Optus customers hit by China DDoS attack

Customers of Optus and its partner internet service providers experienced international traffic issues yesterday as a result of a distributed denial of service attack (DDoS) sourced from China and aimed at a large, unnamed Optus customer.

Customers in contact with iTnews.com.au confirmed the company experienced problems with international traffic from 12:30pm yesterday until 4pm.

Uecomm, a corporate ISP owned by Optus, told its Australian customers yesterday that the attack was sourced from China and was targeted at a single Australian customer on the Optus network.

At 3:55pm yesterday, Uecomm sent an SMS to network administrators with the following message:

"Update: Internet outage has been resolved. It was caused due to DDoS attack originating from China. Extended network and upstream provider have filtered traffic to restore traffic flow."

iTnews has since contacted Uecomm's technical support team and was told that this information came directly from SingTel Optus, Uecomm's upstream peer, during a conference call between Uecomm's Tier 3 network engineers and Optus network engineers yesterday afternoon.

Late last night, Optus released a statement confirming that while the network congestion was caused by a DDoS attack, it could not pinpoint the source of the attack.

But at 12:30pm today [Thursday April 15] Optus confirmed that the attack "originated in China". The carrier was unwilling to reveal the name of the customer targeted.

TIMELINE - THE DDOS ATTACK

WEDNESDAY APRIL 14, 2010 (all times in 24-hour clock)

1230 - Customers first report problems on international links from SingTel/Optus.

1300 - Uecomm tells customers that it has received notice of network issues and was working to resolve it. The ISP keeps customers abreast of the situation with regular SMS messages every 30 minutes.

1310 - Optus says the attack began at 1310, contrary to customer reports.

1525 - Optus says it resolved the problem.

1555 - Uecomm tells customers that the outage is resolved and attributes the problem to a DDoS attack originating from China.

"Update: Internet outage has been resolved. It was caused due to DDOS attack originating from China. Extended network and upstream provider have filtered traffic to restore traffic flow."

1710 - Uecomm reveals more on the attack in a further SMS to customers.

"At 1310 AEST international data services routing to the US via Sing Tel experienced congestion due to a DOS attack to a customer in Australia.  This resulted in customers experiencing slow throughput to some US internet sites. At 1525 EAST the Dos attack was mitigated, resolving the throughput issues. Congestion was experienced on one of the two peering links to the US via SingTel affecting some destinations to the US for corporate customers."