back to article UK research network Janet under ongoing and persistent DDoS attack

Publicly-funded academic computer network Janet has come under a persistent DDoS attack today, which hobbled multiple internet connections, including the Manchester to Manchester Core Router. Janet, effectively the UK's computer network for educational and research institutions, first experienced connectivity problems shortly …

  1. Valeyard

    Title

    There was a DDOS script and i ran it, janet

    1. moiety

      It was easy; there's no need to plan it, janet

      1. moiety

        The people who did it are manic, janet

        1. moiety

          Got no braaaaaiiiiinnnnssss.

    2. ecofeco Silver badge

      Re: Title

      Dammit Janet, I love you!

  2. Scott Broukell

    I was perhaps under the mistaken belief that academic data exchange (globally, let alone in the UK), was moving to a new "Grid" system that would have massively enhanced encryption and stunningly complex security - perhaps it was all a dream.

    1. Fitz_

      That's the problem with academic anything though - looks great on paper, but the reality is usually lacking.

      Those that do make it into the real world often end up as over-engineered solutions to problems that don't exist.

      1. Anonymous Coward
        Anonymous Coward

        "That's the problem with academic anything though - looks great on paper, but the reality is usually lacking."

        Yes, good people don't normally want to work for the crappy pay that most academic institutions (or the public services in general) pay. So you get with the less talented dross. That's why they are always spending so much on consultants / contractors to come in and do the hard stuff.

        I would say it's a fair bet they will eventually be paying a network contractor / consultancy to block this attack...

  3. moiety

    Might be an idea to ask Twitter nicely if they could have IP addresses of anyone repeatedly refreshing the page today.

    1. Anonymous Cowherder

      Not sure if serious?

      I know of at least 5 people that have been doing that legitimately, trying to find information about the recurring outages!

      1. moiety

        Re: Not sure if serious?

        Find the newbie then. Regulars will have history and traces and all that.

        1. moiety

          Re: Not sure if serious?

          @Anonymous Cowherder - You're right, it was a silly idea. And would prove nothing even if you could find a suspect.

  4. Your alien overlord - fear me

    Hmmm, someone forgot to do their homework and thinks that by taking down Janet it'll give them an extra day. So, won't be arts, language or classics students. Wonder what Man Uni specialises in churning out?

    1. A Non e-mouse Silver badge

      A certain Steve Furber is working on a 1,000,000 ARM core Silicon Brain in Manchester.

      Maybe the brain is starting to become self aware? Skynet, anyone?

    2. Blue Pumpkin

      Guilty

      I is one of them computer engineerz.

      Though we were more interested in getting that new fangled Telnet working on our PDP-11 at the time. Janet were but scribblings on a white (possibly even black) board ....

      Some interesting historical notes here:

      http://www.uknof.com/uknof7/Reid-History.pdf

      Though there was internet - just not as we know it.

      1. apepper

        Re: Guilty

        That took me back; I wrote code for X.25 PADs and Switches - the history missed out Green Book - which defined the PAD.

        1. Destroy All Monsters Silver badge

          Re: Guilty

          I didn't even know Janet still existed.

        2. RDW

          Re: Guilty

          PAD>call UK.AC.LANCS.PDSOFT

  5. Leeroy Silver badge

    Mighty big DDOS attack

    Must be a huge attack to take out a network with a 100Gbit/s backbone ?

    If it is a private network how hard can it be to isolate the points that are being attacked and limit connections in order to protect the rest of the network.

    I'm a noob at attacks of this scale.

    Would be nice to see an update on the front page.

    1. A Non e-mouse Silver badge

      Re: Mighty big DDOS attack

      Must be a huge attack to take out a network with a 100Gbit/s backbone

      It's taken out a router. You can either overload the routing logic by sending more traffic than it can handle, or, if you craft your traffic correctly, you can force the packets to go via the CPU rather than being handled by the switching ASICS.

      If it is a private network how hard can it be to isolate the points that are being attacked and limit connections in order to protect the rest of the network

      JANET doesn't exist just to link UK Universities (& other institutions) together. It also exists to link UK Universities to other institutions. i.e The rest of the world.

      If you cut JANET off from the rest of the world, you'll end up with a lot of *very* annoyed researchers. (And admin staff & students)

      1. lorisarvendu

        Re: Mighty big DDOS attack

        "If you cut JANET off from the rest of the world, you'll end up with a lot of *very* annoyed researchers. (And admin staff & students)"

        And IT staff who can't do anything because both our email and ticketing system are hosted off-site!

  6. Gordon 10 Silver badge
    Coat

    Can't they just walk the data down the road on a USB stick?

    The Mancester to Manchester Core Router doesn't sound very far to me. Is it on the tram network?

    1. A Non e-mouse Silver badge

      Re: Can't they just walk the data down the road on a USB stick?

      It depends how gridlocked the trams have become at Picadilly Gardens.

  7. Anonymous Coward
    Anonymous Coward

    I can sort of understand why people attack Governments and businesses but why would you attack an academic network? It's like kicking someone puppy.

    I think we should drop the leading D in DDoS. Why? Because who launches a DoS attack that isn't distributed now? In fact could you even realistically launch a non-distributed DoS against any target that would make the news? I

    1. hopkinse

      not just academics that use Janet

      UK wide local government uses Janet as it's connection to the outside world. Our connection is still flakey in the extreme.

  8. Anonymous Coward
    Anonymous Coward

    It's still happening this morning...

  9. This post has been deleted by its author

  10. Anonymous Coward
    Anonymous Coward

    Seems bad again this morning. I can get to theregister but numerous other sites we can't bbc, gizmodo, engadget (facebook is fine so the boffins will not riot yet!)

    1. JPeasmould
      Big Brother

      scotnats?

      The only news site I seem to be able to get to (apart from this one of course) is the National.

      Obviously the work of deranged nationalists.

      1. Afernie

        Re: scotnats?

        That's sure to be the headline in the Express, Daily Hate, and the Record. Although the Express and Mail may flip a coin and make up something about it being Daesh.

  11. A Non e-mouse Silver badge
  12. Anonymous Coward
    Anonymous Coward

    hmmmm netsight has now gone down for maintenance!

    1. A Non e-mouse Silver badge

      I guess it's been shutdown as everyone was hammering it to death trying to get updates.

      1. lorisarvendu

        They need another status page so we can regularly check the status of the first status page, and while we're at it a second twitter account to tell us when the first twitter account will be updated.

  13. 0laf Silver badge

    JANET also connects schools and a lot of local authorities. The is the potential for some serious harm if social services lose connectivity but most organisation have a couple of fall backs at least for email.

    1. lorisarvendu

      "JANET also connects schools and a lot of local authorities. The is the potential for some serious harm if social services lose connectivity but most organisation have a couple of fall backs at least for email."

      Not if your mailboxes are all hosted by MS.

      1. Kiarr

        Umm

        Even if your mailboxes are hosted by MS if your connection to the internet is under attack and you cant get to the internet your even more cut off from your mailboxes than normal lol

        1. lorisarvendu

          Re: Umm

          "Even if your mailboxes are hosted by MS if your connection to the internet is under attack and you cant get to the internet your even more cut off from your mailboxes than normal lol"

          Ummm...yes that's exactly what I meant. I was responding to the comment about most organisations have a backup email plan. We don't have a backup email plan because our mailboxes are hosted by MS.

          1. Kiarr

            Re: Umm

            Ahh got you - actually a large number of academic institutions these days use 365 with no backup email

  14. koswix
    Pint

    Didn't notice this at all yesterday, but today the network is almost unusable (in Edinburgh). It's a very cunning attack, I can access the Reg, reddit, facebook, etc., but anything I need for actual work is completely unreachable. Oh well.

    1. Anonymous Coward
      Anonymous Coward

      we were ok Friday and yesterday despite the major incidents, but today its really bad

    2. Roger Kynaston
      Joke

      Are you suggesting

      that El Reg is not essential for work!? Shame on you.

      1. koswix

        Re: Are you suggesting

        As an engineering student revising for exams, no, I can't really claim El Reg to be essential to work. Maybe I could spin some of the articles and editorial into being relevant for my project management course, but that's mostly bullshit anyway.

      2. Anonymous Coward
        Anonymous Coward

        Re: Are you suggesting

        Essential for work? No. Essential for sanity? Yes.

  15. lorisarvendu

    Twitter. #TT169600

  16. Anonymous Coward
    Anonymous Coward

    Few schools I work with are all down. We have very limited internet, we can access this site and any HTTPS sites (so Google), but most of the net on port 80 is deaded.

  17. JPeasmould
    Facepalm

    service status

    Our service status page is apparently externally hosted - so it's not available.

    That was a good idea.

  18. Semtex451 Silver badge
    Mushroom

    Is Alex working on an update to this story?

  19. Dr_Cynic

    Changing my nameservers from the default university ones to use google's temporarily makes most sites accessible. though there are still a few which don't seem to be working.

  20. This post has been deleted by its author

    1. Semtex451 Silver badge

      Re: Local Government also

      .... and some NHS Trusts* use JANET too. Grrr

      *NB for mercans read "Hospitals"

  21. rkerrnz

    The kind people at the university are not only providing the above statement to the students but are also including a detailed description of the actions being taken to counteract it. at the bottom of the message.

    I wouldn't normally share but as it has gone to several thousand already

    "On Monday 7 December at 9.24 a distributed denial-of-service (DDoS) attack caused unplanned disruption on the Janet network. This resulted in a potentially intermittent service for all customers. Our network and computer security incident response teams are currently working to resolve the problem.

    Network Operations Centre (NOC) engineers working closely with CSIRT, our security team, are implementing measures to reduce or stop the impact of these attacks. Each takes time to identify and to apply effective blocks. Once the blocks are applied the attack is brought under control but when this is spotted by the perpetrators the dynamics of the attacks change.

    Due to their approach we have stopped putting out detailed Twitter messages since we believe our Twitter feeds were being monitored and the attackers were using this information to change attack vectors.

    The reason why these attacks are so disruptive is that Janet infrastructure address space is being targeted. With such high capacity links, the amount of traffic that can be targeted at a core router's internal addresses will cripple such a router which are not designed to cope themselves with service traffic but designed to switch packets through very quickly.

    We have now removed visibility to our infrastructure by blocking diagnostic facilities

    (Removed sensitive content)

    XXXXXXXXXXXX

    We would appreciate it if you did not make this information public as that might cause further attacks against the network."

    This is what happens when Network guys are put in charge of Security. please discuss!

    1. Anonymous Coward
      Anonymous Coward

      Please discuss

      Here's my part to the discussion.

      1. If they've made this information available to anyone other than their IT department and management (and unless you're one of the two it appears they have), your University are stupid and irresponsible for doing so, until we know otherwise one of their students could easily be the source of the attack for whatever motivation.

      2. You are at least as stupid and irresponsible for posting it on here.

      1. rkerrnz

        Re: Please discuss

        the details are not posted here

    2. The Real Me
      FAIL

      @rkerrnz, which University sent this out?

  22. Anonymous Coward
    Anonymous Coward

    Re: A denial of service has been identified.

    The West Midlands LINK's are under feet of torrential downpour of water, useless northern monkeys!

  23. Dieter Haussmann

    False flag ?

    The government announced ISIS were planning to do this earlier in the week and the government are now proposing similar restrictions on our internet freedoms to those currently being proposed in France and the USA.

  24. MarkSitkowski

    What kind of DDoS?

    Does anyone know the exact composition of the DDoS traffic?

    (like multiple simultaneous HTTP requests, multiple FTP connections, UDP traffic, etc)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019