Time Warner Cable Getting Slammed By Denial Of Service Attack

Time Warner Cable wants you to know that if you’re one of their customers — the slow speeds you’ve been experiencing are the result of a denial of service attack by nefarious hacker-types.

In an email to Consumerist, Jeff Simmermon, Director of Digital Communications for TWC, wrote that the ISP has been experiencing “some pretty extensive and frustrating internet service problems with our customers out in Southern California and in our National divisions. As it turns out, our DNS servers have been hit pretty hard by DDoS attacks.”

A full statement is posted here. Here’s an excerpt:

These attacks are not uncommon, especially for a network as large as ours. However, this particular series of attacks has been larger and more difficult to contain than similar attacks in the past. We suspect that the attackers are using “zombie computers,” or hijacking unsuspecting subscribers’ machines to perpetuate the attack without its owner’s knowledge.

As of 6PM EST on February 24th, we have amplified and expanded early detection and response to this sort of problem.

Customers who want to prevent their computers from being used in this sort of attack should make sure that their anti-virus and firewall software are up to date.

We apologize for any inconvenience this may have caused. Please know that we are currently working with the help of law enforcement to bring these attackers to justice.

If you need some anti-virus software, Lifehacker has some recommendations.

No word on whether TWC will offer compensation to those customers who were affected by the attack.

[Official Statement From Time Warner Cable re: Southern California DNS Outages ]

Comments

Edit Your Comment

  1. Crabby Cakes says:

    Interesting. I called TWC yesterday to complain about the insanely slow speeds and they told me they weren’t aware of any issues and it had to be a problem on our end. Looks like I’ll be giving them another call.

  2. tedyc03 says:

    Those affected might consider OpenDNS, since the note indicates the attack is targeting the DNS servers.

    [www.opendns.com]

    They have instructions on their website for switching out your DNS servers.

    • sephiroth_4 says:

      @tedyc03: Opendns is great, but I think road runner throttles the hell out of it. If my job didn’t pay for my internet connection, I’d be out like…Thursday night? :P

    • karmaghost says:

      @tedyc03: [copy/pasted from above]You can chose which DNS servers your computer or router uses to grab websites from. Back when I was having DNS issues with Comcast, I used 4.2.2.1 or 4.2.2.3 which I think belong to Verizon.

    • HeartBurnKid, creepy morbid freak says:

      @tedyc03: I use OpenDNS, have still been having the same issues.

      This attack is not restricted to just the DNS servers. I’ve done tracerts to the OpenDNS servers and watched them drop packets left and right.

  3. absentmindedjwc says:

    DDoS attacks are NOT hacking… it is some retarded script-kiddie that thinks he is the shit… any idiot can partake in a DDoS.

    Hacking would be crowbaring your way onto their network and shutting down their data centers or deleting their customer database so everyone loses all service.

    • JustThatGuy3 says:

      @absentmindedjwc:

      Actually, that would be cracking (which implies malicious intent).

    • Fineous K. Douchenstein says:

      @absentmindedjwc: The easiest form of a DoS attack is simply mass pinging an address.

      Sometimes Lifehacker unintentionally does a DDoS by linking something cool on their site, which then gets slammed by curious readers. :)

      • Burgandy says:

        @wagenejm: I wish these people would aim their smurf attacks (that’s what we called them in the olden days) to more deserving targets. How about Chris Brown, octo-mom’s gimmie $ site, the kkk, or monster cable? Surely they are deserving targets.

        • XTC46 says:

          @Burgandy: a smurf attack is a specific type of DDoS in which ICMP traffic is used. There are far more effective DDoS technicques in use currently.

    • William Bean says:

      @absentmindedjwc: I called them today to get a bill adjustment. I was waiting for the insanity to stop and on March 23rd (approximate) they seemed to have taken care of it. This after a month of having to “repair” my connection and/or just put up with the fact that I was going to have to refresh over and over again.

      The result of my call? A total refusal to refund me ANYTHING for all the trouble. Guess who gets notified next?

  4. jdmba says:

    I have been affected by this. By the way, it has NOTHING to do with your speed. It has to do with inability to access web sites (or POP3 servers, etc). Go to a web site name, click a link, etc., you just get an error. If you ping an IP address, that will go through … pure DNS.

    • enriquez the water bottle says:

      @jdmba: Exactly. I have Vonage, and that works fine, but my web browsing is slow as hell.

    • XTC46 says:

      @jdmba: Name resolution plays a major part in percetion of connectivity speed. If you are browing the web and a DNS entry takes 3 second to process instead of .5 seconds, you are waiting 6 times longer to view a website.

      While data trasfer while connectivg via only IP addresses wouldnt be affected, very few users do that, so while you are technically right, to most users, the effect is the same.

  5. Skunky says:

    Are they really sure it’s a DDoS and not a rogue DHCP server? Back when I worked for @home, that was a constant issue. For some reason Arizona in particular was really bad with those.

    I would think if anyone wanted to DDoS somebody, Comcast would be the most likely target, they kinda have it coming to them.

    • jpmoney says:

      @Skunky: Take your pick:

      a) Comcast is so slow that nobody would be able to tell
      b) Why steal candy from a baby when you can steal a Ferrari from Bruce Wayne?
      c) Comcast’s servers are the main source of bots

      And so on…

    • brodie7838 says:

      @Skunky: Ummm… a rogue DHCP server would not even remotely create this kind of problem on a network.

      Besides most ISP’s, even TWC, are smart enough to block BootP Server in the CPE (in this case, the cable modem).

      • pegr says:

        @brodie7838:
        DHCP wouldn’t propagate. Also, TW’s DNS is broken even when it isn’t getting DDOS’ed. Since they redirect you to one of their internal servers when a name lookup fails (1), and of course they (often) can’t resolve perfectly valid names, so you end up at a TW page that says something like, “the page you requested, http://www.google.com, does not exist. Perhaps you meant http://www.google.com?” IDIOTS, the entire lot of them!

  6. AstraBabble says:

    compensate the customers? Chances are high it is their incompetence, fueled by the desire to click on every dancing pig they see on the internet or in e-mail, that is assisting in the problem. People who do not know how to use a computer and keep it safe from malware, shouldn’t be allowed to have one.

    On the flip side, malicious hackers are wastes of space and I suppose the blame ultimately lies with them. But I would say they were justified if this is in retaliation of a rate hike for their Internet service or bandwidth throttling

    • Yossarian says:

      @AstraBabble: Why would you say that?

    • Squot says:

      @AstraBabble: … So, they’ve said it’s not the consumers, the consumers know it’s not the consumers, and you’re still blaming the consumer?

      Considering that there is no way that every single person who’s getting slowdowns is also infected (because the entire southern California region seems to be effected, from talking to my friends), I don’t see why this should deny the vast majority (who are not helping these people) shouldn’t be compensated.

      Also, you’re saying that slowing down the entire Southern Californian Time Warner customer base’s internet to the point that it’s not usable (and believe me, it’s that slow) through illegal means is a justified response to a rate hike?

      …. I certainly hope you don’t live near me.

      • Sil says:

        @Squot: Fancy meeting you here.

        You’re right, of course, it’s not just so slow as to be unusable, sometimes it’s actually unusable. They comped me five days so far, they’ll be getting more calls as this goes on. I’m happy to pay for service when I get service.

        The repair guy who showed up at my house yesterday indicated that this has been going on about 30 days and they were just informed of it at their morning meeting. Good times.

    • Nick1693 says:

      @AstraBabble: Wrong site to blame the consumer. We dun like trolls.

    • Michael Yockey says:

      @AstraBabble:

      Wait, when are we going to hear from the Apple fan boyz that their Macs are impervious to DDoS attacks and viruses?

      BS. DNS is an industry standard. Their ARE mac viruses (check out the CS4 Trojan horse that was distributed recently on BT). Macs, Linux, Solaris etc. can ALL become victims of DNS attacks.

      • Michael Yockey says:

        @Michael Yockey:

        DDoS attacks range and start from incompetant consumers who DO NOT protect their machines properly. From not encrypting their wireless networks, to having weak passwords and browsing “free” porn websites and thinking their “mac” will protect them.

        The big problem is lack of education, laziness and expecting your computer to “work perfectly fine” all the time. Let me ask you a question, does your car work perfectly fine? Can you run your car for 100,000 miles without a tuneup or an oil change?

  7. Bizdady says:

    Its been annoying as hell, even the gf noticed something was wrong. She kept saying I was messing up her wifi lol

  8. stevejust says:

    I was wondering if my service was all jacked up because I just pulled the, “I want to cancel my service” and got the “we would like to keep you by dramatically reducing the amount you pay each month” in response.

    But I love consumerist for this news I can use to set aside my paranoia.

  9. sumgai says:

    Awesome. Glad to see TWC get it in the rear end.

  10. adambadam says:

    I noticed a steep reduction in speed over the last few days as well, probably it was the worse two nights ago. Could not even watch a standard-def youtube video without waiting for it to considerable load it was so slow. Reminded me of the dial up days.

  11. snoop-blog says:

    I have been nothing but pleased with TWC. I use a bandwidth checker and I have not been effected by this at all as I’m always around 3Mbps. Everytime I call them, I speak to an American, and they have always been helpful without having to escalate. Now the people they contract out to do their work (Utilicom South in my area) suck the nastiest balls on earth. I hope the CEO of that company chokes on those balls and dies.

    • dangermike says:

      @snoop-blog: DNS problems wouldn’t do anything to your bandwidth. It would simply slow down your computer’s request for a translation from an alphanumeric domain name (eg. consumerist.com) to its corresponding ip address (eg. 69.60.7.199). Once your computer obtains the ip address, things should load at their normal pace. Minor DNS problems will just make it seem as though theres a brief pause before loading a page. Often, they would not be noticed. More severe problems would make an obvious and annoying pause before loading data, and the worst would cause a complete inability to load anything unless you manually enter known ip addresses instead of relying on domain names.

    • ScottRose says:

      @snoop-blog:

      I’m assuming that’s downstream speed. Is so, that is terrible for cable.@

      dangermike:

      True, but if that traffic to the DNS servers is overloading their core routers (or anything else), it would reduce customer bandwidth and increase latency.

  12. youbastid says:

    I’ve been dealing with this in LA for the past 2 days. In December, they were having similar problems for extended periods and I got a credit for a half-month of service.

    If you call and complain they will offer to comp you for every day that you can’t use the service.

    • so_gracefully says:

      @youbastid: This is helpful to know. I’m also in L.A. and mine has been fucked up for the past few weeks, almost every night. In December, we complained and got Showtime free for a year, so I’m ready for more goodies now that it’s a mess again.

  13. runchadrun says:

    Based on my past experience with Time Warner, they are probably experiencing an outage that they can’t explain so they are blaming it on a DDoS because someone there heard something about how they could cause problems.

    I’m so glad I switched to FiOS as soon as it was available.

  14. SusieFoo says:

    This all bull. They’ve been having DNS issues in SoCal for months. A DDoS attack that last for months? That they haven’t resolved for months? Right. Not even Time Warner is that incompetent … right?

    If you can’t switch services (I would if I could), then OpenDNS is the only option I know of.

    • Jason Harris says:

      @SusieFoo: TWC in SoCal has had all sorts of DNS issues over the past few months. This might be DDoS, but their servers have been totally wacky. I swapped to OpenDNS and never looked back.

      • SusieFoo says:

        @Jason Harris:
        I went to OpenDNS too and haven’t noticed the bulk of these outages either. Not that I haven’t had a slew of other problems with my Time Warner internet.

  15. 108Reliant says:

    It just goes to prove my point that Time Warner Cable does not put money into its infrastructure. If they did, stuff like this would not happen. Where’s the DDoS attacks on the other ISP’s? hmmm? Time Warner just sucks, big time!!

  16. Anonymous says:

    Well, It appears every time I have a complaint submitted to the Feds regarding hacking of my computer a report comes out regarding the issue. However, It is refreshing to read that Time warner at least apologizes for the trouble that has cost many customers including myself.
    Comcast on the other hand ignores their customers and treats them like they were nothing. Even when theirs proof that someone in their company hacked into my system and till this day continues try too control my computer. I give and ‘F’ to comcast for poor customer Service and poor management of customers connection and privacy.

  17. oldtaku says:

    This has been happening for at least six months. Their DNS servers were so crappy I just switched to OpenDNS (as mentioned above) and everything’s been great since. Other than that I’m really pleased with the service, so suggest you make that tweak and just forget about it.

  18. Anonymous says:

    I already know how to prevent my computer from being USED in a DDOS attack. Having a firewall and AV program should be as standard as a pre-installed web browser. How do I prevent being AFFECTED by these DDOS attacks that bring my bandwidth down to a nanoliter trickle? Hey TW – why don’t you suggest I switch providers?

  19. Anonymous says:

    Time Warner is home to 10′s of thousands of zombie and compromised computers. When are ISP’s going to get serious about eradicating this scourge on their own networks. The technology is there to find and fix or block these computers until they are fixed. SteveP, Ypsilanti

    • ScottRose says:

      @ChristopherAtymnius:

      Comcast: “Hey, we disabled your cable modem because your computer is part of a bot net. Please have it cleaned and then we’ll let you back on our network”.

      Consumer: “As I have no idea what you mean and my nephew that ‘knows computers’ is away at college, I will be using Verizon now.”

      Shutting down zombied boxes is not good for business.

  20. ogremustcrush says:

    Hmm, I’m in North Idaho, and my TWC connnection has been slower than usual lately. A few weeks ago I called them about it and it got back to normal speeds, but the last few days its been acting up again. I know it isn’t DNS as I have OpenDNS set as the default server in my router.

  21. warbman says:

    Time Warner Executives are subverting visa laws by allowing foreign operatives to displace American workers using WebX. WebX allows foreign operatives work from another nation and replace most any job in their organization without conforming to Visa laws. Thus Executives and the CEO is able to enrich themselves while putting another American Family on the street. They are quite calculated in their search for profits and know no mercy or social responsibility.

    I support the hacker attack on the Time Warner Executives because of their unscrupulous and unconventional war tactics that they wage on American employees.

    I hope the attacks intensify because it is the only way to help American families feed their children. We need the jobs here on American soil. When the Executives stop waging unconventional warfare on their employees I expect the attacks to diminish.

    If TW CEO’s and Executives continue to wage unconventional warfare against their employees then I will cancel my service.

  22. karmaghost says:

    [copy/pasted from above]You can chose which DNS servers your computer or router uses to grab websites from. Back when I was having DNS issues with Comcast, I used 4.2.2.1 or 4.2.2.3 which I think belong to Verizon.

  23. metaled says:

    I KNEW IT! For the last 2 nights, after about 9pm. I cannot access any web pages. I get “resolving Host” and the “Cannot load page, Reload or try again later.”. I called tech support and they told me it was on my end, that I needed to reboot my modem and try again.. I had been doing that all night. They told me my modem was not on the network. Or I changed some settings recently. Even though I could load “google’s” webpage 1 out of 5 times. They were the only website I could even attempt to get to, to verify I was online. Good thing to know I can get to google wihtout using TWC’s Road Runner Service! Damn, blame the customer, I knew it was on their end!
    It just got worse the later it got, second night was the worst as well. I hope it doesn’t go out ton…….

  24. Cary says:

    I’m sure they notified all their customers by email that the Internet was down.

    After all, do you think they’re stupid?

  25. warbman says:

    Time Warner is finding that they are now in an unconventional war that they started, but of course it is the fault of the “hackers.” The public is fed-up with unscrupulous executives that use any unconventional warfare tactic to make a profit. Nobody can trust these liars any more.

    Here are my thoughts on the current war:

    Time Warner Executives are subverting visa laws by allowing foreign operatives to displace American workers using WebX. WebX allows foreign operatives work from another nation and replace most any job in their organization without conforming to Visa laws. Thus Executives and the CEO is able to enrich themselves while putting another American Family on the street. They are quite calculated in their search for profits and know no mercy or social responsibility.

    I support the hacker attack on the Time Warner Executives because of their unscrupulous and unconventional war tactics that they wage on American employees.

    I hope the attacks intensify because it is the only way to help American families feed their children. We need the jobs here on American soil. When the TW Executives stop waging unconventional warfare on their employees I suspect the attacks to diminish.

    If TW CEO’s and Executives continue to wage unconventional warfare against their employees then I will cancel my service. That will signal to them that they better fall in-line with the new era of responsibility.

    • 5h17h34d says:

      @warbman: We saw this on the first page of comments, thankyou.

      Not that I don’t agree with you about farming work overseas. I just hate poeple who repeat themselves.

  26. fatcop says:

    I was wondering why things were slow as hell in kc.rr land.

  27. dangermike says:

    I am a road runner subscriber in southern california (in fact, loyal AND pleased subscriber, having been in the beta test for my neighborhood in ’99 and even having run side-by-side with dsl for a few weeks on a free promotion and seeing that cable, despite the FUD put out by the DSL provider was not only 5-10 times faster but also more reliable)

    I was going to post a note saying that I have been completely unaffected but then I noticed that it was a DDOS against the DNS servers. In my experience, road runner’s DNS servers have gone through several periods of unusability over the years. In 2000-2005, every 6-12 months, I experience outages for periods of a few hours up to 2 days at a time. But I haven’t had that happen in several years, and my band has always been quite strong.

    BUT a few weeks ago, I typed in the an address to a site I visit often but omitted the “.com” at the end. I don’t usually do that, but it slips sometimes. My browser (seamonkey, which is basically firefox with an interface more familiar to those of us who grew up on navigator rather than explorer) will automatically try the three common top level domains and adding or subtracting “www.” But that didn’t happen. Instead, I got redirected to a roadrunner search page, which was of course packed with advertisements. I noticed much slower DNS activity around the same time as this search page started showing up. It was really irritating. As a result, I pointed my router to openDNS for name resolution. My connection has felt a little more responsive since then. And if it’s the DNS servers that came under attack, it would make sense that I have not felt the effects.

    However, I have a difficult time believing that it’s a an attack. I suspect the likelier case is that it’s a self-inflicted condition by the extra bandwidth of serving all those stupid test pages. Then again, I’m sure there are thousands of geeks across the southland who are less enamored with the amazing bandwidth that’s always been available through socal.rr.com and perhaps just disgruntled enough to take up arms over that stupid search page (honestly, I wouldn’t mind it if it didn’t break my browser’s ability to go where I want it to go rather than where I tell it to go. Of course, opendns does a similar thing but I don’t mind it since I agreed to it with them where RR just sort of forced it on me).

  28. ryes says:

    And why the hell didn’t they let us know? I’ve practically taken my computer apart the last week or so because it is so slow. Dreadful communication. I’m really pissed.

  29. kyle4 says:

    I have Rogers here and on the Macbook only (not the PS3 or 360 using the same wi-fi, not the PC hooked directly to the ethernet) the internet was painfully, nearly dial-up slow for over a month. A minute to load something on Google. I was told it could be the Mac’s Wi-Fi card or my router (not true since I got the 800kbps download speed promised). After I switched to 4.2.2.1, checked something off in Firefox its been screaming. It was so bad I got used to having slow internet. It was truly awful.

  30. inthedesert says:

    It’s got me too. It’s been happening a little more than a few days though. Most pages won’t load properly, or load at all for that matter. I had to refresh this page a few times to get it to come up. This isn’t acceptable by any means, but then again I am not surprised. After all this is Time Warner we are talking about here.

  31. metaled says:

    it all Started again tonight at 8:30pm, Not able to access a single website. I popped in the numbers I got from OpenDNS earlier, and boom I am Flying. take them out, I am at a dead stop. And yes, I did check my e-mail and there is a message from TW Cable telling me about the DOS attacks. The blame the customer letter says to check our computers for virus and secure them, since TW customers are on the “Zombie” attackers.

  32. Anonymous says:

    This is at least the 5th day in a row for me. I called TW and told them “I’m done”. I’ll be checking out Verizon FIOS and move over to them next week.

    The chick on the phone didn’t know what to do with me. At first she wanted to know my email address. I told her to skip the marketing crap — I can’t access the internet and before you try to sell me more shit, you better fix this immediate problem.

    Then she tried the “reboot your modem and router” routine. I put an end to that very quickly. “It’s your DNS servers…I need to know what’s the status on the problem with your DNS servers”. Seems like this skank knew less about her company’s current DNS problem than I did.

    Problems started on or around 7:30 and only now (10:11pm) are websites coming up “most of the time”.

    Pathetic. There was no talk of compensation. I told her straight out: “I’m paying $50 a month, and I can’t access the net reliably for 5 days now”.

    Pure….and utter….silence. This bitch didn’t know what to say. What she didn’t say was “we’ll comp you the entire month”.

    Whateva.

  33. dangermike says:

    For anyone affected, the addresses for the opendns nameservers are 208.67.222.222 and 208.67.220.220. Just enter those addresses as primary and secondary DNS servers and you should be set. If you use a router, you can do it from your router’s settings (the exact steps will vary from one model to another but it’s usually fairly straightforward). If not, here’s a quick rundown to find the settings in some popular OS’s:

    Win XP: go to control panel -> network connections -> properties -> Internet protocol (tcp/ip) -> properties

    Vista: Control Panel -> view network status and tasks -> view status -> properties -> Internet protocol version 4 (tcp/ipv4) -> properties

    OSX -> system preferences -> network -> built-in ethernet -> advanced or configure

    from there, enter the above ip addresses as primary and secondary dns servers, save, and see if it works any better.

  34. Anonymous says:

    I am a victim of Cable company hacking and deliberately causing me hardship with my connection. My limited knowledge of computers lead the company to get me to spend much money to correct problems that they had deliberately caused, Now i am careful and really do my research.

  35. Skater009 says:

    Folks , just use OPEN DNS – it have help a lot .

    http://www.opendns.com

    sKER

  36. drunken marmot says:

    She doesn’t use the internet, but my mother’s TW cable is TERRIBLE! She frequently loses service and has to deal with with rude CSR who tell her that she is the only person experiencing problems. Not true, as she lives in elderly housing in Down East Maine and all her neighbors have the same problem.
    I can only imagine how horrific the internet service is….

  37. Anonymous says:

    Yesterday there was a different issue affecting Texas. XO Communications router customer.algx.net was having issues routing traffic through. Last word was their noc was talkign with xo on the matter about redirecting around xo’s network. This DNS issue wouldn’t be the issue for issues occuring from tracert logs.

  38. plutonyum says:

    Wile E. Coyote got a hold of some scripts :(

  39. Keter says:

    I switched to OpenDNS, but am still experiencing what seems like intermittent interruptions of service. Like the service just disconnects for a few seconds. It’s either fully on or fully off, it’s not “slow” in the conventional clogged-bandwidth way. I’m using Earthlink through TWC/Roadrunner in Austin, well away from the SoCal DNS issue. Something else is going on…