MyDStv outage explained - Dimension Data and Absolute Hosting comment

Jan

Jan

Who's the Boss?
Staff member
Joined
May 24, 2010
Messages
14,778
Reaction score
13,421
Location
The Rabbit Hole
DStv self-service portal taken offline by Dimension Data security response

The MyDStv self-service portal is back online after an almost nine-hour outage on Wednesday evening and Thursday morning after Dimension Data null-routed its Internet Protocol (IP) address.

Based on feedback from Dimension Data, it blackholed the server’s IP address after receiving a complaint about a phishing attack originating from the same network.
 
The ISP's I work with all have instant message channels with the key technical contacts at their upstream suppliers. relying on email notifications for this type of thing is why this happens.

Absolute hosting should maybe look for an alternative to Dimension Data if it does not have direct channels to communicate.
 
Jan said:
DStv self-service portal taken offline by Dimension Data security response

The MyDStv self-service portal is back online after an almost nine-hour outage on Wednesday evening and Thursday morning after Dimension Data null-routed its Internet Protocol (IP) address.

Based on feedback from Dimension Data, it blackholed the server’s IP address after receiving a complaint about a phishing attack originating from the same network.
Click to expand...
So someone does a phishing attack assimilating MyDSTV to harvest credentials and the ISP disables the IP of MyDSTV?

Ja well no fine.

Null routing aka black holing is a technique to mitigate DDOS, not phishing.
 
r00igev@@r said:
So someone does a phishing attack assimilating MyDSTV to harvest credentials and the ISP disables the IP of MyDSTV?

Ja well no fine.

Null routing aka black holing is a technique to mitigate DDOS, not phishing.
Click to expand...

Yeah man, sending innocent packets straight to the gulag isn't very nice.
 
Dimension Data being security conscious? My ass in a sardine tin!
Login into Shodan, search for Dimension Data or Internet Solutions and see the literal thousands and thousands of networking kit with exposed management planes on the Internet.
Amateurs.
 
r00igev@@r said:
So someone does a phishing attack assimilating MyDSTV to harvest credentials and the ISP disables the IP of MyDSTV?

Ja well no fine.

Null routing aka black holing is a technique to mitigate DDOS, not phishing.
Click to expand...
No bud you got that wrong, the initial attack was aimed at an external vendor and they (script kiddies) used another clients IP (script on a self managed server) for the attack. DStv, Absolute Hosting and every other client hosted on that /24 were not part of the attack
 
Tried to trace to problem:
So here is whats hosted:
dstv.png

Its all green meaning no problems. So why the block.
If we move to the bottom url:
bq.png
That is the problem but the IPs are totally different which means that the system doing the security I would assume is in sy moer?
 
Jade @ Absolute Hosting said:
No bud you got that wrong, the initial attack was aimed at an external vendor and they (script kiddies) used another clients IP (script on a self managed server) for the attack. DStv, Absolute Hosting and every other client hosted on that /24 were not part of the attack
Click to expand...
The article seems to give the impression it was the DSTV server as a single IP that was blackholed? So it was a whole /24 and not just the /32 that was nul routed? Talk about collateral damage.

Was it a Siebel or Service Now email that went to the junk folder or a normal email from their domain?
 
r00igev@@r said:
Tried to trace to problem:
So here is whats hosted:
View attachment 1415897

Its all green meaning no problems. So why the block.
If we move to the bottom url:
View attachment 1415899
That is the problem but the IPs are totally different which means that the system doing the security I would assume is in sy moer?
Click to expand...
All Cloudflare so there would always be shared IPs. But the underlying question I have is why Cloudflare protect scammers. Eish?
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X