Keith C. Perry via plug on 14 May 2024 15:19:27 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Network question


I'm also going to disagree but for a different reason.

When someone tells me that they are being randomly probed- which is literally everything on the internet, my first instinct isn't to tell them to move to some cloud / VPS or data center this or that.  That is not the solution for this issue.

What is, is suggesting people to review their network security and then also taking to time to consider when is the last time they ran through a complete rebuild of they systems and data from their backups.

It is far more likely that any hosted, EXCEPT for in data center or privately (i.e. local ISP), is going to have a high probability of seeing a real attack.  Since Akamai took over Linode I have had at least 3 instances of mail servers getting blocked by M$ because of someone else in the supernet of our net was being a bad actor.  Before the take over, I think there was 1 case in 2 years.  Most ISP's have become lax in naming their assignment but in well over 10 years with Comcast Business Class that has never happened to me.

I get that most people don't want to pay Comcast or Verizon for static IPs generally but I would much rather actually have everything under my control than on cloud or VPS.  They are not magic bullet and in this case not even the root cause solution.


~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ 
Keith C. Perry, MS E.E. 
Managing Member, DAO Technologies LLC 
(O) +1.215.525.4165 x2033 
(M) +1.215.432.5167 
[ http://www.daotechnologies.com/ | www.daotechnologies.com ]

----- Original Message -----
From: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
To: "JP Vossen" <jp@jpsdomain.org>, "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Sent: Tuesday, May 14, 2024 5:21:01 PM
Subject: Re: [PLUG] Network question

I'm going to disagree and say that I've heard some not so good things 
about Linode from somebody who heard unsavory things about goings on 
there from an employee, which I don't want to repeat here since it was 
kind of off the record, but they were not things that gave me warm fuzzy 
feelings about setting up workloads with them. And I think even here it 
came up recently that Vultr was doing unsavory things as well.

Personally, I've used a number of VPS providers over the years, 
including several which went belly up overnight or did things like doing 
a migration and losing all your data, that don't exactly endear you to 
them (though I've never suffered data loss myself since I was prepared 
for that). Some of those were ultra-low cost VPSes though and you 
certainly do get what you pay for.

For the past several years, I've been using Digital Ocean, which I've 
been very happy with. Unlike AWS, it's a flat-rate VPS, and they don't 
throttle you. Also works for SMTP, so that's my main email relay, 
accepting some mail there and forwarding other internal mail onwards 
over a VPN tunnel.

Their cheapest VPS starts at $4 per month. If you want to give Digital 
Ocean a try, you can use this referral link, which (disclaimer) would 
give us both some free credit: https://m.do.co/c/cb5744b400ef

However, regardless of if/how you sign up, I can personally say I would 
not be comfortable using Linode or Vultr with some of the things I have 
heard. Most of the people I work with have switched to using Digital 
Ocean for their workloads from Linode or other stuff (including me, I 
switched to it at somebody else's recommendation). I can't say that 
Digital Ocean is perfect either, and I'm sure it's not, but so far the 
performance is good and I haven't had any issues* with them. For 
anything ultra-sensitive or with large disk/storage requirements, I 
usually run that on-premises anyways for security or cost-effectiveness.

*The only minor issue is that sometimes some RBLs are really stupid and 
penalize entire Digital Ocean IP ranges due to spam... but IMO a) these 
are garbage RBLs in the first place, since that's a garbage spam 
detection technique so these are untrustworthy RBLs and nobody should be 
using those anyways and b) in practice, I have never really had email 
delivery issues anyways, with everything set up properly, just showing 
up on one or two RBLs out of a large number of them, purely because of 
the IP range, and I can't say this wouldn't happen with other cloud 
providers as well. But if IP reputation is a big concern, you should 
probably bring your own IP anyways.

On 5/14/2024 2:40 PM, JP Vossen via plug wrote:
> +1 for Linode.  I've had a tiny $5/mo VM there for years and been very 
> happy.  I was a little worried when Akamai bought them, but so far so 
> good.  My VM hosts my web site and external DNS, and it's my mail and 
> VPN/SSH relay as well, expressly for the reasons discussed in the rest 
> of the post (that I mostly trimmed).
>
> On 5/14/24 02:05 PM, John Kreno via plug wrote:
>> What Rich mentions is a good solution
>>
>> On Tue, May 14, 2024 at 1:50 PM Rich Mingin (PLUG) via plug 
>> <plug@lists.phillylinux.org <mailto:plug@lists.phillylinux.org>> wrote:
>>
>>     Is the default answer no longer Linode? I still have my front-end 
>> VPS
>>     with them. I actually bypass my need for having direct SSH home by
>>     using a VPN to my Linode, and routing lots of stuff through there.
>>
>>     On Tue, May 14, 2024 at 1:43 PM Steven Grunza via plug
>>     <plug@lists.phillylinux.org <mailto:plug@lists.phillylinux.org>> 
>> wrote:
>>      >
>>      > Any recommendations for a VPS provider?  I'm looking for 
>> someplace to have a MQTT / MQTT-SN broker while I work on an IoT 
>> project.
> Later,
> JP
> -- -------------------------------------------------------------------
> JP Vossen, CISSP | http://www.jpsdomain.org/ | http://bashcookbook.com/
>
> ___________________________________________________________________________ 
>
> Philadelphia Linux Users Group         -- http://www.phillylinux.org
> Announcements - 
> http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion  -- http://lists.phillylinux.org/mailman/listinfo/plug


___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug