Viasat aggressively blocking Digitalocean subnets/IP's

  • 1
  • Problem
  • Updated 6 months ago
  • Acknowledged
  • (Edited)
I talked with Viasat's NOC today while trying to isolate a bad route/connection between one of my Digitalocean servers and Viasat and found out that Viasat has been aggressively blocking entire Digitalocean /24 subnets due to malware.

This causes a lot of false positives since Digitalocean typically randomly issues single IP addresses. This blocking policy should at a minimum be changed to only block individual IP's rather than entire subnets for Digitalocean.

I figured I should make a post in case others are having this problem since it seems frontline support is not trained to identify connection issues cased by the blacklists and/or how to get blacklists removed for legitimate servers.

It would probably also be a good idea to put up some sort of public site that can be used to query if an IP is blacklisted by Viasat to make troubleshooting these types of route/connection issues easier.
Photo of James Hilliard

James Hilliard

  • 3 Posts
  • 0 Reply Likes

Posted 6 months ago

  • 1
Photo of Jim16

Jim16

  • 2453 Posts
  • 2183 Reply Likes
It appears blocking Digitalocean is done by a lot of isp's, and probably for a good reason....

https://www.google.com/search?client=firefox-b-1-d&channel=cus&q=blocking+Digitalocean

Photo of James Hilliard

James Hilliard

  • 3 Posts
  • 0 Reply Likes
I think most of those are limited to antispam blacklists not entire subnet blocks like what is going on here. Digitalocean is one of the largest hosting providers and blacklisting entire subnets will cause many legitimate sites to get blocked.