back to article Day 2: UK research network Janet still being slapped by DDoS attack

Members of UK's academic community from freshers to senior academics are facing more connection issues today as a persistent and continuous DDoS attack against the academic computer network Janet continues to stretch resources. Janet first came under a Distributed Denial of Service (DDoS) attack yesterday, and the same attack …

  1. Kraggy

    "am in a law library and have to consult a hard copy of the law reports for the first time ever because of the DoS attack on UK Unis"

    Ah, bless.

    'Last century' skills, so useful at times. :)

    1. Roo
      Windows

      I couldn't help but think what a dull life the poor dear must lead to be so excited by using a book (probably a very dry read too).

    2. Alan J. Wylie

      Last century' skills, so useful at times. :)

      http://www.theguardian.com/environment/2015/dec/06/flooding-power-cuts-lancaster-army-trucks-ambulances

      "Queues for the few remaining telephone boxes in Lancaster were more than 10 deep with some students using a payphone for the first time."

  2. David Harper 1

    The attackers aren't very bright if they are after money

    If the perpetrators are planning to demand money to call off this DDOS attack, then they can't be very bright. UK universities are not exactly awash with spare cash, except perhaps for the salaries that some Russell Group institutions pay to their chief executives.

    1. Anonymous Coward
      Anonymous Coward

      Re: The attackers aren't very bright if they are after money

      "UK universities are not exactly awash with spare cash"

      Clearly you've not heard of the Russell Group.

      1. David Harper 1

        Re: The attackers aren't very bright if they are after money

        Yes I have. I have degrees from two of them. And I mentioned them in the original post.

    2. Anonymous Coward
      Anonymous Coward

      Re: The attackers aren't very bright if they are after money

      "UK universities are not exactly awash with spare cash"

      Bwaahahahahhahahhahaaa! You really believe that? All the ones I know are all busy building like termites to accommodate yet more students, with each student immersing themselves in vast amounts of debt, mostly handed to the university. Maybe you could follow this link and come back and tell us how you still conclude that universities are cash starved, and unable to make ends meet?

      http://www.thecompleteuniversityguide.co.uk/news/universities-make-%C2%A330billion-thanks-to-tuition-fees/

      1. David Harper 1

        Re: The attackers aren't very bright if they are after money

        Compared to the banking sector, the oil industry, and other possible DDOS targets, UK universities are a poor choice for extortion.

    3. streaky

      Re: The attackers aren't very bright if they are after money

      UK universities are not exactly awash with spare cash

      We have some of the richest unis on the planet - but this isn't that. It's either a state actor or somebody who doesn't like scientific research/education with some obvious candidates.

      Also FYI to the tuition fees, it's research grants and licensing that makes packet.

      1. Yet Another Anonymous coward Silver badge

        Re: The attackers aren't very bright if they are after money

        > a state actor ... who doesn't like scientific research/education with some obvious candidates.

        The conservative party ?

  3. Anonymous Coward
    Headmaster

    Ok, who hasn't competed their assignment ?

  4. Stevie

    Bah!

    It's probably due to some science undergrad who forgot to tell his hunckback to throw the third switch.

  5. Anonymous Coward
    Anonymous Coward

    been under attack before yesterday, a major incident was declared Friday and there were various attacks all last week but today has been really bad

  6. td0s
    Trollface

    Must be because of strong encryption

  7. mojo_1
    Happy

    This is a the work of one student who couldn't hand in his work on time! :)

  8. Anonymous Coward
    Anonymous Coward

    Not sure if people are getting the same error we were, but changing DNS wouldn't have helped (us) at all; the error we got was their network equipment failing because it couldn't resolve DNS, we could resolve locally just fine.

  9. This post has been deleted by a moderator

    1. Bc1609

      Re: DDoS Mitigation Solution

      Shoo! Away with you!

    2. Anonymous Coward
      Anonymous Coward

      Re: DDoS Mitigation Solution

      Begone foul stench

    3. This post has been deleted by a moderator

  10. Paul Bambury

    Alex, if you read down the JISCMI twitter feed https://twitter.com/jiscmi, you'll see that this attack has been going on since last Wednesday

    1. Alexander J. Martin

      As I spoke to Jisc it was presented as an attack which began shortly after 9am yesterday morning, not last week. We are looking into the possibility that it is connected to an attack last week, but haven't had an opportunity to receive a briefing from any of Janet's network engineers yet - they are of course busy, and may be unwilling to out of a concern of providing intelligence to the attacker, though of course we're quite capable of masking that sensitive information - and I'm uncomfortable with making the assumption myself as following the Manchester to Manchester Core Router outage it does seem this week's attack is discrete from last week's, in severity at least, if not cause.

  11. theOtherJT

    El Reg, unaffected.

    Which is sort of a shame, because it's really cutting into my desire to get any work done. We've lost... sort of everything, at this point, but The Register remains stubbornly available.

    1. Vic

      Re: El Reg, unaffected.

      The Register remains stubbornly available.

      Shhhh! ElReg is actually behind the attack, ensuring all Intertubes traffic from Janet comes only to these fora...

      Vic.

  12. Alan Scott

    Not just universities

    It's not just Universities that are affected. Some local PSNs use Janet so many schools and other public services could also be affected.

    1. Chris 3

      Re: Not just universities

      Yup, any schools using London Grid for Learning for connectivity are having a bad time right now.

  13. Anonymous Coward
    Anonymous Coward

    just had a shed load of TT's through from JANET this one caught my eye

    Affected:

    Multiple Janet connections

    Actions (last updated at 20151208 10:51 UTC by BC):

    We acknowledge that there is around a 90 minute delay to these TT notifications. The attack is still on going.

    well that's handy!

    Bit like a few years ago when my village was in the middle of being flooded. We were all frantically pilling up sand bags, etc (the water was already several feet deep and flowing down the hill like a river) and all our mobiles started to go off with automated calls from SWW telling us to prepare as there was a flood risk in the area. No shit we'd been flooded for about 2 hours!

  14. Santaroga
    Childcatcher

    Strange behaviour

    Invigilating an ICT exam this morning which required students to email their answers, this DDOS kicked in about 20 minutes in to exam time. The only website we could get was Google - we couldn't even reach our own web server which is in the same building. Bizarrely, in the next room, the only website they could get was Bing... how does that work?!

    To those who launched this attack: please don't make us use Bing. Anything but that!

    1. Wensleydale Cheese
      Unhappy

      Re: Strange behaviour

      "The only website we could get was Google - we couldn't even reach our own web server which is in the same building. Bizarrely, in the next room, the only website they could get was Bing... how does that work?!"

      I had a similar problem several years ago on my home web server. If I restarted the server on some other port than 80 it was fine, but restarting it on port 80 brought the problem back. I couldn't even get a connection from the same box.

      I was later told it was a SYN flood attack. More recent switches and routers than I had then can protect against this attack.

  15. Ralph B

    Recursion Error!

    An article on The Register reports a Twitter post which includes a link to an article on The Register which ....

    (That's probably your DDOS source right there.)

  16. Anonymous Coward
    Anonymous Coward

    Stopped now...

    According to the updates it has moved upstream to Geant - so Europes academic network is now getting hammered.

    My money is on Donald Trump restricting the internet to muslim trrsts.

    1. Anonymous Coward
      Anonymous Coward

      Re: Stopped now...

      Our central IT services rebranded themselves as IS some years ago. Then they started handing out dictums... 'Thou shalt not have thine own web server. Thou shalt not have a vLAN. Thou shalt buy all thy kit from Dell. Thou shalt use Microsoft for every-bloody-thing. Thou shalt change thy password every twenty minutes.'

      I even hear they pushed somebody off the top of the computing centre building for having a male-male interface, but that might have been rumour.

      1. Anonymous Coward
        Anonymous Coward

        Re: Stopped now...

        With a bit of luck this may have unsettled the minds of the great and the good (*ahem*) of Manchester University, which is currently trying to downsize its IT department with an eventual aim of outsourcing as much as possible into the cloud.

        Which is all find and dandy, until someone decides to launch a DDOS against your cloud. At that point, you're stuck there looking a bit of a berk, because if you pay then they'll be back for more, but if you don't pay your students don't have any of your nice cloud services.

        1. Anonymous Coward
          Anonymous Coward

          Re: Stopped now...

          Clouds. Manchester. Obvious really.

        2. Anonymous Coward
          Anonymous Coward

          Re: Stopped now...

          I hope our management takes notice guess who we got that came from manchester

      2. lorisarvendu

        Re: Stopped now...

        "Our central IT services rebranded themselves as IS some years ago. Then they started handing out dictums... 'Thou shalt not have thine own web server. Thou shalt not have a vLAN. Thou shalt buy all thy kit from Dell. Thou shalt use Microsoft for every-bloody-thing. Thou shalt change thy password every twenty minutes.'

        I even hear they pushed somebody off the top of the computing centre building for having a male-male interface, but that might have been rumour."

        Hmmm...are you at the Uni I work for?

        1. Anonymous Coward
          Anonymous Coward

          Re: Stopped now...

          It would be a large London one that has a very badly designed website which everyone MUST use, everyone MUST stick to the branding guidelines, has an unhealthy fixation with its position in various rankings, especially the Times Ed., almost completely ignores the needs of researchers (as in the dictum that you MUST buy from Dell, despite the fact that e.g. Dell's motherboard design uses a PCI bridge chip without enough IRQs for some of the more esoteric microscope capture cards), is trying to force everyone to use their snazzy new data centre located in a swamp in Surrey - even the medical imaging research unit which carts multi-terrabyte datasets of NHS-owned patient data back and forth to graphic workstations all day...

          I'm not narrowing it down much, am I?

    2. speedbird007

      Re: Stopped now...

      Or Daesh, they really don't like education do they? There may even be women scholars affected, which they positively hate.

  17. parkysan

    This is a BIG problem for a LOT of people...

    This isn't just a small research network. this is affecting approx. 18 millions people who use it, including schools and hundreds of businesses that are based on campuses around the country.

  18. Mark 85 Silver badge

    Unrelated or...?

    We had ProtonMail getting hammered in a large multi-day attack and now Janet. I'm guessing these need some heavy resources (botnet?) to pull off and keep them going. Is the ProtonMail DDoS still going on? I've not heard anything.

    Just seems a bit of coincidence.... heavy attack for multiple days.

  19. Anonymous Coward
    Anonymous Coward

    Lack of impact.

    Makes you wonder if we actually need JANET at all...

    1. TRT Silver badge

      Re: Lack of impact.

      That's right. You'll have a national philosophers strike on your hands.

  20. Anonymous Coward
    Anonymous Coward

    Need to get back to my assignment but

    Yes, this week is week11, the last week before Xmas starts for us students. Definitely a stalling tactic by a student. Anyhow back to work for me on CS final yr ;)

    1. James Dore
      Coat

      Re: Need to get back to my assignment but

      They fail then - they're attacking the wrong level. University internal networks were unaffected since the DNS attack only affected requests for stuff outside of the local DNS servers' domain(s). Since any University worth its salt would have their own internal DNS serves handling their domain requests, internal traffic was unaffected. So submitting your assignment from a University's email server to a user on the same server would have worked as normal!

      1. lorisarvendu
        Unhappy

        Re: Need to get back to my assignment but

        "So submitting your assignment from a University's email server to a user on the same server would have worked as normal!"

        Not if your staff and students' mailboxes are now hosted externally by Microsoft it wouldn't.

        Just saying is all...

        1. EddieD

          Re: Need to get back to my assignment but

          Or, as was the case at my Uni, all the students used their gmail accounts.

          As did all the staff.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022