Global DNS and NTP amplification attacks

Dear customer

Recently there seems to be a significant increase of cyber-incidents. According to Cert, the federal cyber emergency team, the number of cyber-incidents in Belgium doubled in 2013 (https://www.cert.be/docs/number-cyber-incidents-belgium-doubled-2013).

More often cyber criminals use so-called amplification attacks that specifically abuse NTP (Network Time Protocol) and DNS (Domain Name Systems) servers: http://www.us-cert.gov/ncas/alerts/TA14-017A (for Belgium: https://www.cert.be/docs/dns-amplification-attacks-and-open-dns-resolvers). Cyber criminals search for vulnerable devices in a network which are used to initiate such attacks. We can confirm that we see a huge increase of such attacks on our network as well.

Edpnet has always been a provider reluctant to block ports on its network. But because of the increase of these attacks, we are now forced to start blocking certain protocols in order to protect the quality of our network, the internet and your surfing experience as a customer.

Therefore ports 53 (DNS) and 123 (NTP) will be blocked as from today. If you are using a fixed IP-address and you would like these ports to remain open, please contact us. We are able to make exceptions for fixed IP customers.

Do not hesitate to contact us on following number 03 265 67 00 if you should have questions left.

Customer-friendly regards
The edpnet helpdesk team


21 February 2014 – Aanbevolen FRITZ!Box firmware upgrade

Recent heeft de fabrikant van de FRITZ!Box modems, AVM, een firmware update uitgebracht naar aanleiding van gerapporteerde aanvallen van hackers op dit type toestel. Hackers zouden op die manier via uw nummer kunnen bellen. Zowel in Duitsland, het thuisland van AVM, als in Nederland, waar oa de ISP XS4ALL ook de FRITZ!Box modems aanbiedt, waren er problemen gemeld.

Ondertussen communiceerde AVM dat ze samenwerken met opsporingsautoriteiten om de daders te achterhalen. Met nieuwe firmware moeten verdere aanvallen voorkomen worden. De getraceerde aanvallen betroffen alle modellen, en intussen heeft AVM een upgrade voorzien voor meer dan 40 modellen die ze verdelen (http://www.avm.de/en/Sicherheit/update_list.html).

Uiteraard moet edpnet ook u als FRITZ!Box gebruiker beschermen. Wij hebben intussen zelf ook meldingen van klanten met een FRITZ!Box modem die verdachte activiteiten hebben opgemerkt. Daarom raden wij u ten stelligste aan om zo snel als mogelijk deze upgrade uit te voeren.

Hoe u de firmware upgrade op uw modem opstart, wordt u hier heel eenvoudig uitgelegd (in het Engels): http://www.avm.de/de/Service/FRITZ_Clips/start_clip.php?clip=fritz_clip_firmware_update_en


21 February 2014 – Recommended FRITZ!Box firmware upgrade

Recently the German manufacturer AVM released a firmware upgrade for their FRITZ!Box modems because of reported hacking attempts on this type of modems. Hackers could break into the modem and call via the customer’s VoIP number. AVM confirmed reported cases in Germany and in The Netherlands.

Meanwhile AVM communicated that they collaborate closely with the authorities to catch the hackers. A new firmware upgrade should do the trick to block future hacking attempts. The reported cases concerned all models and AVM provided an upgrade for over more than 40 distributed models (http://www.avm.de/en/Sicherheit/update_list.html).

Edpnet needs to protect her FRITZ!Box users as well. We can confirm that we received some complaints of customers who noticed something ‘abnormal’. Therefor we insist on executing the firmware upgrade as soon as possible. All FRITZ!BOX users will receive a ticket with the necessary instructions.

If you do not want to wait for this ticket, please find an online explanation how to start up this firmware upgrade via http://www.avm.de/de/Service/FRITZ_Clips/start_clip.php?clip=fritz_clip_firmware_update_en