DDoS assault on RSAWEB

J

Jamie McKane

MyBroadband Journalist
Joined
Mar 2, 2016
Messages
7,000
Reaction score
1,007
DDoS assault on RSAWEB

RSAWEB has joined the ranks of South African Internet service providers that have been targeted with sustained distributed denial of service (DDoS) attacks.

The attacks on RSAWEB's network started on 21 October and have not let up. These impacted network performance and caused degraded connectivity for RSAWEB's enterprise, consumer, and mobile subscribers.
 
Just trying to understand the issue with MikroTik routers...
The problem was identified in 2013.
The WAN/Public port services DNS requests.
The MicroTik default firewall has changed to require explicit enable of public access.

How sure are we that in 2019 this is MicroTik issue and not other routers?
 
Jamie McKane said:
DDoS assault on RSAWEB

RSAWEB has joined the ranks of South African Internet service providers that have been targeted with sustained distributed denial of service (DDoS) attacks.

The attacks on RSAWEB's network started on 21 October and have not let up. These impacted network performance and caused degraded connectivity for RSAWEB's enterprise, consumer, and mobile subscribers.
Click to expand...
Massive Assault Drama Points :unsure::whistling:
 
system32 said:
Just trying to understand the issue with MikroTik routers...
The problem was identified in 2013.
The WAN/Public port services DNS requests.
The MicroTik default firewall has changed to require explicit enable of public access.

How sure are we that in 2019 this is MicroTik issue and not other routers?
Click to expand...
Need a scape goat - the traffic from local peers is leakage.
 
system32 said:
Just trying to understand the issue with MikroTik routers...
The problem was identified in 2013.
The WAN/Public port services DNS requests.
The MicroTik default firewall has changed to require explicit enable of public access.

How sure are we that in 2019 this is MicroTik issue and not other routers?
Click to expand...
Many people don't have the default. But you are right there are many others with the same problem. You can download a list of a few million in a couple of secs.
 
r00igev@@r said:
Many people don't have the default. But you are right there are many others with the same problem. You can download a list of a few million in a couple of secs.
Click to expand...

dont you think its the ISP responsibility to mitigate their clients/users with open recursive DNS? im sure this can be firewalled. it is needless for ISP to allow users to have their own open DNS

is there any way to force users with open DNS to fix their system, or have no internet.
 
Good. Will teach them to drop their absurd Fair use policy on Openserve Fibre.
 
midkemia said:
dont you think its the ISP responsibility to mitigate their clients/users with open recursive DNS? im sure this can be firewalled. it is needless for ISP to allow users to have their own open DNS

is there any way to force users with open DNS to fix their system, or have no internet.
Click to expand...
I agree but then they need to implement scanners which have an associated cost. I would go as far as to say that routers on defaults (incl. passwords) need to be walled gardened only to be released when they are secure.
 
system32 said:
Another reason to use OpenWrt
Click to expand...
yep, i have my mikrotik unplugged and have a free archer router RSAweb sent that crashed when stressed, after I flashed with OpenWRT, it usually stays up for over 45 days at a time depending on Eskom etc.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter