MXroute Blocks AS9009

Why wait for someone else to post it somewhere when I can get ahead of it?

MXroute has begun blocking AS9009, M247, for knowingly hosting and approving of the hosting of an excessive amount of abusive services. It is clear from shared experiences posted by others on the internet that their stories are similar to ours. The M247 network is responsible for an amount of abusive traffic that far exceeds that of any other network.

Unfortunately we didn’t get numbers, as their IP space is too broad to run against our logs to really put all of the pieces together. What we know is that much of the worst abuse came from there repeatedly, and all servers and services are more accessible and lighter on load after having blocked their network. We significantly reduced spam, brute force, and effectively DOS attacks against services. All servers are performing much better as a result of this network block.

The downside? A very small number of users are using VPN services that use their network. This includes “some” (not all) pops from PrivateInternetAccess and AirVPN. An even smaller number of users are unwilling to hold their VPN providers accountable for utilizing this excessively dirty network, and consider it a deal breaker. We’re happy to refund those few, as we believe this is the right decision for our servers and, by extension, the vast majority of our users.

Some battles are best backed down from, but some are worth facing mild consequences and carrying forward with. Blocking the M247 network is one that we’ve knowingly chosen to press on with, and we hope that others will join us to hold them and the services that use them accountable, ultimately holding M247 accountable for the traffic in their network.

This is a story that we used to confirm that we were not alone in our experience: m247.com: An Other Kid On The (spamming) Block | ValueWeb.gr

11 Likes

:clap:t4: :clap:t4::clap:t4: Bravo

I’ve had this for six months already, along with the usual Ecatel 2.0 and so on
2019-12-09_20-26
nice to see I’m in good company :grinning:

3 Likes

Jarland’s turning Pfizer’s profit predictions beyond recognition.

2 Likes

Are we getting a write-up with stats on the MXRoute blog?

You ought to lend your weight towards putting the pressure on M247.

1 Like

It’ll be tough to run numbers but I may try. That’s a lot of IPs to run against a lot of gzipped logs.

I don’t know how much weight I have, but I’m gonna use it.

I can confirm that lots of VPNs use M247 network. But if your clients know about this it shouldn’t be much of an issue :slight_smile:

I just reconnected to another location on my VPN and it shows M247. NordVPN. It seems quite prolific for one reason or another.

Suggest them to move somewhere greener :slight_smile:

1 Like

NordVPN has already been revealed to be operating in Cyprus through their audit, rather than Seychelles as they claimed. There’s not much accountability with that provider, but plans sure are dirt cheap!

1 Like

I wonder if VPNs intentionally use ‘dirty’ networks because the proviers are more likely to be lenient about what types of traffic flows through their network.

3 Likes

I also like their quick TOR access path. Maybe not the choice for extreme privacy but if the goal is just to quickly get into the TOR network for some small task, makes a nice bridge.

Of course, on top of the dirt cheap server/bw pricing.

Do you block entire AS9009 (2159 IPv4 prefixes)?

I do

1 Like

Sorry jar, but I think this is a bad decision.
For the amount of abuse you receive from M247 you have to also factor in how big they are.
If I would guess, they are probably accounting for more than 20% of all VPN traffic in Europe.

But, and that’s a big but, M247 has a shit ton of residential IPs aswell.

If you block M247 you might aswell block ecatel, worldstream, leaseweb, they are just smaller and you probably don’t notice them as much because of that.

1 Like

Well I dropped server loads and gained performance and reliability for everyone by dropping them, and all I’ve upset are a few people who use VPNs at all times. Overall I think the gains have been positive. I haven’t seen any ISPs using their IP space.

Plenty of other networks out there that have abuse coming out of them that accept abuse complaints and try to keep their network clean.

Of course if things change on either side I can always re-evaluate.

What are the benefits of a non self-hosted VPN?

  • Get spied on by even more companies / governments
  • Enjoy sites blocked which weren’t before (NEW!)

Feel free to let me know if I missed something.

1 Like

Because M247 have quite a huge network and they’re relatively cheap.

VPNs like Windscribe come with some nice extra features like ROBERT, Flix unblocking etc.

However, as for what you said, I agree. 90% of my VPN use case is for unblocking content (Flix and others) and since it’s a hassle to always get new IPs when your hosting providers ASN is blacklisted a VPN Service is what I prefer. I’ve very much resorted to using SmartDNS instead now, though (Getflix). I also turn it on, on public Wifi. I do not however have any sorta always-on VPN mode running. SmartDNS is setup on router level and that unblocks the FireTV Stick and all other devices to watch Flix US and Hulu US.