Aftershocks of undersea cable outage hit UK ISPs
DDoS attack theory debunked
A damaged undersea transatlantic cable led to the failure of other Internet systems which resulted in serious problems for many UK Net users this week.
Damage to a cable somewhere off the French coast at around 4pm on Tuesday afternoon caused havoc for Net and phone users in the UK.
BT has confirmed that some of its voice services were hit by the outage, while NTL blamed the cable problem for downing its Net service - including web browsing, email, FTP and newsgroups - for around eight hours until around 1am on Wednesday morning.
An NTL spokeswoman told The Register that because of knock-on effects users still experienced problems when traffic was re-routed (see NTL status page here).
Put under extra pressure, NTL's DNS servers failed, she said. That meant users were unable to log onto Web sites using their host name, even though the sites were reachable to users who knew their IP address. Email and other services were hosed for the same reason.
NTL's users were the worst affected,but we understand blueyonder, BT, Freeserve, Pipex and Nildram users all experienced problems to a lesser or greater extent. Telewest, which continues to investigate the problem, has confirmed its blueyonder subscribers also experienced difficulties accessing email and personal webspace for around four hours on Tuesday night.
A Telewest representative commented: "While the problems were ongoing we saw a massive increase in DNS look-ups for Zone Alarm, which seemed to be a side effect of the cable damage and some networks being down."
Behaviour like this has led to a theory that Zone Alarms was been attacked in a DDoS attack routed through insecure UK ISP networks.
But this theory fails to stack up, according to Neil Barrett, technical director at security consultancy Information Risk Management (IRM), and an expert on computer forensics,.
"Name server lookups were slow but in other aspects the Internet was performing normally. This just didn't have the look and feel of a DDoS attack," he said. ®