Feeds

ZyXEL router attack: HUNDREDS of Brit biz bods knocked offline

SYN flood from 'Chinese' hackers wreaks havoc

Secure remote control for conventional and virtual desktops

Updated Hackers have launched an internet attack which has hobbled the internet connections of at least 100 British businesses.

An unknown group or individual thought to be based in the People's Republic used a SYN flood attack to attack the 600 and 660 models of router from Taiwanese firm ZyXEL.

Sources at ZyXEL and the ISP MDNX confirmed that the attack came from a Chinese IP address.

This denial-of-service attack involves sending a torrent of TCP connection requests from a series of spoofed source addresses. Receiving a large number of forged TCP requests – with the SYN flag in each packet set to request a new connection – causes the target system to grind to a halt as it waits for confirmations that will never arrive.

A source familiar with the matter told The Register that more than 100 businesses had phoned in to complain about failed internet connections.

"These [routers] are legacy models which are six years old and there are many, many of them out there in the wild. The attack is carrier agnostic and affects anyone using the router.”

Another source with detailed knowledge of the matter confirmed the attack and said users could save themselves by closing their router's remote management port.

He said: "We know this attack came from China and used a number of public IP addresses. It seems to be completely random. We don't know why the attacks are coming."

One Twitter user tweeted this yesterday evening:

The Register contacted ZyXEL for comment but have not yet received a response. We'll update this article if we hear anything from the company.

Nobody knows why Chinese hackers chose to launch this attack or even whether they are genuinely based in the country. Do you know any more about this SYN flood assault or have you been affected? Get in touch (click my name at the top of this story for contact details) and let us know. ®

Updated to Add

We should note that the sources we contacted for this story specified only ZyXEL routers as being affected. The only mention of Draytek equipment that we know of in this context came from the Tweet quoted above, which we note has now been withdrawn. Draytek have since contacted us to say that they are unaware of any problem connected with this attack affecting their routers. A Draytek spokesperson added:

We are a completely separate company from ZyXEL, nor do we share any software/hardware platforms.

ZyXEL have also now been in touch to say:

"We're aware of the SYN attack that has been affecting the P66X router models and have been working to resolve any resulting issues.

"Only customers who have remote management open on the routers are affected ... We are informing customers of the steps they need to take in order to address the issue and will be keeping them updated if any further action is required."

Security for virtualized datacentres

More from The Register

next story
Drag queens: Oh, don't be so bitchy, Facebook! Let us use our stage names
Handbags at dawn over free content ad network's ID policy
Blockbuster book lays out the first 20 years of the Smartphone Wars
Symbian's David Wood bares all. Not for the faint hearted
'Serious flaws in the Vertigan report' says broadband boffin
Report 'fails reality test' , is 'simply wrong' and offers ''convenient' justification for FTTN says Rod Tucker
This flashlight app requires: Your contacts list, identity, access to your camera...
Who us, dodgy? Vast majority of mobile apps fail privacy test
Apple Watch will CONQUER smartwatch world – analysts
After Applelocalypse, other wristputers will get stuck in
Shades of Mannesmann: Vodafone should buy T-Mobile US
Biting the bullet would let Blighty-based biz flip the bird at AT&T
Net neutrality fans' joy as '2.3 million email' flood hits US Congress
FCC invites opinions in CSV format, after Slowdown day 'success'
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.