Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Has anyone experienced IP address hijack on their VPSes?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Has anyone experienced IP address hijack on their VPSes?

ValdikSSValdikSS Member

Hi.

I've experienced IP address hijack for a long time for now. It happened with HostHatch, rack.sx, and now it just happened with CramHost. Both OpenVZ and KVM has been affected by this issue and I have no idea is it some kind of misconfiguration or a bug. OpenVZ used venet, so it wasn't possible to ARP-spoof or set up fake DHCP server in the VPS network segment.
This issue is narrow and affects only some of the servers. I have 5 servers with HostHatch and this happened only on one of it, multiple times.

Is this a known bug?

Comments

  • joereidjoereid Member

    I've had it happen a few times with random providers. Usually on KVM.

    Not really a bug, just a jackass neighbor who figured why pay for an extra IP when you can just manually add the next one in their subnet that doesn't reply to pings.

  • ZappieZappie Member, Host Rep, LIR

    And this why everyone should be isolated to vlans, but yeah, also means /30 per user minimum which might be hard for some providers.

  • @joereid, it happened to me at least 4 times on OpenVZ with venet, where you can't really just add an IP and use it. So, just a guess, this could be bug in OpenVZ kernel or in panel.

  • I mean, I could totally understand how this could be done with KVM in one network subnet, but I have no idea why is this possible with venet, where no L2 traffic is possible and routing is configured per-vps.

  • your provider did it! lol

  • CramHost resolved the issue. One of the OpenVZ orphaned containers was running with my IP.

  • tomsfarmtomsfarm Member
    edited May 2015

    You don't even have a OpenVZ VPS you have a KVM VPS...

    ValdikSS said: and now it just happened with CramHost. Both OpenVZ and KVM

    Yes and was actively responding to your Ticket.

    As explained in the ticket after we upgraded our VPS Platform and finally switched from RHEL to Debian for our KVM Nodes. we had a mix up where several orphaned OpenVZ VPS was binding other IPs. are still running as we recently tried to switch all of our OpenVZ VPS to Ubuntu also. But Virtualizor had a bug at the time so we was unable to resolve this issue earlier.

    This is not something that would usually happen. the VPS in question was a Test VPS Made a while ago. and was not deleted.

  • ValdikSSValdikSS Member
    edited May 2015

    clamhost said: You don't even have a OpenVZ VPS you have a KVM VPS...

    Yes, I have KVM VPS from you but also some OpenVZ VPSes from other providers with the same issue. Anyway, thanks for resolving this issue!

  • tomsfarmtomsfarm Member
    edited May 2015

    @ValdikSS said:
    Yes, I have KVM VPS from you but also some OpenVZ VPSes from other providers with the same issue. Anyway, thanks for resolving this issue!

    Yes and it's resolved :)

    Won't happen again we take the stability of our services seriously.

     MAC Address       Address         Name                      Interface           Flags
     00:26:55:83:**:** 104.255.**.**  104.255.**.**            ae0.0               none
    
Sign In or Register to comment.