Can't decide between security and ISP section, might get more exposure here.
I've now seen two separate instances in the last week where Vox customers (specifically Capped Business Fibre) noted an alarming increase in daily traffic (bulk of it was upload).
Clients could not see any traffic passing through their firewall. After turning off the firewall the traffic continued. This finally convinced Vox to investigate. While waiting for feedback I happened to run a scan against the router and found that DNS was open. After Vox locked things down the traffic disappeared.
In both cases onsite router was a Mikrotik. No issue there, just poorly configured.
I imagine this could be affecting uncapped customers as well, but perhaps they won't notice unless the DNS abuse starts affecting the performance of their link.
You can read more about how this works here: https://mikrotiknetworking.wordpress.com/2016/03/18/dns-amplification-attack/
I've now seen two separate instances in the last week where Vox customers (specifically Capped Business Fibre) noted an alarming increase in daily traffic (bulk of it was upload).
Clients could not see any traffic passing through their firewall. After turning off the firewall the traffic continued. This finally convinced Vox to investigate. While waiting for feedback I happened to run a scan against the router and found that DNS was open. After Vox locked things down the traffic disappeared.
In both cases onsite router was a Mikrotik. No issue there, just poorly configured.
I imagine this could be affecting uncapped customers as well, but perhaps they won't notice unless the DNS abuse starts affecting the performance of their link.
You can read more about how this works here: https://mikrotiknetworking.wordpress.com/2016/03/18/dns-amplification-attack/
Last edited:
