dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
64
tanzam75
join:2012-07-19

tanzam75 to OZO

Member

to OZO

Re: DDoS Attacks, Is Any VoIPP Less Susceptable ?

said by OZO:

When I pointed that out to FS developers, I was faced back with arrogance - "it's your problem, not ours. Use system provided protection mechanisms if you need to do the job". But I think they're dead wrong. FS can easily recognize the beginning of the attack by a simple analysis of the SIP incoming traffic...

Your suggestion sounds like the approach that 3cx takes:
quote:
»www.3cx.com/blog/voip-ar ··· -attack/

3CX Premium Partner, Charles Ambrosecchia of Sigma Networks, reports that their Network Operations Center was the subject of an intense attack from an IP Address inside Germany for 17 continuous hours, with data rates peaking at over 5Mbps to a single 3CX Phone System installation.

Charles stated that 3CX Phone System performed admirably by rejecting the initial attempts at registration with incorrect forged credentials (essentially a brute force attack). Shortly thereafter, 3CX Phone System automatically classified the source of the attack as a potentially malignant entity and added it to its dynamic blacklist.

3cx is a commercial company. So they have a direct monetary incentive to solve their users' practical problems, rather than to be arrogant about it and treat it as an abstract problem.
OZO
Premium Member
join:2003-01-17

OZO

Premium Member

Thanks for sharing that example. It just shows that some development teams want to improve their product, while others have obvious attitude problems, that makes them blind to any suggestions... The latter I saw a lot with FreeSWITCH development. They keep old bugs opened indefinitely without any attempt to fix... not to mention implementing new functions, that will benefit everyone.

Security of the SIP switch (always opened to public access) is very serious issue to ignore...

So, I'd suggest, look at SIP messages sent by your VSP and particularly at its "User-Agent" line and if it says "FreeSWITCH" don't be surprised if at some point of time it will go down and you'll not have any service at all due to some DDoS attack... (which could happen at any time, BTW).