dslreports logo

story category
CallCentric Victim of Devastating Two-Week DDoS Attack
Users Have Reported Major Problems Since October 3
by Karl Bode 04:22PM Wednesday Oct 17 2012
Users in our VoIP Provider forum indicate that Callcentric has been suffering from severe connectivity issues since the beginning of this month. Users in the forum first started reporting issues on October 3, and the company began investigating issues on October 4. By October 5 the company acknowledged on Twitter that they had been the victim of a sustained "sophisticated DDoS attack." The company then noted that while they hadn't found any indication of theft of personal data, they were struggling to deal with the ongoing DDoS attack:
Click for full size
For the past two days we have been experiencing a sophisticated type of attack. As soon we noticed the first attempt we commenced an immediate physical upgrade to all of our servers increasing capacity and CPU power by a factor of four in addition to other precautions.

Unfortunately even though this is similar to a "typical" DDoS attack it is targeted specifically at the SIP protocol and causes server load to increase to 100% within 1 minute of initiation. As such, standard and extraordinary prevention measures were unable to prevent it. We do not know the specific methodology of the attack but are aware that it is *similar* in effect to a DNS TRASH flood attack. We are performing forensic analysis on the data we have and are capturing traffic to find an exact reason and solution.
Almost two weeks later and customers in our forums indicate they're still having trouble with reliable service after struggling with numerous waves of DDoS attacks. Many customers have stuck with the provider given this is the first major outage they say they've seen in years. CallCentric says they've filed a report on the attacks with the FBI, and have urged users to use the company's DNS SRV servers instead of their DNS A servers. The latest Twitter statement from the company suggests that the attacks are ongoing. CallCentric says that they'll share more detail when they've completed analyzing the nature of the attacks.

"We appreciate everyone's patience with us," says the company. "We would not wish this kind of scenario on any other provider or business."

51 comments .. click to read