Slow ADSL? It could be a DNS Amplification attack

Viva

Expert Member
Joined
Jul 18, 2009
Messages
4,427
How do I know if I have been infected, apart from slow ADSL? Is there a way to check my computer and router are not infected?
 

Tjoker

Expert Member
Joined
Sep 22, 2009
Messages
1,358
This make a LOT of sense on what im experiencing on MWeb lately
 

Method

Executive Member
Joined
Aug 11, 2008
Messages
9,541
This make a LOT of sense on what im experiencing on MWeb lately
Yup, I thought it is exchange issues because it affected my WebAfrica and Afrihost accounts, but when I reboot the router is works again for a while.
 

rambo919

Executive Member
Joined
Jul 30, 2008
Messages
7,528
So MWEB might potentially be innocent and it's network hijacked as well? That would make a lot of people very very embarrassed for their raging on the forums....

But then again this article might be part of the conspiracy :wtf:
 

stricken

Expert Member
Joined
Sep 5, 2010
Messages
2,264
And there we thought them torrents where squeaky clean pirates with nere a hint of malware on their breaths.
 

Twista

Senior Member
Joined
May 14, 2007
Messages
560
Now I am fighting with Afrihost...Mine started on 15th May as well.

Telkom technician was getting excellent speeds and as soon as he left the speeds went south. I hope this is the problem and Afrihost can find a solution.

If not ...
 

ambo

Expert Member
Joined
Jun 9, 2005
Messages
2,681
How do I know if I have been infected, apart from slow ADSL? Is there a way to check my computer and router are not infected?
Its not really an infection and it won't be on your computer unless you have a port forward or a public IP on your PC.

The Open Resolver Project provides details on problem IPs that they have detected however this only really works if you have a static IP. If you have a dynamic IP then you will change IPs faster then they can typically detect the problem.
 

ambo

Expert Member
Joined
Jun 9, 2005
Messages
2,681
If very slow than use google DNS 8.8.8.8 & 8.8.4.4

This solved problem for me
No, no and no again.

Using Google DNS is a bad idea for South Africans - as been discussed a number of times before. Additionally - changing your DNS provider does no resolve this issue. This DNS amplification attack is due to firmware bugs on routers or misconfiguration of servers.
 

CrazYmonkeY159

Expert Member
Joined
Sep 13, 2007
Messages
2,142
No, no and no again.

Using Google DNS is a bad idea for South Africans - as been discussed a number of times before. Additionally - changing your DNS provider does no resolve this issue. This DNS amplification attack is due to firmware bugs on routers or misconfiguration of servers.
link me for enlightenment ? :)
 

Tinuva

The Magician
Joined
Feb 10, 2005
Messages
8,973
link me for enlightenment ? :)
No he is right, using an international DNS server means a lot of content that could be served from local servers, faster than from international servers, are now served from international servers.

Akamai send you to servers based on the DNS server you are using. For example, if you browse to facebook, all pictures load from local servers, unless you use google dns servers, then those same pictures will be loaded from London for example. You can imagine how this can changes the speed of facebook loading drastically.

The next is, some websites make use of many urls to load pictures just for a single page, now your pc needs to request all these urls from a DNS server, latency to google dns is lets say 200ms, but a local ISP dns server will be 10ms. If your browser needs to do 20 queries, it will take 200ms from a local server (less than a second) and can make a page loading look instant, vs if you use google dns, it takes 4000ms (ie 4 seconds). That is just to get the ips not even loading the page yet.

It really makes a difference as to how snappy browsing feels.

Either way, your loss not mine :)

ps. 200Mbit/sec DNS traffic for sub 400 users IS A LOT of DNS traffic, that is insane!!
 

stroebs

Expert Member
Joined
Jan 15, 2009
Messages
2,106
I've been a victim of DNS amplification attack before. Noticed extremely slow speeds, luckily I have a Mikrotik and could trace thousands of DNS requests coming in from a single IP in Saudi Arabia. Simply unticked "Allow remote requests" in the DNS section of my Mikrotik and speeds went back to normal almost instantly.
 
Top