Takealot seemed to be having major issues today - and that was from my work. Maybe even news24. Any reason why?
-
Join the MyBroadband community
South Africa’s biggest forum. Discuss, discover, and connect with thousands of members.
-
Question of the Day: If you were buying a TV today, which brand would you choose?
Crystal Web ADSL performance feedback thread Part 3...
- Thread starter Crystal Web Support
- Start date
- Status
Takealot seemed to be having major issues today - and that was from my work. Maybe even news24. Any reason why?
As a total ignoramus, how does a DDOS hit a home router? I thought it was trojans or malware taking over many PC's to "bomb" a specific site?
Seems there's a lot of DDOS activity taking place. I cannot speak for those sites nor explain why they were having issues but there's certainly a concerted effort at the moment from certain groups hitting SA businesses and end users. There's very little one can do short of capturing the packets on your end using something like wireshark and setting your router to drop all connections to and from the source of the attacks. There's no specific guide I can provide as each router will operate differently, but you'll do this in the security or firewall section of your device once you know the source. From what I can pick up it's coming from multiple locations and IPs though...
They just hit your IP on vulnerable ports and mask the traffic to appear legit, and bypass ordinary DDOS mitigation ISPs employ. If they know how your mitigation works, which is not too difficult to understand as there are industry standards and products for this, then they can hit your router by simply going through random or targeted IPs and bypass the mitigation systems employed so the traffic reaches you and your modem accepts it...
Last edited:
I will pretend I understand this....
I have "Kaspesrky Total Security"; which I update every day I come online. Would this help?
No, it won't I'm afraid. It's not an attack on your PC but instead on your connection established by your modem-router. So the attack sits "before" your antivirus. You need a dedicated firewall or a properly configured firewall to sort this sort of thing out on your end. It is, unfortunately, becoming a more frequent issue and SA end users are being targeted...
Hi DJ,
Just curious: What makes you say that SA end users are being targeted? Have you received reports similar to Splinter? Is there a particular trend in reasons why SA users are being targeted? Why would hackers go through all the effort for (possibly) no gain?
Not being rude, just curious. Thanks
Yes, we have, and have seen it across the board and have been monitoring it for some time...Hi DJ,
Just curious: What makes you say that SA end users are being targeted? Have you received reports similar to Splinter? Not being rude, just curious. Thanks
Orihalcon
Expert Member
Thanks DJ...
Router is a TP-Link WDR4300 latest firmware.
I checked its session data logs with my PCs BitMeter OSII logs and wifi connection logs. Nothing out of the ordinary
Last edited:
Thanks DJ...
Router is a TP-Link WDR4300 latest firmware.
I checked its session data logs with my PCs BitMeter OSII logs and wifi connection logs. Nothing out of the ordinary
It won't pick that sort of traffic up necessarily. We're in the process of building an app to do this for our clients but it's not ready just yet to release...
Orihalcon
Expert Member
If the data was used from a wifi connection to it, it would log it. As it does with data used by my phone, tablet and HTPC which is on wireless.
A foreign connection would be no different.
I'm quite stumped as I went through all my router logs and no foreign MAC connected.
I would really like to know what and how started downloading at 0700. Ai.
It's not used by a wireless connection. It simply floods the modem-router itself. I can confirm that you were DDOS'd on port 80 but there's no way for us to know what the source was as we simply don't log that sort of data, and it would be illegal for us to do so.
The DDOS attacks are still on-going and the only real solution is to employ a firewall before the modem and to block the source itself, or to drop/block the source on the modem's built-in firewalls. It's not possible for us to know which servers customers connect to that are legitimate and which aren't, nor can we make that distinction on your behalf. We do employ DDOS mitigation for the network itself, but for end user connections trying to get between you and a specific service based on what may or may not be legitimate traffic is a tricky one. These attacks flood in from various servers across various hosts from various countries and they change all of the time. The only way to identify is to use heuristics and to try to make an automated call based on legitimacy on your behalf. Easier said than done, and the legalities are a fine-line too.
What I will do is try to post a few IPs known to be targeting maliciously which you can block on your end, but only after confirmation on our side...
Orihalcon
Expert Member
Oooooooo
Okay! Apologies. I was still operating under the assumption that someone accessed my wifi. That I was DDOS'd clears things up considerably!
Much thanks. Then guess that is my fault as I used a dyndns server for remote access and it was likely this service's IP that was hit I think.
Thank you DJ...!
althex
Well-Known Member
It doesn't use ZA's CDN? Interesting & good question.
Yes, and more TBA in that respect. Right now if you're using Unotelly to source from US or UK content it will deliver from a direct interconnect in London for now. But let's face it, the streaming is already superb even from the London source...
Nope. Not just dynDNS users, that's for sure...
OMB
Mountain Man
what's with the log a ticket and we'll get right back to you, where's live support?
Hectic
Executive Member
Bit late, but congratulations on the engagement, Shuan
- Status