# Talk Show Host Starts IP Spoofing Friendly VPS Service In Buffalo



## DomainBop (Sep 19, 2014)

I'm torn between laughing and a massive facepalm.

I found this offer on LET and thought I'd share because every line of the offer, WHOIS, and website is flashing a warning sign.



> *Unmanaged KVM - 512MB Buffalo*
> 
> 512MB RAM 25GB Disk Space 1000GB Bandwidth 1Gbps Port Speed 1 IP Address 1 CPU Core *Spoofing Enabled* $6
> 
> Website: http:// bigbucks *.cc* Contact: bigbuckshelp @ *outlook.com*


Jerry Springer, hee hee.



> Registry Registrant ID:
> Registrant Name: SPRINGER JERRY
> Registrant Organization: SFDGDFGDF
> Registrant Street: 19 SAINTS ROW
> ...



Fake WHOIS, fake address on site, fake LLC, IP spoofing enabled, lorem ipsum text, blank TOS,  a ripped template, HackForums advertiser,...what more could you want  (OK, maybe a nulled WHMCS to complete the picture but they disappoint on this score by actually licensing their WHMCS).


----------



## yomero (Sep 19, 2014)

On a serious note, probably I need a host which allow this to fake some UDP packets send to the master list of Quake 3 and get one of my servers listed.

But despite that, this provider doesn't seem to be the best choice hehe...


----------



## Francisco (Sep 19, 2014)

That's amazing.

If spoofing is enabled in Buffalo that's sooooo sketchy.

I mean, it'd make sense, it's likely the cisco 3500's don't do ACL's in hardware.

Francisco


----------



## drmike (Sep 19, 2014)

The fncking pain!

512MB RAM 25GB Disk Space 1000GB Bandwidth 1Gbps Port Speed 1 IP Address 1 CPU Core Spoofing Enabled $6
Website: http:// bigbucks .cc Contact: bigbuckshelp @ outlook.com

*1. Spoofing enabled?!?!??!?!?!?!?!?!??!  Jon Biloh is this the type of sh!t you promote *in Buffalo?

*2. .cc domain?!?!?!?! Yeah.*

*3. Outlook.com email?!?!?! Wheee*

*4. From their website banner === "You can choose between Windows 2003, 2008 and 2012 operation systems!"*

Engwish?

*5. From their website banner == "At BigBucks we utilize our next generation top of the tier datacenter to be able to protect from attacks u to 125gbps."*

Next generation top of their tier.... KING OF THE BUFFALO SHIT HEAP.   Live from the ___6th___ floor?  Overlooking glorious Buff-a-whoa, with a view of lake mistake... Whee!

*6. http://bigbucks.cc/pricing.htm*

 = Lorem Ipsum

*7. Twitter block on their website = filler *

*8. From their website the phone number = a copied template details:*

https://www.google.com/?gws_rd=ssl#q=%22020+1345+3434%22

64 results.

Was this really an offer or just someone having fun?

BUT... if you throw the whois info on this you see some name servers... and those are in the same region....

Domain Name: SHOCKHOSTING.NET
Registry Domain ID: 1793569093_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Update Date: 2014-07-10 11:13:59
Creation Date: 2013-04-13 14:07:33
Registrar Registration Expiration Date: 2015-04-13 14:07:33
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: [email protected]
Registrar Abuse Contact Phone: +1.480-624-2505
Domain Status: clientTransferProhibited
Domain Status: clientUpdateProhibited
Domain Status: clientRenewProhibited
Domain Status: clientDeleteProhibited
Registry Registrant ID:
Registrant Name: Ashton Sherman
Registrant Organization: Shock Hosting
Registrant Street: 596 15 Hwy Lombardy
Registrant City: Smith Falls
Registrant State/Province: Ontario
Registrant Postal Code: K0G 1L0
Registrant Country: Canada
Registrant Phone: +1.6473814653
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: [email protected]ShockHosting.net
Registry Admin ID:
Admin Name: Ashton Sherman
Admin Organization: Shock Hosting
Admin Street: 596 15 Hwy Lombardy
Admin City: Smith Falls
Admin State/Province: Ontario
Admin Postal Code: K0G 1L0
Admin Country: Canada
Admin Phone: +1.6473814653
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: [email protected]ShockHosting.net
Registry Tech ID:
Tech Name: Ashton Sherman
Tech Organization: Shock Hosting
Tech Street: 596 15 Hwy Lombardy
Tech City: Smith Falls
Tech State/Province: Ontario
Tech Postal Code: K0G 1L0
Tech Country: Canada
Tech Phone: +1.6473814653
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: [email protected]ShockHosting.net
Name Server: NS1.SHOCKHOSTING.NET
Name Server: NS2.SHOCKHOSTING.NET

Unsure if someone is trolling Shockhosting or what...  They don't appear to use CC, well yet.  But they do use Limestone (which LEB had prior issues with)...


----------



## DomainBop (Sep 19, 2014)

LET deleted the offer so for anyone who missed it google cache



> Unsure if someone is trolling Shockhosting or what..


BigBucks has been advertising on the skiddie forums so an offer on LET is usually the next step up the ladder for many of these HF hosts (and probably very fertile ground for customer acquisition).



> *1. Spoofing enabled?!?!??!?!?!?!?!?!??!*


They also allow "small time ddosing". Scroll down on this ad and read the TOS snippets they included in their ad: _"No HEAVY ddos, small time ddosing etc is acceptable"_


----------



## Francisco (Sep 19, 2014)

drmike said:


> *1. Spoofing enabled?!?!??!?!?!?!?!?!??!  Jon Biloh is this the type of sh!t you promote *in Buffalo?


I doubt he's condoning it, but he shouldn't be allowing it to happen, period. ACL's should be in place for all outbound traffic. No, not prefix lists, but actual ACL's to stop spoofing. Any decent router will do ACL's in hardware which means there's minimal overhead doing so.

HF hosts are always fun. I was looking to buy a brand the other week, but after I figured out what brand it was (due to him sending the NDA via his companies [email protected] email), I found their entire customer base was hackforums. No thanks.

Francisco


----------



## Wintereise (Sep 19, 2014)

> I doubt he's condoning it, but he shouldn't be allowing it to happen, period. ACL's should be in place for all outbound traffic. No, not prefix lists, but actual ACL's to stop spoofing

Or, just don't use collapsed edges / cores if your router can't handle it.

If you don't have to worry about symmetric / asymmetric routing, unicast rpf is a very basic feature in most new switches.


----------



## GIANT_CRAB (Sep 19, 2014)

Someone will still buy from them.


----------



## drmike (Sep 20, 2014)

Anyone here who is familiar said spoofing willing to give this offerer a try or CC Buffalo for that matter?

Obviously something that should be documented as networks where such is "enabled" are in the far minority and origins of lots of trouble.

Always good to have more dried timber for burning their castle down.


----------



## ftpitnipon (Sep 20, 2014)

DomainBop said:


> They also allow "small time ddosing". Scroll down on this ad and read the TOS snippets they included in their ad: _"No HEAVY ddos, small time ddosing etc is acceptable"_


Small time ddosing lol

Some days ago, I got offer from someone who needs a dedi with spoofing enabled.He even said he will pay twice.I refused him


----------



## Francisco (Sep 20, 2014)

ftpitnipon said:


> Small time ddosing lol
> 
> Some days ago, I got offer from someone who needs a dedi with spoofing enabled.He even said he will pay twice.I refused him


I'm sure he'd pay 10x the normal price, it isn't like he's using a legit CC, it'd be stolen.

I'm still waiting for Ecatel to get depeered again. Oh those were the days~

Francisco


----------



## Deleted (Sep 20, 2014)

Their upstream providers all use BCP-38.. spoofing is pointless on modern networks.


----------



## Francisco (Sep 20, 2014)

ROUND 2. FIGHT!

http://lowendtalk.com/discussion/34745/bigbucks-cc-kvm-linux-windows-vps-4gb-ram-15-month-recurring#latest

I'm really hope they're taking him down because he's a ddos loving hackforums skid, and not because 'he is over the $7 limit'.

Francisco


----------



## MannDude (Sep 20, 2014)

The dude has got to be a troll.


----------



## Francisco (Sep 20, 2014)

MannDude said:


> The dude has got to be a troll.


No, he's just the usual HF host. If you ever browsed the site you'd see it's really common. What's not common

is seeing people trying to pull this crap in the US, usually it's a EU only thing (ecatel, voxility, random hosts in Ukraine, etc).

Someone has to be dumb as a cinder block to do that crap in a country the feds can walk on over and take an image of your drive.

Francisco


----------



## k0nsl (Sep 21, 2014)

It's gone already:





Francisco said:


> ROUND 2. FIGHT!
> 
> http://lowendtalk.com/discussion/34745/bigbucks-cc-kvm-linux-windows-vps-4gb-ram-15-month-recurring#latest
> 
> ...


----------



## MannDude (Sep 21, 2014)

Francisco said:


> Someone has to be dumb as a cinder block to do that crap in a country the feds can walk on over and take an image of your drive.


Maybe he was behind 7 proxies?

Source for those who don't get the reference (though you probably do: http://knowyourmeme.com/memes/good-luck-im-behind-7-proxies )


----------



## BrianHarrison (Sep 22, 2014)

ftpitnipon said:


> Small time ddosing lol
> 
> Some days ago, I got offer from someone who needs a dedi with spoofing enabled.He even said he will pay twice.I refused him


Now that is just hilarious.


----------

