New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
hetrix is actually stupid, they password protect the main page but not the monitoring URLs...
the attacker still have access if they have the link (and they will have if they ever visited) and so will everyone here too
Wow, that's very much not what one would expect from a professional service.
Autch
So the big question remains: Is there external filtering now?
No.
OK... but then it's not really a mystery what kind of traffic is reaching you, isn't it? It's very much the kind of traffic this guy keeps sending.
lol
@HBAndrei ping, you probably want to put that on some #TODO list.
yeah lol..
facepalm
https://www.abuseipdb.com/check-block/188.241.241.0/24
https://www.abuseipdb.com/check-block/188.241.240.0/24
I'm still curious why he use Orange now when RDS or whatever else their name is, working perfectly fine, considering that both of them have the same IP's, attacks would be rerouted to RDS too.. but it is not..
Not only other people's IPs are spoofed when we are attacked.
It is clear that there is someone competing with us since they are also targeting our IP addresses in order to damage their reputation.
Fortunately, abuseipdb is not reliable
I am curious why any of them use Orange when the latency's horrible with every other provider but this is offtopic.
surely not reliable, but showing sign of what attackers doing (if its even some % who knows)
At this moment, the attacks come through both providers.
The attack is so clever that there are 120K packets only through Orange, 500 each on the 256 IP addresses.
Not true at all.
You realize that is because people are spoofing his IPs, right? That's how most UDP amplification attacks work.
You spoof the victim IP toward hundreds/thousands of destinations, they respond with an larger payload of traffic to the victim.
This is why automated abuse reporting for UDP traffic is retarded. Hetzner does the same shit.
I wonder whether users will be compensated for lost days
Why don't you use for example BuyVM Protected BGP service to protect your site? Or OVH like others mentioned earlier? few ms more to your network won't be a big deal, at least your servers will be up, not down for 5(?) day..
i know, i am just curios how many types of attacks are carried out there against him, this sh*t is now boring and so long
They will get 30% off next month but first we have to stop this shit.
I tried a session with wireguard/GRE earlier.
The IPs announced via BGP were inaccessible and the speed was below 350Mbps, although in Romania we have 2150Mbps and the server I tried to pair with has 10Gbps.
how?
Arbor from ISP or OVH, it depends on who implements first.
PEBKAC
Were you doing it from your network with its IPs receiving DDoS?
Possibly, it's not like I've ever implemented something like this before.
https://wiki.buyvm.net/doku.php/gre_tunnel
so will it stop the attacks finally?
I know this kind of tunneling.
The main difference is that IPs are part of BGP session same unprotected host.
One of them will stop them.
The attacker targeted our another subnet at OVH but their filters did their job.