NeoProtect down

treesmokahtreesmokah
edited October 30 in General

Looks like they ate a massive attack and Datapacket(their only upstream that was also used for mitigation of large attacks) has nullrouted them. All locations are down, and downstreams are affected.

Last update:

https://bgp.tools/as/199414
https://status.neoprotect.net/incidents/kdmtx0wk3h1l

Comments

  • MikeAMikeA Hosting ProviderOG
    edited October 30

    I've never used Neoprotect or any services like them so excuse my ignorance, but do they just rely on CDN77/DP for volumetric mitigation? I always assumed they had their own filtering and could use any upstream.
    Edit: There's many large dedicated server companies like Limestone that use Neoprotect, I'm guessing that means all of the clients of those datacenters/server providers that have IPs for mitigation are also down eh, pretty bad situation to be in.

    For them to get dropped from CDN77/DP is surprising. I use them in Singapore and they've eaten multi-terabit attacks against some of my clients with no problems.

    ExtraVM - KVM NVMe VPS in USA, EU, APAC -|- RackColo - Find Colo - Discord: mikea (DM before adding)

  • treesmokahtreesmokah
    edited October 30

    @MikeA said: I've never used Neoprotect or any services like them so excuse my ignorance, but do they just rely on CDN77/DP for volumetric mitigation? I always assumed they had their own filtering and could use any upstream.

    They use them for pre-filtering basically, they have their own filtering for more sophisticated and application layer attacks, but all these big attacks are tanked by DP.
    NeoProtect doesn't have much of their "own" capacity, they heavily rely on Datapacket filtering large attacks.

    They have updated their status with this, now

    Thanked by (1)MikeA
  • NeoonNeoon OGContent WriterSenpai

    @treesmokah said:

    @MikeA said: I've never used Neoprotect or any services like them so excuse my ignorance, but do they just rely on CDN77/DP for volumetric mitigation? I always assumed they had their own filtering and could use any upstream.

    They use them for pre-filtering basically, they have their own filtering for more sophisticated and application layer attacks, but all these big attacks are tanked by DP.
    NeoProtect doesn't have much of their "own" capacity, they heavily rely on Datapacket filtering large attacks.

    They have updated their status with this, now

    Spicy, now they know a few TB's will make the BGP sessions drop.
    It doesn't even have to last for one hour to take them down for 1 day or more.

    Free NAT KVM | Free NAT LXC

  • treesmokahtreesmokah
    edited October 30

    @Neoon said:

    @treesmokah said:

    @MikeA said: I've never used Neoprotect or any services like them so excuse my ignorance, but do they just rely on CDN77/DP for volumetric mitigation? I always assumed they had their own filtering and could use any upstream.

    They use them for pre-filtering basically, they have their own filtering for more sophisticated and application layer attacks, but all these big attacks are tanked by DP.
    NeoProtect doesn't have much of their "own" capacity, they heavily rely on Datapacket filtering large attacks.

    They have updated their status with this, now

    Spicy, now they know a few TB's will make the BGP sessions drop.
    It doesn't even have to last for one hour to take them down for 1 day or more.

    To be fair, I don't blame Datapacket for dropping them at all, realistically NeoProtect are a small customer abusing the fuck out of DP's dirt cheap, large capacity ddos protection.
    Datapacket charges only $100 for their "advanced" protection, that they use all the time to tank massive attacks, its their entire business model.

    As i said, they had little of own capacity, and only filtered what wasn't already filtered by DP protection.

    Afaik these recent attacks caused issues for the whole Datapacket infra.

    It reminds me of TCPShield getting kicked out of OVH recently, because entire Miami location was having issues due to their attacks. It operated in a similar fashion, abusing low-cost mitigation.

    Edit: I have no idea if NeoProtect also paid $100 per location, like I was quoted, they could have some special agreement that I'm not aware of, but judging by how this situation was handled, I doubt it.

  • NeoonNeoon OGContent WriterSenpai

    @treesmokah said:

    @Neoon said:

    @treesmokah said:

    @MikeA said: I've never used Neoprotect or any services like them so excuse my ignorance, but do they just rely on CDN77/DP for volumetric mitigation? I always assumed they had their own filtering and could use any upstream.

    They use them for pre-filtering basically, they have their own filtering for more sophisticated and application layer attacks, but all these big attacks are tanked by DP.
    NeoProtect doesn't have much of their "own" capacity, they heavily rely on Datapacket filtering large attacks.

    They have updated their status with this, now

    Spicy, now they know a few TB's will make the BGP sessions drop.
    It doesn't even have to last for one hour to take them down for 1 day or more.

    To be fair, I don't blame Datapacket for dropping them at all, realistically NeoProtect are a small customer abusing the fuck out of DP's dirt cheap, large capacity ddos protection.
    Datapacket charges only $100 for their "advanced" protection, that they use all the time to tank massive attacks, its their entire business model.

    As i said, they had little of own capacity, and only filtered what wasn't already filtered by DP protection.

    Afaik these recent attacks caused issues for the whole Datapacket infra.

    So you telling me, they gonna Deadpool next week?

    Free NAT KVM | Free NAT LXC

  • treesmokahtreesmokah

    @Neoon said:

    @treesmokah said:

    @Neoon said:

    @treesmokah said:

    @MikeA said: I've never used Neoprotect or any services like them so excuse my ignorance, but do they just rely on CDN77/DP for volumetric mitigation? I always assumed they had their own filtering and could use any upstream.

    They use them for pre-filtering basically, they have their own filtering for more sophisticated and application layer attacks, but all these big attacks are tanked by DP.
    NeoProtect doesn't have much of their "own" capacity, they heavily rely on Datapacket filtering large attacks.

    They have updated their status with this, now

    Spicy, now they know a few TB's will make the BGP sessions drop.
    It doesn't even have to last for one hour to take them down for 1 day or more.

    To be fair, I don't blame Datapacket for dropping them at all, realistically NeoProtect are a small customer abusing the fuck out of DP's dirt cheap, large capacity ddos protection.
    Datapacket charges only $100 for their "advanced" protection, that they use all the time to tank massive attacks, its their entire business model.

    As i said, they had little of own capacity, and only filtered what wasn't already filtered by DP protection.

    Afaik these recent attacks caused issues for the whole Datapacket infra.

    So you telling me, they gonna Deadpool next week?

    Afaik pretty much their all infra was just dedis from Datapacket, rented. So if they were to get kicked out entirely, I could see it being a massive issue, larger than it already is.

Sign In or Register to comment.

© LowEndSpirit 2025

ipv6 ready