Outage: General DDoS on edpnet services

Dear customers,

We are currently experiencing an distributed denial of service attack (DDoS) on all of our services. This may cause you to experience problems with all of our services.  Our Network Operations team is investigating this outage.  Further updates will be released as soon as possible.

Please find all details below:

Start*: 15-09-2021 16:15
End*: 19-09-2021 22:24
Duration: //
Impacted services: All services are impacted
Affected Areas**: All areas

EDIT 16:44*: As soon as we identified the issue, we have started routing our data through a scrubbing service (which tries to identify harmful sources & data and removes it).

EDIT 17:19*: The situation seems to be improving as we identify more and more attack vectors and sources. It seems like for most impacted customers, the situation has improved markedly since approximately ~17h.

EDIT 16/09/2021 10:12*: During the night we had two more attacks. We are working with the authorities, who have confirmed they are looking into it and are doing everything in their power to find the responsible individuals. We were contacted by an individual who verified he was behind the attacks, asking for a ransom.

EDIT 13:18*: We are being DDoS’ed again. We are doing what we can to mitigate the issues.

EDIT 15:41*: The attacks are still on-going. To give you a perspective of what we are dealing with, this is what our filtering service has been able to filter out so far:

EDIT 16:39*: We are monitoring the situation closely, and are discussing the situation both with our anti-DDoS provider and Belgian official instances. We hope to improve the situation as soon as possible and will keep you in the loop of our progress.

EDIT 17/9 15:47*: The attacks have started again. All of our uplinks are entirely congested. We are trying to mitigate the DDoS once more.

EDIT 18/09 12:41*: Yesterday evening and past night we were hit with multiple attacks.  Currently no attacks since 03:00. We still expect more attacks to come.  We are monitoring 24/7.  And we will communicate accordingly.  We try to answer questions or comments on social media as good as we can.

EDIT 20/09 9:48: There were some attacks on Sunday afternoon. No new attacks since then. We keep monitoring and do our best to minimize impact in case of new spikes.

We apologize for the inconveniences.

Best regards
The edpnet team

*All times are listed in CET, Central European Time
** Check the different areas & zones on our support site


Info: Phishing mails “MAIL QUOTA EXCEEDED”

Dear customers,

We would like to inform you about a new phishing wave that is aimed at both customers and non-customers.

Customers receive emails pretending to come from a mailserver / support center, etc. The message tells you that your mail storage quota has been exceeded and incoming mails have been placed on hold until you click on a link.

Here is an example:

This is a blackmail spam and opening the link may cause a leak of your logins.

Please do not reply to those emails and do not open any files or click on any links. For more information, please, consider reading through our support article on this subject

https://www.edpnet.be/en/support/troubleshooting/internet/learn-about-security/phishing.html

If you have any questions left, please do not hesitate to contact us.

Best regards
The edpnet team


Outage: edpnet office numbers unreachable : SOLVED

Dear customers,

We have experienced an outage with our reachability by phone.  We were unable to receive or make any calls with our office numbers. Our Network Operations team has investigated and resolved the outage.

Please find all details below:

Start*: 22-03-2021 08:08
End*: 22-03-2021 09:40
Duration: 1 hour 32 minutes
Impacted services: edpnet support reachability
Affected Areas**: edpnet office

 

We apologize for the inconveniences.

Best regards
The edpnet team

*All times are listed in CET, Central European Time
** Check the different areas & zones on our support site


Info: Report on the recent wave of attacks on FRITZ!Box modems

Dear customers,

Several media across Europe reported an increased number of unsuccessful access attempts to FRITZ!Box modems. Edpnet has taken the necessary measures to avoid possible attempts and mitigate the risk for our customers.

The access attempts are usually automated and originate from unknown remote sites on the internet, using common user names and passwords, and are known as brute-force attacks.

The recent wave of attacks was originated from the IP address 185.232.52.55 which, according to AbuseIPDB, has been involved in multiple abusive activities for quite a while now. Our NOC team denied all traffic from this IP address to our network, which will make further attacks impossible.

Generally these attacks are not something to worry about, as hackers rely on password stuffing (a systematic attempt at guessing all possible combinations in a particular character space), which, as long as the device is protected by a strong and unique password, does not appear to carry any significant risk for users.

FRITZ!Box has its own built-in brute-force protection system which notably reduces the risk of a successful intrusion. Those FRITZ!Box devices over which we have a remote control via the protocol TR-069 are also secure: we use automatically generated users and passwords which are virtually impossible to guess. Apart from that, our team is on standby 24/7 to blackhole the IP addresses which are engaged in abusive activities should a new massive attack happens.

The situation has also been acknowledged by AVM, the manufacturer of FRITZ! products. To make it more difficult for unauthorized persons to access your FRITZ!Box and to minimize the number of weak points for potential attacks, check out the following safety instructions: https://en.avm.de/service/fritzbox/fritzbox-7360/knowledge-base/publication/show/3299_FRITZ-Box-reports-Login-by-user-failed/

If you have any questions left, please do not hesitate to contact us.

Best regards
The edpnet team


Emergency maintenance on 02/02/2021 – impacted services: All internet services : CLOSED

Dear customers,

Edpnet has planned an emergency maintenance on the Amsterdam router.

The passing traffic will be rerouted, but customers may notice higher latency and speed issues.

Please find all details below:

Start*: 02-02-2021 16:00
End*: 02-02-2021 17:00
Duration: up to 30 minutes
Impacted services: all internet services
Affected Areas**: all areas

 

We apologize for the inconveniences.

Best regards
The edpnet team

* All times are listed in CET, Central European Time
** Check the different areas & zones on our support site


Info: Report on the recent DDoS issue

Dear customers,

Starting from Friday edpnet was subject to major Denial of Service attacks (DDoS). An overview of the attacks and the time frames can be found below:

  • Friday 28/08/2020, 18:00 – 19:00
  • Sunday 30/08/2020, 20:30 – 20:45
  • Sunday 30/08/2020, 22:20 – 00:55
  • Monday 31/08/2020, 04:05 – 05:05
  • Monday 31/08/2020, 11:15 – 18:45

In the past edpnet was always capable of mitigating these attacks ourselves by blocking these at the edge of our network. It looks like we were lucky in the past, and our luck ran out.

The attacks were this time directed towards our core networking equipment, primary and backup, and the traffic reached 200 Gbps, way too much for us to handle ourselves, causing DNS issues, and slow internet connections towards multiple destinations. Therefore we decided to contact a party (NBIP-NaWas) specialized in resolving these attacks, and setup a connection with them. This connection was up and running by midnight, and they mitigated 5 more attacks (three of 100 Gbps, two of 200 Gbps) without impact for our customers, proving it works. Two examples of such attacks can be found below:

This setup is permanent, and this way we can minimize these kind of attacks much quicker, reducing the impact to a bare minimum.

You can read some background information online:

https://datanews.knack.be/ict/nieuws/ddos-aanval-treft-edpnet/article-news-1635675.html

https://datanews.levif.be/ict/actualite/une-attaque-ddos-touche-edpnet/article-news-1326101.html

https://tweakers.net/nieuws/171594/belgische-provider-edpnet-heeft-al-vier-dagen-te-maken-met-ddos-aanvallen.html

We sincerely apologize for any inconveniences caused.

Customer-friendly regards
The edpnet team

P.S. Today 04/09 we can confirm there were no new attacks in the last 48 hours.


Outage : Problem with internet services – DDoS attacks on 28/08-31/08/20 : SOLVED

Dear customers,

We have experienced an outage with internet services (traffic drops) due to several DDoS attacks*** on our network. The attacks occurred at different hours and were causing intermittent connection, speed issues and packet loss. The heaviest one took place on Monday 31/08 and lasted from 11h15 until 18h45. Outside of those hours, everything was normal. Our Network Operations team has found and applied (on 01/09 at 1h29) a permanent solution to prevent and immediately mitigate such attacks in the future.

Please find all details below:

Start*: 2020-08-28 18:00*
End*: 2020-09-01 01:29*
Duration: 1) 2020-08-28 18:00 – 2020-08-28 19:00

2) 2020-08-30 20:30 – 2020-08-30 20:45

3) 2020-08-30 22:20 – 2020-08-31 00:55

4) 2020-08-31 04:05 – 2020-08-31 05:05

5) 2020-08-31 11:15 – 2020-08-31 18:45

Impacted services: all internet services
Affected Areas**: all areas

EDIT 12:30*: We have been under attack again since approximately 11:15. Access to our issues blog was limited so we were unable to keep you updated. Our apologies. We are doing our best to mitigate and solve the problem.

EDIT 2: 15h12*: Seems that the last attack is still ongoing.  We are working hard to try to minimize the impact. Rebooting your modem/router to receive new DNS servers can help (but not guaranteed).  In general surfing should be possible, only certain destinations will be difficult to reach.  We keep you posted.

EDIT 3: 20h25*: The last attack finished at 18:45. We did our best to mitigate what was possible but the overload was extensive. Edpnet DNS servers are currently available again. We are working very hard with an external party towards providing a permanent solution to minimize the impact of any further attacks.

We apologize for the inconveniences.

Best regards
The edpnet team

*All times are listed in CET, Central European Time
** Check the different areas & zones on our support site

*** DDoS (Distributed-Denial-of-Service- attack) is kind of a cyber-attack, when malicous users seek to make a machine or network resource unavailable by flooding the provider or target with superfluous requests, which results in systems overload and connectivity issues


Outage : Problem with internet services – SOLVED

Dear customers,

We are currently experiencing an outage with internet services (traffic drops). Our Network Operations team is investigating the outage.

Further details on the affected areas and an estimated duration will be released as soon as possible.

EDIT 19:40*: Our DNS-servers were the target of a concerted DDOS-attack for approximately one hour (18:00 – 19:00), involving large amounts of traffic and major network saturation. At this time the attack has cleared up and we are investigating further.

EDIT 30/8 20:35*: It seems like we’re being attacked again since a few minutes. Our Network Operations team is investigating. More updates will follow soon.

EDIT 20:45*: The attack was mitigated after some actions from our Network Operations team. It was smaller than last time, but still very much able to knock out our DNS-servers. We’re working to restore all services.

EDIT: 21:15*: All services are restored.

EDIT: 31/8 5h05 We experienced other waves of DDoS attacks between 30/8 22h20 and 31/08 05h05. For the moment, the attacks are fully mitigated.

We apologize for the inconveniences.

Best regards
The edpnet team


Outage: Internet services down : SOLVED

UPDATE 14h15: all links have been restored. The problem is completely resolved. Further details about this major incident will be shared later this week.

UPDATE 13h05: main path is restored , the peerings are being re-enabled , the traffic flow should get back to normal very soon.

Dear customers,

We are currently experiencing a fiber cut within our network. Internet and telephony services are unavailable for our customers in the Netherlands. Our Network Operations team is investigating the outage.

Further details  and an estimated duration will be released as soon as possible.

We apologize for the inconveniences.

Best regards
The edpnet team


Info: Phishing mails from edpnet domain

Dear customers,

We would like to inform you about a new wave of phishing mails pretending to come from @edpnet.be domain, aimed at both customers and non-customers.

The message may contain different subjects and asks you to give personal information, pay money or follow a link.

Please do not reply to those emails and do not open any files or click on any links. For more information, please, consider reading through our support article on this subject

https://www.edpnet.be/en/support/troubleshooting/internet/learn-about-security/phishing.html

If you have any questions left, please do not hesitate to contact us.

Best regards
The edpnet team