1310 Network

Outage to 1310 edge routers

Minor incident Network Core Nationwide Ethernet Nationwide FTTx Control Panel POPs Basingstoke Farnborough Langley Rothwell Nine Mile Water Overton Telephony (VoIP) Telephony - Residential Telephony - Enterprise Nationwide City Fibre Nationwide OFNL
2026-01-14 10:38 GMT · 1 day, 5 hours, 45 minutes

Updates

Resolved

Outage Report – Denial of Service Event Impacting Edge Router Traffic

Date

14 January 2026

Duration

10:28 GMT – 11:25 GMT (approximately 57 minutes)

Affected Systems

1310 network edge routers, internet reachability for a customer IP on the 1310 fibre network

Executive Summary

On 14 January 2026, the 1310 network experienced a targeted Denial of Service (DoS) attack directed at a single customer IP address on our fibre network.

The incident resulted in abnormally high inbound traffic volumes, impacting edge router performance and temporarily affecting external reachability for the targeted service.

This event was not a security breach, compromise, or hack, and at no point was customer data accessed, exposed, or at risk. Customer data remained safe throughout the incident.

Technical Impact

Network monitoring systems detected a sustained traffic anomaly peaking at approximately 7 million packets per second and ~12 Gbps of inbound throughput destined for the affected customer IP.

While this attack was not exceptionally large by global volumetric attack standards, it exceeded normal operating baselines and placed significant load on edge routing infrastructure handling the affected prefix.

The elevated packet rate caused increased CPU utilisation on the edge routers responsible for forwarding and control-plane processing, resulting in degraded reachability until mitigations were applied.

Root Cause

The root cause of the incident was a Denial of Service attack targeting a customer-assigned IP address.

This was a volumetric traffic flood designed to exhaust forwarding and processing capacity rather than exploit a vulnerability. No intrusion, unauthorised access, or lateral movement occurred within the 1310 network or customer environments.

Detection and Mitigation

All detection and mitigation systems operated as designed.

Anomalous traffic patterns were identified promptly via real-time telemetry and flow analysis, enabling rapid classification of the event as a DoS condition.

Mitigation actions were taken in coordination with upstream transit providers, including targeted filtering and sinkholing of malicious traffic to prevent further ingress into the 1310 network.

Service stability was restored once inbound traffic levels returned to normal operating ranges.

Immediate Actions Taken

  • Incident investigation initiated immediately upon detection of abnormal traffic levels at 10:28 GMT
  • Traffic analysis performed to identify the targeted IP and attack characteristics
  • Upstream mitigation implemented with transit providers to suppress malicious traffic closer to source
  • Continued monitoring maintained until traffic levels stabilised and the incident was formally closed at 11:25 GMT

Customer Impact and Data Security

This incident was strictly a Denial of Service event.

There was no compromise of customer systems, credentials, or data, and no evidence of unauthorised access at any layer of the network.

Customer data was and remains secure.

Future Improvements and Preventative Measures

While the attack was not unusually large, it highlighted the importance of scaling infrastructure to handle increasing baseline and attack-driven throughput.

As a result, 1310 is actively increasing the capacity and resilience of our edge routing platforms to better absorb and manage higher packet-rate and throughput conditions associated with denial of service attacks.

We are also working closely with our upstream suppliers to implement additional automation for detection and mitigation, enabling faster upstream intervention where appropriate.

Care is being taken to ensure that these controls are implemented responsibly. There is a necessary balance between rapid automated mitigation and avoiding false positives that could inadvertently disrupt legitimate customer traffic. This balance is a key consideration in our design and rollout approach.

Resolution Status

The incident is fully resolved.

All services are operating normally, and enhanced monitoring remains in place to detect any recurrence or secondary attack vectors.

Prepared By

Matthew Iggo
Managing Director
1310 LTD

January 15, 2026 · 16:10 GMT
De-escalate

We have managed to isolate the one customer who was being sent a Denial of Service attack and traffic levels have resumed to normal levels.

We will continue to monitor closely and we are seeing that some traffic is coming in via other routes and we are mitiging those as soon as they appear.

We are really sorry for the inconvenience this has caused

January 14, 2026 · 11:35 GMT
Investigating

This has been confirmed as a denial of service attack launched at a 1310 customer which has overloaded our edge routers with the number of inbound connections to the customer.

We are null routing the traffic from hitting our network with our upstream providers and hope to resolve shortly.

January 14, 2026 · 11:14 GMT
Investigating

We currently appear to be under a denial of service attack.

We are putting mitigations in place to isolate the inbound traffic flows and restore service as soon as possible

January 14, 2026 · 10:50 GMT
Investigating

We have received alerts monitoring inbound to the 1310 network that services are unreachable on the wider internet.

We are investigating as a high priority and will update within 30 minutes

January 14, 2026 · 10:38 GMT

← Back