Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

Network misconfiguration on a low-cost VPS
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Network misconfiguration on a low-cost VPS

ClovisClovis Member
in General

While investigating the source of excessive inbound traffic on a fresh KVM VPS that was essentially idling (with the SSH port closed), I discovered quite an amount of local ethernet traffic arriving from neighboring VPSes. Surprisingly, it was conversations not belonging to my VPS, between the neighbors and the gateway. I have another KVM VPS (even slightly cheaper), and after the same investigation, only minimal usual broadcast traffic was observed.

So, the questions is: is it normal for sub-$14/year VPS to have such a network (mis)configuration? Has anyone investigated the issue? Was the issue promptly resolved by the provider, or it's better not to waste time and switch to another provider?

Comments

  • plumbergplumberg Veteran, Megathread Squad

    This can happen with $100+ / month service.

  • yoursunnyyoursunny Member, IPv6 Advocate

    Upload packet trace to prove your point.

    When we complained about a network flooding affecting our sub-$14/year VPS with valid proof, the offending traffic was stopped promptly.
    https://lowendtalk.com/discussion/comment/4101435/#Comment_4101435
    https://lowendtalk.com/discussion/comment/4101475/#Comment_4101475

    Thanked by 1mandala
  • kevindskevinds Member, LIR

    Not normal but shit happens.

  • ClovisClovis Member

    @yoursunny said:
    Upload packet trace to prove your point.

    Well, I don't think other users from that provider would approve their IPs revealed, so "trust me bro." :) It's not about flooding, it's about security.

    Thanked by 1mandala
  • JabJabJabJab Member
    edited December 2024

    Then bring this to the provider attention.

    Could happen because they don't know or they don't care or someone forgot to do something when quickly setting up new BF/CM node.
    Or they want it to happen so you can run out of bandwidth faster and they can suspend the server earlier aka sell even moooooooooooar.

    Without naming or messaging provider you will never know.

    @Clovis said: It's not about flooding, it's about security.

    What kind of security? Most of the times it's clients that send some kind of shitty broadcast because missconfigured software so it's not like they care about security in first place :-D

    Thanked by 1mandala
  • ClovisClovis Member
    edited December 2024

    @JabJab said:
    Or they want it to happen so you can run out of bandwidth faster and they can suspend the server earlier aka sell even moooooooooooar.

    The bandwidth used is not so big, it's was just that caught my attention.

    What kind of security? Most of the times it's clients that send some kind of shitty broadcast because missconfigured software so it's not like they care about security in first place :-D

    I thought it's possible to snoop traffic for all subnet there... Then I need another VPS there to figure out is my traffic visible on other VPSes ;-D

  • kevindskevinds Member, LIR
    edited December 2024

    @Clovis said:
    Well, I don't think other users from that provider would approve their IPs revealed,

    ?

    You can normally see all the IPs a provider has..

Sign In or Register to comment.