ZyXEL router attack: HUNDREDS of Brit biz bods knocked offline
Chinese hackers have launched an internet attack which has hobbled the internet connections of at least 100 British businesses.
An unknown group or individual thought to be based in the People’s Republic used a SYN flood attack to attack the 600 and 660 models of router from Taiwanese firm ZyXEL.
Sources at ZyXEL and the ISP MDNX confirmed that the attack came from a Chinese IP address.
This denial-of-service attack involves sending a torrent of TCP connection requests from a series of spoofed source addresses. Receiving a large number of forged TCP requests – with the SYN flag in each packet set to request a new connection – causes the target system to grind to a halt as it waits for confirmations that will never arrive.
A source familiar with the matter told The Register that more than 100 businesses had phoned in to complain about failed internet connections.
“These [routers] are legacy models which are six years old and there are many, many of them out there in the wild. The attack is carrier agnostic and affects anyone using the router.”
Another source with detailed knowledge of the matter confirmed the attack and said users could save themselves by closing their router’s remote management port.
He said: “We know this attack came from China and used a number of public IP addresses. It seems to be completely random. We don’t know why the attacks are coming.”
One Twitter user tweeted this yesterday evening:
SYN Flood Attack confirmed against ZyXEL and Draytek routers causing power cycling, change management port and lock down access IPs.
— David Hodgson (@DKHodgson) January 13, 2014
The Register contacted ZyXEL for comment but have not yet received a response. We’ll update this article if we hear anything from the company.
Nobody knows why Chinese hackers chose to launch this attack or even whether they are genuinely based in the country. Do you know any more about this SYN flood assault or have you been affected? Get in touch (click my name at the top of this story for contact details) and let us know. ®