seflow review - stay far away: Scammers and liars

IThinkUFailed

@matteob said:
Yes attack was only in most of ipv4 blocks in Milan, this is why all other locations was not affected. The target seems the SeFlow directly because most powerfull attack was on ip used for services, like website, management, customer portal etc.

Which LET user are you going to accuse of doing it this time?

Amitz

vijai

William said: Give drugs to girl; free sex. Much better.

Otherwise known as a hot cosby

lbft

William said: Testing protection you pay for is not illegal in Germany.

Legality is not the only thing most people care about, you amoral fuck.

singsing

lbft said: Legality is not the only thing most people care about, you amoral f***.

Whoa now. But I think it really ought to be illegal to even "test" DDoS protection you have bought unless the test is approved by the DDoS protection provider.

rds100

Even if it's approved by the DDoS protection provider, how do you do the testing exactly? Do you buy / rent a "booter"? These are usually botnets of hacked computers. So you'd have to pay for renting a botnet of hacked computers. You pay for something clearly illegal, for illegally using third party computers (without consent of the owners of these computers). I don't think there are countries where doing this is legal.

singsing

rds100 said: Do you buy / rent a "booter"? These are usually botnets of hacked computers. So you'd have to pay for renting a botnet of hacked computers. You pay for something clearly illegal, for illegally using third party computers (without consent of the owners of these computers). I don't think there are countries where doing this is legal.

I think the DDoS protection testing industry is based on layers of plausible denial that make the above state of affairs quasi-legal (for everyone above "L0" = botnet operator).

Seriously speaking, there are 100% legal services that operate based on co-located servers and paying the bandwidth bills. That doesn't come cheap, of course.

rm_

What I don't like the most, that there isn't any kind of compensation -- e.g. my VMs were down for hours on multiple ocassions, almost to the point of couple of times each week, and while that's fixed in the end, it's simply "oh a storage controller failure, oh something else, well tough shit", or this DDoS where we had 90% PL for 5 hours (basically until the business day in Italy started, so I guess DDoSers can DOS all night with no one to stop them...). A few EUR credit to those who were affected by all these downtimes would be nice. And no I am not going to beg for money in PM or via ticket. I believe the provider should decide things like these on their own.

ATHK

@rm_ said:
And no I am not going to beg for money in PM or via ticket. I believe the provider should decide things like these on their own.

I don't know if I can compare this company to the ones on LET, but digitalocean give credit automatically to clients when an issue arises, such as downtime of a node, even if its only 5-30 mins..

matteob

@rm_ said:

Have you cloudflow or flexcloud product? Please also remember that ddos is still incoming so we not already closed the case...

Our entire ip range is being ddosed from 3 a.m. cest. You're not experiencing new packetloss because we're filtering it, but is still in progress.

Nixtren

@rds100 said:
Even if it's approved by the DDoS protection provider, how do you do the testing exactly? Do you buy / rent a "booter"? These are usually botnets of hacked computers. So you'd have to pay for renting a botnet of hacked computers. You pay for something clearly illegal, for illegally using third party computers (without consent of the owners of these computers). I don't think there are countries where doing this is legal.

This is pretty much what most people do to legally DDoS a server, because they don't really have other way to get a cheap UDP DDoS attack test. If you want to test Layer7 (D)DoS protection (HTTP for example) things are better, because you can just spin up a VPS or two and start benchmarking it with tools such as Apache Bench and Siege. These don't really cause any network damage (lag to your VPS neighbors and etc) as long as you don't go crazy with it...

comXyz

Hmm, if the topic title is true, then we will have most stupid CEO ever.

qhoster

Basically everything is down with Seflow at the moment, the site, the manage part, our vsp nodes in Italy ...

matteob

@qhoster said:

Yes sorry, now attack is switched to ip transit provider. We're contacting them to fix because are out of our control.

tr1cky

I really hope you are not attacking your own infrastructure just to have a point in this conversation.

Butters

Are you tr1cky from high-minded?

Lee

tr1cky said: I really hope you are not attacking your own infrastructure just to have a point in this conversation.

OOFT! Big shots fired!!

Maounique

matteob said: are out of our control.

So tr1cky does have a lot of firepower.

hawc

@matteob I do hope you are going to compensate your customers for this idiocy

tr1cky

@Maounique said:
So tr1cky does have a lot of firepower.

No.

Maounique

@tr1cky said:

2 possibilities, either you have a lot of firepower or his capacity to mitigate the attack is too limited.

teknolaiz

@Maounique said:
2 possibilities, either you have a lot of firepower or his capacity to mitigate the attack is too limited.

Or he is honest and never attacked them anyway. Otherwise he'd not be here by now. Not guilty until proven otherwise.

Francisco

@Maounique said:
2 possibilities, either you have a lot of firepower or his capacity to mitigate the attack is too limited.

You missed one.

A common target is gateway ips or things like that which people dont protect. Most routers route gateway bound traffic in software, so even a 100k pps syn flood will knock even large scale routers offline with ease.

There is an easy fix I won't go into, but it isn't always possible.

Francisco

eugene_

@Butters said:
Are you tr1cky from high-minded?

I'm sure it is the same tr1cky from high-minded. From what I've seen, high-minded is a forum focused on Counter Strike bot manipulation and hacks. The client base is mostly German and Russian. Revenue is earned by members upgrading the account.

rm_

matteob said: we're filtering it

Currently you are filtering all traffic towards Online.net:

mtr -4 online.net
 Host                                Loss%   Snt   Last   Avg  Best  Wrst StDev
 1. 158.58.168.1                      0.0%     5   17.0   3.8   0.5  17.0   7.4
 2. ???

Maybe to many other destinations as well, but that's just what I noticed.
upd, another one: www.kddi.com

krishnap

@Francisco said:
Francisco

Could you kindly share the fix?

GStanley

@Maounique said:
2 possibilities, either you have a lot of firepower or his capacity to mitigate the attack is too limited.

Or he doesn't understand his ISP dropped the announcement.

It's back now via NTT, uplink likely just had him the null-route.

route-views>sh ip bgp 158.58.169.0/24
% Network not in table

matteob

@rm_ said:

No we're own our filtering, why online.net?

@Francisco said:

Attack to our ips is filtered. Actual problem is the attack moved on transit ip router interface that is out of our control. We contacted ntt and level3 to fix their side, this is the problem.

GStanley

@rm_ said:

Well.. filtering traffic, removing announcement, same right?

route-views>sh ip bgp 158.58.169.0/24
% Network not in table

Francisco

@matteob said:

Yes and there is a fix for that but it isnt always possible

I'm not saying anything else since you & I had our problems last year too. I've left it alone though since there was no reason for more fuel.

Francisco