MyDStv outage explained - Dimension Data and Absolute Hosting comment

Jan

Who's the Boss?
Staff member
Joined
May 24, 2010
Messages
10,412
DStv self-service portal taken offline by Dimension Data security response

The MyDStv self-service portal is back online after an almost nine-hour outage on Wednesday evening and Thursday morning after Dimension Data null-routed its Internet Protocol (IP) address.

Based on feedback from Dimension Data, it blackholed the server’s IP address after receiving a complaint about a phishing attack originating from the same network.
 

Sapphiron

Expert Member
Joined
Jan 29, 2004
Messages
3,810
The ISP's I work with all have instant message channels with the key technical contacts at their upstream suppliers. relying on email notifications for this type of thing is why this happens.

Absolute hosting should maybe look for an alternative to Dimension Data if it does not have direct channels to communicate.
 

Willie Trombone

Honorary Master
Joined
Jul 18, 2008
Messages
60,038
DStv self-service portal taken offline by Dimension Data security response

The MyDStv self-service portal is back online after an almost nine-hour outage on Wednesday evening and Thursday morning after Dimension Data null-routed its Internet Protocol (IP) address.

Based on feedback from Dimension Data, it blackholed the server’s IP address after receiving a complaint about a phishing attack originating from the same network.
So instead of contacting the tech team of the client you black hole it?
 

now05ster

Expert Member
Joined
Dec 8, 2011
Messages
3,587

r00igev@@r

Honorary Master
Joined
Dec 14, 2009
Messages
12,114
DStv self-service portal taken offline by Dimension Data security response

The MyDStv self-service portal is back online after an almost nine-hour outage on Wednesday evening and Thursday morning after Dimension Data null-routed its Internet Protocol (IP) address.

Based on feedback from Dimension Data, it blackholed the server’s IP address after receiving a complaint about a phishing attack originating from the same network.
So someone does a phishing attack assimilating MyDSTV to harvest credentials and the ISP disables the IP of MyDSTV?

Ja well no fine.

Null routing aka black holing is a technique to mitigate DDOS, not phishing.
 

Rickster

EVGA Fanatic
Joined
Jul 31, 2012
Messages
20,434
So someone does a phishing attack assimilating MyDSTV to harvest credentials and the ISP disables the IP of MyDSTV?

Ja well no fine.

Null routing aka black holing is a technique to mitigate DDOS, not phishing.

Yeah man, sending innocent packets straight to the gulag isn't very nice.
 

r00igev@@r

Honorary Master
Joined
Dec 14, 2009
Messages
12,114
Dimension Data being security conscious? My ass in a sardine tin!
Login into Shodan, search for Dimension Data or Internet Solutions and see the literal thousands and thousands of networking kit with exposed management planes on the Internet.
Amateurs.
 

Jade @ Absolute Hosting

Absolute Hosting Representative
Company Rep
Joined
Nov 17, 2015
Messages
1,555
So someone does a phishing attack assimilating MyDSTV to harvest credentials and the ISP disables the IP of MyDSTV?

Ja well no fine.

Null routing aka black holing is a technique to mitigate DDOS, not phishing.
No bud you got that wrong, the initial attack was aimed at an external vendor and they (script kiddies) used another clients IP (script on a self managed server) for the attack. DStv, Absolute Hosting and every other client hosted on that /24 were not part of the attack
 

r00igev@@r

Honorary Master
Joined
Dec 14, 2009
Messages
12,114
Tried to trace to problem:
So here is whats hosted:
dstv.png

Its all green meaning no problems. So why the block.
If we move to the bottom url:
bq.png
That is the problem but the IPs are totally different which means that the system doing the security I would assume is in sy moer?
 

r00igev@@r

Honorary Master
Joined
Dec 14, 2009
Messages
12,114
No bud you got that wrong, the initial attack was aimed at an external vendor and they (script kiddies) used another clients IP (script on a self managed server) for the attack. DStv, Absolute Hosting and every other client hosted on that /24 were not part of the attack
The article seems to give the impression it was the DSTV server as a single IP that was blackholed? So it was a whole /24 and not just the /32 that was nul routed? Talk about collateral damage.

Was it a Siebel or Service Now email that went to the junk folder or a normal email from their domain?
 
Top