Cool Ideas Fibre ISP – Feedback Thread 2

[Hunted]

Found this map Saturday, but the info they display is delayed by a few days...

Digital Attack Map

A live data visualization of DDoS attacks around the globe

www.digitalattackmap.com

If I read it correctly it only shows top 1% of attacks and it definitely appears that ZA is being targeted as well.

You can even use the playhead feature below to see how previous attacks played out.

Interesting to see.

 

[semaphore]

You have a right to be mad, and if you are not happy with the service you are free to leave and go somewhere else. I am not defending CISP blindly, I have only been a customer for a few weeks now but I am happy with the service I got from them. Sure, the outages are annoying but that is part of life. ADSL wasn't 100% reliable either.

I do take offence to people posting crap in a feedback thread that borders on personal attacks. Like the rage post a bit earlier that was way out of line. And saying stuff like CISP "has a sheer lack of forward thinking". Despite all the feedback they have given about the situation, all the mitigation they have put in place and the multiple MyBB articles about it. They are trying, they are not a multi billion dollar ISP, they have limits but they are trying. For that alone I will still support them.

I'll stand by my statement, they don't. They've had attack, after attack, after attack and each time days of downtime. At what point do we say enough is enough and you're just taking the piss? Trust me if it was a simple matter of me leaving I would have months ago.

 

[duanesf]

Can we get an official statement on the status of CISP now? After writing off this weekend I would like to know if I can finally game tonight.

With regard to the negative feedback, repetitive raging is unconstructive and annoying, but this thread is here for both good and bad feedback. The bad feedback is what got me to leave Crystal Web before it went all the way pear shaped. So please don’t try to suppress voices just because they differ with you; they might be of use to others. For example, I found John Tempus’ posts very interesting being not very technical myself.

 

[Hunted]

Can we get an official statement on the status of CISP now? After writing off this weekend I would like to know if I can finally game tonight.

With regard to the negative feedback, repetitive raging is unconstructive and annoying, but this thread is here for both good and bad feedback. The bad feedback is what got me to leave Crystal Web before it went all the way pear shaped. So please don’t try to suppress voices just because they differ with you; they might be of use to others. For example, I found John Tempus’ posts very interesting being not very technical myself.

I was able to play PUBG last night. Was round 19:00 - 20:00 ish I think

 

[CrypticZA]

Can we get an official statement on the status of CISP now? After writing off this weekend I would like to know if I can finally game tonight.

With regard to the negative feedback, repetitive raging is unconstructive and annoying, but this thread is here for both good and bad feedback. The bad feedback is what got me to leave Crystal Web before it went all the way pear shaped. So please don’t try to suppress voices just because they differ with you; they might be of use to others. For example, I found John Tempus’ posts very interesting being not very technical myself.

DDoS is mostly mitigated by the way, will report on it in the next day or so.

Report will come, they probably had to send it to go make it look fancy and to put it in plain english so your average user can understand

 

[Mike Hoxbig]

Can we get an official statement on the status of CISP now? After writing off this weekend I would like to know if I can finally game tonight.

With regard to the negative feedback, repetitive raging is unconstructive and annoying, but this thread is here for both good and bad feedback. The bad feedback is what got me to leave Crystal Web before it went all the way pear shaped. So please don’t try to suppress voices just because they differ with you; they might be of use to others. For example, I found John Tempus’ posts very interesting being not very technical myself.

True, but there's a way to be constructive both ways.

Where's the value in crap like this?

These dumb motherfcukers are so ****en fumb they should rather be working for eskom or Telkom.... 36 ****en hours and still no resolution:.. I say fuxk this shirt, I’ve not been this ****ed off in ages...

the only way I’ll stay with cool ideas is if they employ someone that I can shout and swear at. I feel sorry for this poor sap coz he/ she just has to take it. Give me a proper channel to vent! I wanna **** **** **** **** shithead **** knob dick arsehole until my internet works so badly.

this is so ridiculous

 

[2023]

Some of us use internet for business and its our income that is affected. Happy to pay more to protect my income.
Thanks for the tips.

LTE is a cheaper option than 2x fibre lines.

There are also many business packages. They cost like 10x more, but you get some re-assurance on uptime.

 

[jannier]

Problem with that it doesn't have a WPS button that I'm aware of, and also not that familiar with that Router OS, but i suppose that's why we have these forums and "google is your friend"

Yeah, was a crash course for me to get it setup, but I got help from Roelf, he winbox'd in and made sure all my firewall protections was good. By default it comes factory set pretty secure lately. I only disable the DNS remote something something on it. Not at the router now to find the wording.
And I check weekly for any update to the software and firmware.

 

[Herr der Verboten]

Where's the value in crap like this?

To be rated M for Manchild? / Be on the lookout for a Weskoppies escapee?

 

[dotdan]

I for one would like to know what mitigation protocols CISP have in place. I spoke to my VOX account manager this morning and he explained exactly how VOX mitigates DDOS attacks and what systems they have in place in EU.

Now, I don't know if VOX suffered any major issues over the weekend?

I can just imagine that these services cost an arm and a leg and it doesn't sit in every ISP's budget to obtain the "best in the business" protocols.

I want to see this crap dealt with as I believe CISP doesn't deserve this. They are a good ISP with shyte luck at the moment.

 

[jannier]

Can we get an official statement on the status of CISP now? After writing off this weekend I would like to know if I can finally game tonight.

With regard to the negative feedback, repetitive raging is unconstructive and annoying, but this thread is here for both good and bad feedback. The bad feedback is what got me to leave Crystal Web before it went all the way pear shaped. So please don’t try to suppress voices just because they differ with you; they might be of use to others. For example, I found John Tempus’ posts very interesting being not very technical myself.

Paul said last night, that they will release a full incident report in the next few days.

 

[chukaman]

DDoS is mostly mitigated by the way, will report on it in the next day or so.

Mostly mitigated?

And why was there so much packet loss locally as well if this only affected international bandwidth?

 

[image132]

I for one would like to know what mitigation protocols CISP have in place. I spoke to my VOX account manager this morning and he explained exactly how VOX mitigates DDOS attacks and what systems they have in place in EU.

Now, I don't know if VOX suffered any major issues over the weekend?

I can just imagine that these services cost an arm and a leg and it doesn't sit in every ISP's budget to obtain the "best in the business" protocols.

I want to see this crap dealt with as I believe CISP doesn't deserve this. They are a good ISP with shyte luck at the moment.

I'm starting to think that's maybe a bad idea. Clearly whoever is doing this reads the forum, openly discussing CISP's defensive strategies here might be counter productive.

Unless you mean privately, then have at it.

 

[jannier]

Mostly mitigated?

And why was there so much packet loss locally as well if this only affected international bandwidth?

At 1 point there was issues at NAPAfrica Terraco between CPT and JHB.

EDIT, the ddos ended after 1am this morning.

 

[dotdan]

I'm starting to think that's maybe a bad idea. Clearly whoever is doing this reads the forum, openly discussing CISP's defensive strategies here might be counter productive.

Unless you mean privately, then have at it.

I thought about that after I posted it. Yes, in hindsight probably not the best idea. I am just wondering to myself if CISP has the best protocols in place or not. Is it a financial issue perhaps? You know, where can we help?

 

[WickedP3NGU1N]

So a bunch of people are pissed, lambasting CISP and want to jump ship, while a bunch of us are defending CISP not out of blind faith but because we seem to be far more understanding of the situation or seem to understand it more. Sure. They have had attack after attack after attack. We are all miffed that we had a bad weekend of interwebs not working very well. They very likely have DDoS mitigation at the various POPs and with the various transit providers but they are not just plug and play. They require configuration and they also require reconfiguration if and when the attackers change attack vectors, mainly because there is no magic one-for-all elastoplast style mitigation hardware (even though there is DDoS hardware, but it needs configuration) or technique that will work and the point is to ensure that the DDoS is larger than the traffic the provider can handle, likely with ulterior motives as well. All the people that are pissed are pissed because they had no internet and little communications but this weekend showed that the moment CISP posted that it was getting better, a few minutes later it got worse again meaning they were being watched. It is literally the same reason the police would keep details for investigations at a minimum, so as not to hint as to what they are doing on their end. The last thing you want to do is tip off attackers regardless of their type. Here is a nice list of the differing types of DDoS's that could have been used and the attackers could have literally switched types when one stopped working. Which ones do you think they decided to use and switch between?

1. Application Level Attacks
2. Zero Day (0day) DDoS
3. Ping Flood
4. IP Null Attack
5. SNMP Flood
6. NTP Flood
7. SSDP Flood
8. Other Amplified DDoS Attacks (SNMPv2/NetBIOS/QOTD etc.)
9. Fragmented HTTP Flood
10. HTTP Flood
11. Single Session HTTP Flood
12. Single Request HTTP Flood
13. Recursive HTTP GET Flood
14. Random Recursive GET Flood
15. Multi-Vector Attacks
16. SYN Flood
17. SYN-ACK Flood
18. ACK & PUSH ACK Flood
19. ACK Fragmentation Flood
20. RST/FIN Flood
21. Synonymous IP Attack
22. Spoofed Session Flood
23. Multiple SYN-ACK Spoofed Session Flood
24. Multiple ACK Spoofed Session Flood
25. Session Attack
26. Misused Application Attack
27. UDP Flood
28. UDP Fragmentation Flood
29. DNS Flood
30. VoIP Flood
31. Media Data Flood
32. Direct UDP Flood
33. ICMP Flood
34. ICMP Fragmentation Flood
35. Ping-Of-Death/Nuke/SMURF etc.

So while the DDoS and lack of actual workable info pisses a lot of us off, myself included, I actually understand why they don't want to give much info. It is frustrating beyond all measure to sit in the dark and only know they are working on it, but its also good to know that they are working on it and that what they are going through is not as easy as some people somehow assume it is...

 

[Bl1zz4rd]

I for one would like to know what mitigation protocols CISP have in place. I spoke to my VOX account manager this morning and he explained exactly how VOX mitigates DDOS attacks and what systems they have in place in EU.

Now, I don't know if VOX suffered any major issues over the weekend?

I can just imagine that these services cost an arm and a leg and it doesn't sit in every ISP's budget to obtain the "best in the business" protocols.

I want to see this crap dealt with as I believe CISP doesn't deserve this. They are a good ISP with shyte luck at the moment.

I was asking in another thread if Vox had any issues, but didn't get a conclusive answer. Some people on this site were saying that Vox had some international traffic problems at some point, and others were saying it was fine the whole time. Vox customers I know had no perceivable problems over the course of the weekend. I know Vox is big, so, presumably has more cash for such things. I would also like to know if they were actually impacted at all by these DDoS attacks.

 

[StoneCold]

I was asking in another thread if Vox had any issues, but didn't get a conclusive answer. Some people on this site were saying that Vox had some international traffic problems at some point, and others were saying it was fine the whole time. Vox customers I know had no perceivable problems over the course of the weekend. I know Vox is big, so, presumably has more cash for such things. I would also like to know if they were actually impacted at all by these DDoS attacks.

Well, being an Openserve FTTH user, I switched over to my Vox Fatpipe account when the DDoS'ing started. And I didn't have a single issue over the weekend. I didn't really test to see if there was any packet loss etc, but I did play games locally (CSGO gave me a solid 5ms latency) and internationally with no noticeable hiccups or lag. Streaming was also unaffected and I could Netflix, DSTV Now etc.

 

[image132]

I was asking in another thread if Vox had any issues, but didn't get a conclusive answer. Some people on this site were saying that Vox had some international traffic problems at some point, and others were saying it was fine the whole time. Vox customers I know had no perceivable problems over the course of the weekend. I know Vox is big, so, presumably has more cash for such things. I would also like to know if they were actually impacted at all by these DDoS attacks.

I have a friend who's on vox with ttconnect. He didn't even know anything was happening. I don't think vox has been impacted at all by any ddos attacks this year. I've mentioned it a few times already I found that odd but considering they are one of the oldest ISP's in SA and considering their extensive corporate IT background maybe they do have some of the best ddos mitigation available?

Perhaps this isn't the right thread to be discussing another ISP though. Seems a bit rude.

 

[fogbound]

It seems to me that there is lots of confusion here around just exactly what happened.
I think it is pretty simple.

A bad actor or group of actors with very advanced networking skills decided to initiate a ransom for network access attack against CISP.

To maximise effect and cause the most griping, it was conducted during gaming hours.​

To prevent early detection blocks of CI IP ranges were hit and then amplified from inside.​

​

Be mindful that this was a criminal event, for those of you who believe there is a defence against an ambush, you are wrong.​

Cyber-terrorism is not new or exclusively targetted at CI.

The real question is, was it mitigated or did the attacker/s just stop?