Feeds

back to article ZyXEL router attack: HUNDREDS of Brit biz bods knocked offline

Hackers have launched an internet attack which has hobbled the internet connections of at least 100 British businesses. An unknown group or individual thought to be based in the People's Republic used a SYN flood attack to attack the 600 and 660 models of router from Taiwanese firm ZyXEL. Sources at ZyXEL and the ISP MDNX …

COMMENTS

This topic is closed for new posts.
Silver badge
Holmes

"We don't know why the attacks are coming."

Evidently they are coming for the LULZ

2
0

The "louise boat" surely?

2
0

This post has been deleted by its author

Silver badge
Facepalm

Re: This is why

What is "virus code". How will it be defined and who will define it? How would such laws be applied to a foreign government or intelligence agency? What normal jury could be expected to understand what is and what is not 'virus code'?

5
0
Bronze badge

Re: This is why

I'm guessing you're, erm, not a lawyer?

0
0
Silver badge

Re: This is why

All I know is that if you have 'terrorism' and 'virus' in the same sentence it sounds like you're pushing an agenda.

2
0
Vic
Silver badge

Re: This is why

> We need to change the law to create an offence of "ideologically supporting terrorism"

How many times are you planning on posting this drivel?

Vic.

5
0
Silver badge
Thumb Down

Re: This is why

> We need to change the law to create an offence of "ideologically supporting terrorism"

We need to change the law to allow law-and-order commenters that are a bit cuckcoo to be handed over to the tender mercies of LA police officers who can then leisurely taser-torture them and beat them to death on camera.

Now, wait. It think it is already changed...

1
0

Hiding in those 100 will be the actual target... And they don't yet know what's missing.

1
0
Happy

the irony is the fact that because a Chinese source was suspected the The US's NSA could well be the culprit

2
3
Silver badge

No, the "irony" is that since it was a Chinese source, Unit 61398 or some other PLA cyberwarfare unit is likely to be the culprit. Like another poster said: among those 100 affected companies is the target, and I'd guess it's a defense-tech company.

1
1

'Ken Oath

Absolutely!

IF I had backdoors into most computing/communications devices, I too could make an attack seem to come from anywhere!

0
0
Bronze badge
Flame

Targeting?

What makes anyone think that this was a targeted attack? It sounds like normal Chinese traffic and the ZyXEL products are crashing from their lack of robustness.

I have a weekly task to add more of China to my firewall. They're a non-stop source of vulnerability scans and they make it a habit of providing fake network contact information. I have an American ISP with no throughput to spare for all of that garbage.

4
1
Anonymous Coward

Re: Targeting?

Heck, I blocked all of China's ip address blocks 4 years ago (any any other unfortunate APNIC customer in a /16 network that covered any of China.) Of course, I also block Brazil and parts of eastern Europe...

2
0
Anonymous Coward

Re: Targeting?

Most of the abuse email addresses of the Chinese ISPs are useless as emails bounce as they are over quota.

Its odd how we keep being told how the Chinese have limited access to the internet because of the "Great Firewall" but it apparently has been designed to allow outgoing wide scale network attacks.

Like you I'm continually adding more and more of China to my firewall... I very rarely see any legitimate traffic from China

1
0
Silver badge

Re: Targeting?

> the "Great Firewall" but it apparently has been designed to allow outgoing wide scale network attacks.

The Chinese secret service don't care if some Chinese hackers attack your site. If you want the great firewall to block visits to your site, post some Free Tibet propaganda or an account of the Tienanmen Square massacre.

2
0
Anonymous Coward

Re: Targeting?

Damn you! Now the Reg will get blocked in China!

I don't want to need a VPN just to read my daily dose of tech news & read the funny comments!

0
0
Anonymous Coward

Disabling remote web management on the Zyxels is a work-around. Some ISPs have seen these packets sent from French source addresses too, but it's a syn flood - the attacker doesn't need to see replies - so you can't say with certainty where the packets come from, they could easily be spoofed from any of the many ISPs worldwide who don't do ingress filtering.

0
0
Bronze badge

ts odd how we keep being told how the Chinese have limited access to the internet

Much like the US they have their own "intelligence corps" and what better way for either side to test adversary's systems for weak spots than to continually probe and cause havoc.This said the Great wall can shut off internet access to the country in a heart beat unlike the Western powers.

1
0
Anonymous Coward

Businesses affected: cheapskates with old crappy routers on an Internet connection with zero / low service level agreement. What great targets for an attack... This is just an act of mindless vandalism.

0
1

They were cost effective feature rich routers, a significant amount of Businesses who just needed basic internet connectivity and VPN features would have them. I might even have a couple lying around!

2
0
Anonymous Coward

Chink in one's armor.

I too have blocked large swathes of V4 IP addresses with little or no negative impact, logs are smaller and unusual traffic stands out better now.

I'm coming to the conclusion a geographic white list would be preferable for most home/small business users.

Unless you are running a web site that needs to be accessible from location X why generally accept uninvited packets from that place?

0
0
Anonymous Coward

Re: Chink in one's armor.

A number of these sites probably don't need incoming connectivity from anywhere - CGNAT, anyone? :)

0
0

Cheapskates?

What makes them a cheapskate? Perfectly standard piece of hardware, that as vmistery says had quite a good feature set and IIRC had a reputation for a being fairly solid. What kind of ISP and equipment do you expect the kind of small business that this might relate to, to have?

Who has an SLA with their ISP for an ADSL service that would prevent this?

Who can confidently say they own a Router that has no such vulnerability?

Small business don't run out and replace things for the latest shiny shiny when what they have is perfectly functional.

4
0
Anonymous Coward

Re: Cheapskates?

This.

Lots of little business outfits don't even have any IT support agreements in place, full stop. Their internet connection / setup was likely a 'set and forget' affair by a local / SME installer and just left there.

That said, I do think a lot of these little setups would be better protected with a bridged ADSL modem + pfsense / Smoothwall / ipcop / whatever to try and mitigate increasing problems like this, that result essentially from abandonware.

0
0

I swapped out a P660R-D1 we were using on an ADSL at work last week, it was playing up and I assumed it was just the age of the router causing it to die. I guess it must have been this.

We liked those routers because we could use them more like a modem and the ADSL chipset was robust and got decent sync speeds. This particular one had been in use for six years or so and until now caused no issues what so ever.

1
0
Happy

I have a P660R-D1 and have had no recent problems. However, it's in bridge mode and has no public IP address so it wouldn't be affected by these attacks anyway.

0
0
This topic is closed for new posts.