Exclusive Jisc is permanently removing open public access to Janet (the UK government-funded educational network) information, The Register can reveal, after concluding that such access has been exploited to hobble the service.
The move, alongside several other large infrastructural changes – which the administrators have asked The Register not to publish for security and insurance reasons – followed a sustained reflective DDoS attack, causing Janet significant problems between the 1 December and 8 December.
More ReadingNational Crime Agency: Your kid could be a nasty interwebs hackerInternet's root servers take hit in DDoS attackDay 2: UK research network Janet still being slapped by DDoS attackUK research network Janet under ongoing and persistent DDoS attackMerseyside DDoS daddy given eight months behind bars
Tim Kidd, executive director at Jisc – formerly the Joint Information Systems Committee, the non-departmental public body in the UK which administrates Janet – explained the decision to block diagnostic facilities (such as traceroute) to The Register.
Kidd told us that as the attacks were typical of reflective DDoS, and said the network's engineers began to suspect "that the visible aspects of Janet alongside public updates via Twitter and other channels were being used to inform the attacks".
Following this, Kidd told us, Jisc began to institute changes affecting customers access to such information.
"While it is unfortunate – and certainly we’re well aware of how valuable our customers found some of our network information being openly available for diagnostics – it was a necessary step to protect the network," Kidd said of the move, before adding:
I would also stress that work is already under way to offer an alternative solution, which would still allow customers to easily view end-to-end availability and ensure excellent performance.
Details of the attack show it did not utilise the same methods as those targeting Protonmail earlier this year, although at times the nuisance resource requests did crash in at a similar 100Gbps.
Asked if disabling such access would be certain to prevent future attacks, Kidd was hesitant: “Of course in any security incident you can never offer absolute certainly.”
“What we can say – at what is still a very early stage – is that the measures we have put in place are working effectively and customers do not appear to have received any further disruption,” offered Kidd. “Our efforts also continue to further secure the network and reduce the impact of future attacks. We remain, as I say, vigilant but cautiously optimistic.”
Kidd acknowledged that “the Janet network is used for a wide range of teaching, learning and research activities. Many of these are very specialised with extremely high data flows. We have worked hard to ensure that the measures we put in place will not adversely affect the pursuit of research and education in the UK".
"Our security team and engineers are working closely on future enhancements to the processes we have developed during these attacks," Kidd concluded. "These will make our network stronger. We will also be sharing this information with our network contacts to help them improve the resilience of their connection, such as helping them to move off any less appropriately configured services.” ®