On Thu, Sep 10, 2020 at 8:48 AM Dr Gerard Bulger gerard@bulger.co.uk wrote:
I know we should dilute our dependence on OVH, but cheap and seem to ignore the fact the machine is an exit node.
OVH has a seemingly patented a system to deal with denial of service attacks. I am not sure what they detect but when they do we get this:
*“We have just detected an attack on IP address x.x.x.x. In order to protect your infrastructure, we vacuumed up your traffic onto our mitigation infrastructure. The entire attack will thus be filtered by our infrastructure, and only legitimate traffic will reach your servers. At the end of the attack, your infrastructure will be immediately withdrawn from the mitigation”*
I have a server (not a relay) with OVH, and also started receiving these recently. I raised a ticket with them to ask for more information about the detected attack (what port/proto etc) because there are legitimate uses that may look a bit like an attack (the boxes sit behind a CDN, so you can end up with a lot of requests/connections from not may IPs)
Worryingly, they couldn't actually tell me - all I managed to get back was "looks like it's a false positive". It's triggered a few times since, with no sign of anything even remotely suspicious in my traffic graphs.
I know this doesn't really add much knowledge about what they're detecting, but the point is more that they don't seem to be overly clear themselves