New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
BGP with only retn or rostelecom peering in europe
I'm looking for BGP with retn or rostelecom with ddos protection or the ability to just pull my announcement so it can go to my properly ddos protected pops instead of null routing, since a lot of bad traffic tends to come from russia.
Or just have the null route affect rostelecom or retn and not spread to other transit (is this a thing?).
Comments
Can you explain what that means? And what bad things are they doing to you?
most of the ddos attack traffic comes from russia
What's the reason for that?
I don't know, ask them?
In my always erroneous opinion if someone attacks someone, it means that the person being attacked has done something bad to the attacker. It's unlikely that anyone would just attack someone. Why is there such an interest in your hosting? Maybe try to eliminate the cause so as not to give an excuse?
This is just a ridiculous statement to make. If you have anything that is widely used, people attack your network for all sorts of reasons outside of your control.
I had an idle vps that did nothing but have an ip ending in 1, and guess what? It was ddosed. Likely due to a carpet bomb attack or the attacker assuming it was a router.
It sounds like you don't have much experience hosting anything.
Rostelecom is present at DE-CIX Frankfurt, NL-ix and DATA-IX: https://bgp.tools/as/12389#ix
Retn is available over IXes in Europe too: https://bgp.tools/as/9002#ix
As for selective null routing, it should be possible via communities. But I am not sure if they actually implement it.
I've never had this happen in all my time and a hundred hosts. Once again, it only happens when you do something against someone and that other person responds to you.
It's like when a criminal burglarized someone else's apartment and then wonders why law enforcement comes to him.
I'm aware of this but they are selective about their peering and emailing every single network to ask if they are peered or not at a particular location is a huge hassle. Even if bgp.tools lists someone as a peer, you don't know which ix they are peered at.
You must be trolling. You are assuming that I am a criminal? So everyone here that has ddos protection is a criminal?
I looked at your posting history and it seems like you are some russian troll. No, I am not being ddosed by russians for anything related to ukraine. Russia is the source of a lot of dirty traffic even before the ukraine war.
So ruzzian of you to blame the victim.
Well I doubt it will be easy for you to peer with Rostelecom, it should be easy for Retn even in Europe
I was just giving a more understandable example from life. Otherwise, it's hard to explain to you otherwise.
All of my VPSs were idling at some point, with port 22 open. I was always greeted with "X number of loging attemps were made since X", and yet, none of those VPSs were hosting anything.
My home router is getting 24/7 attacked by random IPs at all times, to all random ports possible, but I have 0 ports exposed to the internet. I'll add that very few IPs are really from Russia, but most of them are from NL, BG, US, UK, ... (info based on Maxmind which is always inaccurate)
Some people get a small Data-IX or Global-IX port that the russians can congest with their ddos attacks.
Back to the topic, @VPSSLIM recently opened a location in Tallinn, Estonia 🇪🇪, with RETN network, so just throwing it here as he might be able to help you out
Thanks for the mention!
You're basically looking for flowspec but I think you'd need a direct contract with an ISP for that unfortunately.
Don't you wonder why these attackers going after something leave you fingerprints and directions on where to find them? Or maybe someone is helping to make sure the search goes in those directions?
My home IP is not exposed for anything, a few of those IPs are either Censys/Google which are trying to scan my network.
They're just bots dude, stop the conspiracy. Most of them are just offshore Seychelles company hostings.
This AS57523 also attacks a shit ton my network and all of their servers are in Russia.
I have dynamic IP, it can rotate every single day if I want to, and can easily prove they're just trying to ping random ports to attack them.
A bunch of providers have RETN in ther mix.
I know 2 providers that are actually RETN singlehomed.
https://veesp.com/ Latvia should be still RETN singlehomed.
https://ruvds.com/en-usd singlhomed RETN in some locations
Yesterday also @c1vhosting added RETN, most of the traffic goes via RETN since then.
Yeah, bots and zombies. Is Russian servers really that big with those types of companies these days though? Back when i monitored traffic more closely the biggest portion of those bulletproof offshore boxes were simply sitting in NL and if i had actually counted all the seemingly random packets coming in at pretty much every port imaginable as attacks it likely wouldn't have been all that uncommon for the biggest offender to be OVH (probably some rooted servers). The most persistent scanner (smtp relay/auth) i've ever witnessed sat within Hinet Taiwan. Sure, Russia popped up now and then too but not really to some overly exceptional degree. There was just way more shit coming in from more or less random places and big datacenters.
We have RETN Estonia in our Estonian DC Location. Feel free to reach out so I can make you an offer.
Attacks from Russia are a very low % of the total attacks on my network, at least from what I can check. I'd say the AS I mentioned is the only one that has attacked me with servers from Russia for a while, but they seem to be more aggressive than other IPs.
Here's a list of countries that I have some logged suspicious activity (1 month): US NL BG IN CN UK HK DE (Using Maxmind DB which is well known to not be accurate)
I do block incoming traffic from a few countries, so keep that in mind.
Makes sense. I mean there has always been the unwritten rule of "Don't target Russia/CIS countries and nobody will care too much." but with the current tensions the weight this carries probably has easily multiplied.
This.
I'm not saying Russia has more attack traffic than anywhere else, but they are one of the top locations.
And they don't respond to abuse emails, unlike other countries like the US.
As per our statistics:
However I am not sure how precise their GeoIP. There is a list of IP addresses anyway, so you can measure yourself
I'm using Maxmind so yeah, it's not accurate, from a few I've checked they were actually wrong.
My stats are solely based on my home network, which my ISP also blocks some type of traffic (such as ICMP echo reply), so it's not accurate, but clearly shows the IPs that are just 100% bots.
Most of these bots get automatically blocked for life after the first attempt, so they don't even get the info they were trying to scan in the first place.
That's probably not really distorting the result much. I've hardly ever seen any random ICMP traffic at all. It's rather pretty all an assortment of more or less weird TCP packets (if i'd get a cent for every lone RST hitting some random low port...).
But there are still a few of those bots that try to ping the IP before scanning it
Interesting. I pretty much used to be addicted to traffic dumps and i don't think i've ever seen a single ping (be it request or reply).