Homepage tabWindows tabGames tabDrivers tabMac tabLinux tabScripts buttonMobile tabHandheld tabGadgets tabNews tab


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home / News / Security / Incidents

Incidents

Possible DNS Hack at Ireland's Largest ISP [UPDATED]

Legit links redirected to ad-sponsored search engines

By Lucian Constantin, Web News Editor

15th of July 2009, 14:51 GMT

Adjust text size:


Eircom DNS servers redirect users to advertising pages instead of legit websites
Enlarge picture
Customers of Eircom, the largest Internet service provider in Ireland, experienced serious DNS slowdowns and weirdness over the weekend. Users from different parts of the country reported that trying to open legit URLs in browsers redirected them to advertising pages.

Some of them suggested on forums that there were two separate incidents related to Eircom's DNSs. The first reports appeared around July 1st, when multiple customers complained about significant DNS slowdowns and timeouts.

"I'm having terrible issues this evening performing DNS lookups. Takes about 10 to 20 seconds to do the lookup but once done the page loads in normal time," wrote a user on boards.ie, a popular Irish community boards website. "Same problem here in Mayo and it won't let me log onto my ps3," another one confirmed several minutes later.

Advertising search engine displayed instead of Twitter to Eircom subscribers (censored)
Enlarge picture
The unresponsiveness of Eircom DNS servers seemed to still be an issue at the time of writing this article. However, over the weekend, users started experiencing other DNS-related problems as well. Legit URLs like facebook.com or twitter.com began displaying advertising pages instead of the popular social networking websites.

"Anyone else getting this when going on to rte [Ireland's national television website] via eircom BB [broadband]?," a user asked on July 3rd, while posting a screenshot of a search engine accompanied by the picture of a scantly dressed woman. "Ye Seems their DNS was hacked again.. Apparently it hapened recently with eBay.ie same picture and everything," he later added.

Rik Ferguson, solutions architect at antivirus vendor Trend Micro, also reported about the issues. "So far there are very few details on the nature of the problem over at Eircom, but it is certainly clear that many Eircom subscribers are being redirected to bogus websites and rumours abound that Eircom’s DNS has been compromised," the researcher wrote on his blog. He suggests that affected users switch to using OpenDNS.

Advertising search engine displayed instead of Facebook to Eircom subscribers
Enlarge picture
OpenDNS is a free DNS service used by millions of home users as well as organizations worldwide. In addition to increased stability, reliability and very fast response times, the service offers features such as parental control, phishing protection, URL typo correction, personal URL shortcuts and many more.

Fortunately, this attack, if it indeed is an attack, does not seem to be malicious in nature and at best is focused around generating income. Nevertheless, it is rather invasive and annoying for the affected parties, preventing them from accessing legit resources over the Internet.

Back in August 2008, we reported a similar incident affecting customers of a large Chinese ISP, China Netcom (CNC). At the time, hackers poisoned the DNS server with a fake entry that directed users trying to access an inexistent domain to a page loading exploits. The ISP normally loaded an advertising page for such mistyped or bogus URLs.

That attack was a lot more subtle than the problems Eircom is having right now, because the hackers wanted to go undetected for as long as possible. However, this is not applicable for an income-generating scheme, whose success is directly tied to the traffic on the rogue page.

Update: Eircom has released an official announcement confirming the DNS problems. "Customers may have recently experienced delays in web browsing and may have been unable to access the Internet. In some cases, customers may have been redirected to incorrect websites," it reads.
 
As far as details go, they remain scarce, the ISP only noting that, "This issue has been caused by an unusual and irregular volume of internet traffic being directed onto our network, and this impacted the systems and servers that provide access to the Internet for our customers." It is yet unclear if this refers to a distributed denial of service (DDoS) attack, or something else.

The company stressed that it "is working continuously to minimise the impact for customers and has taken a number of steps, including software updates and hardware interventions, to fully restore internet service."

Update 2: Eircom subscribers reported a new wave of service problems on July 14. The company has released a new official statement, confirming the problems. "Last night eircom.net customers experienced significant congestion while browsing the web," the ISP announces.
 
A new denial of service attack is again named as a possible source for the recent troubles. "While it is too early to confirm, eircom believes that it is related to an unprecedented volume of traffic deliberately directed at our network which has caused difficulties for customers over recent days," the company says.

Clearly, the issue must be pretty serious for it to last so long. Eircom notes that it "has been in contact with other operators in the Irish market to collaborate and pool technical expertise in this area."

Correction: The article was modified to reflect that the second statement quoted in the fifth paragraph belongs to the same person as the first. A reported spelling error has also been corrected in the 9th paragraph.

TAGS:

 Eircom | DNS hijacking | DNS poisoning | URL redirection | domain name system
Read by 8,046 user(s) | Add comment | Link to this article TWEET THIS


Article rating:
Excellent (5.0/5) 3 vote(s)    

Subscribe to news | Print article | Send to friend

© Copyright 2001-2009 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


DNS Poisoning Attack Against Major Brazilian ISP

Denial of Service Attack Affects Global DNS Service

DNS Poisoning Malware Gets Upgrade

OpenDNS to Fight Conficker

ISP Hosting Rogue DNS Servers Shut Down

DNS Changing Malware Employs New Technique

DNS Servers Still in Danger

China Netcom Subject to DNS Cache Poisoning Attack

User opinions:


Comment #1 by: Louis on 07 Jul 2009, 09:08 GMT reply to this comment

Thanks for that article. For a moment I thought on Sunday that I had picked up some kind of malware and was kicking myself for being so stoopid. Didn't have the poisoned DNS last night, but Monday 6/7/09 was DNS unavailable night for Eircom. Connectivity was patchy , at best, no existant most of the time. No "official" announcement from the great ISP regarding same, and I ws inundated with calls from colleagues as to what I could do to help. Wholly ridiculous. Will be using openDNS from now on. Keep up the good work Lucian


Comment #2 by: louis on 07 Jul 2009, 12:39 GMT reply to this comment

Lucian, Hmm, co-incidence or maybe timing. Magnet this morning lost their SMTP server but DNS was okey dokey. Their entire network , including VOIP was in a bit of a state, but all fixed now, so far. I wonder who is next on the list, NTL, BT, Perlico ?
I see that Eircom have "officially" stated that there is a problem or WAS. Thanks Big E, WE KNOW THAT , TELL US SOMETHING WE DON'T , or better still proact instead of react. rant over. ttfn


Comment #3 by: Observant on 07 Jul 2009, 13:48 GMT reply to this comment

Whoever wrote the article doesn't seem to realise they are quoting the same poster in the 5th paragraph...

Comment #3.1 by: Lucian Constantin on 07 Jul 2009, 14:34 GMT

Thank you for reading our article and pointing out this error. I have corrected it and attributed the statement to the same user.


Comment #4 by: John on 08 Jul 2009, 01:12 GMT reply to this comment

Their email services are still lagging. My mail is at least 4 hours behind!


Comment #5 by: Emberglow on 13 Jul 2009, 21:13 GMT reply to this comment

Eircom DNS unavailable again at about 17:30 today - exactly seven days after it last went missing. Luckily, I've checked out OpenDNS since last Monday and was able to get up and running within a minute. Eircom tech support is crap, they wouldn't even admit that they had a DNS problem last week, suggesting that I had a virus or firewall problem on MY end when the problem was at their end.


Comment #6 by: Wag on 13 Jul 2009, 22:57 GMT reply to this comment

This problem is still ongoing 13/07/2009 at 20:00


Comment #7 by: Iain on 14 Jul 2009, 12:41 GMT reply to this comment

Opendns ot me back to normal in seconds. I had not heard of it before but am pretty impressed at the fact that their service is one of allowing you to block categories of websites that you want to prevent access to and that they have a system that helps prevent phishing. Never mind the fact that it seems to resolve urls faster. (and it is free).With this in place and the fact that Eircom email did not suit me Eircom is now really only providing me with a pretty expensive connection to the Internet. Time I think to explore what other providers have to offer. Its all my own fault I'm just like most others, I pay too much,put up with too much instead of moving on more quickly.


Comment #8 by: Rory on 14 Jul 2009, 15:10 GMT reply to this comment

My father rang eircom complaining about this this morning and was told that it was the result of hacking their network. Still not sure if they are officially admiting it but that's what he was told by their support line.


Comment #9 by: jb on 15 Jul 2009, 19:12 GMT reply to this comment

Surely, you meant "affecting customers of a large Chinese ISP" rather than "costumers"?

Unless said ISP has taken to having its staff going around dressed in costumes, of course.

Comment #9.1 by: Lucian Constantin on 16 Jul 2009, 07:14 GMT

Thank you for pointing out that error to us. I have corrected the article.


Comment #10 by: PK on 06 Sep 2009, 23:43 GMT reply to this comment

It is 4. September 2009 00:40 and Eircom DNS servers are again under siege. Switching to BT DNS servers solved the problem.


Comment #11 by: Lucian Constantin on 07 Sep 2009, 12:16 GMT reply to this comment

Hello,

Thank you for notifying us about the new issues. These appear to have been caused by a hardware failure and a technical issue at one of eircom's uplink providers.

The company has released an official statement, which can be accessed at: http://eircom.ie/cgi-bin/bvsm/bveircom/bladerunner/displayNews.jsp?BV_SessionID=@@@@0734501384.1252313663@@@@&BV_EngineID=ccciadeifflmjdgcefeceiedffndffj.0&site=Res&chanId=0&newsItemId=eircom.net Service Outage

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 




Windows tabGames tabDrivers tabMac tabLinux tabScripts tabMobile tabHandheld tabGadgets tabNews tab

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2009 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive