DDoS assault on RSAWEB

Jamie McKane

MyBroadband Journalist
Joined
Mar 2, 2016
Messages
7,000
DDoS assault on RSAWEB

RSAWEB has joined the ranks of South African Internet service providers that have been targeted with sustained distributed denial of service (DDoS) attacks.

The attacks on RSAWEB's network started on 21 October and have not let up. These impacted network performance and caused degraded connectivity for RSAWEB's enterprise, consumer, and mobile subscribers.
 
Just trying to understand the issue with MikroTik routers...
The problem was identified in 2013.
The WAN/Public port services DNS requests.
The MicroTik default firewall has changed to require explicit enable of public access.

How sure are we that in 2019 this is MicroTik issue and not other routers?
 
DDoS assault on RSAWEB

RSAWEB has joined the ranks of South African Internet service providers that have been targeted with sustained distributed denial of service (DDoS) attacks.

The attacks on RSAWEB's network started on 21 October and have not let up. These impacted network performance and caused degraded connectivity for RSAWEB's enterprise, consumer, and mobile subscribers.
Massive Assault Drama Points :unsure::whistling:
 
Just trying to understand the issue with MikroTik routers...
The problem was identified in 2013.
The WAN/Public port services DNS requests.
The MicroTik default firewall has changed to require explicit enable of public access.

How sure are we that in 2019 this is MicroTik issue and not other routers?
Need a scape goat - the traffic from local peers is leakage.
 
Just trying to understand the issue with MikroTik routers...
The problem was identified in 2013.
The WAN/Public port services DNS requests.
The MicroTik default firewall has changed to require explicit enable of public access.

How sure are we that in 2019 this is MicroTik issue and not other routers?
Many people don't have the default. But you are right there are many others with the same problem. You can download a list of a few million in a couple of secs.
 
Many people don't have the default. But you are right there are many others with the same problem. You can download a list of a few million in a couple of secs.

dont you think its the ISP responsibility to mitigate their clients/users with open recursive DNS? im sure this can be firewalled. it is needless for ISP to allow users to have their own open DNS

is there any way to force users with open DNS to fix their system, or have no internet.
 
Good. Will teach them to drop their absurd Fair use policy on Openserve Fibre.
 
dont you think its the ISP responsibility to mitigate their clients/users with open recursive DNS? im sure this can be firewalled. it is needless for ISP to allow users to have their own open DNS

is there any way to force users with open DNS to fix their system, or have no internet.
I agree but then they need to implement scanners which have an associated cost. I would go as far as to say that routers on defaults (incl. passwords) need to be walled gardened only to be released when they are secure.
 
Another reason to use OpenWrt
yep, i have my mikrotik unplugged and have a free archer router RSAweb sent that crashed when stressed, after I flashed with OpenWRT, it usually stays up for over 45 days at a time depending on Eskom etc.
 
Back
Top