User comments on ISPs
  >> AAISP


Register (or login) on our website and you will not see this ad.


  Print Thread
Standard User ubernick
(newbie) Fri 06-Apr-18 14:07:57
Print Post

AAISP and DDoS


[link to this post]
 
I moved over to AAISP from Plusnet Business six months ago, paying a premium to do so. After letting the line settle and getting a good FTTC speed (around 65-70mb) I noticed the line starting to go down more and more frequently for a good ten minutes at a time, even in the early hours of the morning. It would happen for a couple of days then be fine for a few days, then start again.

Looking at my firewall at the time (a Watchguard XTM 22), it was getting significantly more traffic and attack attempts around the clock than on Plusnet, to the point where the device was struggling to keep up with it.

I brought this up with CS and they tiptoed around it and gave me a free Zyxel modem to replace my old BT Openreach-supplied one. That has somewhat helped as the line was more stable but I've had to go as far as to replace my firewall/router (something I was planning to do, so not the end of the world). I now have a fairly beefy box running OPNsense.

Its also became more apparent over time that AAISP are the target of DDoS attacks. Now, I appreciate they're part of the course for any ISP, but I'm concerned that either AAISP are the target of more than you're average ISP based on customer size, or they're just not that great at mitigating them. It looks like much of their network relies on their own Firebrick boxes, which could be a double-edge sword of being their own networking experts, or not having the resources to match other hardware manufacturers.

It seems to be a common occurrence now to be knocked offline for decent periods of time. When checking on my phone, most of the time the AAISP website is down, suggesting the whole network has been bumped offline. Most of the time I don't see anything on their status to acknowledge it, the most recent one being an exception.

Edited by ubernick (Fri 06-Apr-18 14:09:17)

Standard User hypertony
(experienced) Fri 06-Apr-18 15:42:50
Print Post

Re: AAISP and DDoS


[re: ubernick] [link to this post]
 
They do have an open ticket on their Status page about the DoS attacks.

https://aastatus.net/2512

- Tony Sutton
- Check out my Ford Focus ST170 site | View my Car's Dashcam Videos
Standard User ubernick
(newbie) Fri 06-Apr-18 15:51:25
Print Post

Re: AAISP and DDoS


[re: hypertony] [link to this post]
 
In reply to a post by hypertony:
They do have an open ticket on their Status page about the DoS attacks.

https://aastatus.net/2512


My issues/concerns preceded that ticket, and it only seems to be getting worse.


Register (or login) on our website and you will not see this ad.

Standard User Ixel
(committed) Fri 06-Apr-18 16:54:01
Print Post

Re: AAISP and DDoS


[re: ubernick] [link to this post]
 
I can't say I've been knocked off for hours with this recent DDoS attack they had over the course of a few days. I've had disruption for maybe 10-15 minutes at a time, a few times a day at most. This sounds odd, but as you mentioned in your post... you appeared to be getting significantly more traffic than usual which certainly wouldn't help matters if you were being targeted in relation to the DDoS attacks that were targeted at their network.

Being a smaller ISP may be a problem, but in my experience they've quickly dealt with each attack on their network. The fact they run their own in-house developed Firebrick's I feel is a positive asset. Often they have made emergency updates to the Firebrick's running on their side after some recent attacks.
Standard User Chrysalis
(legend) Tue 10-Apr-18 10:33:34
Print Post

Re: AAISP and DDoS


[re: ubernick] [link to this post]
 
I got no idea what the ddos attacks are that aaisp have had to deal with and what attacks other uk broadband isps get, I will say its extremely likely that large isps like sky and BT will have attacks targeted at their customers, with millions of customers its inevitable, however size of such attacks no idea.

To give you an idea how bad attacks can get, an IRC network I co-founded was suffering 30gbit/sec attacks 15 years ago. Fifteen years ago. That attacker was actually caught and jailed by the FBI.

A datacentre I was trialling use of in 2016, and they advertised DDOS protection so without a doubt a frequent target of attacks, but they of course said their knowledge meant they mitigate these attacks without customers noticing. So within 2 weeks I was getting lots of outages, and it was revealed they had attacks in excess of 400gbit/sec, which was something they never experienced before. Companies such as cloudflare were also hit with these massive attacks as well as other large entities, some info here.

https://blog.cloudflare.com/a-winter-of-400gbps-week...

A blogger also got kicked of akamai as he was targeted as well by the attackers and that attack was big enough to make akamai feel it. He moved to google hosting.

Point been that DDOS isnt something that stays static as a technology, its always evolving and as such difficult to mitigate. You can develop a solution which can be achieved via technical knowledge and/or spending money on massive capacity, only for it to unwind at a later date when a new strategy is formed.

Sky Fibre Pro BQM - IPv4 BQM - IPv6
Standard User Sandgrounder
(knowledge is power) Tue 10-Apr-18 11:25:00
Print Post

Re: AAISP and DDoS


[re: ubernick] [link to this post]
 
As a customer, I really don't care why the service has not been available 24/7.

All I will say at the moment is that Virgin Media are currently digging up our road to provide fibre to the premises in about a month, I understand.

I am thinking of giving it a try and terminating one of my BT wholesale connections. It will NOT be my Zen connection which goes.



Line One:- Zen Fibre 1 - DrayTek Vigor 2860ac
Line Two:- Andrews and Arnold - DrayTek Vigor 130 Modem
Standard User NJSS
(regular) Tue 10-Apr-18 11:59:10
Print Post

AAISP and DDoS


[re: ubernick] [link to this post]
 
I have just checked my statistics for the last 12 months.

For 3 months, April to June 2017 100% uptime - excellent.

July 2017 to date uptime has varied between 99.9934% in September 2017 down to 99.7081% in November 2017.

Outages are of course always annoying, but I appreciate AAISP's transparency & customer service. I shall be staying with them.

NJSS

ISP Representative andrewhearn
(isp) Wed 11-Apr-18 20:29:22
Print Post

Re: AAISP and DDoS


[re: ubernick] [link to this post]
 
Feel free to contact me direct - happy to explain some things over the phone etc.

Andrew Hearn
AAISP
aa.net.uk support@aa.net.uk 033 33 400 999
The above post has been made by an ISP REPRESENTATIVE (although not necessarily the ISP being discussed in the post).
  Print Thread

Jump to