Telstra DNS falls over after denial of service attack

August 02, 2020

Customers with Telstra’s default DNS settings found themselves seemingly unable to access the internet on Sunday morning, as the telco was facing a denial of service attack.

The attack kicked off some time before 10:30am on the Australian east coast.

“Some of our Domain Name Servers (DNS) used to route your traffic online are experiencing a cyber attack, known as a Denial of Service (DoS),” Telstra said on Twitter just before noon.

“Your info isn’t at risk. We’re doing all we can to get you back online.”

Customers that switched their DNS settings away from Telstra were able to mitigate the outage. At the same time, Telstra’s own outage site was misbehaving and returning 502 errors on occasion, and at other times, returning 404 errors.

At 12:05pm, Telstra said it had a handle on the attack.

“We’re blocking the malicious traffic attacking some of our services. We are confident we have blocked all of this malicious traffic and are working to get you back up and running again. Thanks for sticking with us,” it said.

By 2:27pm, Telstra said the issue was fixed.

“The massive messaging storm that presented as a Denial of Service cyber-attack has been investigated by our security teams and we now believe that it was not malicious, but a Domain Name Server issue,” the telco said.

“We’re really sorry for getting in the way of your weekend plans.”

Telstra has been vocal in recent times about its DNS filtering capabilities, dubbed Cleaner Pipes, that are used to fight malware passing through its network.

The initiative focuses on blocking command and control communications of botnets, the downloading of remote access trojans, as well as other forms of malware. The telco said in May it is already blocking “millions of malware communications” when the traffic hits its infrastructure.

This action reduces the impact of cyber threats on millions of Telstra’s customers including stopping the theft of personal data, financial losses, fraudulent activity, and users’ computers being infected with malware.

“We know many consumers and small businesses do not have the resources to adequately protect themselves,” Telstra CEO Andy Penn said.

“Cleaner Pipes means we are able to more actively block cyber threats on our network that would compromise the safety of our customers’ personal information. While it will not completely eliminate the risk, or substitute appropriate threat protection, it will contribute to significantly reducing the volumes and impact.”

The initiative was recommended as a example that could be replicated by other telcos in the industry advisory panel report that is set to feed into Australia’s upcoming 2020 Cyber Security Strategy. The report added there should be legislation to both back up the process and provide safe harbour provisions to give telcos certainty about the information they share with each other in responding to cyber threats.

Fellow Australian ISP iiNet suffered from a DNS outage at the start of the year. In that instance, the telco recommended users set their DNS to use a publicly available service such as Cloudflare’s 1.1.1.1 service.

Once the outage was over, iiNet said users could revert to default DNS configuration.

Updated at 4:35pm AEST, 2 August 2020: Added further Telstra comment.