Eircom internet services hit by new cyber attack

eoinbn

mike65 wrote: »

According to the PR hack on rte this morning ISPs that piggy-back are not effected.

I just came on to ask that. I am with BT and my net is crawling today. I am losing 50% of the packets on a tracert to www.boards.ie.

Lessie

The slowness or hanging still continues. I'm entering the actual IP address for loading sites now. Hope this helps you guys too...:D

branie

I thought it was just my computer

aoidan

eircom have now restricted the size of an email you can send to about 200k, attacks must be coming from all sides

Sponge Bob

I suspect that eircom did something in response to a request from IRMA and that the Russians are not happy with eircom/IRMA .

I fail to see why eircom have not contacted the Estonians who were similarly attacked some years back !!!

Mr.Nice Guy

aoidan wrote: »

eircom have now restricted the size of an email you can send to about 200k, attacks must be coming from all sides

Seriously?

I noticed my wireless router giving me a bit of grief and flashing red quite a bit about a half hour ago. I was scared it was all going to kick off again but maybe it was just me.

Pa ElGrande

Sponge Bob wrote: »

I suspect that eircom did something in response to a request from IRMA and that the Russians are not happy with eircom/IRMA .

I fail to see why eircom have not contacted the Estonians who were similarly attacked some years back !!!

I suspect you are right the successful IRMA intimidation might well be the motivation for the DNS attack on Eircom. If Eircom DNS servers are forced off the internet or compromised, then it's user base has to use an alternative that is uncensored. If this is true the attacks will probably continue.

floydmoon1

Just readin again bout the whole Irma and eircom thing.
So to track this Eircom would use there DNS servers to track what sites people are visiting such as pirate bay.So if you are a big music fan or even associtated with one of these music sites like Pirate bay and want to punish Eircom you would hack there DNS servers so people would switch to open DNS and then Eircom wouldnt be able to track people.

Does that actually make sense or am I completely off the wall and not really understanding it?

NullZer0

Wouldn't suprise me if some idiot had the DNS configured wrong anyway! i.e Read/Write!

NullZer0

floydmoon1 wrote: »

Just readin again bout the whole Irma and eircom thing.
So to track this Eircom would use there DNS servers to track what sites people are visiting such as pirate bay.So if you are a big music fan or even associtated with one of these music sites like Pirate bay and want to punish Eircom you would hack there DNS servers so people would switch to open DNS and then Eircom wouldnt be able to track people.

Does that actually make sense or am I completely off the wall and not really understanding it?

Well the punishment side of things makes sense.

However while I'm sure DNS plays a part in "tracking" I don't know how they could use it to track people. I mean the only thing they could establish is the fact that you resolved a hostname using the DNS server (if even! ... and anyway this is Eircom).

If you ask me, I'm delighted! lol and they call themselves "Engineers"

Can you spell UNDER EXPERIENCED BRAINDUMPER

NullZer0

eoinbn wrote: »

I just came on to ask that. I am with BT and my net is crawling today. I am losing 50% of the packets on a tracert to www.boards.ie.

Don't BT use the same DNS?

java

floydmoon1 wrote: »

Just readin again bout the whole Irma and eircom thing.
So to track this Eircom would use there DNS servers to track what sites people are visiting such as pirate bay.So if you are a big music fan or even associtated with one of these music sites like Pirate bay and want to punish Eircom you would hack there DNS servers so people would switch to open DNS and then Eircom wouldnt be able to track people.

Does that actually make sense or am I completely off the wall and not really understanding it?

No sense at all. You are tracked through the ip address of your connection. Besides, eircom don't do the tracking, the music companies do.

Galen

Eircom is getting famous...

http://news.softpedia.com/news/Possible-DNS-Hack-at-Ireland-039-s-Largest-ISP-115860.shtml

[FONT=Arial, sans-serif]Customers of Eircom, the largest Internet service provider in Ireland, experienced serious DNS slowdowns and weirdness over the weekend. Users from different parts of the country reported that trying to open legit URLs in browsers redirected them to advertising pages.[/FONT]


[FONT=Arial, sans-serif]Some of them suggested on forums that there were two separate incidents related to Eircom's DNSs. The first reports appeared around July 1st, when multiple customers complained about significant DNS slowdowns and timeouts.[/FONT]


[FONT=Arial, sans-serif]"I'm having terrible issues this evening performing DNS lookups. Takes about 10 to 20 seconds to do the lookup but once done the page loads in normal time," wrote a user on boards.ie, a popular Irish community boards website. "Same problem here in Mayo and it won't let me log onto my ps3," another one confirmed several minutes later.[/FONT]


[FONT=Arial, sans-serif]Advertising search engine displayed instead of Twitter to Eircom subscribers (censored)[/FONT]
[FONT=Arial, sans-serif]Enlarge picture[/FONT]
[FONT=Arial, sans-serif]The unresponsiveness of Eircom DNS servers seemed to still be an issue at the time of writing this article. However, over the weekend, users started experiencing other DNS-related problems as well. Legit URLs like facebook.com or twitter.com began displaying advertising pages instead of the popular social networking websites.[/FONT]


[FONT=Arial, sans-serif]"Anyone else getting this when going on to rte [Ireland's national television website] via eircom BB [broadband]?," a user asked on July 3rd, while posting a screenshot of a search engine accompanied by the picture of a scantly dressed woman. "Ye Seems their DNS was hacked again.. Apparently it hapened recently with eBay.ie same picture and everything," he later added.[/FONT]


[FONT=Arial, sans-serif]Rik Ferguson, solutions architect at antivirus vendor Trend Micro, also reported about the issues. "So far there are very few details on the nature of the problem over at Eircom, but it is certainly clear that many Eircom subscribers are being redirected to bogus websites and rumours abound that Eircom’s DNS has been compromised," the researcher wrote on his blog. He suggests that affected users switch to using OpenDNS.[/FONT]


[FONT=Arial, sans-serif]Advertising search engine displayed instead of Facebook to Eircom subscribers[/FONT]
[FONT=Arial, sans-serif]Enlarge picture[/FONT]
[FONT=Arial, sans-serif]OpenDNS is a free DNS service used by millions of home users as well as organizations worldwide. In addition to increased stability, reliability and very fast response times, the service offers features such as parental control, phishing protection, URL typo correction, personal URL shortcuts and many more.[/FONT]


[FONT=Arial, sans-serif]Fortunately, this attack, if it indeed is an attack, does not seem to be malicious in nature and at best is focused around generating income. Nevertheless, it is rather invasive and annoying for the affected parties, preventing them from accessing legit resources over the Internet.[/FONT]


[FONT=Arial, sans-serif]Back in August 2008, we reported a similar incident affecting customers of a large Chinese ISP, China Netcom (CNC). At the time, hackers poisoned the DNS server with a fake entry that directed users trying to access an inexistent domain to a page loading exploits. The ISP normally loaded an advertising page for such mistyped or bogus URLs.[/FONT]


[FONT=Arial, sans-serif]That attack was a lot more subtle than the problems Eircom is having right now, because the hackers wanted to go undetected for as long as possible. However, this is not applicable for an income-generating scheme, whose success is directly tied to the traffic on the rogue page.[/FONT]


[FONT=Arial, sans-serif]Update: Eircom has released an official announcement confirming the DNS problems. "Customers may have recently experienced delays in web browsing and may have been unable to access the Internet. In some cases, customers may have been redirected to incorrect websites," it reads.[/FONT]

[FONT=Arial, sans-serif]As far as details go, they remain scarce, the ISP only noting that, "This issue has been caused by an unusual and irregular volume of internet traffic being directed onto our network, and this impacted the systems and servers that provide access to the Internet for our customers." It is yet unclear if this refers to a distributed denial of service (DDoS) attack, or something else.[/FONT]


[FONT=Arial, sans-serif]The company stressed that it "is working continuously to minimise the impact for customers and has taken a number of steps, including software updates and hardware interventions, to fully restore internet service."[/FONT]


[FONT=Arial, sans-serif]Update 2: Eircom subscribers reported a new wave of service problems on July 14. The company has released a new official statement, confirming the problems. "Last night eircom.net customers experienced significant congestion while browsing the web," the ISP announces.[/FONT]

[FONT=Arial, sans-serif]A new denial of service attack is again named as a possible source for the recent troubles. "While it is too early to confirm, eircom believes that it is related to an unprecedented volume of traffic deliberately directed at our network which has caused difficulties for customers over recent days," the company says.[/FONT]


[FONT=Arial, sans-serif]Clearly, the issue must be pretty serious for it to last so long. Eircom notes that it "has been in contact with other operators in the Irish market to collaborate and pool technical expertise in this area."[/FONT]

Liam Byrne

Interesting duality in a report in yesterday's Examiner :

A spokeman for Eircom said....."We've avoided the word hacker because no Eircom system or data has been compromised"

:

Unconfirmed reports indicate that some customers who tried to access websites such as Facebook and Bebo were redirected to sites filled with porn and advertising.

Unconfirmed ? I can confirm that for them, given what I saw at "www.rte.ie".

Conor Flynn, Technical Director with Rits Information Security, speculated that the attacks could be examples of......DNS Poisoning

Surely DNS Poisioning involves changing the data on the DNS server ? So if this is true, why the first statement ?

PaddyTheNth

Liam Byrne wrote: »

Unconfirmed ? I can confirm that for them, given what I saw at "www.rte.ie".

Surely DNS Poisioning involves changing the data on the DNS server ? So if this is true, why the first statement ?

Likewise, I posted a screenie somewhere here of what I saw when I tried to get to O2's website.

I'm seriously kicking myself now that I didn't fire up wireshark and see where I was being redirected to, even though it was undoubtedly just a compromised server somewhere. Would have been nice to confirm that the DNS response did in fact come from Eircom's server.

The statement from Eircom re uncompromised data is BS imo.

Liam Byrne

Anyone know if the repeated log-offs and "DSL down" today is related to this ? Had to actually feck off out of the home office for 3 hours because I'd have thrown the router through the window!

Only properly back online for the last 5 mins.....