Airwire Issues?

harmless

rob808 wrote: »

It clear to me Airwire can't handle DDos attack well.Im hoping this sorted tomorrow.

Is there something about Airwire that would make them more vulnerable to DDOS than larger ISPs?

alan4cult

AidenL wrote: »

As opposed to physical servers? Can you elaborate on that please, as I’m no expert.

I like the Airwire setup, but is there an ISP who wouldn’t be affected in this way?

There used to be a time when DDoS would come from a single group of IP addresses or IP location so you could buy a physical server and have it scrub all unwanted traffic and then pass it down to the main gateway as normal.

Then the DDoS got bigger and put extreme load on these physical servers but they could still handle them reasonably well. However the modern DDoS attacks are coming from a wide range of IP address and a wide range of locations and it becomes impossible to keep detecting them. I mean you can do it but you are going to be drowning money in running servers to packet inspect. So why not just rent it when you need it rather than racks sitting just for DDoS.

Cloud based e.g. Cloudfare offer (for a fee) a DDoS protection that will pass traffic (as normal) to you when no attack is occurring and hold traffic back when an attack is occurring. I'm not sure of the exact fee structure, but it scales the larger the attack.

I'm not a promoter of cloud based or anything but the more people that use a cloud DDoS prevention the smarter the cloud whitelist / blacklists become as they are getting to see more of the bad traffic and training the traffic scrubbers rather than every individual local physical server having to.

DDoS is the modern day spam of the Internet, hopefully we find a solution to fight it.

rob808

harmless wrote: »

Is there something about Airwire that would make them more vulnerable to DDOS than larger ISPs?

They seem to be keep on getting targeted this is the second attack and the first happen two weeks ago not as bad.

LillySV

The brother is with lightnet and they had same hassle I think

java

AidenL wrote: »

As opposed to physical servers? Can you elaborate on that please, as I’m no expert.

I like the Airwire setup, but is there an ISP who wouldn’t be affected in this way?

There are many providers, including Cloudflare, that offer DDoS protection services. Any ISP can pay for these services to protect their network and service to their customer, but it does cost money.

rob808

This is worst DDos attack so far on there network.The firewall making watching any stream services impossible.It blocking xbox live,PlayStation network,Netflix,Amazon prime,youtube working so no fun tonight.

Airwire: MartinL

rob808 wrote: »

It clear to me Airwire can't handle DDos attack well.Im hoping this sorted tomorrow.

rob808 wrote: »

This is worst DDos attack so far on there network.The firewall making watching any stream services impossible.It blocking xbox live,PlayStation network,Netflix,Amazon prime,youtube working so no fun tonight.

These attacks are unprecedented, with bandwidth in the double and triple digit Gbit/s speeds (yes .. that's multiple 10 Gbit/s worth of DDoS traffic) and the attack changes in intervals, so one mitigation solution will only last for a limited period.

Also the attack is coming from a wide spread of hosts from a lot of different networks. We have de-peered Microsoft, as a large amount of the attack comes out of their Azure cloud, so you can most certainly forget about Xbox Games online today.

LillySV wrote: »

The brother is with lightnet and they had same hassle I think

That is correct. There are multiple networks affected by this today, including a hosting company.

Airwire: MartinL

java wrote: »

There are many providers, including Cloudflare, that offer DDoS protection services. Any ISP can pay for these services to protect their network and service to their customer, but it does cost money.

It does not only cost money. It also adds latency, which is a killer for streaming, online games and other things.

The type of DDoS protection that Cloudflare offers is designed for hosting companies to protect their servers.

It would impact quite substantially on end-users, if used in that application. And yes, we probably would have to double our subscription fees.

rob808

Airwire: MartinL wrote: »

It does not only cost money. It also adds latency, which is a killer for streaming, online games and other things.

The type of DDoS protection that Cloudflare offers is designed for hosting companies to protect their servers.

It would impact quite substantially on end-users, if used in that application. And yes, we probably would have to double our subscription fees.

will it be back normal tomorrow or how long will these block be in place.

Marlow

rob808 wrote: »

will it be back normal tomorrow or how long will these block be in place.

You do know, that people who maliciously attack networks don't tell you their schedule nor can be contacted, right ?

There are 2 ways, that an attack like this gets stopped: the attacker runs out of money and steam and/or the affected ISPs track down every server or computer, that is being used in the attack, contacts the ISP or hosting centre, that hosts said server or computer and then it depends on them to shut it down and if they are willing to do so.

Usually attacks like these only sustain a few hours before they get their legs cut off, because all carriers in between suffer, as their bandwidth is being hogged by useless traffic. But one thing is for sure: you can't just ring the attacker up and ask him, when he intends to stop his attack.

If somebody pumps a couple 100 Gbit/s into Ireland, all internet services in Ireland start to suffer. So yes, it's highly likely, that things normalise after a few hours. All depending on how well funded the attacker is.

/M

rob808

I know that wasn't the question I was asking just want to know how long will they be blocking microsoft server's because having half working Internet not great.

rob808

rob808 wrote: »

I know that wasn't the question I was asking just want to know how long will they be blocking microsoft server's because having half working Internet not great.

The answer is the same.

NotAnotherOrange

Do we think this is something we can expect to keep happening?

Are Eir, Vodafone, Sky etc having the same issue?

I'm usually very happy with Airwire and love that they communicate like they do, but working from home means there is massive disruption here. Yesterday was an absolute disaster for work.

Dcully

SoupBanana wrote: »

Do we think this is something we can expect to keep happening?

Are Eir, Vodafone, Sky etc having the same issue?

I'm usually very happy with Airwire and love that they communicate like they do, but working from home means there is massive disruption here. Yesterday was an absolute disaster for work.

Same story here pretty much.
I moved to airwire so when an issue arises im not waiting days or weeks for them to accept there is even an issue then more days or weeks to get it fixed which is what happened to me with eir many times.
As you say that communication is key thus im infinitely happier with airwire than eir.
But it is worrying as both of us here work from home now, yesterday didnt affect us in that sense being a Sunday but some as you say do work on a Sunday.

My brother in a neighbouring town is with sky and did not have an issue yesterday.
Id like to learn what ISPs were affected.

KildareP

Unfortunately it's a fact of life.

The "big" alternatives such as Eir, Vodafone, Virgin Media, Sky (BT), Imagine, Three, Pure (Eir/BT) and Digiweb (Viatel) have all had major outages of one form or another during the pandemic, many lasting for several hours at a time.

No-one is immune from a DDoS because of its very nature - it's utilising thousands, sometimes millions, of sources coming from all corners of the globe. Often it comes from legitimate sources like websites and mailservers that have been compromised or from malware embedded on users home PCs which turns them into bot armies and they haven't the faintest idea their PC is even doing it.

The larger ISP's can perhaps better work around the issue as they're likely to have significantly more transit bandwidth to hand, larger routers that can handle being pummelled by DDoS traffic while still maintaining normal traffic flow, and diverse paths to direct all of the DDoS traffic into a null route until the orchestrator gives up.

Ultimately all it takes though is for someone with enough bandwidth at their disposal and enough distributed bots to start pumping junk traffic towards an ISP's edge router and eventually it becomes overwhelmed to the point all of it's resources are consumed by the DDoS traffic.

GerardKeating

rob808 wrote: »

If these DDos attacks keep on happening there gona lose customers.There doing there best but having a half functioning internet is not good.

Depends, the alternatives (Like LightNet) were also impacted, so it not like it was just them.

NotAnotherOrange

KildareP wrote: »

Unfortunately it's a fact of life.

The "big" alternatives such as Eir, Vodafone, Virgin Media, Sky (BT), Imagine, Three, Pure (Eir/BT) and Digiweb (Viatel) have all had major outages of one form or another during the pandemic, many lasting for several hours at a time.

No-one is immune from a DDoS because of its very nature - it's utilising thousands, sometimes millions, of sources coming from all corners of the globe. Often it comes from legitimate sources like websites and mailservers that have been compromised or from malware embedded on users home PCs which turns them into bot armies and they haven't the faintest idea their PC is even doing it.

The larger ISP's can perhaps better work around the issue as they're likely to have significantly more transit bandwidth to hand, larger routers that can handle being pummelled by DDoS traffic while still maintaining normal traffic flow, and diverse paths to direct all of the DDoS traffic into a null route until the orchestrator gives up.

Ultimately all it takes though is for someone with enough bandwidth at their disposal and enough distributed bots to start pumping junk traffic towards an ISP's edge router and eventually it becomes overwhelmed to the point all of it's resources are consumed by the DDoS traffic.

Is it possible to see how many outages various companies have had over the last 6-12 months.

Would be interesting to see how often their FTTH networks are down.

alan4cult

SoupBanana wrote: »

Is it possible to see how many outages various companies have had over the last 6-12 months.

Would be interesting to see how often their FTTH networks are down.

It depends what you mean by down? DNS can go down but that can be mitigated by temporarily moving DNS.
Routes can go down but not all. Traffic through the Irish exchange (INEX) is usually up but that means you can only peer with anybody connected to the INEX.

DDoS is often beyond providers controls and an enormous waste of money globally trying to prevent it. Hopefully some clever people can come up with long term solutions to prevent it.

Airwire: MartinL

DDoS attacks have in the past (fortunately) always been less, than the upstream bandwidth we have. In the past that is.

The last 2 attacks have been beyond the traffic pattern that the majority of networks could be dealing with.

Disregardles of that, we actually have figured out ways of dealing with these (during the attempts) as we brought full connectivity back before the attack actually was stopped. Meaning, we have ways to mitigate attacks this powerful and prolonged as these in the future with a minimal impact to customers. That is, until the attackers get smarter. And we even will be able to automate some of these mitigations.

As the internet evolves, so does every provider. Be assured, that we just won't take this without changes on our end.

chris_ie

Anyone else down at the minute?

Darwin

Yes, currently down for me. All status lights ok on router.

NotAnotherOrange

Yup down again...

Really becoming too much now. We already tried to cancel last time and no-one bothered calling back as the person you initially speak to tends to just take messages.

Surely not another DDOS!

chris_ie

Back in action here now. Quick turnaround.

Darwin

Good stuff. Still nothing here, hopefully won't be too long.

Genghis

Back here too, was apx 15 mins out so far as I noticed

jammiedodgers

https://twitter.com/airwire/status/1404526616173293568

Bummer1234

Eir went down last night for awhile so wasn't just Airwire.

https://downdetector.ie/status/eircom/