The recent attack against Deutsche Telekom routers has many security researchers concerned. As it turns out, the Mirai botnet – or a variant of it, to be more precise – is responsible for this massive attack. Nearly one in twenty DT users are still suffering having little to no internet connection. These issues started appearing on Sunday, yet no solution has been found so far.
Mirai Botnet Clone Wreaks Havoc in Germany
Problems started to appear for Deutsche Telekom users last Sunday, as many people were unable to connect to the internet at all Considering their devices all showed there was an active internet connection, this caused quite a stir on social media. Moreover, the media started paying attention to these problems, as nearly 900,000 users were affected by this sudden outage.
Discovering the cause of this problem has been quite challenging, however. Since there was no particular region in Germany suffering from this outages, such a widespread problem is entirely unprecedented. At first, it was assumed this was some network problem, but it turns out the issue is much bigger than originally expected.
According to new research, Deutsche Telekom routers are under attack from a botnet that draws many similarities to the Mirai botnet which shut down DynDNS not too long ago. As these routers are effectively flooded with traffic requests, users are unable to connect to the Internet. In most cases, rebooting the router to acquire a new WAN IP will be more than sufficient. Depending on the router model itself, that process can take anywhere from a few seconds to 24 hours.
With nearly one in twenty Deutsche Telekom users plagued by these issues, it almost appears the provider will need to conduct a network-wide WAN IP reset. That will affect all users who are not suffering from this problem yet as well, and may end up causing even more problems than before. Then again, there doesn’t seem to be another choice on the table, unless all affected users perform this process manually.
For the time being, Deutsche Telekom has tried to solve the problem through different means. Networking packet filtering rules have been added to ensure only regular traffic can pass to and from customers. Figuring out which traffic is legitimate and which is not, is a different matter entirely, though. That still means users affected by this outage will need to reboot their router before these changes can take effect.
Header image courtesy of Shutterstock