"We don't know why the attacks are coming."
Evidently they are coming for the LULZ
Hackers have launched an internet attack which has hobbled the internet connections of at least 100 British businesses. An unknown group or individual thought to be based in the People's Republic used a SYN flood attack to attack the 600 and 660 models of router from Taiwanese firm ZyXEL. Sources at ZyXEL and the ISP MDNX …
> We need to change the law to create an offence of "ideologically supporting terrorism"
We need to change the law to allow law-and-order commenters that are a bit cuckcoo to be handed over to the tender mercies of LA police officers who can then leisurely taser-torture them and beat them to death on camera.
Now, wait. It think it is already changed...
What makes anyone think that this was a targeted attack? It sounds like normal Chinese traffic and the ZyXEL products are crashing from their lack of robustness.
I have a weekly task to add more of China to my firewall. They're a non-stop source of vulnerability scans and they make it a habit of providing fake network contact information. I have an American ISP with no throughput to spare for all of that garbage.
Most of the abuse email addresses of the Chinese ISPs are useless as emails bounce as they are over quota.
Its odd how we keep being told how the Chinese have limited access to the internet because of the "Great Firewall" but it apparently has been designed to allow outgoing wide scale network attacks.
Like you I'm continually adding more and more of China to my firewall... I very rarely see any legitimate traffic from China
> the "Great Firewall" but it apparently has been designed to allow outgoing wide scale network attacks.
The Chinese secret service don't care if some Chinese hackers attack your site. If you want the great firewall to block visits to your site, post some Free Tibet propaganda or an account of the Tienanmen Square massacre.
Disabling remote web management on the Zyxels is a work-around. Some ISPs have seen these packets sent from French source addresses too, but it's a syn flood - the attacker doesn't need to see replies - so you can't say with certainty where the packets come from, they could easily be spoofed from any of the many ISPs worldwide who don't do ingress filtering.
Much like the US they have their own "intelligence corps" and what better way for either side to test adversary's systems for weak spots than to continually probe and cause havoc.This said the Great wall can shut off internet access to the country in a heart beat unlike the Western powers.
I too have blocked large swathes of V4 IP addresses with little or no negative impact, logs are smaller and unusual traffic stands out better now.
I'm coming to the conclusion a geographic white list would be preferable for most home/small business users.
Unless you are running a web site that needs to be accessible from location X why generally accept uninvited packets from that place?
What makes them a cheapskate? Perfectly standard piece of hardware, that as vmistery says had quite a good feature set and IIRC had a reputation for a being fairly solid. What kind of ISP and equipment do you expect the kind of small business that this might relate to, to have?
Who has an SLA with their ISP for an ADSL service that would prevent this?
Who can confidently say they own a Router that has no such vulnerability?
Small business don't run out and replace things for the latest shiny shiny when what they have is perfectly functional.
Lots of little business outfits don't even have any IT support agreements in place, full stop. Their internet connection / setup was likely a 'set and forget' affair by a local / SME installer and just left there.
That said, I do think a lot of these little setups would be better protected with a bridged ADSL modem + pfsense / Smoothwall / ipcop / whatever to try and mitigate increasing problems like this, that result essentially from abandonware.
I swapped out a P660R-D1 we were using on an ADSL at work last week, it was playing up and I assumed it was just the age of the router causing it to die. I guess it must have been this.
We liked those routers because we could use them more like a modem and the ADSL chipset was robust and got decent sync speeds. This particular one had been in use for six years or so and until now caused no issues what so ever.
Biting the hand that feeds IT © 1998–2019