature of the traffic coming at you and filter the bad from the good traffic. In the original DoS description above, you just filter out the traffic from the attacker. But with DDoS the attacking devices can be just common people. The attack may also be the kind of traffic one can't easily filter, like amplification attacks just querying online status or DNS (Domain name service, the service which translates www.google.com to an IP address for your traffic to route to). If you are a service provider like us which just serves websites mostly, you can easily drop all kinds of traffic with a good filter, but if you are an ISP you serve just about every kind of traffic and filtering becomes very difficult.

We have all sorts of methods to fight these things with and on my level for example, very frequently-updated lists of domains and IPs from which bad traffic originates that are reported by people like me and other systems administrators help a lot and only occasionally need some innovative help from me. The really big companies like Google and Microsoft often also score a hit in the fight by identifying and disabling whole C&C and or bot net networks. It is an ongoing war and quite interesting to keep reading about - it reads like a suspense novel really, but real people die and suffer, so it can be sobering. We may miss Netflix or PornHub, but if your critical medial service is lost, you may die; communication from emergency services lost, nobody may reach you, your information leaked, your privacy permanently lost, you may lose money or have your identity stolen; our country put in disrepute, we may face a ratings downgrade resulting in more loss of investment and great many people disenfranchised and perhaps driven to extremism or crime. You really can't easily tell what motivates people and have to speculate which starts sounding alarmist and like one indulges in conspiracy theories, but it may be in the interest of say a Russian or Chinese APT (places where business is state captured) to find through an attack hidden by a DDoS about our country's planned power generation in nuclear deals (or arms deals, or just a plain commercial deal or forms of state capture).

Inevitably that last bit indulges in pure fiction, but I tried to explain motivation for DDoS.

 

[ghostRgg]

Well somebody mentioned gaming but like. Overwatch is impossible with this 23% loss and latency, same as all my EU games. So guess maybe local will be fine.

 

[Splinter]

I don't know about yesterday but they were hit the LAST time CISP went offline for an entire weekend from a smaller attack and they seemed to be able to mitigate better. Like I say - 1 last shot for CISP, and in the mean time I'll keep an eye on feedback for Supersonic, and next time I'm pulling the trigger and switching.

what exactly are you suspicious about?

A now 2009 member also looking at supersonic.

Why only them?

 

[Splinter]

You're on Web Squad?

So you're just here to troll!

So it seems.

 

[fogbound]

Well somebody mentioned gaming but like. Overwatch is impossible with this 23% loss and latency, same as all my EU games. So guess maybe local will be fine.

Can still see packet losses Ave ping 175

 

[Splinter]

Lol I swear I'm really not trying to intentionally.

You fibber