Airwire Issues?

tazzzZ

Anyone else have their Airwire SIRO connection drop off a cliff in the last 20 mins?

michaelheno

tazzzZ wrote: »

Anyone else have their Airwire SIRO connection drop off a cliff in the last 20 mins?

Yes can’t connect to anything last 20 mins

tazzzZ

Possibly another DDOS

Nothing mentioned on twitter yet though

michaelheno

tazzzZ wrote: »

Possibly another DDOS

Nothing mentioned on twitter yet though

More than likely I’m on FTTH

Headshot

Heard that providers are expecting big DDOS attacks at the weekend

michaelheno

Seem to be ok now

Falconire

michaelheno wrote: »

Seem to be ok now

It seems all regional ISP's are getting DDOS attacked over the last week.

tazzzZ

Having the same drop off now as the other day...

chris_ie

tazzzZ wrote: »

Having the same drop off now as the other day...

Yeah same here.

michaelheno

chris_ie wrote: »

Yeah same here.

Same here

tazzzZ

They didn't tweet about the issue the last day... Wonder if it is more ddos attacks

Dcully

Same here just now.

Xzen

They've been dropping a lot since early this morning. Completely gone now. Their website's down now too, though they haven't announced an outage yet (do the work Sundays?)

https://twitter.com/airwire/with_replies

KCross

Yup, another DDoS attack. Its on their Twitter feed now.

Airwire: MartinL

Yes, we are currently being DDoS'd and this is primarily our DNS servers that are the target.

We are currently modifying our authentication profiles for our customers with new DNS servers, but those will only kick in, when the session gets restarted.

Alternatively, Google DNS (8.8.8.8, 8.8.4.4) or CloudFlare DNS (1.1.1.1) can be used and most of the Internet should be accessible then.

There are certain networks, like Microsoft, that we had to block off though, as some of the attacks come out of their Cloud.

Marlow

Falconire wrote: »

It seems all regional ISP's are getting DDOS attacked over the last week.

Not only regional providers. Over 20 irish networks have been attacked in the last 10 days. 2 or 3 every day. One big irish hosting provider is also under attack today.

/M

harmless

Airwire: MartinL wrote: »

Yes, we are currently being DDoS'd and this is primarily our DNS servers that are the target.

We are currently modifying our authentication profiles for our customers with new DNS servers, but those will only kick in, when the session gets restarted.

Alternatively, Google DNS (8.8.8.8, 8.8.4.4) or CloudFlare DNS (1.1.1.1) can be used and most of the Internet should be accessible then.

There are certain networks, like Microsoft, that we had to block off though, as some of the attacks come out of their Cloud.

I've used CloudFlare for DNS since I switched to Airwire almost 2 years ago. 1.1.1.1 and 1.0.0.1

What should I change my DNS to? I currently have no service?

Airwire: MartinL

Service is up, if you use those. Even our DNS servers should work now.

There are though a lot of international destinations, that you can't reach because of these DDoS attacks.

They are also not limited to our network. At least 2 networks in Ireland are being attacked today and I've also heard from a few elsewhere in Europe.

You should be able to get to places like Google, Facebook, etc. Basically everything that is on INEX apart from Microsoft, which we had to block off, because the attacks also come out of their cloud service.

Dcully

Still down for me

harmless

Dcully wrote: »

Still down for me

There is some very limited service. I can connect to some apps and websites but it's not usable.

Darwin

Mostly down here (Laois), although some sites loading very slowly.

Dcully

Darwin wrote: »

Mostly down here (Laois), although some sites loading very slowly.

Monasterevin here so close enough.

tazzzZ

Still nothing here in d24. I've tried all dns's recommended but still nothing atm.

rob808

Any update when this is fully fixed my broadband like mobile some websites won't work. Netflix and amazon prime won't work these DDos attack are happen to much.

AidenL

This seems to be on the increase. I presume there’s no defence except to react when it happens?

alan4cult

Unfortunately seems to be on the increase everywhere. No real options except proxying off to Cloudfare who can handle the load better.

java

alan4cult wrote: »

Unfortunately seems to be on the increase everywhere. No real options except proxying off to Cloudfare who can handle the load better.

there are plenty of options but they come at a price

rob808

java wrote: »

there are plenty of options but they come at a price

If these DDos attacks keep on happening there gona lose customers.There doing there best but having a half functioning internet is not good.

alan4cult

java wrote: »

there are plenty of options but they come at a price

Agreed but I really think cloud based options are the only viable option as they can scale to handle the load.

AidenL

alan4cult wrote: »

Agreed but I really think cloud based options are the only viable option as they can scale to handle the load.

As opposed to physical servers? Can you elaborate on that please, as I’m no expert.

I like the Airwire setup, but is there an ISP who wouldn’t be affected in this way?

rob808

It clear to me Airwire can't handle DDos attack well.Im hoping this sorted tomorrow.

harmless

rob808 wrote: »

It clear to me Airwire can't handle DDos attack well.Im hoping this sorted tomorrow.

Is there something about Airwire that would make them more vulnerable to DDOS than larger ISPs?

alan4cult

AidenL wrote: »

As opposed to physical servers? Can you elaborate on that please, as I’m no expert.

I like the Airwire setup, but is there an ISP who wouldn’t be affected in this way?

There used to be a time when DDoS would come from a single group of IP addresses or IP location so you could buy a physical server and have it scrub all unwanted traffic and then pass it down to the main gateway as normal.

Then the DDoS got bigger and put extreme load on these physical servers but they could still handle them reasonably well. However the modern DDoS attacks are coming from a wide range of IP address and a wide range of locations and it becomes impossible to keep detecting them. I mean you can do it but you are going to be drowning money in running servers to packet inspect. So why not just rent it when you need it rather than racks sitting just for DDoS.

Cloud based e.g. Cloudfare offer (for a fee) a DDoS protection that will pass traffic (as normal) to you when no attack is occurring and hold traffic back when an attack is occurring. I'm not sure of the exact fee structure, but it scales the larger the attack.

I'm not a promoter of cloud based or anything but the more people that use a cloud DDoS prevention the smarter the cloud whitelist / blacklists become as they are getting to see more of the bad traffic and training the traffic scrubbers rather than every individual local physical server having to.

DDoS is the modern day spam of the Internet, hopefully we find a solution to fight it.

rob808

harmless wrote: »

Is there something about Airwire that would make them more vulnerable to DDOS than larger ISPs?

They seem to be keep on getting targeted this is the second attack and the first happen two weeks ago not as bad.

LillySV

The brother is with lightnet and they had same hassle I think

java

AidenL wrote: »

As opposed to physical servers? Can you elaborate on that please, as I’m no expert.

I like the Airwire setup, but is there an ISP who wouldn’t be affected in this way?

There are many providers, including Cloudflare, that offer DDoS protection services. Any ISP can pay for these services to protect their network and service to their customer, but it does cost money.

rob808

This is worst DDos attack so far on there network.The firewall making watching any stream services impossible.It blocking xbox live,PlayStation network,Netflix,Amazon prime,youtube working so no fun tonight.

Airwire: MartinL

rob808 wrote: »

It clear to me Airwire can't handle DDos attack well.Im hoping this sorted tomorrow.

rob808 wrote: »

This is worst DDos attack so far on there network.The firewall making watching any stream services impossible.It blocking xbox live,PlayStation network,Netflix,Amazon prime,youtube working so no fun tonight.

These attacks are unprecedented, with bandwidth in the double and triple digit Gbit/s speeds (yes .. that's multiple 10 Gbit/s worth of DDoS traffic) and the attack changes in intervals, so one mitigation solution will only last for a limited period.

Also the attack is coming from a wide spread of hosts from a lot of different networks. We have de-peered Microsoft, as a large amount of the attack comes out of their Azure cloud, so you can most certainly forget about Xbox Games online today.

LillySV wrote: »

The brother is with lightnet and they had same hassle I think

That is correct. There are multiple networks affected by this today, including a hosting company.

Airwire: MartinL

java wrote: »

There are many providers, including Cloudflare, that offer DDoS protection services. Any ISP can pay for these services to protect their network and service to their customer, but it does cost money.

It does not only cost money. It also adds latency, which is a killer for streaming, online games and other things.

The type of DDoS protection that Cloudflare offers is designed for hosting companies to protect their servers.

It would impact quite substantially on end-users, if used in that application. And yes, we probably would have to double our subscription fees.

rob808

Airwire: MartinL wrote: »

It does not only cost money. It also adds latency, which is a killer for streaming, online games and other things.

The type of DDoS protection that Cloudflare offers is designed for hosting companies to protect their servers.

It would impact quite substantially on end-users, if used in that application. And yes, we probably would have to double our subscription fees.

will it be back normal tomorrow or how long will these block be in place.

Marlow

rob808 wrote: »

will it be back normal tomorrow or how long will these block be in place.

You do know, that people who maliciously attack networks don't tell you their schedule nor can be contacted, right ?

There are 2 ways, that an attack like this gets stopped: the attacker runs out of money and steam and/or the affected ISPs track down every server or computer, that is being used in the attack, contacts the ISP or hosting centre, that hosts said server or computer and then it depends on them to shut it down and if they are willing to do so.

Usually attacks like these only sustain a few hours before they get their legs cut off, because all carriers in between suffer, as their bandwidth is being hogged by useless traffic. But one thing is for sure: you can't just ring the attacker up and ask him, when he intends to stop his attack.

If somebody pumps a couple 100 Gbit/s into Ireland, all internet services in Ireland start to suffer. So yes, it's highly likely, that things normalise after a few hours. All depending on how well funded the attacker is.

/M

rob808

I know that wasn't the question I was asking just want to know how long will they be blocking microsoft server's because having half working Internet not great.

rob808

rob808 wrote: »

I know that wasn't the question I was asking just want to know how long will they be blocking microsoft server's because having half working Internet not great.

The answer is the same.

NotAnotherOrange

Do we think this is something we can expect to keep happening?

Are Eir, Vodafone, Sky etc having the same issue?

I'm usually very happy with Airwire and love that they communicate like they do, but working from home means there is massive disruption here. Yesterday was an absolute disaster for work.

Dcully

SoupBanana wrote: »

Do we think this is something we can expect to keep happening?

Are Eir, Vodafone, Sky etc having the same issue?

I'm usually very happy with Airwire and love that they communicate like they do, but working from home means there is massive disruption here. Yesterday was an absolute disaster for work.

Same story here pretty much.
I moved to airwire so when an issue arises im not waiting days or weeks for them to accept there is even an issue then more days or weeks to get it fixed which is what happened to me with eir many times.
As you say that communication is key thus im infinitely happier with airwire than eir.
But it is worrying as both of us here work from home now, yesterday didnt affect us in that sense being a Sunday but some as you say do work on a Sunday.

My brother in a neighbouring town is with sky and did not have an issue yesterday.
Id like to learn what ISPs were affected.

KildareP

Unfortunately it's a fact of life.

The "big" alternatives such as Eir, Vodafone, Virgin Media, Sky (BT), Imagine, Three, Pure (Eir/BT) and Digiweb (Viatel) have all had major outages of one form or another during the pandemic, many lasting for several hours at a time.

No-one is immune from a DDoS because of its very nature - it's utilising thousands, sometimes millions, of sources coming from all corners of the globe. Often it comes from legitimate sources like websites and mailservers that have been compromised or from malware embedded on users home PCs which turns them into bot armies and they haven't the faintest idea their PC is even doing it.

The larger ISP's can perhaps better work around the issue as they're likely to have significantly more transit bandwidth to hand, larger routers that can handle being pummelled by DDoS traffic while still maintaining normal traffic flow, and diverse paths to direct all of the DDoS traffic into a null route until the orchestrator gives up.

Ultimately all it takes though is for someone with enough bandwidth at their disposal and enough distributed bots to start pumping junk traffic towards an ISP's edge router and eventually it becomes overwhelmed to the point all of it's resources are consumed by the DDoS traffic.

GerardKeating

rob808 wrote: »

If these DDos attacks keep on happening there gona lose customers.There doing there best but having a half functioning internet is not good.

Depends, the alternatives (Like LightNet) were also impacted, so it not like it was just them.

NotAnotherOrange

KildareP wrote: »

Unfortunately it's a fact of life.

The "big" alternatives such as Eir, Vodafone, Virgin Media, Sky (BT), Imagine, Three, Pure (Eir/BT) and Digiweb (Viatel) have all had major outages of one form or another during the pandemic, many lasting for several hours at a time.

No-one is immune from a DDoS because of its very nature - it's utilising thousands, sometimes millions, of sources coming from all corners of the globe. Often it comes from legitimate sources like websites and mailservers that have been compromised or from malware embedded on users home PCs which turns them into bot armies and they haven't the faintest idea their PC is even doing it.

The larger ISP's can perhaps better work around the issue as they're likely to have significantly more transit bandwidth to hand, larger routers that can handle being pummelled by DDoS traffic while still maintaining normal traffic flow, and diverse paths to direct all of the DDoS traffic into a null route until the orchestrator gives up.

Ultimately all it takes though is for someone with enough bandwidth at their disposal and enough distributed bots to start pumping junk traffic towards an ISP's edge router and eventually it becomes overwhelmed to the point all of it's resources are consumed by the DDoS traffic.

Is it possible to see how many outages various companies have had over the last 6-12 months.

Would be interesting to see how often their FTTH networks are down.

alan4cult

SoupBanana wrote: »

Is it possible to see how many outages various companies have had over the last 6-12 months.

Would be interesting to see how often their FTTH networks are down.

It depends what you mean by down? DNS can go down but that can be mitigated by temporarily moving DNS.
Routes can go down but not all. Traffic through the Irish exchange (INEX) is usually up but that means you can only peer with anybody connected to the INEX.

DDoS is often beyond providers controls and an enormous waste of money globally trying to prevent it. Hopefully some clever people can come up with long term solutions to prevent it.

Airwire: MartinL

DDoS attacks have in the past (fortunately) always been less, than the upstream bandwidth we have. In the past that is.

The last 2 attacks have been beyond the traffic pattern that the majority of networks could be dealing with.

Disregardles of that, we actually have figured out ways of dealing with these (during the attempts) as we brought full connectivity back before the attack actually was stopped. Meaning, we have ways to mitigate attacks this powerful and prolonged as these in the future with a minimal impact to customers. That is, until the attackers get smarter. And we even will be able to automate some of these mitigations.

As the internet evolves, so does every provider. Be assured, that we just won't take this without changes on our end.

chris_ie

Anyone else down at the minute?