dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
104183
asiaip
join:2012-10-05
Clarkston, WA

asiaip to Arne Bolen

Member

to Arne Bolen

Re: CallCentric tech issues today?

So if i want to SIP URI forward to my voip.ms acct. I would enter in the CC Call treatments "This number" field:(my voip.ms acct#)@(myvoip.ms server)

Or if I want to SIP URI forward to my voip.ms INUM number I would enter in the CC Call treatments "This number" field:(voip.ms inum number)

Trev
AcroVoice & DryVoIP Official Rep
Premium Member
join:2009-06-29
Victoria, BC

1 recommendation

Trev to VexorgTR

Premium Member

to VexorgTR
said by VexorgTR:

If it's not fixed by Monday, CC is going to start looking incompetent.

Why? If a very well organized flash mob showed up at your business' door and all browsed through your aisles, asked staff for demonstrations, and asked several questions that they knew would take a long time to answer, but acted genuinely interested the whole time, only to eventually leave without purchasing anything, thus causing excessive waits for legitimate customers who really wanted to buy an AC-211, would you be considered an incompetent shop keeper?

That's basically how a high level DDoS attack would look like in the physical world.
a1computers
join:2012-10-06
Pasadena, CA

a1computers to VexorgTR

Member

to VexorgTR
This crappy attack could be accomplished by my 7 year old, I am not impressed by the attacker. At the end of the day a firewall log should have already shown which IP is sending expanded packets. Why CC has not simply blocked the IP or country or DHCP range is beyond me, but I am sure they have a good reason especially since packets are surely being sniffed by now for a trace. I am willing to bet that in days not weeks or months we will hear of some kind of a bust. And hopefully a bust in the back-side to for these a__holes. When I was young if you didn't like someone you took care of the problem directly. These losers are just plain losers who youtubed the power of a -l command
PX Eliezer704
Premium Member
join:2008-08-09
Hutt River

1 recommendation

PX Eliezer704 to VexorgTR

Premium Member

to VexorgTR
said by VexorgTR:

If it's not fixed by Monday, CC is going to start looking incompetent.

I disagree.

I think that this malicious attack has demonstrated that the CallCentric crew are a very dedicated and skillful group of people....

....who were on this problem from the beginning (even before the beginning when they got some early tremors), who responded aggressively and competently, going without much sleep for several days. I can vouch for that part because of communications at many different hours.

Keep in mind that CallCentric was likely targeted precisely because of its excellent reputation as a facilities-based provider.

There's no bragging rights if someone takes down an [easy] target.

If you were a young punk, you'd try to make a reputation challenging someone like Bat Masterson*, not challenging some farmer or merchant....

*People think so much of Bat Masterson with the Wild West, but he was born in Quebec and he died at a typewriter in New York City where he had become a sportswriter.
PX Eliezer704

1 edit

2 recommendations

PX Eliezer704 to a1computers

Premium Member

to a1computers
said by a1computers:

This crappy attack could be accomplished by my 7 year old, I am not impressed by the attacker. At the end of the day a firewall log should have already shown which IP is sending expanded packets. Why CC has not simply blocked the IP or country or DHCP range is beyond me....

Respectfully, that remark does not demonstrate much familiarity with this area.

[I'm being polite, BTW].

A massive attack such as this can involve hundreds or thousands of IP addresses simultaneously, and those IP addresses will be constantly changing. And they will be from many countries at once.

I suggest that you learn a little about DDoS attacks, botnets, zombie armies (of the computer kind), and so forth.

Here is something from a whole year ago, things have gotten worse since then....

A week-long DDoS attack that launched a flood of traffic at an Asian e-commerce company in early November was the biggest such incident so far this year, according to Prolexic, a company that defends websites against such attacks.

The distributed denial-of-service attack consisted of four consecutive waves launched from multiple botnets between Nov. 5 and Nov. 12, 2011, Prolexic said.

It estimated that up to 250,000 computers infected with malware participated in the attack, many of them in China.

At the height of the attack, those computers made 15,000 connections per second to the target company's e-commerce platform, swamping it with up to 45Gbps of traffic, Prolexic said.

»www.computerworld.com/s/ ··· _company

Similarly:

Kaspersky released a report regarding the distributed denial of service (DDOS) attacks that targeted companies in the second half of 2011 and they provided some interesting figures obtained by their botnet monitoring systems.

The numbers reveal that the longest attack recorded in the second half of the past year targeted a travel company and lasted for 80 days, 19 hours, 13 minutes and 5 seconds, and the average duration of DDOS attacks was 9 hours and 29 minutes.

»news.softpedia.com/news/ ··· 88.shtml
Mango
Use DMZ and you get a kick in the dick.
Premium Member
join:2008-12-25
www.toao.net

Mango to PX Eliezer704

Premium Member

to PX Eliezer704
Though we can do little more than speculate, I'd be very interested to know if the same attacker caused the problems with both Anveo and Callcentric. If so, who is next?

Trev
AcroVoice & DryVoIP Official Rep
Premium Member
join:2009-06-29
Victoria, BC

Trev to a1computers

Premium Member

to a1computers
said by a1computers:

At the end of the day a firewall log should have already shown which IP is sending expanded packets. Why CC has not simply blocked the IP or country or DHCP range is beyond me, but I am sure they have a good reason

Emphasis added.

If the attacks do not rely on receiving a response from their servers, it's not difficult to forge the header information of a UDP packet.

In this case, a firewall log is not helpful. Assistance from the NOC at every network the packets traverse is usually required to locate the culprit.

Sometimes it's MUCH easier said than done to get their cooperation.
a1computers
join:2012-10-06
Pasadena, CA

a1computers to PX Eliezer704

Member

to PX Eliezer704
Thanks for the update, but CC has manged to surpress the 2nd wave meaning something has been able to be calculated. I am sure CC has sophisticated hardware FW that you could implent range ban, packet inspection. Attacks get better all the time, can't argue with that.
eviljafar
join:2007-04-10
Montreal, QC

eviljafar to asiaip

Member

to asiaip
said by asiaip:

So if i want to SIP URI forward to my voip.ms acct. I would enter in the CC Call treatments "This number" field:(my voip.ms acct#)@(myvoip.ms server)

Almost. First you need to create a voip.ms sub account, register that sub account using your ATA or PBX, then create the call treatment. If your sub account extension is 1, your voip.ms account number is 100234 and your voip.ms server is new york, then create a CC call treatment to forward to 1002341@newyork.voip.ms.
steve1111
join:2009-09-23
Albany, NY

1 recommendation

steve1111 to VexorgTR

Member

to VexorgTR
Before the DDOS attack, I had a Call Treatment saying, if the status is "not registered", then forward call to my PSTN phone. I had tested this by pulling out the Ethernet cord. My Callcentric portal said "Not Registered" and calls were forwarded to PSTN phone. So far so good.

During the DDOS attack the status was "not registered" but calls were not being forwarded to my PSTN phone. Instead there was an error message. It seems that the "not registered" call treatment does not function when there is a problem on the Callcentric side.
PX Eliezer704
Premium Member
join:2008-08-09
Hutt River

PX Eliezer704

Premium Member

said by steve1111:

During the DDOS attack the status was "not registered" but calls were not being forwarded to my PSTN phone. Instead there was an error message. It seems that the "not registered" call treatment does not function when there is a problem on the Callcentric side.

Good observation.

I think that I was seeing that too, but pretty early on I just put in a call treatment for mandatory forwarding.

I used SIP URI forwarding to a CWU account and to a free [getonsip] account and they both worked well. I also tried forwarding to a cellphone and that worked well too.

But it seems the forwarding had to be mandatory, not conditional.
Babine
join:2012-10-06

Babine

Member

Unbelievable, I thought the same thing and tried to forward my cc number to another voip but to no avail during the attack
PX Eliezer704
Premium Member
join:2008-08-09
Hutt River

1 edit

2 recommendations

PX Eliezer704 to a1computers

Premium Member

to a1computers
said by a1computers:

Thanks for the update, but CC has manged to surpress the 2nd wave meaning something has been able to be calculated. I am sure CC has sophisticated hardware FW that you could implent range ban, packet inspection.

Not knowing further details on the first vs. second attacks, it is premature to speculate.

I'm sure that the CC engineers and the engineers for their hardware vendors know quite well what their hardware can and cannot do.

It's too bad that you were not there to help them, they would not have had such a sleepless few days and nights.

----------------------------------

Just think, with your unique knowledge you could put Arbor Networks, Verisign, Radware, and other DDoS mitigation companies out of business.

The point is that these companies exist for a reason. If it were as easy as you seem to feel, the DDoS problem would not be such a big deal.
a1computers
join:2012-10-06
Pasadena, CA

a1computers

Member

I just had a 20 min phone call that was pin drop registered on CC
Babine
join:2012-10-06

Babine

Member

I'm green across the board since 8:25pm on the temp server
a1computers
join:2012-10-06
Pasadena, CA

a1computers

Member

I think the settings have been pretty good all day, yesterday was choppy. but it looks like they may be getting somewhere
Babine
join:2012-10-06

Babine

Member

oh I know they are doing the impossible and I'm even more confident in their capabilities after this thing.

VexorgTR
join:2012-08-27
Sheffield Lake, OH

VexorgTR

Member

Good. Glad things are getting fixed. I've still got my system shut down for the weekend... with calls going to the mobile. Thus I don't have to think of or stress about it.

I'll just be glad when it's over.
a1computers
join:2012-10-06
Pasadena, CA

a1computers

Member

same here Monday is showtime again
Babine
join:2012-10-06

Babine to VexorgTR

Member

to VexorgTR
I hear ya .. I though of this 7 months ago as being a nice solution for my business and all had worked flawlessly till this...

I use cc jointly with 3cx and ivm auto assistant and what an inexpensive and handy system it provides my customers!
a1computers
join:2012-10-06
Pasadena, CA

a1computers

Member

It's been flawless, feature rich, seemless in 3cx, to add it's been perfect in VMWare, with a ClearOS firewall in front. I haven't even had to restart once in over many months. I may not be totally familiar with all evolved attacks but I am confident in CC's engineers. it is obvious they are highly dedicated.

DBOD
@sbcglobal.net

DBOD to xless

Anon

to xless
I have an HT502 also. I used one of the new outbound proxy servers also with DNS record set to SRV which was default. This only allowed incoming calls. CC told me in a trouble ticket to change a setting on the FXS Port1 page. I changed the following and it works.

"Remove OBP from Route Header" to "Yes"

Grurgle
@fastwebserver.de

Grurgle to VexorgTR

Anon

to VexorgTR
said by VexorgTR:

I'm glad it's the weekend. If CC would have buckled Friday eve... not to many would worry about it until Monday. If it's not fixed by Monday, CC is going to start looking incompetent.

It would not make them look incompetent but it might make people think twice about using them. One or two more hits like this one and people will think of CC as a plague spot to be avoided.

Maybe that is the point of the attack.

Arne Bolen
User of Anveo Direct, 3CX and Qubes OS.
Premium Member
join:2009-06-21
Utopia

1 recommendation

Arne Bolen to a1computers

Premium Member

to a1computers
said by a1computers:

Why CC has not simply blocked the IP or country or DHCP range is beyond me,

Easy solution, just block USA, Canada and the rest of the world. Problem solved.
OmagicQ
Posting in a thread near you
join:2003-10-23
Bakersfield, CA

OmagicQ to VexorgTR

Member

to VexorgTR
Anyone remember this thread?

»Animated portrayal of VoIP server fighting off hackers..

I wonder what a visualization of the recent attack on Callcentric would look like. The link in the first post still works.
xless
join:2004-02-10
Dublin, OH

xless to DBOD

Member

to DBOD
said by DBOD :

I have an HT502 also [...] "Remove OBP from Route Header" to "Yes"

That did the trick -- thank you!
hszeto (banned)
join:2002-06-05

hszeto (banned) to Arne Bolen

Member

to Arne Bolen
said by Arne Bolen:

I changed the DID forwarding to a SIP URI and made two test calls to two of my Callcentric numbers. Both calls went through without any issues.

I think the issue is only with registration of SIP devices, and only some devices are hit by this.

I agree since I have all DIDs from Callcentric forward via iNum SIP URI to Voxox, I do not experience any concern at all. May be this could be a temporary work around for now.

Arne Bolen
User of Anveo Direct, 3CX and Qubes OS.
Premium Member
join:2009-06-21
Utopia

Arne Bolen

Premium Member

said by hszeto:

I agree since I have all DIDs from Callcentric forward via iNum SIP URI to Voxox, I do not experience any concern at all.

I forward to a SIP address on my PBXes, this is what I normally do with all my voip providers.

During the last few days I have made more than 20 test calls, using Google Voice to my Callcentric DIDs, and all of them went through with an excellent audio quality. I didn't expect any issues as the DDoS attacks are directed towards the pipe used for SIP device registrations. The other pipes are not affected.

lacibaci
join:2000-04-10
Export, PA

lacibaci to VexorgTR

Member

to VexorgTR
Incomming calls still don't go through
hszeto (banned)
join:2002-06-05

1 recommendation

hszeto (banned) to Davefred99

Member

to Davefred99
said by Davefred99:

As I read this I cant help but wonder. Would this not be a lesson not to put all your eggs in one basket. I would think that if your business is mission critical you would want at least some back up source for incoming and out going trunks or program a few multi-line Ip phones with a back up provider. I know I have 3 different accounts with alternate DID's from each. With PayGo accounts it costs almost nothing to have a back up plan until you use them.
Just thinking out loud. I am just a small time Voip user and have not idea what it might be like in a larger setting.

We have utilized VoIP especially those free offers for business for more than a decade. We always give customers more than one DID, have simultaneously ringing both IP phones and mobile phones either by Voxox or Google Voice. Some DIDs are registered to server while others are forwarded via SIP URI or forward via iNum. As a result, we virtually do not have complete outage.