Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Vultr DPI?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Vultr DPI?

J1021J1021 Member
edited November 2017 in Providers

Appears that Vultr are performing some level of DPI against traffic on UDP port 53.

DigitalOcean

Vultr

It seems here that minexmr is the keyword. Users have reported this issue whilst making outbound queries to external recursors and also when answering queries as a recursor.

Kudos to @Fusl for noticing this.

«13

Comments

  • RhysRhys Member, Host Rep

    Just tried to multiple dns servers from both NJ & Miami with the same results. As far as I can tell from a quick glance there's nothing in the ToS/AUP about traffic manipulation. Very worrying.

  • jackbjackb Member, Host Rep
    edited November 2017

    I'd suspect the ddos mitigation system rather than them deliberately targeting that keyword.

    Thanked by 1CConner
  • rm_rm_ IPv6 Advocate, Veteran
    edited November 2017

    String match on UDP port 53 is not "DPI", it's one line in iptables. Prolly as simple in other platforms as well.

    That said, Vultr is well-known to have little to no moral standards (see the $2.5 plan scam), so I totally would not put it past them to mess with your traffic arbitrarily.

    Thanked by 1klikli
  • jackb said: I'd suspect the ddos mitigation system rather than them deliberately targeting that keyword.

    I guess that is a possibility here, though my instance has no mitigation so I wouldn't expect them to be looking at my traffic.

    I know Fusl mentioned she hasn't received any communication on the issue from Vultr when she put it to them.

    Thanked by 1Rhys
  • raindog308raindog308 Administrator, Veteran

    @rm_ said:
    That said, Vultr is well-known to have little to no moral standards (see the $2.5 plan scam),

    You're bitter because you didn't get one. We got it.

  • rm_rm_ IPv6 Advocate, Veteran

    raindog308 said: You're bitter because you didn't get one. We got it.

    Lucky you!

  • Whoever said it yesterday or day before was spot on. Everything @rm_ posts seems to have a thin veneer of humanity surrounding a seething rage.

    Thanked by 1Clouvider
  • NeoonNeoon Community Contributor, Veteran

    Well, just hard code the IP, but it seems like you still cannot mine on these 2.5$ ones.

  • jarjar Patron Provider, Top Host, Veteran

    @raindog308 said:

    @rm_ said:
    That said, Vultr is well-known to have little to no moral standards (see the $2.5 plan scam),

    You're bitter because you didn't get one. We got it.

    I got two ;)

  • @jarland said:
    I got two ;)

    #SCAM!

  • @jackb said:
    I'd suspect the ddos mitigation system rather than them deliberately targeting that keyword.

    Nope, active blacklisting: https://wiki.opennic.org/_media/abusive_isps/vultr.png

    Thanked by 1hanoi
  • @Neoon said:
    Well, just hard code the IP, but it seems like you still cannot mine on these 2.5$ ones.

    It's bad for anything DNS resolver related - we noticed this when our users complained about it.

  • @jarland said:

    @raindog308 said:

    @rm_ said:
    That said, Vultr is well-known to have little to no moral standards (see the $2.5 plan scam),

    You're bitter because you didn't get one. We got it.

    I got two ;)

    ... but it’s still available in a few locations (NJ, etc.)?

  • maldoviamaldovia Member
    edited November 2017

    @doghouch said:

    @jarland said:

    @raindog308 said:

    @rm_ said:
    That said, Vultr is well-known to have little to no moral standards (see the $2.5 plan scam),

    You're bitter because you didn't get one. We got it.

    I got two ;)

    ... but it’s still available in a few locations (NJ, etc.)?

    Yes. But this isn't mentioned on their pricing page. Odd!

  • AnthonySmithAnthonySmith Member, Patron Provider
    edited November 2017

    It's a bit odd for them not to be transparent about it, what was their response when you opened a ticket?

    I guess if you take a neutral view, they are most likely doing it to combat resource abuse ultimately, which I am thankful for as a customer.

    I also have $2.5 server with them, it is doing nothing though.

  • FuslFusl Member
    edited November 2017

    AnthonySmith said: what was their response when you opened a ticket

    1st-level support didn't even know this was a thing, trying to tell me that it's a firewall problem on my side.

    • 2017-10-20 20:12:44 I reported the problem what I initially thought was 53/udp completely blocked
    • 2017-10-20 20:16:39 At first glance, it appears you have a local firewall running that is filtering TCP 53:
    • 2017-10-20 20:21:59 After debugging, I told them that I noticed that DNS requests that have "minexmr.com." in the name (anywhere in the domain, even "test.minexmr.com.google.co.uk.") are blocked
    • 2017-10-20 20:32:27 We are not blocking outbound or inbound traffic over port 53 at this time. It is likely to be an issue with your OS firewall configuration. Please review your firewall configuration and revise as necessary.
    • 2017-10-20 20:35:42 Ticket escalation requested
    • 2017-10-20 20:47:43 Ticket was escalated to network administrator department
    • 2017-10-20 21:02:52 Network administrator - We are seeing port 53 is firewalled, please open port 53 [...]
    • 2017-10-20 21:11:08 Long reply explaining it step by step
    • 2017-10-23 10:57:47 Three days(!) later, I sent them another example how they can reproduce this themself using any Vultr instance
    • 2017-10-23 17:59:39 Ticket was escalated to system administrator department
    • 2017-10-23 18:22:13 Sent reply shown here https://www.lowendtalk.com/discussion/comment/2456399/#Comment_2456399
    • 2017-11-03 02:41:24 I asked for a list of domains they block so I can reroute DNS traffic to other instances across my network
    • 2017-11-03 02:44:15 They denied my request to give me a list of domains because of For security reasons [...]
    • 2017-11-12 I'll be setting up the network on VPS247's improperly configured network because fuck censorship.
  • WilliamWilliam Member
    edited November 2017

    12.4 generally permits this:

    Vultr will cooperate with those attempting to minimize Internet abuse and reserves the right to institute "filters" or other mechanisms for that purpose

    Ideally we complain in California as consumer protection rights are far more accessible; Vultr operates multiple CA locations so the moving of legal to Florida (23.1 - for whatever reason) is invalid, the service is provided inside CA (we have CA instances in use.).

    @vultr I want my money back, not essentially for this censorship attempt but for:

    • The lies told by customer support (multiple, which clearly are attempts to get out of the situation at last, and if not your escalated customer support is dumb as rocks, as is your network engineer)
    • The terms not listing this at all, and not listing it is selective and what this is based on (how can we know what you censor is not essential to customer, or that you do not have other tricks as packet redirection? or MITM?)

    Considering this is also in effect in EU locations, with at this time extremely negative public stance on censorship, you might want to consider what your users think about this situation once we get it far more public, or what business loss you can easily generate by such idiotic attempts to fix issues that are not yours, and that technically stupid and covered by lies of your own support.

    Tl;dr: I explicitly reserve rights to any legal action concerning false information provided by your company due to possible malicious intent to continue operating this system without customer consent or information that it exists and how it operates. This includes the ability to subpoena customer support and other staff and question if they had knowledge of this system at the time of this ticket responses.

    Going out by ticket later as well; still in EFF and other talks, but Sunday is lame for legal stuff outside of Israel.

    Thanked by 4rm_ jiggawatt hawc Fusl
  • AnthonySmithAnthonySmith Member, Patron Provider
    edited November 2017

    Fusl said: Fusl

    well, based on that, I still think it is to combat abuse, lets be honest, you did not pick vultr to begin with due to their anti-censorship policies.

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    @AnthonySmith said:

    Fusl said: Fusl

    well, based on that, I still think it is to combat abuse, lets be honest, you did not pick vultr to begin with due to their anti-censorship policies.

    Yeah, lets be honest here, @fusl signed up for that premium RAID.

    Francisco

    Thanked by 3AnthonySmith Amitz Lee
  • AnthonySmithAnthonySmith Member, Patron Provider

    William said: Ideally we complain in California

    ideally, you don't complain at all.

    Thanked by 1Kris
  • rm_rm_ IPv6 Advocate, Veteran
    edited November 2017

    maldovia said: Yes. But this isn't mentioned on their pricing page. Odd!

    This is not odd, this is the entire point of the scam aforementioned. They "have" it in just two absolutely lesser interesting locations (to mark the tick box of "we have it"), then don't show that until you link your credit card and pay the initial deposit. Read mentions of @Vultr on Twitter, there's no shortage of people unhappy that they signed up and paid only to find out the $2.5 plan is not available in the location they want: example one, two, three, four. It appears like you can file a ticket and get a refund in such case, but they bank on that many/most will not bother, and will instead use the $5 plan "for now".

    The whole $2.5 thing is just for bait and switch, and deceitful advertising.

    raindog308 said: You're bitter because you didn't get one.

    And yes I can freely admit that I do bring this up in every instance where Vultr is mentioned, and will do so until the issue is resolved, i.e. until they state that the plan is location-limited on the pricing page, remove the plan, or make it available everywhere.

  • AnthonySmithAnthonySmith Member, Patron Provider

    rm_ said: And yes I can freely admit that I do bring this up in every instance where Vultr is mentioned, and will do so until the issue is resolved, i.e. until they state that the plan is location-limited on the pricing page, remove the plan, or make it available everywhere.

    Why though, what do you gain?

    genuine question, do you think they care?

  • @rm_ said: The whole $2.5 thing is just for bait and switch, and deceitful advertising.

    There were many comments (also from me) regarding Vultr's $2.50 plan on LET earlier this year. People drew their own conclusions.

    I pointed out that DO also requires you to sign up to see which plans are available, so Vultr isn't unique in this respect.

    Yes, the availability of the $2.50 plan is limited, but I don't see what's really wrong with this. Can't a provider decide to limit the availability of a given plan, for whatever reason? Yeah, I agree that it's not so great for all of the people who would like to get a $2.50 plan but haven't yet managed to get one (though two locations are currently available), but it's not the end of the world.

  • @DaveA care to address any of the bull's digestive emittance being tossed about?

  • @jarland said:

    @raindog308 said:

    @rm_ said:
    That said, Vultr is well-known to have little to no moral standards (see the $2.5 plan scam),

    You're bitter because you didn't get one. We got it.

    I got two ;)

    I found mine deleted for no reason. The staff said that the instance never exists, but it listed in the invoice. haha :D

  • raindog308raindog308 Administrator, Veteran

    William said: Vultr operates multiple CA locations so the moving of legal to Florida (23.1 - for whatever reason) is invalid, the service is provided inside CA (we have CA instances in use.).

    Unless it's a criminal complaint (what is the crime here?) you agreed that all disputes would be resolved in Florida.

    23.1. Jurisdiction, Venue, and Choice of Law. This Agreement and all matters arising out of or otherwise relating to this Agreement shall be governed by the laws of the State of Florida, excluding its conflict of law provisions. The parties hereby submit to the personal jurisdiction of the state and federal courts of Orange County, Florida in the event litigation permitted under this Agreement is initiated. Exclusive venue for any litigation permitted under this Agreement shall be with the state and federal courts located in Orange County, Florida.
    
    Thanked by 1Kris
  • One thing I have learned from visiting lowendtalk over the years is that there is a lot of lawyers on here .....

  • jarjar Patron Provider, Top Host, Veteran

    @Farish said:
    One thing I have learned from visiting lowendtalk over the years is that there is a lot of lawyers on here .....

    Law school is free now. All you do is hunt Wikipedia for a single legal entry that matches your opinions and boom: You are now a lawyer.

    Thanked by 3FoxelVox Kris Lee
  • IANAL has been superseded by I<3ANAL

  • @WSS said:
    IANAL has been superseded by I<3ANAL

    I know you like buttsex, but please, contain yourself my friend

Sign In or Register to comment.