It seems that some customers have been suffering with severe problems, notably around 8pm to 11pm last night.
This looks to be customers with older zyxel routers. We are still shipping zyxel P660's as PPPoE bridges and that configuration is not affected. However, some years ago, we sold the ZyXELs simply as broadband routers.
Over the last few months these have been the target (well, intermediatory) for DNS amplification attacks resulting in some customers having high usage (and in some cases bills).
Yesterday at around 00:36 we saw an attack start, which is why we did emergency upgrades on our infrastructure over night. It now seems that the attack is either directed at, or co-incidentally affecting, these older ZyXEL routers and causing them to reboot.
The attack is hitting lots of ISPs and appers to be happening in busrts, sometimes lasting many hours.
In the long run the solution to both issues may be customers updating to newer routers. This will have the side effect of also getting customers on to IPv6.
If we find a work around in the mean time, I'll post more details.
The attack started again at 6pm Sunday.
The attack appears to be broken TCP port 80 packets. It may be that a config change on affected routers will avoid this specific issue. If we find more details we'll post them.
Using the web interface on the ZyXEL P660, Advanced>Remote MGMT, set all to LAN only.
The attacks seems to have stopped for now.