Wednesday, May 29, 2019

PSA: Viasat is aggressively blacklisting Digitalocean IP addresses

I just talked with the NOC at Viasat and confirmed that they block a huge amount of Digitalocean IP addresses due to malware. I don't think their normal support agents are even aware they have IP blacklists so requests for unblocks have to be escalated to their security team.

They seem to be blacklisting entire /24 subnets even if only some of the IP's are sending malicious traffic. I've found this to be the cause of many websites not working including some of my own.

The best way I've come up with to test if Viasat is blacklisting an IP from a non-Viasat connection is to try and ping one of the core routers such as 64.125.54.230.

Their blocking is also implemented in a very strange way, if you try and connect to a blocked IP address from a Viasat connection every TCP port will accept your connection but do nothing other than accept whatever you write to it and eventually time out after no activity(I assume some box on Viasat's network is intercepting and responding to all TCP connections going to blacklisted IP's).



No comments:

Post a Comment