All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
DDoS Effecting AVS ISP
Hello,
We are facing right now a massive DDoS that is hitting all of our locations at the same time. We are entirely offline in multiple locations. We are attempting to get things back online as quickly as possible, but there isn't much we can do.
Attack is hitting several TB/s and several Gpps in total across locations.
NL seems to be online and is being scrubbed by GSL - UK seems to be running scrubbing as best as it can.
AL and MK are entirely offline.
We have no updates at this time. Please do not submit tickets or email asking about things being offline - our teams are per-occupied with attempting to mitigate the attacks and you may not receive a reply until it ends. Time taken for tickets and emails is time taken from mitigation efforts at this time.
Thank you for understanding.
Comments
Ticket submitted, thanks!
Submitted 45 work orders & am losing millions (of packets)
@avsisp is it Iran
Just nullroute. Attackers take satisfaction from scrub efforts, change tactics, play games. Null route, wait for 12 hours.
Interesting coincidence with the RS-Computers merger.
You break my IP spoofing heart
I am losing gazillions of Zimbabwean dollarz in Albanique location.
UPDATE: Everything is back online and rerouted over GSL scrubbing centers.
We will update anyone who submitted tickets or emails shortly.
Thank you for your patience and understanding.
Not likely.
Attacker is believed to be based in Russia and be government affiliated.
Right before the attack began, we started to get reports of some of our IPs being blocked in Russia. Not long after, we had a flood of port scans from Russian IPs. And following this, the attack began with Russian origin traffic before moving to global. The attack also first targeted NL - where we host a few Russia based VPN services and anti-censorship services.
Attacks of this scale, in the TB/s & multiple-Gpps tend to be nation-state actors or those affiliated with them in some manor.
Though we can't confirm details at this point and it's just a hunch based on the events leading up to the attack - we do NOT believe this to be Iranian sourced.
Nullrouting leaves our clients offline. We pay for professional mitigation services like GSL and Pletx for a reason - to not have clients offline. If you nullroute, you just give them the win.
Coincidence it is - the merger has been ongoing for months now and the clients being moved has been 3 days ongoing. It's just a coincidence - nothing more. And RS prefixes were NOT targeted at this time.
Thanks God for having Russia like it is, so that we can blame for our incompetence and everything
i mean, government state sponsored to attack you? Cmon, do you really think that we are that delusional?! And who is "we"?
Then it's just competitors because there are hundreds of services like that.
Basically it's impossible to use the internet there without VPN, just like in China and Iran.
How every attack is supposedly a state-sponsored act nowadays 😅
Being indie is hard these decade. Gotta get corporate state sponsorship
I don't think 30Tbps Minecraft DDoSes were tho.
Deluxhost also just got DDoSed recently, also used GSL for traffic scrubbing, so hard that they dropped the majority of legitimate traffic, while left their customers in the dark 🤦.
Russian state sponsored groups pull off shits like tampering with GPS signals and fighting Ukrainian drones, not DDoSing some random host, you're not that special dawg. Mr. @luckypenguin is right, there's just so many competitors in Netherlands that they had to play dirty to keep the cost high.
Again, if you read the entire message there, you'd see the signs that led to the conclusion, along with a disclaimer that we aren't sure 100% and that it's just where the signs point.
The only reason we didn't say it was just Russian sourced and that we believe it to be state actor is that right before it happened, a lot of our IPs were apparently added to the famous Russian drop lists - with traffic being blackholed by all Russian ISPs - something only the Government can order - not a citizen.
Do you never get tired of trolling? This will be our 1 and only reply to you - move along. Everyone here knows who you are, that you don't like us, and that you like to make issues. Enjoy the rest of your day.
Only when it comes with the blackholing your IPs in their country right before, only for the blackhole to be lifted and DDoS to slam you hours after and the blackhole to be put back into place not long after for a large subset of your IPs.
That's a sign that you host public VPN services focused on russian users. They detect multiple RU sources connecting to the same IP with large traffic volumes and block it.
The government doesn't order anything, it's a semi-automated system like DPI.
From that, to jump to a conclusion it was a state sponsored attack was a huge stretch
They have a fuel crisis now, not exactly the perfect timing to DDoS a small Albanian ISP.
Again, we said we suspect it to be. We gave the signs. The biggest isn't only that they blackholed it - but that they un-blackholed it long enough to start a full blown DDoS - which only the government can turn those blocks on and off at will. The majority of that source traffic came across links with high Russian ISPs - like links using GNM-IX for example.
We've not given a definitive "IT'S THEM, THEY DID IT" - we gave the signs and our opinion on where we believe it originates along with a "we can't prove it, but we suspect" disclaimer.