Author Archive jvdpq

OVH Support and useless firewall against other internal servers

This post is about being able to jump the OVH Firewall simply using a server inside OVH itself.

Lessons learned in short:
1) OVH does not have any kind of internal network isolation, so every other OVH customer can contact your servers directly (!!!) by simply poiting your public IP. You’ll not find this small “detail” reported anywhere.

2) TO install and maintain a firewall on your operating system (windows or linux doesn’t care) it’s absolutely mandatory: never,  never, never rely exclusively on OVH firewall. Yes, it’s powerful enough to stop DDoS attacks, trigger mitigations and BGP reroute, but it’s totally transparent (maybe it’s not involved in the routing ?) when the attacking IP comes from inside OVH. So it’s useless even to stop a silly RDP “wannacry-like” attack spread from some other OVH customer.

3) The OVH support does not necessary know how the things work on their side. They might come up to you with a random answer. It’s up to you to find out how the things really work, despite what they tell you.

4) The “Abuse Team” is not able to STOP other servers from attacking you, expect, I guess, when the attack involves a huge network traffic that makes  a big and red button flash somewhere. At least I hope. What the Abuse team is able to do, for sure, is simply contact the IP reported in the “abuse form” to ask the offending IP to kindly “stop” any action, even WITHOUT VERIFYING if there’s really something wrong happening (!!!) between who reported the supposed abuse.

Here below you can find the complete history of the support tickets… from the beginning to the last one…

Read More