[outages] Call Centric Sip outage

Mitch mitpatterson at gmail.com
Fri Oct 5 14:38:33 EDT 2012


Call centric is reporting they are experiencing a DDOS style attack using
the SIP protocol. My registrations are just timing out.

There twitter is being updated: https://twitter.com/Callcentric They are
also posting updates to customers when the log in. According to the first
post regarding this issue on their twitter this is going on hour 17 or so.
My logs for asterisk are just filling with registration time outs.

Here is the latest update when I log into my account:

*Investigation into current problems:*
For the past two days we have been experiencing a sophisticated type of
attack. As soon we noticed the first attempt we commenced an immediate
physical upgrade to all of our servers increasing capacity and CPU power by
a factor of four in addition to other precautions. Unfortunately even
though this is similar to a "typical" DDoS attack it is targeted
specifically at the SIP protocol and causes server load to increase to 100%
within 1 minute of initiation. As such, standard and extraordinary
prevention measures were unable to prevent it. We do not know the specific
methodology of the attack but are aware that it is *similar* in effect to a
DNS TRASH flood attack. We are performing forensic analysis on the data we
have and are capturing traffic to find an exact reason and solution.

We would like to clarify that there was no intrusion into our network and
all of our servers switches and internet connections have been functioning
*normally* throughout the entirety of this concern. None of our equipment
or interlinks were disconnected or went down. Additionally please note that
all of your information is encrypted, safe and secure; and that NO customer
data was stolen NOR destroyed.

We have experienced attempted *unsuccessful* attacks in the past and have
made changes in real-time to stop them as well as to prevent future similar
attacks. Many of our security documentation guidelines and features have
been geared towards these changes. Unfortunately this is an entirely new
type of attack, the mechanics of which are still coming to light.

We sincerely apologize for the inconvenience this has caused. We are
committed to further protecting our network and for this reason we will
continue working with our engineers to implement a proper solution to
provide a comprehensive resolution.

If you have any questions/concerns regarding this message or if you need
assistance in updating your configuration our Support Staff are available
to answer your questions in as timely a manner as possible.

Upon achieving a resolution, we will be providing as detailed an
explanation as possible regarding this issue as well as the resolution.

Again, we sincerely apologize for any inconvenience that you have
experienced as a result of this matter and we appreciate your understanding
during this process.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/outages/attachments/20121005/20b0effd/attachment.html>


More information about the Outages mailing list