On October 30, 2025, thousands of servers and online services went dark. Game servers, SaaS platforms, proxies, and entire infrastructure setups relying on NeoProtect Remote Shield suddenly became unreachable.
What happened was not a software bug, not a misconfiguration, and not a regional outage.
NeoProtect’s IP transit provider, Datapacket / CDN77, turned off all of NeoProtect’s BGP sessions.
When the upstream pulled the plug, NeoProtect lost its ability to announce customer prefixes globally.
NeoProtect confirmed the shutdown publicly:
"Our Upstream CDN77 / Datapacket has deactivated all BGP sessions towards our network. This results in full downtime of all associated services." — NeoProtect Incident Report, Oct 30, 2025
This was not a partial outage. It was a total loss of routing capability.
And the cause exposes a fundamental lesson about network architecture and the importance of IP transit resilience.
What Triggered the Shutdown?
NeoProtect was hit by a massive DDoS attack linked to the Aisuru botnet. The company confirmed:
"We faced a total of 5 different attack vectors… reaching up to many Terabits per Second." — NeoProtect Incident Report
They estimate peak attack traffic reached:
"around 10–20 Tbit/s peak for one of those vectors."
This volume is among the largest public DDoS attacks ever recorded.However, the attack is not what caused NeoProtect to shut down.
The shutdown was triggered by their upstream.
"Datapacket / CDN77 has decided to not turn our BGP sessions back on nor to provide services for such purpose going forward to anybody." — NeoProtect Incident Report, Nov 2025
That single decision eliminated Remote Shield overnight.
The Real Root Cause: Single Upstream Dependency
The most important line in NeoProtect’s statement reveals the actual weak point:
"The issues here however do not relate to technological capabilities of our software and/or hardware implementations, but solely the scale of operation."
For a DDoS-focused network, NeoProtect relied on only one upstream transit provider.
Meaning:
| Component | NeoProtect Reality |
|---|---|
| IP Transit Providers | 1 (Datapacket / CDN77) |
| Redundancy (BGP multihoming) | None |
| Ability to re-route traffic | None |
| Dependency on provider | Total |
When CDN77 removed their BGP sessions, the entire network disappeared from the global routing table.
Why Couldn't NeoProtect Just “Switch Providers”?
NeoProtect tried:
"We have talked to a total of 7 other providers to switch infrastructure to, however the urgency of the situation would not allow for a smooth or workable transfer."
Finding a new IP transit provider is not like switching web hosts. Routing contracts, onboarding, provisioning cross-connects, these take weeks or months.
NeoProtect confirmed they no longer had the capacity or capital to rebuild:
"We do not estimate that we could get the same or similar sized network / capacity up within a reasonable time-frame with the financial capabilities and staff capacity."
And critically:
"DDoS protection service in current times is not doable without millions of available capital."
Remote Shield Officially Discontinued
NeoProtect reached a final conclusion:
"Remote Shield will not be restored in the foreseeable future."
The service generating the bulk of their revenue is now gone.
What Does This Mean for Customers?
If someone relied on Remote Shield to protect their servers or infrastructure, the implications were immediate:
| Risk | Impact |
|---|---|
| No BGP announcement | Traffic cannot reach the servers |
| No mitigation tunnel | Attack surface exposed |
| Forced migration | No transition plan |
| Increased costs | Alternatives (e.g., CosmicGuard) cost significantly more |
NeoProtect plans to refund customers:
"Billing… will either be cancelled or reimbursed by us."
But that does not solve the migration problem.
What are the solutions to the Remote Shield Shutdown?
find another DDoS mitigation provider immediately.
But here’s the problem:
The closest alternatives, Cloudflare Magic Transit, Path.net, CosmicGuard cost significantly more, often for similar traffic volumes.
For companies running game servers, infrastructure nodes, SaaS platforms, proxies, or critical latency-sensitive services, this meant:
- Emergency migrations
- Unexpected expenses
- Service interruption risk
The tragedy isn’t just that Remote Shield went offline.
It’s that customers were fully dependent on it, without a backup plan or secondary mitigation provider.
What This Means for the Industry
NeoProtect’s shutdown didn’t just take down a product, it exposed a market weakness.
There is now a massive gap in the “affordable high-capacity remote DDoS protection” space.
Within hours of the incident, community channels lit up with messages from hosting providers, ISPs, and game server operators asking: “What’s the alternative to Remote Shield?”
There wasn’t a clear answer.
The industry suddenly realized that too many companies depend on a single DDoS network, and even more rely on upstreams without redundancy. Providers and small networks are now actively looking for:
- Multihomed DDoS mitigation providers
- Providers with Tier-1 diversity (not just resellers of one carrier)
- Networks that don’t collapse when one upstream disconnects
This shutdown instantly shifted demand.
The industry is already moving. New providers, communities, and even investors are positioning themselves to fill the void that NeoProtect left behind.
The Lesson: IP Transit Is the Foundation of Resilience
This outage proves something fundamental: DDoS protection is worthless if your IP transit architecture is fragile.
A robust global network requires multiple upstream providers.
What IP Transit Should Look Like
| Strategy | Behavior During Attack |
|---|---|
| Single Transit Provider | Transit cuts BGP → Your network disappears |
| Multi-Transit (2–5 upstreams) | Traffic reroutes to another upstream |
| Multi-Transit + Peering | Attack surface reduced, routing faster |
Redundancy is not optional.
A resilient carrier-grade network requires:
- Multiple IP transit providers
- Diverse geographical Points of Presence (PoPs)
- Proper BGP communities
- Automated failover
- Strategic peering (IXPs)
NeoProtect had software strength, but lacked infrastructure resilience.
Moving Forward: How to Avoid the Same Failure
If you operate a network, host servers, or run a SaaS platform, evaluate:
Do you control your routing, or does someone else?
Ask yourself:
- Do you rely on a single upstream?
- Can traffic reroute through another carrier?
- Do you own your BGP announcements?
- Do you have contracts that protect you during an attack?
Closing Thoughts
NeoProtect did not fail because the attack was too large. NeoProtect failed because their upstream transit provider could shut them down with one decision.
This outage exposed a painful truth:
Without control over IP transit and your infrastructure, your business is just renting reliability from someone else.
Shift helps networks avoid this kind of single‑upstream dependency by designing multi‑homed IP transit and infrastructure that stays online even when one provider does not. If you want to review your current setup, reach us at sales@shifthosting.com.
