dslreports logo
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
100047
share rss forum feed

asiaip

join:2012-10-05
Clarkston, WA
reply to Arne Bolen

Re: CallCentric tech issues today?

So if i want to SIP URI forward to my voip.ms acct. I would enter in the CC Call treatments "This number" field:(my voip.ms acct#)@(myvoip.ms server)

Or if I want to SIP URI forward to my voip.ms INUM number I would enter in the CC Call treatments "This number" field:(voip.ms inum number)


Trev
IP Telephony Addict
Premium
join:2009-06-29
Victoria, BC
kudos:6

1 recommendation

reply to VexorgTR
said by VexorgTR:

If it's not fixed by Monday, CC is going to start looking incompetent.

Why? If a very well organized flash mob showed up at your business' door and all browsed through your aisles, asked staff for demonstrations, and asked several questions that they knew would take a long time to answer, but acted genuinely interested the whole time, only to eventually leave without purchasing anything, thus causing excessive waits for legitimate customers who really wanted to buy an AC-211, would you be considered an incompetent shop keeper?

That's basically how a high level DDoS attack would look like in the physical world.
--
Wondering what I do? Find out at »www.digitalcon.ca
Get your Obihai ATA in Canada.

a1computers

join:2012-10-06
Pasadena, CA
reply to VexorgTR
This crappy attack could be accomplished by my 7 year old, I am not impressed by the attacker. At the end of the day a firewall log should have already shown which IP is sending expanded packets. Why CC has not simply blocked the IP or country or DHCP range is beyond me, but I am sure they have a good reason especially since packets are surely being sniffed by now for a trace. I am willing to bet that in days not weeks or months we will hear of some kind of a bust. And hopefully a bust in the back-side to for these a__holes. When I was young if you didn't like someone you took care of the problem directly. These losers are just plain losers who youtubed the power of a -l command

PX Eliezer70
Premium
join:2008-08-09
Hutt River
kudos:13

1 recommendation

reply to VexorgTR
said by VexorgTR:

If it's not fixed by Monday, CC is going to start looking incompetent.

I disagree.

I think that this malicious attack has demonstrated that the CallCentric crew are a very dedicated and skillful group of people....

....who were on this problem from the beginning (even before the beginning when they got some early tremors), who responded aggressively and competently, going without much sleep for several days. I can vouch for that part because of communications at many different hours.

Keep in mind that CallCentric was likely targeted precisely because of its excellent reputation as a facilities-based provider.

There's no bragging rights if someone takes down an [easy] target.

If you were a young punk, you'd try to make a reputation challenging someone like Bat Masterson*, not challenging some farmer or merchant....

*People think so much of Bat Masterson with the Wild West, but he was born in Quebec and he died at a typewriter in New York City where he had become a sportswriter.

PX Eliezer70
Premium
join:2008-08-09
Hutt River
kudos:13

1 edit

2 recommendations

reply to a1computers
said by a1computers:

This crappy attack could be accomplished by my 7 year old, I am not impressed by the attacker. At the end of the day a firewall log should have already shown which IP is sending expanded packets. Why CC has not simply blocked the IP or country or DHCP range is beyond me....

Respectfully, that remark does not demonstrate much familiarity with this area.

[I'm being polite, BTW].

A massive attack such as this can involve hundreds or thousands of IP addresses simultaneously, and those IP addresses will be constantly changing. And they will be from many countries at once.

I suggest that you learn a little about DDoS attacks, botnets, zombie armies (of the computer kind), and so forth.

Here is something from a whole year ago, things have gotten worse since then....

A week-long DDoS attack that launched a flood of traffic at an Asian e-commerce company in early November was the biggest such incident so far this year, according to Prolexic, a company that defends websites against such attacks.

The distributed denial-of-service attack consisted of four consecutive waves launched from multiple botnets between Nov. 5 and Nov. 12, 2011, Prolexic said.

It estimated that up to 250,000 computers infected with malware participated in the attack, many of them in China.

At the height of the attack, those computers made 15,000 connections per second to the target company's e-commerce platform, swamping it with up to 45Gbps of traffic, Prolexic said.

»www.computerworld.com/s/article/ ··· _company

Similarly:

Kaspersky released a report regarding the distributed denial of service (DDOS) attacks that targeted companies in the second half of 2011 and they provided some interesting figures obtained by their botnet monitoring systems.

The numbers reveal that the longest attack recorded in the second half of the past year targeted a travel company and lasted for 80 days, 19 hours, 13 minutes and 5 seconds, and the average duration of DDOS attacks was 9 hours and 29 minutes.

»news.softpedia.com/news/The-Long ··· 88.shtml

Mango
What router are you using?
Premium
join:2008-12-25
www.toao.net
kudos:15
reply to PX Eliezer70
Though we can do little more than speculate, I'd be very interested to know if the same attacker caused the problems with both Anveo and Callcentric. If so, who is next?


Trev
IP Telephony Addict
Premium
join:2009-06-29
Victoria, BC
kudos:6
reply to a1computers
said by a1computers:

At the end of the day a firewall log should have already shown which IP is sending expanded packets. Why CC has not simply blocked the IP or country or DHCP range is beyond me, but I am sure they have a good reason

Emphasis added.

If the attacks do not rely on receiving a response from their servers, it's not difficult to forge the header information of a UDP packet.

In this case, a firewall log is not helpful. Assistance from the NOC at every network the packets traverse is usually required to locate the culprit.

Sometimes it's MUCH easier said than done to get their cooperation.
--
Wondering what I do? Find out at »www.digitalcon.ca
Get your Obihai ATA in Canada.

a1computers

join:2012-10-06
Pasadena, CA
reply to PX Eliezer70
Thanks for the update, but CC has manged to surpress the 2nd wave meaning something has been able to be calculated. I am sure CC has sophisticated hardware FW that you could implent range ban, packet inspection. Attacks get better all the time, can't argue with that.

eviljafar

join:2007-04-10
Montreal, QC
reply to asiaip
said by asiaip:

So if i want to SIP URI forward to my voip.ms acct. I would enter in the CC Call treatments "This number" field:(my voip.ms acct#)@(myvoip.ms server)

Almost. First you need to create a voip.ms sub account, register that sub account using your ATA or PBX, then create the call treatment. If your sub account extension is 1, your voip.ms account number is 100234 and your voip.ms server is new york, then create a CC call treatment to forward to 1002341@newyork.voip.ms.

steve1111

join:2009-09-23
New York, NY
Reviews:
·Callcentric
·localphone.com
·RCN CABLE
·callwithus

1 recommendation

reply to VexorgTR
Before the DDOS attack, I had a Call Treatment saying, if the status is "not registered", then forward call to my PSTN phone. I had tested this by pulling out the Ethernet cord. My Callcentric portal said "Not Registered" and calls were forwarded to PSTN phone. So far so good.

During the DDOS attack the status was "not registered" but calls were not being forwarded to my PSTN phone. Instead there was an error message. It seems that the "not registered" call treatment does not function when there is a problem on the Callcentric side.

PX Eliezer70
Premium
join:2008-08-09
Hutt River
kudos:13
said by steve1111:

During the DDOS attack the status was "not registered" but calls were not being forwarded to my PSTN phone. Instead there was an error message. It seems that the "not registered" call treatment does not function when there is a problem on the Callcentric side.

Good observation.

I think that I was seeing that too, but pretty early on I just put in a call treatment for mandatory forwarding.

I used SIP URI forwarding to a CWU account and to a free [getonsip] account and they both worked well. I also tried forwarding to a cellphone and that worked well too.

But it seems the forwarding had to be mandatory, not conditional.

Babine

join:2012-10-06
Unbelievable, I thought the same thing and tried to forward my cc number to another voip but to no avail during the attack

PX Eliezer70
Premium
join:2008-08-09
Hutt River
kudos:13

1 edit

2 recommendations

reply to a1computers
said by a1computers:

Thanks for the update, but CC has manged to surpress the 2nd wave meaning something has been able to be calculated. I am sure CC has sophisticated hardware FW that you could implent range ban, packet inspection.

Not knowing further details on the first vs. second attacks, it is premature to speculate.

I'm sure that the CC engineers and the engineers for their hardware vendors know quite well what their hardware can and cannot do.

It's too bad that you were not there to help them, they would not have had such a sleepless few days and nights.

----------------------------------

Just think, with your unique knowledge you could put Arbor Networks, Verisign, Radware, and other DDoS mitigation companies out of business.

The point is that these companies exist for a reason. If it were as easy as you seem to feel, the DDoS problem would not be such a big deal.

a1computers

join:2012-10-06
Pasadena, CA
I just had a 20 min phone call that was pin drop registered on CC

Babine

join:2012-10-06
I'm green across the board since 8:25pm on the temp server

a1computers

join:2012-10-06
Pasadena, CA
I think the settings have been pretty good all day, yesterday was choppy. but it looks like they may be getting somewhere

Babine

join:2012-10-06
oh I know they are doing the impossible and I'm even more confident in their capabilities after this thing.


VexorgTR

join:2012-08-27
Sheffield Lake, OH
kudos:1
reply to VexorgTR
Good. Glad things are getting fixed. I've still got my system shut down for the weekend... with calls going to the mobile. Thus I don't have to think of or stress about it.

I'll just be glad when it's over.

a1computers

join:2012-10-06
Pasadena, CA
same here Monday is showtime again

Babine

join:2012-10-06
reply to VexorgTR
I hear ya .. I though of this 7 months ago as being a nice solution for my business and all had worked flawlessly till this...

I use cc jointly with 3cx and ivm auto assistant and what an inexpensive and handy system it provides my customers!

a1computers

join:2012-10-06
Pasadena, CA
It's been flawless, feature rich, seemless in 3cx, to add it's been perfect in VMWare, with a ClearOS firewall in front. I haven't even had to restart once in over many months. I may not be totally familiar with all evolved attacks but I am confident in CC's engineers. it is obvious they are highly dedicated.


DBOD

@sbcglobal.net
reply to xless
I have an HT502 also. I used one of the new outbound proxy servers also with DNS record set to SRV which was default. This only allowed incoming calls. CC told me in a trouble ticket to change a setting on the FXS Port1 page. I changed the following and it works.

"Remove OBP from Route Header" to "Yes"


Grurgle

@fastwebserver.de
reply to VexorgTR
said by VexorgTR:

I'm glad it's the weekend. If CC would have buckled Friday eve... not to many would worry about it until Monday. If it's not fixed by Monday, CC is going to start looking incompetent.

It would not make them look incompetent but it might make people think twice about using them. One or two more hits like this one and people will think of CC as a plague spot to be avoided.

Maybe that is the point of the attack.


Arne Bolen
Happy Anveo customer
Premium
join:2009-06-21
Cyberspace
kudos:5
Reviews:
·Anveo
·voip.ms

1 recommendation

reply to a1computers
said by a1computers:

Why CC has not simply blocked the IP or country or DHCP range is beyond me,

Easy solution, just block USA, Canada and the rest of the world. Problem solved.
--
My VoIP News

OmagicQ
Posting in a thread near you

join:2003-10-23
Bakersfield, CA
kudos:1
reply to VexorgTR
Anyone remember this thread?

»Animated portrayal of VoIP server fighting off hackers..

I wonder what a visualization of the recent attack on Callcentric would look like. The link in the first post still works.
--
...Who, What, When, Where, How... Why? Why Not?

xless

join:2004-02-10
Dublin, OH
reply to DBOD
said by DBOD :

I have an HT502 also [...] "Remove OBP from Route Header" to "Yes"

That did the trick -- thank you!

hszeto

join:2002-06-05
reply to Arne Bolen
said by Arne Bolen:

I changed the DID forwarding to a SIP URI and made two test calls to two of my Callcentric numbers. Both calls went through without any issues.

I think the issue is only with registration of SIP devices, and only some devices are hit by this.

I agree since I have all DIDs from Callcentric forward via iNum SIP URI to Voxox, I do not experience any concern at all. May be this could be a temporary work around for now.


Arne Bolen
Happy Anveo customer
Premium
join:2009-06-21
Cyberspace
kudos:5
Reviews:
·Anveo
·voip.ms
said by hszeto:

I agree since I have all DIDs from Callcentric forward via iNum SIP URI to Voxox, I do not experience any concern at all.

I forward to a SIP address on my PBXes, this is what I normally do with all my voip providers.

During the last few days I have made more than 20 test calls, using Google Voice to my Callcentric DIDs, and all of them went through with an excellent audio quality. I didn't expect any issues as the DDoS attacks are directed towards the pipe used for SIP device registrations. The other pipes are not affected.
--
My VoIP News


lacibaci

join:2000-04-10
Export, PA
reply to VexorgTR
Incomming calls still don't go through

hszeto

join:2002-06-05

1 recommendation

reply to Davefred99
said by Davefred99:

As I read this I cant help but wonder. Would this not be a lesson not to put all your eggs in one basket. I would think that if your business is mission critical you would want at least some back up source for incoming and out going trunks or program a few multi-line Ip phones with a back up provider. I know I have 3 different accounts with alternate DID's from each. With PayGo accounts it costs almost nothing to have a back up plan until you use them.
Just thinking out loud. I am just a small time Voip user and have not idea what it might be like in a larger setting.

We have utilized VoIP especially those free offers for business for more than a decade. We always give customers more than one DID, have simultaneously ringing both IP phones and mobile phones either by Voxox or Google Voice. Some DIDs are registered to server while others are forwarded via SIP URI or forward via iNum. As a result, we virtually do not have complete outage.