Official Crystal Web ADSL performance feedback thread Part 2...

Are you satisfied with your Crystal Web account?

  • Total voters
    126
Status
Not open for further replies.
Crystal Web said:
For the record, we have not accused any organisation or any institution of anything.
Click to expand...

Actually you did just a page ago saying that you think a DNS privder has had a breach.

Yup, that's my suspicion. I think they have been compromised, which is a real pity. And a very serious issue if confirmed. It also pushes the data through our IPC connections, so we're looking at ways to actively try to block this for you guys as well now.
Click to expand...
 
semaphore said:
Actually you did just a page ago saying that you think a DNS privder has had a breach.
Click to expand...

During the course of my initial looking into this, it was a suspicion. As pointed out. And did state that it needed to be confirmed. Confirmation comes in the form of official communication directly to customers.

In our official communication on the subject, we were very clear about this though. You should have received a copy today. I don't believe that it was ambiguous in any way.
 
DJ... said:
Nothing was directed towards us as an ISP. Who ever stated that was the case? Users in SA were targeted, and we identified a common denominator. In fact in our network notice email to our customers we specifically stated that this was was probably not a targeted attack. However we choose to play open cards, and it seems this level of transparency irks some and you prefer to challenge us. So be it.

I'm starting to understand the less than transparent attitude other ISPs choose to adopt here.

In future please direct these queries to our support desk or info email, thanks.

Bio, you know where my PM box is. It's been a long 3 days, and I won't be getting involved in justifying this for the next few hours or days again now in some sort of public spat. Not even sure what the issue is here. If there is one, you're welcome to PM me or email me.
Click to expand...

Jeez, easy there. I was just curious. :erm:
 
Not ambiguous at all. Thanks for the email comms clarifying things!
 
Crystal Web said:
During the course of my initial looking into this, it was a suspicion. As pointed out. And did state that it needed to be confirmed. Confirmation comes in the form of official communication directly to customers.

In our official communication on the subject, we were very clear about this though. You should have received a copy today. I don't believe that it was ambiguous in any way.
Click to expand...

So you have factual evidence that the provider has been breached? They have told you this? Or is this just another suspicion?
 
semaphore said:
So you have factual evidence that the provider has been breached? They have told you this? Or is this just another suspicion?
Click to expand...

There seems to be some confusion here. In our official notice, is there anything that you are concerned about with regards to us accusing anyone?
 
Crystal Web said:
There seems to be some confusion here. In our official notice, is there anything that you are concerned about with regards to us accusing anyone?
Click to expand...

In your notice you're claiming DNS users are affected, I'm asking if you have had any feedback from these providers confirming a breach, thus leaking IP's. Its a pretty simple question.
 
semaphore said:
In your notice you're claiming DNS users are affected, I'm asking if you have had any feedback from these providers confirming a breach, thus leaking IP's. Its a pretty simple question.
Click to expand...

We did not claim that they were breached. Allow me to quote the notice sent to customers directly:

There is no evidence that personal information has leaked in any way from these services at this time, and this may be an entirely random attack based on IP pools.
Click to expand...

Allow me to further quote from the email:

This is a proactive alert only, based on information at hand. At no point should this notice be construed as evidence that any particular provider's service has been compromised in any way.
Click to expand...

I get the impression that this has nothing to do with this situation whatsoever as the email notice is quite clear about all of these points.
 
Crystal Web said:
We did not claim that they were breached. Allow me to quote the notice sent to customers directly:



Allow me to further quote from the email:



I get the impression that this has nothing to do with this situation whatsoever as the email notice is quite clear about all of these points.
Click to expand...

Allow me to quote your first line:

Network status: DDOS attack on DNS proxy subscribers resulting in DSL line flooding.
Click to expand...

I reiterate, where is your evidence coming to this conclusion?
 
semaphore said:
Allow me to quote your first line:



I reiterate, where is your evidence coming to this conclusion?
Click to expand...

Internal, and I did post about it a few posts up. Please follow our legal and commercial request for access to this information should you feel you need it. That was the quoted "short" part, and we delved into detail in the rest of the notice, and did not accuse any particular providers whatsoever, and did make it clear that it may also be based on IP-pools.

If your own investigations show something different, we'd be happy to take this information on-board. Please do submit it through our formal channels if you feel it would be of benefit.
 
popcorn.gif
 
I really don't know what the hoo-ha is about, people are reading way too much into this.

People that use dynamic DNS saw some ddos type attacks reported by their routers, and the ISP saw some high inbound traffic.
A notice was sent out.

https://www.dynstatus.com/
Even DynDNS said that they they had a DDoS today, and a maintenance window. No one said that anyone was hacked, just that it might have been. And not all users, just some of them.

Again, some people probably feel lonely on the long weekend and need to make a scene when the ISP is actually being very helpful.
 
Dns is by nature public. To get a list of subscribers' ip addresses you just do a bunch of lookups, either iterating through character combinations or a dictionary attack. Doesn't mean any customer info was breached.
 
whatwhat said:
I really don't know what the hoo-ha is about, people are reading way too much into this.

People that use dynamic DNS saw some ddos type attacks reported by their routers, and the ISP saw some high inbound traffic.
A notice was sent out.

https://www.dynstatus.com/
Even DynDNS said that they they had a DDoS today, and a maintenance window. No one said that anyone was hacked, just that it might have been. And not all users, just some of them.

Again, some people probably feel lonely on the long weekend and need to make a scene when the ISP is actually being very helpful.
Click to expand...
So much this.

Some folks are just Muppets.

Geez. Crystal Web please ignore the tard and keep being as transparent as you have been. The majority of your customer base appreciates it FAR more than the nitpicking simpletons wanting to stir.
 
Sinbad said:
Dns is by nature public. To get a list of subscribers' ip addresses you just do a bunch of lookups, either iterating through character combinations or a dictionary attack. Doesn't mean any customer info was breached.
Click to expand...

in this vain a public IP address is by its nature not anonymous or geared towards incognito usage. The privacy aspect is accomplished through the record holder of personal identifying information producing anonymity
 
Sinbad said:
Dns is by nature public. To get a list of subscribers' ip addresses you just do a bunch of lookups, either iterating through character combinations or a dictionary attack. Doesn't mean any customer info was breached.
Click to expand...

Correct. We were concerned at first as it got through the filters for a few customers, hence my keeping people updated in the thread.

A proper forensic investigation was launched with the backbone provider's assistance, and the cause was identified. Manual intervention took place to try to mitigate further; and a detailed email notice was sent by us to all customers in an effort to ensure that every effort was made on our part to help customers protect their network, and in the process, prevent us from having to manually intervene if we spotted it each time. The network notice was updated. We were clear that there is no evidence of personal information being breached in our communication with customers, and that it was a proactive preventative notice only, and that we do not have any evidence to suggest that customers should be concerned about their information. We also detailed the process to follow, how to know if you have or may be affected, and provided all necessary details to help mitigate on the end user's side.

I'm not sure we will change the above process in future either. I have however asked by PM what more we should provide.

We even went so far as to post a copy of the notice of one of the attacks being blocked, as requested. We do not share core network architecture on our side, nor our backbone providers' side. We do not post internal investigations on a public forum. And we do not post sensitive and identifiable information relating to the network or particular subscribers who were affected on a public forum. Nor are we under any obligation to do so as seems to be the request here. None of this will change.
 
god this country. lol. local linux distros. yes. but no local firmware for any phone. sad.
 
Status
Not open for further replies.
Back
Top
Sign up to the MyBroadband newsletter
X