Cool Ideas Fibre ISP – Feedback Thread 2

Status
Not open for further replies.

Hunted

Senior Member
Joined
Aug 6, 2003
Messages
993
Found this map Saturday, but the info they display is delayed by a few days...


If I read it correctly it only shows top 1% of attacks and it definitely appears that ZA is being targeted as well.

You can even use the playhead feature below to see how previous attacks played out.

Interesting to see.
 

semaphore

Honorary Master
Joined
Nov 13, 2007
Messages
15,199
You have a right to be mad, and if you are not happy with the service you are free to leave and go somewhere else. I am not defending CISP blindly, I have only been a customer for a few weeks now but I am happy with the service I got from them. Sure, the outages are annoying but that is part of life. ADSL wasn't 100% reliable either.

I do take offence to people posting crap in a feedback thread that borders on personal attacks. Like the rage post a bit earlier that was way out of line. And saying stuff like CISP "has a sheer lack of forward thinking". Despite all the feedback they have given about the situation, all the mitigation they have put in place and the multiple MyBB articles about it. They are trying, they are not a multi billion dollar ISP, they have limits but they are trying. For that alone I will still support them.

I'll stand by my statement, they don't. They've had attack, after attack, after attack and each time days of downtime. At what point do we say enough is enough and you're just taking the piss? Trust me if it was a simple matter of me leaving I would have months ago.
 

duanesf

Active Member
Joined
Oct 21, 2016
Messages
45
Can we get an official statement on the status of CISP now? After writing off this weekend I would like to know if I can finally game tonight.

With regard to the negative feedback, repetitive raging is unconstructive and annoying, but this thread is here for both good and bad feedback. The bad feedback is what got me to leave Crystal Web before it went all the way pear shaped. So please don’t try to suppress voices just because they differ with you; they might be of use to others. For example, I found John Tempus’ posts very interesting being not very technical myself.
 

Hunted

Senior Member
Joined
Aug 6, 2003
Messages
993
Can we get an official statement on the status of CISP now? After writing off this weekend I would like to know if I can finally game tonight.

With regard to the negative feedback, repetitive raging is unconstructive and annoying, but this thread is here for both good and bad feedback. The bad feedback is what got me to leave Crystal Web before it went all the way pear shaped. So please don’t try to suppress voices just because they differ with you; they might be of use to others. For example, I found John Tempus’ posts very interesting being not very technical myself.
I was able to play PUBG last night. Was round 19:00 - 20:00 ish I think
 

CrypticZA

Expert Member
Joined
Sep 21, 2019
Messages
3,045
Can we get an official statement on the status of CISP now? After writing off this weekend I would like to know if I can finally game tonight.

With regard to the negative feedback, repetitive raging is unconstructive and annoying, but this thread is here for both good and bad feedback. The bad feedback is what got me to leave Crystal Web before it went all the way pear shaped. So please don’t try to suppress voices just because they differ with you; they might be of use to others. For example, I found John Tempus’ posts very interesting being not very technical myself.
DDoS is mostly mitigated by the way, will report on it in the next day or so.

Report will come, they probably had to send it to go make it look fancy and to put it in plain english so your average user can understand
 

Mike Hoxbig

Honorary Master
Joined
Apr 25, 2010
Messages
43,328
Can we get an official statement on the status of CISP now? After writing off this weekend I would like to know if I can finally game tonight.

With regard to the negative feedback, repetitive raging is unconstructive and annoying, but this thread is here for both good and bad feedback. The bad feedback is what got me to leave Crystal Web before it went all the way pear shaped. So please don’t try to suppress voices just because they differ with you; they might be of use to others. For example, I found John Tempus’ posts very interesting being not very technical myself.
True, but there's a way to be constructive both ways.

Where's the value in crap like this?
These dumb motherfcukers are so ****en fumb they should rather be working for eskom or Telkom.... 36 ****en hours and still no resolution:.. I say fuxk this shirt, I’ve not been this ****ed off in ages...

the only way I’ll stay with cool ideas is if they employ someone that I can shout and swear at. I feel sorry for this poor sap coz he/ she just has to take it. Give me a proper channel to vent! I wanna **** **** **** **** shithead **** knob dick arsehole until my internet works so badly.

this is so ridiculous
 

2023

Honorary Master
Joined
Jan 22, 2012
Messages
10,673
Some of us use internet for business and its our income that is affected. Happy to pay more to protect my income.
Thanks for the tips.

:unsure::thumbsup::thumbsup::thumbsup:

LTE is a cheaper option than 2x fibre lines.

There are also many business packages. They cost like 10x more, but you get some re-assurance on uptime.
 

jannier

Expert Member
Joined
Jul 31, 2005
Messages
2,075
Problem with that it doesn't have a WPS button that I'm aware of, and also not that familiar with that Router OS, but i suppose that's why we have these forums and "google is your friend"
Yeah, was a crash course for me to get it setup, but I got help from Roelf, he winbox'd in and made sure all my firewall protections was good. By default it comes factory set pretty secure lately. I only disable the DNS remote something something on it. Not at the router now to find the wording.
And I check weekly for any update to the software and firmware.
 

dotdan

Expert Member
Joined
Jul 17, 2008
Messages
1,696
I for one would like to know what mitigation protocols CISP have in place. I spoke to my VOX account manager this morning and he explained exactly how VOX mitigates DDOS attacks and what systems they have in place in EU.

Now, I don't know if VOX suffered any major issues over the weekend?

I can just imagine that these services cost an arm and a leg and it doesn't sit in every ISP's budget to obtain the "best in the business" protocols.

I want to see this crap dealt with as I believe CISP doesn't deserve this. They are a good ISP with shyte luck at the moment.
 

jannier

Expert Member
Joined
Jul 31, 2005
Messages
2,075
Can we get an official statement on the status of CISP now? After writing off this weekend I would like to know if I can finally game tonight.

With regard to the negative feedback, repetitive raging is unconstructive and annoying, but this thread is here for both good and bad feedback. The bad feedback is what got me to leave Crystal Web before it went all the way pear shaped. So please don’t try to suppress voices just because they differ with you; they might be of use to others. For example, I found John Tempus’ posts very interesting being not very technical myself.

Paul said last night, that they will release a full incident report in the next few days.
 

image132

Expert Member
Joined
Apr 3, 2010
Messages
1,401
I for one would like to know what mitigation protocols CISP have in place. I spoke to my VOX account manager this morning and he explained exactly how VOX mitigates DDOS attacks and what systems they have in place in EU.

Now, I don't know if VOX suffered any major issues over the weekend?

I can just imagine that these services cost an arm and a leg and it doesn't sit in every ISP's budget to obtain the "best in the business" protocols.

I want to see this crap dealt with as I believe CISP doesn't deserve this. They are a good ISP with shyte luck at the moment.

I'm starting to think that's maybe a bad idea. Clearly whoever is doing this reads the forum, openly discussing CISP's defensive strategies here might be counter productive.

Unless you mean privately, then have at it.
 

jannier

Expert Member
Joined
Jul 31, 2005
Messages
2,075
Mostly mitigated?

And why was there so much packet loss locally as well if this only affected international bandwidth?

At 1 point there was issues at NAPAfrica Terraco between CPT and JHB.

EDIT, the ddos ended after 1am this morning.
 

dotdan

Expert Member
Joined
Jul 17, 2008
Messages
1,696
I'm starting to think that's maybe a bad idea. Clearly whoever is doing this reads the forum, openly discussing CISP's defensive strategies here might be counter productive.

Unless you mean privately, then have at it.


I thought about that after I posted it. Yes, in hindsight probably not the best idea. I am just wondering to myself if CISP has the best protocols in place or not. Is it a financial issue perhaps? You know, where can we help?
 

WickedP3NGU1N

Well-Known Member
Joined
Sep 28, 2006
Messages
374
So a bunch of people are pissed, lambasting CISP and want to jump ship, while a bunch of us are defending CISP not out of blind faith but because we seem to be far more understanding of the situation or seem to understand it more. Sure. They have had attack after attack after attack. We are all miffed that we had a bad weekend of interwebs not working very well. They very likely have DDoS mitigation at the various POPs and with the various transit providers but they are not just plug and play. They require configuration and they also require reconfiguration if and when the attackers change attack vectors, mainly because there is no magic one-for-all elastoplast style mitigation hardware (even though there is DDoS hardware, but it needs configuration) or technique that will work and the point is to ensure that the DDoS is larger than the traffic the provider can handle, likely with ulterior motives as well. All the people that are pissed are pissed because they had no internet and little communications but this weekend showed that the moment CISP posted that it was getting better, a few minutes later it got worse again meaning they were being watched. It is literally the same reason the police would keep details for investigations at a minimum, so as not to hint as to what they are doing on their end. The last thing you want to do is tip off attackers regardless of their type. Here is a nice list of the differing types of DDoS's that could have been used and the attackers could have literally switched types when one stopped working. Which ones do you think they decided to use and switch between?

  1. Application Level Attacks
  2. Zero Day (0day) DDoS
  3. Ping Flood
  4. IP Null Attack
  5. SNMP Flood
  6. NTP Flood
  7. SSDP Flood
  8. Other Amplified DDoS Attacks (SNMPv2/NetBIOS/QOTD etc.)
  9. Fragmented HTTP Flood
  10. HTTP Flood
  11. Single Session HTTP Flood
  12. Single Request HTTP Flood
  13. Recursive HTTP GET Flood
  14. Random Recursive GET Flood
  15. Multi-Vector Attacks
  16. SYN Flood
  17. SYN-ACK Flood
  18. ACK & PUSH ACK Flood
  19. ACK Fragmentation Flood
  20. RST/FIN Flood
  21. Synonymous IP Attack
  22. Spoofed Session Flood
  23. Multiple SYN-ACK Spoofed Session Flood
  24. Multiple ACK Spoofed Session Flood
  25. Session Attack
  26. Misused Application Attack
  27. UDP Flood
  28. UDP Fragmentation Flood
  29. DNS Flood
  30. VoIP Flood
  31. Media Data Flood
  32. Direct UDP Flood
  33. ICMP Flood
  34. ICMP Fragmentation Flood
  35. Ping-Of-Death/Nuke/SMURF etc.
So while the DDoS and lack of actual workable info pisses a lot of us off, myself included, I actually understand why they don't want to give much info. It is frustrating beyond all measure to sit in the dark and only know they are working on it, but its also good to know that they are working on it and that what they are going through is not as easy as some people somehow assume it is...
 

Bl1zz4rd

Senior Member
Joined
Jul 2, 2010
Messages
650
I for one would like to know what mitigation protocols CISP have in place. I spoke to my VOX account manager this morning and he explained exactly how VOX mitigates DDOS attacks and what systems they have in place in EU.

Now, I don't know if VOX suffered any major issues over the weekend?

I can just imagine that these services cost an arm and a leg and it doesn't sit in every ISP's budget to obtain the "best in the business" protocols.

I want to see this crap dealt with as I believe CISP doesn't deserve this. They are a good ISP with shyte luck at the moment.

I was asking in another thread if Vox had any issues, but didn't get a conclusive answer. Some people on this site were saying that Vox had some international traffic problems at some point, and others were saying it was fine the whole time. Vox customers I know had no perceivable problems over the course of the weekend. I know Vox is big, so, presumably has more cash for such things. I would also like to know if they were actually impacted at all by these DDoS attacks.
 

StoneCold

Expert Member
Joined
Jul 18, 2006
Messages
4,007
I was asking in another thread if Vox had any issues, but didn't get a conclusive answer. Some people on this site were saying that Vox had some international traffic problems at some point, and others were saying it was fine the whole time. Vox customers I know had no perceivable problems over the course of the weekend. I know Vox is big, so, presumably has more cash for such things. I would also like to know if they were actually impacted at all by these DDoS attacks.

Well, being an Openserve FTTH user, I switched over to my Vox Fatpipe account when the DDoS'ing started. And I didn't have a single issue over the weekend. I didn't really test to see if there was any packet loss etc, but I did play games locally (CSGO gave me a solid 5ms latency) and internationally with no noticeable hiccups or lag. Streaming was also unaffected and I could Netflix, DSTV Now etc.
 

image132

Expert Member
Joined
Apr 3, 2010
Messages
1,401
I was asking in another thread if Vox had any issues, but didn't get a conclusive answer. Some people on this site were saying that Vox had some international traffic problems at some point, and others were saying it was fine the whole time. Vox customers I know had no perceivable problems over the course of the weekend. I know Vox is big, so, presumably has more cash for such things. I would also like to know if they were actually impacted at all by these DDoS attacks.

I have a friend who's on vox with ttconnect. He didn't even know anything was happening. I don't think vox has been impacted at all by any ddos attacks this year. I've mentioned it a few times already I found that odd but considering they are one of the oldest ISP's in SA and considering their extensive corporate IT background maybe they do have some of the best ddos mitigation available?

Perhaps this isn't the right thread to be discussing another ISP though. Seems a bit rude.
 

fogbound

Active Member
Joined
Sep 19, 2017
Messages
55
It seems to me that there is lots of confusion here around just exactly what happened.
I think it is pretty simple.

A bad actor or group of actors with very advanced networking skills decided to initiate a ransom for network access attack against CISP.
To maximise effect and cause the most griping, it was conducted during gaming hours.​
To prevent early detection blocks of CI IP ranges were hit and then amplified from inside.​
Be mindful that this was a criminal event, for those of you who believe there is a defence against an ambush, you are wrong.​
Cyber-terrorism is not new or exclusively targetted at CI.

The real question is, was it mitigated or did the attacker/s just stop?
 
Status
Not open for further replies.
Top