AAISP and DDoS

I moved over to AAISP from Plusnet Business six months ago, paying a premium to do so. After letting the line settle and getting a good FTTC speed (around 65-70mb) I noticed the line starting to go down more and more frequently for a good ten minutes at a time, even in the early hours of the morning. It would happen for a couple of days then be fine for a few days, then start again.

Looking at my firewall at the time (a Watchguard XTM 22), it was getting significantly more traffic and attack attempts around the clock than on Plusnet, to the point where the device was struggling to keep up with it.

I brought this up with CS and they tiptoed around it and gave me a free Zyxel modem to replace my old BT Openreach-supplied one. That has somewhat helped as the line was more stable but I've had to go as far as to replace my firewall/router (something I was planning to do, so not the end of the world). I now have a fairly beefy box running OPNsense.

Its also became more apparent over time that AAISP are the target of DDoS attacks. Now, I appreciate they're part of the course for any ISP, but I'm concerned that either AAISP are the target of more than you're average ISP based on customer size, or they're just not that great at mitigating them. It looks like much of their network relies on their own Firebrick boxes, which could be a double-edge sword of being their own networking experts, or not having the resources to match other hardware manufacturers.

It seems to be a common occurrence now to be knocked offline for decent periods of time. When checking on my phone, most of the time the AAISP website is down, suggesting the whole network has been bumped offline. Most of the time I don't see anything on their status to acknowledge it, the most recent one being an exception.

Edited by ubernick (Fri 06-Apr-18 14:09:17)

They do have an open ticket on their Status page about the DoS attacks.

https://aastatus.net/2512

In reply to a post by hypertony:

They do have an open ticket on their Status page about the DoS attacks.

https://aastatus.net/2512

My issues/concerns preceded that ticket, and it only seems to be getting worse.

I can't say I've been knocked off for hours with this recent DDoS attack they had over the course of a few days. I've had disruption for maybe 10-15 minutes at a time, a few times a day at most. This sounds odd, but as you mentioned in your post... you appeared to be getting significantly more traffic than usual which certainly wouldn't help matters if you were being targeted in relation to the DDoS attacks that were targeted at their network.

Being a smaller ISP may be a problem, but in my experience they've quickly dealt with each attack on their network. The fact they run their own in-house developed Firebrick's I feel is a positive asset. Often they have made emergency updates to the Firebrick's running on their side after some recent attacks.

I got no idea what the ddos attacks are that aaisp have had to deal with and what attacks other uk broadband isps get, I will say its extremely likely that large isps like sky and BT will have attacks targeted at their customers, with millions of customers its inevitable, however size of such attacks no idea.

To give you an idea how bad attacks can get, an IRC network I co-founded was suffering 30gbit/sec attacks 15 years ago. Fifteen years ago. That attacker was actually caught and jailed by the FBI.

A datacentre I was trialling use of in 2016, and they advertised DDOS protection so without a doubt a frequent target of attacks, but they of course said their knowledge meant they mitigate these attacks without customers noticing. So within 2 weeks I was getting lots of outages, and it was revealed they had attacks in excess of 400gbit/sec, which was something they never experienced before. Companies such as cloudflare were also hit with these massive attacks as well as other large entities, some info here.

https://blog.cloudflare.com/a-winter-of-400gbps-week...

A blogger also got kicked of akamai as he was targeted as well by the attackers and that attack was big enough to make akamai feel it. He moved to google hosting.

Point been that DDOS isnt something that stays static as a technology, its always evolving and as such difficult to mitigate. You can develop a solution which can be achieved via technical knowledge and/or spending money on massive capacity, only for it to unwind at a later date when a new strategy is formed.

As a customer, I really don't care why the service has not been available 24/7.

All I will say at the moment is that Virgin Media are currently digging up our road to provide fibre to the premises in about a month, I understand.

I am thinking of giving it a try and terminating one of my BT wholesale connections. It will NOT be my Zen connection which goes.

I have just checked my statistics for the last 12 months.

For 3 months, April to June 2017 100% uptime - excellent.

July 2017 to date uptime has varied between 99.9934% in September 2017 down to 99.7081% in November 2017.

Outages are of course always annoying, but I appreciate AAISP's transparency & customer service. I shall be staying with them.

NJSS

Feel free to contact me direct - happy to explain some things over the phone etc.