Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Viasat is aggressively blacklisting Digitalocean IP addresses
14 points by jameshilliard on June 1, 2019 | hide | past | favorite | 7 comments
I just talked with the NOC at Viasat and confirmed that they block a huge amount of Digitalocean IP addresses due to malware. I don't think their normal support agents are even aware they have IP blacklists so requests for unblocks have to be escalated to their security team(which I'm still waiting to hear back from regarding removing the block).

They seem to be blacklisting entire /24 subnets even if only some of the IP's are sending malicious traffic. I've found this to be the cause of many websites not working including some of my own.

The best way I've come up with to test if Viasat is blacklisting an IP from a non-Viasat connection is to try and ping one of the core routers such as 64.125.54.230.

What should one do in situations like these?



Viasat has likely been sending abuse reports to DigitalOcean, and one too many abuse reports was ignored, resulting in Viasat nullrouting DO's IPs over this continued malicious traffic.


Yeah, that's basically what their NOC told me, although they didn't really have much of an explanation into why they were nullrouting /24 subnets when Digitalocean typically allocates single addresses.


Wouldn't malware simply spin up a new VM with a new IP to trivially get around single IP blocks? Wouldn't such blocks also put a lot of strain on the NOC to maintain.


Well since they seem to just block entire /24 subnets it does seem to have resulted in a large portion of Digitalocean's network being unusable from Viasat. I guess they think it's worth it to maintain those blacklists.


Its not hard for them to maintain blacklists, especially since they do not care about network quality.

If I were in your position, I would set up a proxy that appears as http traffic (so you fly under their radar).


From the perspective of a DO user or a Viasat user?

As more the latter than the former, I simply am prepared to use a VPN for any/all traffic at any time when using Viasat.

I have seen their transparent http proxies break when accessing kernel.org, and have also seen those proxies mess up gzipped data (https://bugs.debian.org/874321)

(They also blatently violated network neutrality before it got its teeth pulled.)


Well both really for me, now that I know what to look for I've been noticing a bunch of broken Digitalocean hosted websites on Viasat.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: