DDoS Extortion Investigation. Russia Business Network
Feb 2, 2008
My company is conducting an investigation against an unidentified entity which I currently believe to be Russia Business Network ( [url]
On at least two occasions we have had customers with only minor DDoS issues (let us say 100 - 1000 Mbps at peak) suddenly experience 2 - 4 Gbps attacks which require a $100 to $500 service to jump to roughly $2000 - 5000 per month depending on exact specifications. Naturally this type of issue is not good for the business of our customers and subsequently not healthy for ours.
On each occasion an unnamed individual (I know who they are but I will reserve judgment at the moment) will come forward offering to let our customer try a "special new" protection product they developed that can protect against 10 Gbps for only $2000 which is sometimes a fraction of what my company or any other respected mitigation provider would be forced to charge.
Here is the network they end up on: [url]query=SBL62147 .. and up goes another red flag. When you take a look at this network it routes to ELTEL in St. Petersburg, Russia ( [url] which based on some basic analysis I very seriously doubt has any form of mitigation capabilities, much less multi-Gbps.
Essentially what is happening is they're buying "protection" for $2000.00 per month from the "company" who is actually committing the attacks when in reality that end user has no significant DDoS issues.
I'm actually sitting on a lot more data than this but I need to collect some more data and opinions on whether or not this is linked to RBN. Once my investigation is complete I will issue a full report.
View 14 Replies
ADVERTISEMENT
May 13, 2008
Our network have been ddosed very heavily for the last 15 days.
These attacks are relatively small 50 - 100 mbits at most but in very very high PPS rate.My firewall counts 10Billion packets in a single hour of an attack period.
We are dealing with these attacks with a combination of freebsd pf transparent bridge firewalls and mostly null routing.
I were able to capture some packets from different attacks from last week and today.
After deeply checking these attack capture files I can see that our attack comes from several thousands different spoofed Ip addresses but always the same mac address in their packet headers.So I thought if this attack is coming to us from a single machine rather than hundreds of different zombie servers.
I don't have a clue how to trace back this attack and find the real ip address behind. My upstream provider also don't have enough knowledge to help me.
So after todays attack I thought about sharing my capture files during attack and hope that someone here will help me. And show me a way to trace back these attacks.
View 13 Replies
View Related
Nov 30, 2008
Yes, this is probably my first and last thread about reviews about any service provider.
I personally hate bashing people and always tend to resolve matters on my own with providers/customers without involving 3rd party (current/past customers and providers can acknowledge this) but this time its gone way out of the line and this thread is purely meant as a negative review of Ecatel or Colinks or Iqarus or whatever you call this slimy set of people. I am done speaking soft and trying to act nicely to them.
What made me go this far? If a provider accepts the fact that he is wrong after proving countless number of times, I would not make this thread. Heck, I would not make this thread if they did NOT agree that its their fault. This case is gone so far that these people blame me (personally) for all the crap that they have dug. Now its time to bury them in the same pit.
They have ripped me of for around 5000 EUR worth of business every month. I won't go into details but the reason for cancellation is described later in this thread. They have ignored all later attempts of contact after terminating services with us. So I have no clue as to what their problem was.
Coming to the thread title now... does anyone know about the fact the Ecatel was formerly known as Iqarus and before that as Colinks. If there are any senior/old members on this forum who can comment on it, I am sure they can provide quite a number of incidents where this Company has scammed 100+ number of clients.
Here are few links right here on WHT that shows Iqarus's scams:[url]
9 100s of threads claiming their history to be fraudulent
For proof here is one:[url]
Quote:
213.202.214.0/32
Removed ecatel.net SR04
2008-09-28 21:19:58
SBL44871 ECATEL-AS AS29073 = iqarus.com = Colinks = as29073.net
89.248.160.0/20
Removed ecatel.net SR04
2008-09-28 21:20:11
SBL44870 ECATEL-AS AS29073 = iqarus.com = Colinks hosting spammers
At this point it is very easy to tell what kind of a shaddy organization this is. Sending SPAM emails consecutively and become known for it... hmmm.
Okay, lets all assume that now Ecatel is a clean organization. May be the bad habits have been left to die with the two old fraudulent Companies. But NO! They are the same set of people and have turned even worse... Now they are in direct relationship with the a Russian cyber-gang known as the Russian Business Network (RBN). I make a big claim here because the RBN is probably wanted by most law-enforcement authories around the world. You can read more about RBN here, here and here (please read this in particular).Now here are my findings depicting RBN and Ecatel's affiliation:[url].[url]
Here is a detailed explaination of their recent outage which also shows their relationship with the RBN AND their slimy activies (I love this link):[url]
You can just Google "rbn ecatel" and find thousands of results deeming this organizations links with the RBN. I am now not the sole person having these facts. Most people involved with networking security know about this and now its time for the layman to know too.
At this point I proved that it is safer to keep away from Ecatel so that:
- you can stay away from all RBN related prosectutions
- prevent yourself from being scammed (colinks/iqarus quote)
I know pretty well how Ecatel is going to react/reply to this thread. Obviously for starters put up a pile of garbage info they will generate on me with no factual evidence whatsoever (they have gone far enough as to mention I have links with RBN and thus my rant here). AND completely ignoring to defend themselves of the claims I have made above (its their specality on escaping such blames).
I urge everyone of you to first ask Ecatel for a response for the above claims and then (if they last that long; they can open a new thread, WHT loves good content) they can hammer me with all the garbage they will pile up. Notice here that, all my proof of evidence is directly quote from 3rd party reliable websites and not from my email inbox that only I can verify. Ofcourse Ecatel will ignore this statement and continue to hammer me with falsified information, but I have another reliable 3rd party website that I can use as protection (as atleast he says the situation the same way as I do).[url]
I hope you all make proper and informed decisions. Oh btw, according to Dutch law (or perhaps every country's law) an Internet Service Provider needs to have an agreement with their client about what they are allowed to run on their network (known as Terms of Service/Acceptable Usage Policy) and Ecatel has none. These people can be shutdown easily because of just this, forget all the RBN and crap!
Its 4:30 AM here. Will go and get a cup of coffee and wait for replies. Will definite get my lawyer working on these guys. I am hell determined to close this case for good. And extremely sorry for the long thread...
View 14 Replies
View Related
Apr 16, 2009
I am intending to setup a network as the following:
NOC1:
Cisco/Dlink Managed Router
Firewall with DOSS protection
Server1
Server2
Server3
Backup Data Bank Drive
NOC2:
Cisco/Dlink Managed Router
Firewall with DOSS protection
Server4
Server5
Server6
NOC2 are backup servers. I will need to have whatever in NOC1 to be written to NOC2, i think is call IP mirroring or RAID , not too sure
My [url]is going to have nameserver1/2 to zoneedit. Zoneedit hosts reliable DNS servers. It also support something call failover.
So if NOC1 is down, i will switch to IP to NOC2 IPs.
Now, if i face a DDOS attack, i am suppose to switch to a DDOS attack managment company (with big bandwidth and blocking), is it as simple as switching the [url]to the DDOS attack management company using zoneedit and the company will than link back to my noc1/2 ?
How does it works?
Is the way i setup the network correct?
View 14 Replies
View Related
Jul 26, 2008
what necessary documents do I need to file a complain about a hosting company for deleting my servers for no reason.
I will be failing a complain to Federal Bureau of Investigation, but I would like to know what kind of documents do I need to provide in this case.
I already have a lawyer that I used in other cases regarding other reasons, but I would like to know from you guys what documents are required.
I had over 200 clients on the server and they have deleted everything for no reason.
Never use this hosting company [url]
Paid him the money for the servers and in the next coupel of days he deleted all my 200 clients and my server.
View 14 Replies
View Related
Jun 11, 2008
I have been consistently attacked by Russia.
When I had apache my server would die and you couldn't even SSH. Now I have Litespeed my site loads but SUPER SUPER slow.
Last night I was SYN Flooded with 125mbps. Though they consumed nearly all my bandwidth and I owe the DC tons of cash in bandwidth now. I managed to block Russia and the load halved to about 50 and the site was still functional but intermittent.
I have been running Deflate DDoS etc to block IPs.
I'm wondering if I get a load balancer with another box, would this fix my problems?
I heard you can modify the settings somewhere to identify syn attacks and auto block them.
View 3 Replies
View Related
Aug 3, 2007
does anyone know any good russian colocation in any cities?
View 1 Replies
View Related
Sep 7, 2008
What are the best know webhosts in Russia/Cyprus?
It must be in those two places, I have a server in the US but would prefer this data in either of those two places.
View 6 Replies
View Related
Apr 16, 2008
Can you recommand me a company or a private reseller for dedicated servers in eastern europe or russia?
Here are my requirements:
-1GHZ CPU
-512MB RAM
-10 GB hDD
-50mbit dedicated and unmetered connection with nearly all traffic to the EU and a ratio of 1:1
-good ping and speed to the EU
View 2 Replies
View Related
Jun 25, 2008
please recomend me any vps providers in india, rusia, china and other offshore states.
i want >256MB RAM, >2GB HDD, pay via paypal, >300GB bandwidth, one or two IPs
View 9 Replies
View Related
Nov 7, 2008
it's come under my attention that dragonara.net has been ddosing me today since morning from the ip:
194.8.75.229
What's so ironic about it is that the ip is from a UK DDOS protection site so i'm expecting some email with their services in the next hour or so. Stay clear of them they are fakes and e-terrorists.
View 14 Replies
View Related
Aug 25, 2008
Does anyone know some russian company that rents out space in their serverrooms with more or less unlimted bandwith? I need about 2-5 gb/s for streaming. And prefereably some company thats not 2 friendly to USA...
View 4 Replies
View Related
Oct 14, 2009
any experiences to report about purchasing used / refurb gear from either Network Liquidators (nweq.com) or Network Hardware (networkhardware.com)?
View 12 Replies
View Related
Oct 8, 2009
I am looking for some good ddos protection providers, via protected dns. I've searched on internet, but most of them are really expensive.
Please tell me some ddos protection providers what could help me.(gige is too expensive btw).
And I found some ddos protection scripts. How can a script protected a server from ddos? A sript like CSF or DDoS deflate?
View 12 Replies
View Related
Apr 14, 2009
To start I would like to point out that I am expressing my personal opinion and not my company's, although my experience comes from there.
In the last 2-3 months, we noticed an important increase of really hungry customers forcing us to upgrade our infrastructure almost weekly. While this is fun it is also very expensive and requires a lot of prefinancing; something that shouldn't be taken for granted these days. Most of these hungry customers are no doubt seedboxers and they consume an average of 75-85 MBIT/s on a so called unmetered 100 MBIT Port. All of this is fine for me, but I really start wondering what other professionals in this business think of these customers and how they control their bandwidth usage? OVH seems to be pretty clear about this: the more servers you get into your account, the less speed you get per server unless you pay for the pro SLA. I find it interesting, but I doubt that anybody who wants to run a seedbox is actually going to pay a few hundred bucks just to get bandwidth for something that may or may not generate some (legal?) revenue.
Just to ensure those who are following this and might be customers of us: No, we are not going to kick you out! I just want a discussion and get some point of views from others who have been facing the same issue before we actually did.
View 14 Replies
View Related
Feb 10, 2009
I have multiple valleywag friends who have gone with Zone.NET for server hosting. I decided to do the same a few weeks back and use them as well. I never got my IP and server info and called customer support. No kidding... been 9 days and Level 1 support kees saying someone will get back to me.
So today I call them and ask them if they are going out of biz because customer support is impossible bad, and he basically said yes!!! Wish they would have told me that upfront.
Anyway, wasted a few weeks with them. Now my cohorts and I are on the lookout for some new hosting companies. All recs welcome
View 14 Replies
View Related
Aug 15, 2008
We have been with servage.net for a few months now & have been having lots of issues with emails bouncing, web sites unavailable, very slow, support staff who ignore requests for help etc. etc. etc.
I have posted about them in these forums before.
For the last day the web site they host for us oznotes.net has been "missing", we cant login to cpanel, we have emailed they via the address on there page servage.net & got no reply – but this is typical, they have our money and dont seem to care!
We paid for 12 months hosting in advance
Does anyone know whats happening with them, I rang the TIO – Telecommunications Industry Ombudsman & they cant help with hosting companies.
View 11 Replies
View Related
Aug 11, 2008
My goal is to offer US, German, and Singapore/HK VPNs. What steps must be taken to achieve this?
View 13 Replies
View Related
May 13, 2008
I'd like to put up here a base question which I hope some will have the goodwill to answer even though it might touch some business secrecies.
We're a gameserver hoster since around ten years, running also vserver products since over two years now. Renting a few Racks in Europe since some time we're a bit in a question mark how rootserver companies deal with the initial hardware costs for every new customer.
Rackspace and today specially power costs are huge cash eaters here in Europe. Dedicated Rootservers are huge space & power consumers per customer ratio. The initial Hw costs for every new rootserver customer might be covered after 4-6 months (if the machine has to be bought newly), adding the bandwidth and power costs it might take up to 8-9 months until a benefit might come in.
Is this the business normality in the rootserver market (waiting 9 months for any benefit, or counting only on the benefit of the 2nd customer using the older Hw), or are the better ways to handle those "initial" costs or keep them affordably low?
View 1 Replies
View Related
Oct 5, 2008
Is anyone experiencing no communication from Vortech?
We have a Dell PowerEdge server co-located in a Vortech rack at Colo-Solutions in Orlando. We lost communication with the server 11 days ago, at 13:00 hours 24 Sept 2008. Dan (WHT user Danlvortech) at Vortech, said it was a failed switch and they were working on it.
Nine days ago at 17:00 hours on 26 Sept the network issue was still not fixed and all phone lines into Vortech were not working. We raised ticket requesting release of the server. Vortech billed us another month and agreed to release the ticket. Since then, we have had no contact from Vortech except closure of the original 'No Connection' ticket.
We have written to their CEO Brad Pugh, he does not reply. We try their phone lines every day, the calls are answered by the answering menu, but fail to forward to any department.
Dan and the other guys in Vortech Support do not respond to tickets relating to this matter.
We don't know where the server is!
Is anyone else experiencing similar issues with Vortech?
Does anyone know of any way to make contact with Vortech?
View 4 Replies
View Related
Mar 24, 2008
I'm starting a small web hosting/voice chat business. As I'm looking through sites with dedicated servers, I really don't have a clue as to the resource requirements of hosting multiple websites and a few teamspeak/ventrilo servers. What would you recommend I start out with in terms of hardware on a dedicated server?
View 10 Replies
View Related
Aug 27, 2008
I am doing SEO and Web designing business for past few years.The main problem I faced in my business is with webhosting.
First I bought shared hosting from some less reputed for cheap rates.But they scam me.
Second I bought a VPS, but they don't work or propagate in all areas.
So now I am going to take a well reputed company to host my sites.
View 14 Replies
View Related
Dec 26, 2007
Seems their page is up and they take orders, but my site is down for about a month. Emails to their support also get an error message that their smtp server isn't working.
They have been limping along for the last year with the server i'm on with almost full disk space all the time.
They also never updated cpanel. Cheap, but the quality was low.
View 14 Replies
View Related
Jan 14, 2007
How does peering work from the business angle? Say company X has bought a Gb port at an exchange, and wants to peer with other folks peering there. What are the folks typically going to expect from X before they'll peer with it? What are the
characteristics of X that would make folks willing/unwilling to peer? I've no idea what the relative importance of things would becontent (desirable, undesirable) WAN Network. (Does one have to have one?) technical cluefulnessBrand Qualities of the potential peer. It's hard to figure out the realpolitik of it all just by understanding the tech (BGP, etc.) and http://en.wikipedia.org/wiki/Peering .
View 14 Replies
View Related
Jul 12, 2008
What do you think of www.1and1.co.uk as they are now? I know recently they've had a blotched time, but have they improved?
I need a UK host and they have reasonable prices.
View 4 Replies
View Related
Apr 30, 2008
So, I no longer required my VPS at Knownhost. Stopping service was a snap. Sent an email off to billing, no questions asked. Done.
So? Why would I post this? I just wanted to state that my whole experience with Knownhost has been TOP OF THE LINE, the whole way. Support was always responsive, the service/downtime notifications were a snap via rss, I have NOTHING to complain about. Hell they even sent me a Christmas card :-)
So, what proof do I offer? I utilize a 3rd party Uptime service to historically log outages on various servers, let's look at the downtime report for the KnownHost VPS: ...
View 3 Replies
View Related
Nov 3, 2009
i'm starting an online advertising business and I'm looking for some kind of site-builder that facilitates web directory sites. Not just textual links.. but whole listings.. picture, menu, stuff like that, a google map to show location.. a proximity search feature.. anyone know of any site builders that have built-in templates to facilitate this? I suppose it's possible to pick a regular site builder with an ordinary template and start from scratch.. but it seems easier the other way.
View 7 Replies
View Related
Jun 2, 2009
I work for a company who is wanting to provide email accounts for about 300 users. There doesn't need to be any bells or whistles, only the ability to send and receive email. In fact, there probably won't be an enormous amount of activity on the accounts, though it could grow in time.
I'm a newbie at this and am unaware of all the available options. My first thought was to consider web hosting.
It seems like there are a hundred companies out there offering unlimited mailboxes for shared web hosting accounts. After some investigation, I saw that alot of these companies limit the sent emails to 250 an hour. This seems too low for comfort.
I started looking at VPS and Dedicated Servers and they seem to be a little more reasonable. Most of these hosting companies offered some type of squirrel mail or imp client, which would work fine.
Am I heading down the right track using a VPS or Dedicated Server at a company like inmotion? Did I misunderstand the 250 per hour limit? Could a shared hosting plan work comfortably for 300 active email accounts?
I've heard Exchange and Google Apps are popular, but after a cursory glance, they seem quite expensive for our needs (but maybe someone can explain why they are worth a closer look).
View 14 Replies
View Related
Oct 16, 2009
currently trying to start an IT business with my college friends.
Meanwhile, I am trying to start a personal business to make start-up money and gain experience.
And I have decided to start a Forex VPS business in Japan.
Forex or FX is gaining popularity here in Japan, and also Forex bots to trade autopilot.
But unlike US, there is no VPS to run Forex bots for 24/7.
I am imagining to start a Forex VPS similar to ForexVPS or forexvps.com.
I am in need of some advices on how to start such a VPS.
I am no programmer or technician, but I am willing to study and learn.
It would be great if I can get some information about what I need to prepare/purchase, what software I need, etc.
View 8 Replies
View Related
May 12, 2009
I have been a Forexer for some time now.
I have used Meta Trader 4 and VPS combo to create a 24/7 Autopilot Cash Machine.
I thought it would be great if I can use the money that I earned to start a VPS service for Forex in my country.
What do I need in order to get started?
View 4 Replies
View Related
May 23, 2009
any one using CRM Application to manage their hosting business.. like sugarcrm, salesforce, vtiger, oracle siebel, zoho crm..
if you are using crm, what type of benefits you will get?? how it helps you to grow?
im not talking about helpdesk softwares like whmcs, kayako..
View 4 Replies
View Related
