# ColoCrossing's Buffalo, NY network is slowing down? Too many Spammers?



## XFS_Duke (Feb 8, 2015)

I don't have anything with them in Buffalo, NY anymore, but I've been asked multiple times about the network in that location. I know a few people that have gotten servers lately from CC that has slow connections. Supposed to be 1gbps connections but are lucky to get 400mbps connection speeds. I'm not dissing ColoCrossing, just wondering if anyone else has been having these issues with their Buffalo, NY location. The server I do have with ColoCrossing in Dallas, TX is great, no issues.. So that's why I'm wondering...

Anyone got anything?

Cross posted on LE+ as well just to get a wide range of comments...


----------



## MannDude (Feb 8, 2015)

I don't have anything in that location. May be worth pining Biloh or Vial and see if they have anything to say on it. Will likely find a lot more folks on LET using that location but there will be some here too that can chime in.

Have you ticketed CC about this yet?


----------



## XFS_Duke (Feb 8, 2015)

Nah, I'm not a customer of their in Buffalo so it didn't affect me. However, I know people that do and I'm not sure if they ticketed in. I do mess with a server for one of the people and sometimes it's really slow but not all the time as some are reporting.


----------



## drmike (Feb 8, 2015)

Well test their looking glass files obviously.  Test LG files of other folks in racks in Buffalo.  Compare results.

Buffalo along with LAX + SEA + DAL locations are CC's self mixed Above/Zayo + ???  - at last check.  The blend may be underperforming.  You should test to BUF and from within BUF, both ends.

I've seen a lot of boxes in BUF that are crap for performance.   Gbit port and box connected at Gbit but fails to push but a fraction to anything - even in same facility.

I think they likely have people packet colliding on switching or clogs from rack to core switching/routing.

Word is that they have two networks going to some extent - a premium one and a budget one.  I am unsure of the difference, if just prioritization or something more.


----------



## drmike (Feb 8, 2015)

Very possible that they are stuffing a chunk of stuff now behind RIOs.

They appear to have slowness in other locations too, not just BUF currently.


----------



## drmike (Feb 8, 2015)

... based on my other thread ... I think they have masses of trash and abuse on their network (especially in Buffalo where it's concentrated).

Network can't be happy there at some point.  Blacklists are just one way too late indicator of dysfunction.


----------



## DomainBop (Feb 8, 2015)

drmike said:


> ... based on my other thread ... I think they have masses of trash and abuse on their network (especially in Buffalo where it's concentrated).
> 
> Network can't be happy there at some point.  Blacklists are just one way too late indicator of dysfunction.


If you've watched their Spamhaus listings for the past few months, you'll see they've graduated from being a haven for snowshoe spammers to also being a haven for malware botnet controllers....lots of botnet SBLs in the past few months.

Cleantalk showed a huge increase in web threats (comment spammers, hacker bots, etc) coming off their network starting last summer.

I'm still waiting for that little suburban pussy to answer the simple question I've asked him on WHT a few times _"why do you think other businesses should bear the cost of the crap coming off your network?"_


----------



## drmike (Feb 8, 2015)

DomainBop said:


> If you've watched their Spamhaus listings for the past few months, you'll see they've graduated from being a haven for snowshoe spammers to also being a haven for malware botnet controllers....lots of botnet SBLs in the past few months.
> 
> Cleantalk showed a huge increase in web threats (comment spammers, hacker bots, etc) coming off their network starting last summer.


I just turned back up my Spamhaus script - hadn't been collecting the entrees for a while 

Cleantalk and other places are next on my ideal to-be-developed collection list.  Will be nice to pull it all together in one little data pile with admin panel to keep eyes on them.


----------



## MannDude (Feb 8, 2015)

True NYC via DigitalOcean to Buffalo:


2 192.241.164.241 (192.241.164.241) 0.587 ms 0.587 ms 0.512 ms <-- NYC
3 66.110.96.25 (66.110.96.25) 0.589 ms 0.587 ms 0.583 ms <-- NYC
4 66.110.96.6 (66.110.96.6) 0.579 ms 0.643 ms 0.567 ms <-- NYC
5 63.243.216.14 (63.243.216.14) 2.284 ms 2.278 ms 1.179 ms <--Delaware
6 207.88.14.177.ptr.us.xo.net (207.88.14.177) 24.686 ms 23.823 ms 38.809 ms <-- ??
7 216.156.0.250.ptr.us.xo.net (216.156.0.250) 23.421 ms 23.401 ms 23.388 ms <-- ??
8 207.86.156.46 (207.86.156.46) 28.851 ms 207.86.156.58 (207.86.156.58) 13.760 ms 207.86.156.46 (207.86.156.46) 28.961 ms <-- ??
9 10ge-1-3-0.01-01.er2.buf1.colocrossing.com (75.127.11.230) 57.056 ms 56.603 ms 10ge-1-2-0.01-01.er2.buf1.colocrossing.com (198.23.192.134) 28.985 ms <-- Buffalo
10 10ge-1.03-c65.aggr2.buf1.colocrossing.com (192.3.11.10) 29.274 ms 29.147 ms 10ge-2.03-c65.aggr2.buf1.colocrossing.com (172.245.13.230) 31.167 ms <-- Buffalo
11 lg.buf.colocrossing.com (172.245.211.61) 14.377 ms !X 14.347 ms !X 14.333 ms !X <-- Buffalo


From Colostore in Southbend, Indiana:


2 206.212.242.217.gw.smart-dns.net (206.212.242.217) 0.276 ms 0.272 ms 0.265 ms
3 te0-0-2-2.nr11.b043460-0.sbn01.atlas.cogentco.com (38.104.216.161) 4.456 ms 4.443 ms 4.535 ms
4 te3-3.ccr01.sbn01.atlas.cogentco.com (154.24.13.93) 4.000 ms te3-1.ccr01.sbn01.atlas.cogentco.com (154.24.13.89) 3.975 ms 4.033 ms
5 te0-18-0-6.ccr41.ord01.atlas.cogentco.com (154.54.27.61) 4.247 ms 4.313 ms 4.352 ms
6 be2005.ccr21.ord03.atlas.cogentco.com (66.28.4.74) 4.329 ms 5.750 ms 5.737 ms
7 38.122.180.238 (38.122.180.238) 7.167 ms 6.135 ms 26.676 ms
8 eth4-5.edge1.nyc4.us.as5580.net (78.152.34.130) 33.266 ms 21.013 ms 20.981 ms
9 78.152.45.145 (78.152.45.145) 20.953 ms 20.937 ms 20.891 ms
10 78.152.60.39 (78.152.60.39) 28.871 ms 78.152.57.87 (78.152.57.87) 29.089 ms 78.152.60.39 (78.152.60.39) 28.847 ms
11 10ge-1-3-0.01-02.er1.buf1.colocrossing.com (192.3.138.22) 31.216 ms 10ge-1-1-0.01-02.er1.buf1.colocrossing.com (192.227.130.186) 31.190 ms 10ge-1-2-0.01-01.er2.buf1.colocrossing.com (198.23.192.134) 31.152 ms
12 10ge-2.03-c66.aggr1.buf1.colocrossing.com (172.245.13.226) 58.135 ms 10ge-1.03-c66.aggr1.buf1.colocrossing.com (192.3.11.14) 57.539 ms 10ge-1.03-c65.aggr2.buf1.colocrossing.com (192.3.11.10) 31.394 ms
13 * * *
14 lg.buf.colocrossing.com (172.245.211.61) 57.212 ms !X 57.204 ms !X 57.183 ms !X


From Choopa in NJ:


2 ethernet1-1-9-c5-14-b2-cas2.pnj1.choopa.net (64.237.34.233) 2.712 ms 2.828 ms 2.962 ms
3 ethernet17-3-br1.pnj1.choopa.net (108.61.65.221) 2.482 ms 2.401 ms 2.520 ms
4 ae-33.r05.nycmny01.us.bb.gin.ntt.net (128.241.2.201) 1.441 ms ae-35.r06.nycmny01.us.bb.gin.ntt.net (128.241.2.249) 1.981 ms ae-33.r05.nycmny01.us.bb.gin.ntt.net (128.241.2.201) 1.548 ms
5 ae-3.r05.nycmny01.us.bb.gin.ntt.net (129.250.4.204) 1.829 ms 1.794 ms 1.717 ms
6 xe-0-4-0-35.r05.nycmny01.us.ce.gin.ntt.net (129.250.194.54) 10.440 ms eth4-3.core1.nyc1.us.as5580.net (78.152.44.201) 1.771 ms xe-0-4-0-35.r05.nycmny01.us.ce.gin.ntt.net (129.250.194.54) 6.555 ms
7 eth4-3.core1.nyc1.us.as5580.net (78.152.44.201) 1.768 ms 4.478 ms 4.363 ms
8 78.152.45.145 (78.152.45.145) 4.322 ms eth1-1.edge1.nyc4.us.as5580.net (78.152.35.130) 4.262 ms 78.152.45.145 (78.152.45.145) 4.230 ms
9 78.152.60.39 (78.152.60.39) 9.493 ms 78.152.57.111 (78.152.57.111) 9.640 ms 78.152.45.145 (78.152.45.145) 4.075 ms
10 10ge-1-2-0.01-01.er2.buf1.colocrossing.com (198.23.192.134) 14.985 ms 78.152.57.111 (78.152.57.111) 9.841 ms 10ge-1-3-0.01-02.er1.buf1.colocrossing.com (192.3.138.22) 14.930 ms
11 10ge-2.03-c66.aggr1.buf1.colocrossing.com (172.245.13.226) 14.499 ms 10ge-1.03-c65.aggr2.buf1.colocrossing.com (192.3.11.10) 16.042 ms 10ge-2.03-c65.aggr2.buf1.colocrossing.com (172.245.13.230) 9.738 ms
12 * * *
13 lg.buf.colocrossing.com (172.245.211.61) 42.714 ms !X 42.602 ms !X 42.540 ms !X


From Atlanta, Georgia:


```
2  xe1-3.edge-ab.atl01.coloat.com (184.170.251.249)  0.361 ms  0.400 ms  0.603 ms
 3  78.152.46.193 (78.152.46.193)  0.299 ms  0.337 ms  0.391 ms
 4  eth2-1.core1.ash2.us.as5580.net (78.152.35.128)  16.782 ms  14.802 ms  14.810 ms
 5  eth6-2.core1.nyc1.us.as5580.net (78.152.45.192)  20.178 ms  20.240 ms  20.291 ms
 6  eth1-1.edge1.nyc4.us.as5580.net (78.152.35.130)  31.093 ms  24.663 ms  24.685 ms
 7  78.152.45.145 (78.152.45.145)  24.518 ms  24.434 ms  24.443 ms
 8  78.152.60.49 (78.152.60.49)  52.454 ms 78.152.60.39 (78.152.60.39)  65.277 ms  65.276 ms
 9  10ge-1-3-0.01-01.er2.buf1.colocrossing.com (75.127.11.230)  78.780 ms 10ge-1-2-0.01-01.er2.buf1.colocrossing.com (198.23.192.134)  65.610 ms  65.638 ms
10  10ge-1.03-c66.aggr1.buf1.colocrossing.com (192.3.11.14)  112.347 ms *  112.766 ms
11  * * *
12  lg.buf.colocrossing.com (172.245.211.61)  82.538 ms !X  82.551 ms !X  80.947 ms !X
```


----------



## MattKC (Feb 10, 2015)

I like the reply I got from MSPNick when I suggested Biloh clean up his network vs forcing people to jump through hoops to get clean ip's: "Some users don't mind having dirty IP's" (can't direct quote thanks to let being down yet again).


I'd think this comes more from people not realizing their ip is soiled vs not caring. But by all means I welcome anyone with this mentality to change their order form to include a check box stating the customer agrees to knowingly receive a blacklisted ip (spam or the ever increasing malicious activity coming from the colocrossing network) and is 100% fine with receiving such.


As for me, I have blocked most of their network from my server's as it is. Spam, brute-force and scanning dropped significantly after blocking them. I could care less if it blocks a few legitimate users, it blocks far more illegitimate users/bots.


----------



## HalfEatenPie (Feb 10, 2015)

MattKC said:


> I like the reply I got from MSPNick when I suggested Biloh clean up his network vs forcing people to jump through hoops to get clean ip's: "Some users don't mind having dirty IP's" (can't direct quote thanks to let being down yet again).
> 
> I'd think this comes more from people not realizing their ip is soiled vs not caring. But by all means I welcome anyone with this mentality to change their order form to include a check box stating the customer agrees to knowingly receive a blacklisted ip (spam or the ever increasing malicious activity coming from the colocrossing network) and is 100% fine with receiving such.
> 
> As for me, I have blocked most of their network from my server's as it is. Spam, brute-force and scanning dropped significantly after blocking them. I could care less if it blocks a few legitimate users, it blocks far more illegitimate users/bots.


Boom. Ruthless. I've seen quite a few networks start adopting this actually. Bigger headache to deal with is right. While I totally understand from those legit users who are affected, in the end time saved not having to deal with malicious CC traffic is time earned to spend on more productive tasks. Fantastic.


----------



## drmike (Feb 10, 2015)

MattKC said:


> I like the reply I got from MSPNick when I suggested Biloh clean up his network vs forcing people to jump through hoops to get clean ip's: "Some users don't mind having dirty IP's" (can't direct quote thanks to let being down yet again).


MSP Nick, you mean that fellow that was just trying to sell SEO Services on here and proven to be thefting sales materials from sketchy Indian spammers?  Cause that's how I caught him doing that - from SPAM.

See: 

Ironic isn't it that such a person defends CC's filthy network?


----------



## zionvps (Feb 12, 2015)

I had a service in that area but i cancelled a long time ago when the whole ip block got listed in spamhaus and emails started ending up in spam.


----------



## drmike (Feb 12, 2015)

Word is CC booted something out of the network mix for some reason.... Looks like yesterday to be XO a sliver and rest Hibernia/Atrarto.


----------



## Steven F (Feb 12, 2015)

See, I actually really liked the CC Spamhaus listing. I didn't have to worry about selling to spammers. Any client that wanted lots of IPs wasn't mailing. I still have some of these clients and they're fantastic to work with. So, it's not all bad!  

DDoS mitigation isn't as simple as adding RioRey devices. You need to make sure your upstream can actually handle the attacks.


----------



## weloveservers (Mar 30, 2015)

XFS_Duke said:


> I don't have anything with them in Buffalo, NY anymore, but I've been asked multiple times about the network in that location. I know a few people that have gotten servers lately from CC that has slow connections. Supposed to be 1gbps connections but are lucky to get 400mbps connection speeds. I'm not dissing ColoCrossing, just wondering if anyone else has been having these issues with their Buffalo, NY location. The server I do have with ColoCrossing in Dallas, TX is great, no issues.. So that's why I'm wondering...
> 
> Anyone got anything?
> 
> Cross posted on LE+ as well just to get a wide range of comments...


It's always been slow - this is due to them operating on such low margins, making them use lower peforming networks. Plus, huge blocks of their addresses are blacklisted on most spam rbls.


----------



## drmike (Mar 31, 2015)

XFS_Duke said:


> Supposed to be 1gbps connections but are lucky to get 400mbps connection speeds.


It sounds like their rate limiting to cap DDoS Stressheads might be what is capping you.  Perhaps they capped you under threshold so you wouldn't later complain about speed reduction.

Now you buy a Gbit connected server and you get less than half of that.  New market per se for Gbit port but limited throughput.  Not a terrible idea all said, but still see CC resellers pushing Gbit when the stuff can't sustain that for long without being dinged.


----------

