@Clouvider said: Iptabpes, report abuse, failing that change the provider.
But its Asia and I dont' know if other providers can protect me from these attacks. I have blocked the attacks but when they used OVH IP, my hands have been tied.
@xreann20 said: But its Asia and I dont' know if other providers can protect me from these attacks. I have blocked the attacks but when they used OVH IP, my hands have been tied.
What makes the OVH IP so special?
Educationally teaches you with knowledge, while you learn and conglomeratively alluminate your academic intellectual profile: https://lowend.wiki „Homo homini rattus.“
@xreann20 said: But its Asia and I dont' know if other providers can protect me from these attacks. I have blocked the attacks but when they used OVH IP, my hands have been tied.
What makes the OVH IP so special?
I think he just means that since it is an OVH IP, the attacks from them aren't mitigated since OVH doesn't filter traffic from their own network. And since it's OVH abuse will take a long time (generally) to handle it, especially if it's going through a VPS host that is using them.
@xreann20 said:
I have blocked the attacks but when they used OVH IP, my hands have been tied.
Can't see why csf -d 139.99.52.42 # do not delete - Blocked This Guy wouldn't work.
Or use iptables (as previously mentioned) to add to the REJECT chain, to bounce those packets back to the f'ker.
@Clouvider said:
reject is a bad idea, will take up more cpu cycles to handle, use drop instead.
Was slightly tongue-in-cheek; I normally use drop. LAN traffic overhead is bad enough (port scanners/broadcasters) without adding packet bouncing. Providers don't appear to give a shit though.
For some reason I never got that ping notice... anyway....
I’d just report it to OVH, drop it with iptables, or open OVH IP management, add firewall rule, drop the OVH IP there with a hard reject. If you’re very concerned, pick up the phone and nudge them.
But I’m doubtful OVH will do much about it, considering that one of their locations and specific set of routers still has IP header modification allowed and they haven’t bothered to fix it yet despite knowing for >6mo.
OVH has became a harbour for this sort of crap.
Edit: to all the people who may want to now the location, I’m not going to disclose it.
@Clouvider said: Iptabpes, report abuse, failing that change the provider.
But its Asia and I dont' know if other providers can protect me from these attacks. I have blocked the attacks but when they used OVH IP, my hands have been tied.
If you’re needing a layer of protection filtering, you’re welcome to try out cloud protection (https://talk.lowendspirit.com/discussion/1065/ddos-mitigation-as-a-service-http-https-select-game-servers-free-trial-available#latest). While I can’t sit here and assure you we’ll block them by default (without seeing a pcap/more info), I can assure you we will do our very best to block the attacks on our global edge. We have 24x7x365 SOC, and customers get access to view graphs where you can see inbound attacks directed at your site/application.
@wdmg said:
or open OVH IP management, add firewall rule, drop the OVH IP there with a hard reject.
The OVH firewalls do not work against IPs from the OVH network. All traffic from OVH servers bypasses those, same for the VAC mitigation. It's why it has been a big issue for years.
Need provider suggestion on APAC region or around ~150 ms on apac..host4fun dealt with it, now the attacker just bought another vps...lol @OVHcloud_APAC is there really anything can do if the attack is from inside the house? I currently have 6 dedis on ovh, anywhere I can transfer with as good as ddos protection? I see the attacks only about 800mbps and 1.5 gbps max.
@wdmg services simply I cannot use because they are domain based, like a load balancer at work. my game server uses direct ipv4. I don't have its source or any knowledge on how to recode it. So I am looking for provider suggestion that is good latency on apac as metnioned above.
Need provider suggestion on APAC region or around ~150 ms on apac..host4fun dealt with it, now the attacker just bought another vps...lol @OVHcloud_APAC is there really anything can do if the attack is from inside the house? I currently have 6 dedis on ovh, anywhere I can transfer with as good as ddos protection? I see the attacks only about 800mbps and 1.5 gbps max.
@wdmg services simply I cannot use because they are domain based, like a load balancer at work. my game server uses direct ipv4. I don't have its source or any knowledge on how to recode it. So I am looking for provider suggestion that is good latency on apac as metnioned above.
As we mentioned in the ticket we can provide a static IP. Unfortunately, we didn’t receive a response if you wanted to proceed.
Comments
Iptabpes, report abuse, failing that change the provider.
Clouvider Limited - True HA KVM OnApp VPS from £9.50/m - Our LES Exclusive Unmetered Dedicated Server Offers
@wdmg
https://inceptionhosting.com
Please do not use the PM system here for Inception Hosting support issues.
It is host4fun, they also hosted in OVH SG, one of their customer maybe, just sent an abuse report both to OVH and Host4Fun as recommended by others in LET Thread - https://www.lowendtalk.com/discussion/164903/tips-im-under-attack-ovh-ip-attacker/
Any help will be appreciated!
But its Asia and I dont' know if other providers can protect me from these attacks. I have blocked the attacks but when they used OVH IP, my hands have been tied.
--I always need help..pff
What makes the OVH IP so special?
Educationally teaches you with knowledge, while you learn and conglomeratively alluminate your academic intellectual profile: https://lowend.wiki
„Homo homini rattus.“
I think he just means that since it is an OVH IP, the attacks from them aren't mitigated since OVH doesn't filter traffic from their own network. And since it's OVH abuse will take a long time (generally) to handle it, especially if it's going through a VPS host that is using them.
ExtraVM
Can't see why
csf -d 139.99.52.42 # do not delete - Blocked This Guy
wouldn't work.Or use iptables (as previously mentioned) to add to the REJECT chain, to bounce those packets back to the f'ker.
lowendinfo.com had no interest.
Or use iptables (as previously mentioned) to add to the REJECT chain, to bounce those packets back to the f'ker.
Already did an iptable filtering that IP, iptables -A INPUT -s 139.99.52.42 -j DROP
but still getting through.
also iptables -A INPUT -p udp -j DROP
--I always need help..pff
reject is a bad idea, will take up more cpu cycles to handle, use drop instead.
Clouvider Limited - True HA KVM OnApp VPS from £9.50/m - Our LES Exclusive Unmetered Dedicated Server Offers
Was slightly tongue-in-cheek; I normally use drop. LAN traffic overhead is bad enough (port scanners/broadcasters) without adding packet bouncing. Providers don't appear to give a shit though.
lowendinfo.com had no interest.
For some reason I never got that ping notice... anyway....
I’d just report it to OVH, drop it with iptables, or open OVH IP management, add firewall rule, drop the OVH IP there with a hard reject. If you’re very concerned, pick up the phone and nudge them.
But I’m doubtful OVH will do much about it, considering that one of their locations and specific set of routers still has IP header modification allowed and they haven’t bothered to fix it yet despite knowing for >6mo.
OVH has became a harbour for this sort of crap.
Edit: to all the people who may want to now the location, I’m not going to disclose it.
If you’re needing a layer of protection filtering, you’re welcome to try out cloud protection (https://talk.lowendspirit.com/discussion/1065/ddos-mitigation-as-a-service-http-https-select-game-servers-free-trial-available#latest). While I can’t sit here and assure you we’ll block them by default (without seeing a pcap/more info), I can assure you we will do our very best to block the attacks on our global edge. We have 24x7x365 SOC, and customers get access to view graphs where you can see inbound attacks directed at your site/application.
The OVH firewalls do not work against IPs from the OVH network. All traffic from OVH servers bypasses those, same for the VAC mitigation. It's why it has been a big issue for years.
ExtraVM
Does not work, their firewall rule only apply to outside of their network as everybody said. Believe me I did that.
I am surely interested!
https://www41.zippyshare.com/v/JV1eNbV6/file.html
https://www41.zippyshare.com/v/IDRwX6Eo/file.html
there some pcaps.
--I always need help..pff
UPDATE!
Need provider suggestion on APAC region or around ~150 ms on apac..host4fun dealt with it, now the attacker just bought another vps...lol @OVHcloud_APAC is there really anything can do if the attack is from inside the house? I currently have 6 dedis on ovh, anywhere I can transfer with as good as ddos protection? I see the attacks only about 800mbps and 1.5 gbps max.
@wdmg services simply I cannot use because they are domain based, like a load balancer at work. my game server uses direct ipv4. I don't have its source or any knowledge on how to recode it. So I am looking for provider suggestion that is good latency on apac as metnioned above.
--I always need help..pff
@Brendan May be able to offer you something.
https://inceptionhosting.com
Please do not use the PM system here for Inception Hosting support issues.
As we mentioned in the ticket we can provide a static IP. Unfortunately, we didn’t receive a response if you wanted to proceed.
Feel free to reply if you’d like one!