Nobody’s Favorite
Chinese Take-Out

Grand Avenue Broadband is currently being subjected to a Denial of Service attack originating in China. This is visible to subscribers as intermittent service, interrupted Netflix movies, dropped VoIP phone connections, and generally poor availability.

Over the past week or so, our Wickenburg gateway router has been hammered with hundreds of incoming probes per minute from Chinanet, courtesy of malicious hackers seeking to exploit some weakness in our network that would interrupt our service. During some periods, our gateway router has been able to stay up for as little as two minutes before crashing again. Although it takes only 10 to 15 seconds to reboot into service, this adds up to a lot of interruption. Complicating matters is that the resulting crashes do not produce dump files (a record of what triggered the crash), making it much harder to defend against whatever it is.

enial of service Log

This is just two minutes worth of today’s log. You can see Chinanet back hammering at our router immediately as it is recovering from a crash, even before it has had a chance to set the current date and time. (Click to expand.)

We’ve responded proactively by analyzing and tightening our firewalls, upgrading to the very latest manufacturer firmware, and have resorted blocking all incoming requests from the entire Chinanet network, consisting of nearly 400 IP ranges—at least that we know of.

As of this blog post, it looks like we may have gotten the situation at least temporarily a litle more under control. If it continues on through the weekend, we will be contacting a national-caliber MikroTik consultant Monday to investigate and help us harden our network against these incursions.

We apologize for the interruptions you have had to put up with over the past week. We are continuing to work hard to make sure this situation is resolved decisively.

2 thoughts on “Nobody’s Favorite
Chinese Take-Out

Leave a Reply

Your email address will not be published. Required fields are marked *