Customers of both Voipfone’s UK business broadband and Voice-over-Internet-Protocol (VoIP) services are reporting to ISPreview.co.uk that the provider has suffered significant service disruption for the past day or two, which appears to be at least partly the result of a Distributed Denial of Service (DDoS) assault against their systems.
The problems appear to have started yesterday after the operator’s Service Status page “identified a further DDoS attack” against their network, which at the time of writing remains unresolved. Today, the provider’s broadband services have also been “partially” disrupted (since just after 10am), with Voipfone noting “reports of issues accessing some websites,” although it’s unclear whether this relates to the wider DDoS issue.
DDoS attacks typically work by overloading a target server or end-user with masses of data requests from multiple internet-connected devices (often malware hijacked computers / botnets etc.), which can cause the intended target to crash or suffer significant performance problems until the bad traffic stops. Such attacks may also expose other weaknesses that hackers can exploit (or even blackmail), such as happened to TalkTalk in 2015 (here).
Sadly, DDoS attacks occur against UK ISPs all the time and are practically par-for-the-course in this business, but most can be mitigated and few are ever significant enough to disrupt connectivity for lots of end-users. In many cases, these incidents often aren’t an attack against the ISP itself, but rather somebody targeting a specific customer or upstream network provider.
As I write this, Voipfone has just announced that the broadband side of “this incident has been resolved” (here), although sadly the wider issues with DDoS and VoIP appear to be ongoing (here). Suffice to say that there are quite a few customers complaining about their phone services being down, particularly on Twitter. The provider’s last update on that specific issue was posted 6 hours ago.
Shockingly, Voipfone has not been able to issue a service status update on the DDoS related phone/voip outage in 22 hours. Since yesterday’s article we’ve also had bags of emails and comments from both consumers and businesses, including some broadband ISPs, that are dependent upon the provider’s platform and have now been left without voice comms for a significant period of time.
On top of all this, we’ve noted that a second broadband and VoIP provider, VoIP Unlimited, is also being impacted by a similar DDoS attack (here). But unlike Voipfone, they were able to issue a service status update at 8am this morning: “Services are operational this morning however the attacks are still ongoing. We will update here as soon as there are any changes. Please do not hesitate to contact us on 01202612000 or via a ticket on our support portal: portal.voip-unlimited.net should you have any issues. Thank you for your patience.”
The situation is helping to highlight one of the new challenges with switching from the old analogue copper phone network and on to an all-IP platform. Providers of VoIP solutions will need to invest more to ensure resilience, particularly as this sort of event can also disrupt access to the emergency services and Ofcom won’t be happy about that.
A spokesperson for Ofcom told ISPreview.co.uk: “We’re aware that Voipfone is experiencing problems with its network, and we’re contacting them to establish the scale and cause of the problem as soon as possible.”