dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
14
share rss forum feed

nonymous
Premium
join:2003-09-08
Glendale, AZ
reply to borntochill

Re: DDOS Attacks - Is Any VoIPP More Immune ?

said by borntochill:

There are effective mitigation systems against sophisticated DDoS attacks. For instance, Prolexic and Verisign among others offer cloud-based clean pipes services, however these systems/services do not come cheap. We're talking annual operating service costs in the five figures or even six figures.

CallCentric's protracted outage should be a wake-up call for all VSPs. It's not just an inconvenience; it's a matter of public safety. Not everyone has a charged cell phone at the ready and if a 911 call doesn't complete in an emergency, it can cost lives.

If certain VSPs have deployed more robust anti-DDoS measures, I'd like to hear from them here.

All that traffic still has to be dumped somewhere. So yes upstream filtering but your ISP may charge a ton if it saturates too much of even their stream.

nitzan
Premium,VIP
join:2008-02-27
kudos:8

1 recommendation

said by nonymous:

said by borntochill:

There are effective mitigation systems against sophisticated DDoS attacks. For instance, Prolexic and Verisign among others offer cloud-based clean pipes services, however these systems/services do not come cheap. We're talking annual operating service costs in the five figures or even six figures.

All that traffic still has to be dumped somewhere. So yes upstream filtering but your ISP may charge a ton if it saturates too much of even their stream.

You guys are thinking regular DDOS attacks - at least in this case it wasn't a regular attack. CallCentric's "pipes" haven't been clogged - it's the registration servers that became overloaded. This has nothing to do with bandwidth or lack thereof.

The only ways to mitigate this attack are to deploy more secure code and/or deploy more/bigger registration servers. To put it to an example, lets say you have a registration server big enough to handle 1000 registrations a second - if a few servers send 10000 requests a second at it it'll choke - but it's relatively easy to fix by just blocking them. But if 600,000 servers (botnet) send one request a minute the effect is the same, yet incredibly hard to block. There are other ways to make this even harder to block, but I don't want to give the bad guys more ideas.

So bottom line: bigger servers + better code = less susceptible to registrar DDOS.

borntochill

join:2003-02-09
united state
said by nitzan:

You guys are thinking regular DDOS attacks - at least in this case it wasn't a regular attack. CallCentric's "pipes" haven't been clogged - it's the registration servers that became overloaded. This has nothing to do with bandwidth or lack thereof.

Thanks for the heads up. I hadn't more than quickly perused the CC outage thread so was unaware of this info.

All the same, it's helpful to know which VSPs are investing resources and being proactive in protecting their systems. Since there are DDoS vulnerabilities unique to VoIP, is there a working group sharing information to help providers stay up-to-date on the latest threats, and, if so, who is actively participating?

This sort of information needn't be cloak-and-dagger.