New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
@Kris
URPF - LOOSE might do some good here? let's assume this is a DDOS.
We have URPF outbound.
Inbound our switch does not support it but anyway...current attack is DNS Amplification based.
No spoof at all.
You did close 53 UDP/TCP inbound/outbound right?
At least he did something with hiding the last few hops with RCS/RDS - maybe Orange doesn't allow him.
If it's DNS Amp based, should make you a no DNS provider or SSDP.
I'd rather have a machine online that doesn't serve DNS.
Get both ISPs to block port 53 UDP at edge as well as 1900 maybe. And from your post FastNetMon was getting attacked on like 8 IPs total with 200Mbps each. If those aren't used, looked end of the range, request a null-route on them.
Send every TOR IP exit node and ask for that to be blocked at edge. Kinda BOFH style, but not susceptible to easy stuff like TorsHammer.
Finally ask Orange to support communities and TTL manipulation and maybe change your IP with them.
BTW, Did you actually do some work to get the last few hops hidden at RCS /RDS? If so, nice.
This is a user setting; they can configure how they wish the status page protection to behave: https://docs.hetrixtools.com/inherit-password-protection/
Cheers.
- Andrei
A few days ago yes, until I realized that it was useless.
DNS Amplification exhausts all your bandwidth by sending requests to your entire subnet, even if you only have a few IPs used from a single subnet.
Orange will not filter anything without contacting the commercial consultant and you will pay something extra after you sign new documents for 24 months.
@FlorinMarian , just close them, both ways, in and out. for the moment for all sub-nets, for the moment no one will cry if it does not have DNS resolution, as non have access to their stuff, go with us on this
I tried this method.
The attacker doesn't suffer anything with this ACL in place because he keeps saturating the connection between me and Orange.
Block at edge means you ask the ISP to block, not when it's already gotten to you.
Block port 53 and 1900 inbound all subnets on their equipment - Once it's gotten to you, no chance.
Allow only 8.8.8.8 8.4.4.4 1.0.0.1 and 1.1.1.1 outbound 53 with local rules.
As I said before, until I give them additional money and sign a new contract, they only offer me L2 and a route to the Internet.
Not as stupid anymore, thanks for clearifying.
PEBKAC in other words😆
there are still some data exposed, but I will let you figure it out by yourself because you don't need any help.
Nice sarcasm.
So ask RCS/RDS to do the same, drop Orange Session. Hope they don't want extortion money, and use them until proper solution.
And you want this page closed? How? Why?
This is currently the only game in town!
You will end up setting a kind of record.
I also have a feeling you will come out of this stronger, and hopefully less cocky.
No sarcasm here
LOL,
Orange simply lets the flow of 4GBPS of "rejtcgfjsuxgnsjugnx" to you and not bother to see the other 5,10,20GBPS origin that just enters their network? Ah yeah, and the device that does QOS to you has no problem eating a few 100W of power QOS-ing you.
tell them that rather consuming a few GBPS in vain, just open up the pipe to you for free.
If the NOC at them do not understand this, you are better off with 5 star-link uplinks.
This actually hurts them more than it hurts you, as they pay for traffic.
150Mbps international bandwidth is useless.
NOC Team don't care about company's money. I'm also a NOC guy at my job and I feel it everyday.
EDIT: In order not to be misunderstood, you don't care about money, but about the uptime of the application and its performance. Others take care of costs and their optimization.
This is stupidity at A++ from Orange.
Sure you do not have some clause in the contract that you will be burned for if this continues for days on their network?
Why not just announce the whole thing in OVH, and do a tunnel back to you, it was on page "14" somewhere. Heck, even 300ms would be better than 15kbs I have from you this moment. ( your Looking Glass ). 1 GB file ETA 14 Days.
I am amazed no customer launched an invasion here on LET.
This is what I do.
OVH will announce my IPs and I'll move them back in Romania but BYOIP takes up to 3 weeks. (ordered on 4th Jan)
You are not NOC guy, sorry. NOC guys care about packets from day 1.
I work in a telecom company, but not on the DCS and BSS side.
good for them to have you
I take no satisfaction in what is going on to you, I actually don't.
it is day 11 of the short downtime.
By day 2 I would have broken up the contract with Orange, if they said no way, would simply reply see you in court bitch, went to RDS, pay them the ~400 USD / GB, get a 2G line from them and ask for help from the other Romanian providers if they have a "friend" at RDS to speed things up for you to get connected with them ( as they have some filters, not much, but better than 0 on Orange) and by day 3 you would have been online, even partially.
Number of customers asking for cancellation approx 30% of total, image wrinkled a little, but up and running.
If 2 or 3 weeks is what it will take to solve this issue.........
You have better luck upstream ISP's blocking the DDOS at their level.
Your plant is dying, and you are still waiting for Amazon van to deliver water, rather then getting in your car and driving to the grocery, poor plant.
You cannot break the contract with Orange, just as you cannot with RCS & RDS.
The contracts are written so that you pay for 24 months, whatever you do.
The SLA below 95% is penalized with 30% of the invoice for the respective month...and that's it.
There are no clauses by which the client can cancel the contract without paying those damages.
You really need that colleague of yours from school, the one from business/juridic class to help you.
I will take my chance in a few moths in court melodrama, then to loose my customers, image and eventually my business than to do nothing, or wait until it is too late.
Deal with what might happen in a few moths when you get there, so you can actually get there.
If contract terms are not satisfied as agreed by provider - you are free to brake from contract without any fines. Consult with a lawyer to gain knowledge about your contract. Don't just repeat "I can't". You can, just you don't know or don't want.
If they do nothing to defend you from DDoS - service terms are not satisfactory. You are free to walk away. They are free to sue you if they think otherwise.
As long as they provide my service (even if the attacker uses the 2Gbps), they do not violate anything in the contract.
Extend the actual RDS line to 970 Mbps, move on that, tell RDS NOC that you are under DDOS, and own the fact you paying a 24mo contract, and save your passengers, as this is like the Titanic by now.
Meanwhile, as I told you before, get a lawyer and terminate the Orange contract.
Is this answer from lawyer? I repeat: give lawyer 50€ to review your contract. Provider bamboozles you like a child. As a consumer, you have more rights than provider.
does orange provide anti ddos? if no then why they should defend him against it? he got what he paid for, crap.