MyDStv outage explained - Dimension Data and Absolute Hosting comment

[Jan]

DStv self-service portal taken offline by Dimension Data security response

The MyDStv self-service portal is back online after an almost nine-hour outage on Wednesday evening and Thursday morning after Dimension Data null-routed its Internet Protocol (IP) address.

Based on feedback from Dimension Data, it blackholed the server’s IP address after receiving a complaint about a phishing attack originating from the same network.

 

[leonb]

Still down for me

 

[Nithan15]

Still down for me

Viagra?

 

[Grieta Thanburg]

There was a DSTV outage?

 

[OhYeah84]

It was streaming on my side.

 

[SilverCode]

However, it wasn’t clear why Dimension Data blocked Absolute Hosting’s entire range of IP addresses

Having previously dealt with Dimension Data for many years, my guess is incompetence.

 

[Sapphiron]

The ISP's I work with all have instant message channels with the key technical contacts at their upstream suppliers. relying on email notifications for this type of thing is why this happens.

Absolute hosting should maybe look for an alternative to Dimension Data if it does not have direct channels to communicate.

 

[Jade @ Absolute Hosting]

We have signed up with ADC and should be able to start moving in after the 17th November.

 

[Willie Trombone]

DStv self-service portal taken offline by Dimension Data security response

The MyDStv self-service portal is back online after an almost nine-hour outage on Wednesday evening and Thursday morning after Dimension Data null-routed its Internet Protocol (IP) address.

Based on feedback from Dimension Data, it blackholed the server’s IP address after receiving a complaint about a phishing attack originating from the same network.

So instead of contacting the tech team of the client you black hole it?

 

[Willie Trombone]

Having previously dealt with Dimension Data for many years, my guess is incompetence.

Absolutely. Just ask Rory Pearton.

Apology to Dimension Data and NTT Ltd.

As is well known in the IT industry, iSAT has been in litigation against Dimension Data and NTT Ltd...

showme.co.za

 

[now05ster]

Absolutely. Just ask Rory Pearton.

Apology to Dimension Data and NTT Ltd.

As is well known in the IT industry, iSAT has been in litigation against Dimension Data and NTT Ltd...

showme.co.za

Court gags CEO in R21-billion dispute

iSAT South Africa CEO Rory Pearton has been interdicted from threatening, harassing, defaming, and abusing Dimension Data and its staff.

mybroadband.co.za

 

[Willie Trombone]

Court gags CEO in R21-billion dispute

iSAT South Africa CEO Rory Pearton has been interdicted from threatening, harassing, defaming, and abusing Dimension Data and its staff.

mybroadband.co.za

It's a ridiculous story. I suspect DiData got away with it because this is tech and so many people just don't understand it.

 

[now05ster]

It's a ridiculous story. I suspect DiData got away with it because this is tech and so many people just don't understand it.

I don't have money to fight an armada of lawyers. Best I keep quiet.

 

[r00igev@@r]

DStv self-service portal taken offline by Dimension Data security response

The MyDStv self-service portal is back online after an almost nine-hour outage on Wednesday evening and Thursday morning after Dimension Data null-routed its Internet Protocol (IP) address.

Based on feedback from Dimension Data, it blackholed the server’s IP address after receiving a complaint about a phishing attack originating from the same network.

So someone does a phishing attack assimilating MyDSTV to harvest credentials and the ISP disables the IP of MyDSTV?

Ja well no fine.

Null routing aka black holing is a technique to mitigate DDOS, not phishing.

 

[Rickster]

So someone does a phishing attack assimilating MyDSTV to harvest credentials and the ISP disables the IP of MyDSTV?

Ja well no fine.

Null routing aka black holing is a technique to mitigate DDOS, not phishing.

Yeah man, sending innocent packets straight to the gulag isn't very nice.

 

[r00igev@@r]

Dimension Data being security conscious? My ass in a sardine tin!
Login into Shodan, search for Dimension Data or Internet Solutions and see the literal thousands and thousands of networking kit with exposed management planes on the Internet.
Amateurs.

 

[r00igev@@r]

Yeah man, sending innocent packets straight to the gulag isn't very nice.

The recommended technique is a level 1 filter on the edge router using ACLs not black holing.

 

[Jade @ Absolute Hosting]

So someone does a phishing attack assimilating MyDSTV to harvest credentials and the ISP disables the IP of MyDSTV?

Ja well no fine.

Null routing aka black holing is a technique to mitigate DDOS, not phishing.

No bud you got that wrong, the initial attack was aimed at an external vendor and they (script kiddies) used another clients IP (script on a self managed server) for the attack. DStv, Absolute Hosting and every other client hosted on that /24 were not part of the attack

 

[r00igev@@r]

Tried to trace to problem:
So here is whats hosted:


Its all green meaning no problems. So why the block.
If we move to the bottom url:

That is the problem but the IPs are totally different which means that the system doing the security I would assume is in sy moer?

 

[r00igev@@r]

No bud you got that wrong, the initial attack was aimed at an external vendor and they (script kiddies) used another clients IP (script on a self managed server) for the attack. DStv, Absolute Hosting and every other client hosted on that /24 were not part of the attack

The article seems to give the impression it was the DSTV server as a single IP that was blackholed? So it was a whole /24 and not just the /32 that was nul routed? Talk about collateral damage.

Was it a Siebel or Service Now email that went to the junk folder or a normal email from their domain?