dslreports logo
spacer Home Reviews Speed Test Tools News Forums Info About Join  
 
    All Forums Hot Topics Gallery
spc
ForumsVOIP etcVOIP

VOIP Tech ChatRe: DDOS Attacks - Is Any VoIPP More Immune ?

 uniqs
19
Share
« [General] Asterisk Certification[Equipment] Linksys SPA-3102 WAN Setup »
This is a sub-selection from DDoS Attacks, Is Any VoIPP Less Susceptable ?
nitzan
Premium Member
join:2008-02-27

1 recommendation

nitzan to nonymous

Premium Member

2012-Oct-7 8:20 pm

to nonymous

Re: DDOS Attacks - Is Any VoIPP More Immune ?

said by nonymous:

said by borntochill:

There are effective mitigation systems against sophisticated DDoS attacks. For instance, Prolexic and Verisign among others offer cloud-based clean pipes services, however these systems/services do not come cheap. We're talking annual operating service costs in the five figures or even six figures.

All that traffic still has to be dumped somewhere. So yes upstream filtering but your ISP may charge a ton if it saturates too much of even their stream.

You guys are thinking regular DDOS attacks - at least in this case it wasn't a regular attack. CallCentric's "pipes" haven't been clogged - it's the registration servers that became overloaded. This has nothing to do with bandwidth or lack thereof.

The only ways to mitigate this attack are to deploy more secure code and/or deploy more/bigger registration servers. To put it to an example, lets say you have a registration server big enough to handle 1000 registrations a second - if a few servers send 10000 requests a second at it it'll choke - but it's relatively easy to fix by just blocking them. But if 600,000 servers (botnet) send one request a minute the effect is the same, yet incredibly hard to block. There are other ways to make this even harder to block, but I don't want to give the bad guys more ideas.

So bottom line: bigger servers + better code = less susceptible to registrar DDOS.
actions · 2012-Oct-7 8:20 pm ·
borntochill
join:2003-02-09
united state

borntochill

Member

2012-Oct-7 8:45 pm

said by nitzan:

You guys are thinking regular DDOS attacks - at least in this case it wasn't a regular attack. CallCentric's "pipes" haven't been clogged - it's the registration servers that became overloaded. This has nothing to do with bandwidth or lack thereof.

Thanks for the heads up. I hadn't more than quickly perused the CC outage thread so was unaware of this info.

All the same, it's helpful to know which VSPs are investing resources and being proactive in protecting their systems. Since there are DDoS vulnerabilities unique to VoIP, is there a working group sharing information to help providers stay up-to-date on the latest threats, and, if so, who is actively participating?

This sort of information needn't be cloak-and-dagger.
actions · 2012-Oct-7 8:45 pm ·
ForumsVOIP etcVOIPVOIP Tech Chat
« [General] Asterisk Certification[Equipment] Linksys SPA-3102 WAN Setup »
This is a sub-selection from DDoS Attacks, Is Any VoIPP Less Susceptable ?